1.5 KiB
1.5 KiB
puppetdb
Authentication
We need a client certificate (including the key) accepted by the Puppet server for authentication. On Puppet-enabled nodes the node's certificate works, ie
- Certificate:
/etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem - Key:
/etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem
These can be supplied to curl(1) using the
--key, --cert, and --cacert
options:
curl --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
--key /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem \
--cert /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem \
https://puppet01.psi.ch:8080/pdb/query/v4/nodesQueries
There are several API endpoints, eg. /pdb/query/v4 (note
that there is no / at the end), or
/pdb/query/v4/nodes.
Examples
First, let's define a function to simplify the queries:
function pdb {
local pql=$1
curl --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
--key /etc/puppetlabs/puppet/ssl/private_keys/$(hostname -f).pem \
--cert /etc/puppetlabs/puppet/ssl/certs/$(hostname -f).pem \
-H content-type:application/json --data "{ \"query\": \"$pql\" }" \
https://puppet01.psi.ch:8080/pdb/query/v4 | json_reformat
}List all nodes:
pdb "nodes[certname] { order by certname }"List environments and times of the last Puppet run:
pdb "reports[certname,environment,start_time,end_time] { order by certname }"