puppetdb
========

Authentication
--------------

We need a client certificate (including the key) accepted by the Puppet server
for authentication. On Puppet-enabled nodes the node's certificate works, ie

- Certificate: ``/etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem``
- Key: ``/etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem``

These can be supplied to ``curl(1)`` using the ``--key``, ``--cert``, and
``--cacert`` options::

    curl --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
         --key /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem \
         --cert /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem \
         https://puppet01.psi.ch:8080/pdb/query/v4/nodes


Queries
-------

There are several API endpoints, eg. ``/pdb/query/v4`` (note that there is no
``/`` at the end), or ``/pdb/query/v4/nodes``.


Examples
--------

First, let's define a function to simplify the queries::

    function pdb {
      local pql=$1
    
      curl --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
           --key /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem \
           --cert /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem \
           -H content-type:application/json --data "{ \"query\": \"$pql\" }" \
           https://puppet01.psi.ch:8080/pdb/query/v4 | json_reformat
    }


List all nodes::

    pdb "nodes[certname] { order by certname }"


List environments and times of the last Puppet run::

    pdb "reports[certname,environment,start_time,end_time] { order by certname }"