diff --git a/admin-guide/configuration/puppet_agent.md b/admin-guide/configuration/puppet_agent.md index 6ca184ed..4294feea 100644 --- a/admin-guide/configuration/puppet_agent.md +++ b/admin-guide/configuration/puppet_agent.md @@ -1,33 +1,50 @@ # Puppet Agent Configuration -The Puppet agent software communicates with the Puppet master to enforce desired system configurations defined in hiera. +The Puppet Agent provides the basic system configuration as defined in Hiera. ## Automatic Puppet Agent Runs -Puppet agent is configured to run daily between 5-8 AM. -This describes how the Puppet agent can be configured to run at different intervals and also at different times than the default. -### Agent Run Frequency -The intervals the Puppet agent runs can be configured in hiera with `puppet_client::run_frequency` +By default the Puppet Agent runs daily somewhen between 5-8 AM. -Allowed parameters +The frequency can be changed in Hiera with the key `puppet_client::run_frequency`. + +Allowed parameters are - 'halfhourly': every 30 minutes - 'daily': once a day (default) -- 'weekly': every Monday +- 'weekly': every Monday -The daily and weekly Puppet run respect the value set for `puppet_client::exec_time` +The actual automatic Puppet Agent run is always on the same random time. Check `systemctl list-timers pli-puppet-run.timer` for the exact time on a specific node. -### Execution Time -The actual automatic Puppet Agent run is always on the same random time. Check `systemctl list-timers pli-puppet-run.timer` for the exact time. -For `daily` and `weekly` this time window is configured in Hiera with `puppet_client::exec_time`, the default is: - -`puppet_client::exec_time: '05:00 -- 08:00'` - -The time format used is '24-hour clock' `HH:MM -- HH:MM` +For `daily` and `weekly` the time window is configured in Hiera with `puppet_client::exec_time`, the default is: +``` +puppet_client::exec_time: '05:00 -- 08:00' +``` +The time format used is '24-hour clock' `HH:MM -- HH:MM`. ## Temporarily Disable Automatic Puppet Agent Runs Puppet execution can be disabled for a certain amount of time with the -``/opt/pli/libexec/pli-puppet-disable`` command. +`/opt/pli/libexec/pli-puppet-disable` command: +``` +# /opt/pli/libexec/pli-puppet-disable +puppet currently not disabled +# /opt/pli/libexec/pli-puppet-disable '1 week' +# /opt/pli/libexec/pli-puppet-disable +Puppet disabled until: Wed Nov 1 08:00:05 CET 2017 +# /opt/pli/libexec/pli-puppet-disable stop +Stopping +# /opt/pli/libexec/pli-puppet-disable +puppet currently not disabled +# +``` The disabling time has to be in the ``date`` format (see date(1)). ## Manual Execution of Puppet Agent -The Puppet agent can be run manually by executing following command `puppet agent -t` +At any time you might update the node configuration by running the Puppet Agent manually. To do so run as user `root` the following command: +``` +puppet agent -t +``` + +If you just wish to see what it would change without doing the actual change on the system, run +``` +puppet agent -t --noop +``` diff --git a/admin-guide/puppet/client.md b/admin-guide/puppet/client.md new file mode 100644 index 00000000..26dedc99 --- /dev/null +++ b/admin-guide/puppet/client.md @@ -0,0 +1,16 @@ +# Puppet Client + +The Puppet Agent updates the configuration on the node. It automatically runs regulary, for configuration details check the [configuration guide](../configuration/puppet_agent). + +## Manually Retrieve Node Information From Puppet Server + +To manually check the node information on the Puppet server for given host, do +``` +FQDN=$(hostname --fqdn) +curl \ + --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \ + --cert /etc/puppetlabs/puppet/ssl/certs/$FQDN.pem \ + --key /etc/puppetlabs/puppet/ssl/private_keys/$FQDN.pem \ + "https://puppet01.psi.ch:8140/puppet/v3/node/$FQDN?environment=prod&configured_en" \ + | jq . +``` diff --git a/admin-guide/puppet/client.rst b/admin-guide/puppet/client.rst deleted file mode 100644 index 66cd4700..00000000 --- a/admin-guide/puppet/client.rst +++ /dev/null @@ -1,52 +0,0 @@ -Puppet client -------------- - -regular automatic Puppet client runs -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Puppet client run is executed once daily between 5AM and 8AM -(``puppet_client::exec_time`` in hiera data). - -The puppet client is executed via the ``pli-puppet-run`` system timer: :: - - - [root@lxdev04 ~]# systemctl list-timers - NEXT LEFT LAST PASSED UNIT ACTIVATES - Wed 2017-10-25 15:55:54 CEST 6h left Tue 2017-10-24 15:55:54 CEST 17h ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service - Thu 2017-10-26 07:51:00 CEST 22h left Wed 2017-10-25 07:51:16 CEST 1h 5min ago pli-puppet-run.timer pli-puppet-run.service - - 2 timers listed. - Pass --all to see loaded but inactive timers, too. - -temporarily disable automatic Puppet client runs -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Puppet execution can be disabled for a certain amount of time with the -``/opt/pli/libexec/pli-puppet-disable`` command: :: - - [root@lxdev04 ~]# /opt/pli/libexec/pli-puppet-disable - puppet currently not disabled - [root@lxdev04 ~]# /opt/pli/libexec/pli-puppet-disable '1 week' - [root@lxdev04 ~]# /opt/pli/libexec/pli-puppet-disable - Puppet disabled until: Wed Nov 1 08:00:05 CET 2017 - [root@lxdev04 ~]# /opt/pli/libexec/pli-puppet-disable stop - Stopping - [root@lxdev04 ~]# /opt/pli/libexec/pli-puppet-disable - puppet currently not disabled - [root@lxdev04 ~]# - -The disabling time has to be in the ``date`` format (see date(1)). - - -manually retrieve host information from Puppet -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -To manually check the node information on the Puppet server for given host, do :: - - FQDN=$(hostname --fqdn) - curl \ - --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \ - --cert /etc/puppetlabs/puppet/ssl/certs/$FQDN.pem \ - --key /etc/puppetlabs/puppet/ssl/private_keys/$FQDN.pem \ - "https://puppet01.psi.ch:8140/puppet/v3/node/$FQDN?environment=prod&configured_en" \ - | jq .