Yeah I guess that is what we were wondering if the readability will ever be improved. We like being able to run powershell commands or scripts on demand in our environment but usually end up using CrowdStrike Real Time Response instead because it is much easier to use and readable.

Exposing the ability to easily run arbitrary commands across your PE estate is a pretty serious security undertaking. Granting access to bolt_shim and exposing arbitrary commands via bolt will likely not be the best approach in PE. We would have to come up with a security model for that sort of thing that we have not invested in. We do advertise this warning:

Assign task permissions to a user role

CAUTION: Tasks executed with the

bolt_shim

module allow users to run any command as root on the nodes. Use the module at your own risk.

If there are a collection of commonly used commands I would suggest implementing them as tasks. You can still use bolt to execute them but you get much more fine grained security controls and can control exactly what code is executed.

This message was deleted.

allthethings Next up is 🧑‍🏫Puppet Forge in 43 hours

Hi team please help me on how to create a custom tasks with shell script in PE i am created two file file.sh, file.json in the path /etc/puppetlabs/code/environments/production/modules/tasks but those are not showing the web console Thank you

did you create it in that directory? dont do that

beaker 🧑‍🏫Puppet Forge is about to start up in 15 minutes

oh, I never said hello! sheepish

Hello 😉

o/

This message was deleted.

This message was deleted.

letsplay Next up is 🧑‍🏫PE Console in 2 hours

letsplay 🧑‍🏫PE Console is about to start up in 15 minutes

that icon makes me laugh every time

\o Good day y’all - console office hour has begun!

If you have any questions/suggestions for anything related to the console, any of the console services (RBAC, Classifier, Activity Service) or the Orchestrator, ask away.

I do have a question for you. Are there any plans to make any classifier data available in pdb?

what I’m looking for is data like what classes are available, what node groups exist, how many nodes match a node group, etc. (understood that node group matching is dynamic and isn’t currently cached)

I am not aware of any plans around that

for “how many nodes match a node group”, that can be had but will take more than one request

https://puppet.com/docs/pe/2021.6/rules_endpoint.html#rules_endpoint followed by a PDB request

the other two are available directly via the classifier endpoints

puppetserver also has a classes endpoint

yeah, the best I could get was iterating all known nodes and submitting a classification request for each with their last known facts and…. just decided that was too heavy 😁

yeah, the best I could get was iterating all known nodes and submitting a classification request for each with their last known facts and…. just decided that was too heavy 😁

maybe I’m misunderstanding, if you want the nodes that match a node group’s rules, do the translation, then query PDB, you should need any node facts assuming you’re willing to go with the facts submitted on the last puppet run

that’s exactly what the console does

nah, I’m just working on infrastructure reporting and looking for useful metrics. I thought that a listing of node groups with a count of nodes that matched each and the number of orphaned nodes would be useful