53 lines
1.5 KiB
ReStructuredText
53 lines
1.5 KiB
ReStructuredText
puppetdb
|
|
========
|
|
|
|
Authentication
|
|
--------------
|
|
|
|
We need a client certificate (including the key) accepted by the Puppet server
|
|
for authentication. On Puppet-enabled nodes the node's certificate works, ie
|
|
|
|
- Certificate: ``/etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem``
|
|
- Key: ``/etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem``
|
|
|
|
These can be supplied to ``curl(1)`` using the ``--key``, ``--cert``, and
|
|
``--cacert`` options::
|
|
|
|
curl --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
|
|
--key /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem \
|
|
--cert /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem \
|
|
https://puppet01.psi.ch:8080/pdb/query/v4/nodes
|
|
|
|
|
|
Queries
|
|
-------
|
|
|
|
There are several API endpoints, eg. ``/pdb/query/v4`` (note that there is no
|
|
``/`` at the end), or ``/pdb/query/v4/nodes``.
|
|
|
|
|
|
Examples
|
|
--------
|
|
|
|
First, let's define a function to simplify the queries::
|
|
|
|
function pdb {
|
|
local pql=$1
|
|
|
|
curl --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
|
|
--key /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem \
|
|
--cert /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem \
|
|
-H content-type:application/json --data "{ \"query\": \"$pql\" }" \
|
|
https://puppet01.psi.ch:8080/pdb/query/v4 | json_reformat
|
|
}
|
|
|
|
|
|
List all nodes::
|
|
|
|
pdb "nodes[certname] { order by certname }"
|
|
|
|
|
|
List environments and times of the last Puppet run::
|
|
|
|
pdb "reports[certname,environment,start_time,end_time] { order by certname }"
|