Files
Controls-docs/admin-guide/puppet/client.rst
T

1.7 KiB

Puppet client

Puppet client run is executed once daily between 5AM and 8AM (puppet_client::exec_time in hiera data).

The puppet client is executed via the pli-puppet-run system timer: :

[root@lxdev04 ~]# systemctl list-timers
NEXT                          LEFT     LAST                          PASSED      UNIT                         ACTIVATES
Wed 2017-10-25 15:55:54 CEST  6h left  Tue 2017-10-24 15:55:54 CEST  17h ago     systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
Thu 2017-10-26 07:51:00 CEST  22h left Wed 2017-10-25 07:51:16 CEST  1h 5min ago pli-puppet-run.timer         pli-puppet-run.service

2 timers listed.
Pass --all to see loaded but inactive timers, too.

Puppet execution can be disabled for a certain amount of time with the /opt/pli/libexec/pli-puppet-disable command: :

[root@lxdev04 ~]# /opt/pli/libexec/pli-puppet-disable
puppet currently not disabled
[root@lxdev04 ~]# /opt/pli/libexec/pli-puppet-disable '1 week'
[root@lxdev04 ~]# /opt/pli/libexec/pli-puppet-disable
Puppet disabled until: Wed Nov 1 08:00:05 CET 2017
[root@lxdev04 ~]# /opt/pli/libexec/pli-puppet-disable stop
Stopping
[root@lxdev04 ~]# /opt/pli/libexec/pli-puppet-disable
puppet currently not disabled
[root@lxdev04 ~]#

The disabling time has to be in the date format (see date(1)).

To manually check the node information on the Puppet server for given host, do :

FQDN=$(hostname --fqdn)
curl \
    --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
    --cert   /etc/puppetlabs/puppet/ssl/certs/$FQDN.pem \
    --key    /etc/puppetlabs/puppet/ssl/private_keys/$FQDN.pem \
    "https://puppet01.psi.ch:8140/puppet/v3/node/$FQDN?environment=prod&configured_en" \
    | jq .