https://www.puppet.com/community logo
Join Slack
Powered by
# puppet
  • v
    Copy code
    class foo (
  $base_port,
  $secure_port = $base_port + 1000,
  • s
    the advantage of ⬆️ that is you can always override that 
    secure_port
    default in hiera too
  • r
    Hello, everyone. I can’t really test it right now, but will need to do it tomorrow and want to make sure I know for sure it will work. I need to remove certificates for a good amount of nodes. Can I run the following command 
    puppet node clean *.<http://domain.edu|domain.edu>
    ?
  • r
    Hello, everyone. I can’t really test it right now, but will need to do it tomorrow and want to make sure I know for sure it will work. I need to remove certificates for a good amount of nodes. Can I run the following command 
    puppet node clean *.<http://domain.edu|domain.edu>
    ?
  • v
    no
  • v
    puppetserver ca list --all|grep pattern
  • v
    and then awk or sed or cut
  • r
    can you please elaborate..? I literally need to remove all nodes under one domain name. Wildcard will not work?
  • y
    Get the list of nodes to remove, stick 'em in a file or work with the list via pipes, loop over the lines (node names) in that file.
  • r
    okay, it’s a solution. Thank you.
  • s
    I think 
    puppet node clean
    can take in multiple node names, so could do something like this with 
    xargs
    (remove 
    echo
    when you're sure the output is right 🙂 ) - 
    sudo puppetserver ca list --all|awk '$1 ~ /\.your-domain-here\.edu/ {print $1}'|xargs echo puppet node clean
  • s
    It would be a bit more efficient than a 
    while
    loop, depending on how many nodes you're working on
  • v
    isn't 
    puppet node clean
    thing of the past?
  • v
    in infinite wisdom, to make it more difficult it's 
    puppetserver ca clean --certname cert1,cert2
    now
  • s
    This message was deleted.
    v
    r
    s
    • 4
    • 4
  • s
    This message was deleted.
    🙌🏼 1
    r
    v
    r
    • 4
    • 5
  • r
    @runlolarun 
    #!/bin/bash
    usage() {
    echo 'Usage:'
    echo "$0 <FQDN> [[<FQDN>]]"
    exit 1
    }
    # Exit with failure if no argument is given.
    [[ $# -lt 1 ]] && usage
    #
    # Strip tabs, returns, and linefeeds from arguments.
    ARGS="${*//[$'\t\r\n']}"
    # Convert to lowercase.
    CERTS="${ARGS,,}"
    # Combine into comma-delimited list.
    LIST="${CERTS// /,}"
    # Puppet primary hostname
    MOM=$(facter -p puppet_master_server)
    # Delete the node(s)
    TASK='/opt/puppetlabs/bin/puppet task run support_tasks::st0317b_purge_node'
    PARAMS="agent_certnames=${LIST} -n ${MOM}"
    echo "${TASK} ${PARAMS}" | tee -a $LOGFILE
    $TASK $PARAMS | sed -e '/^$/d; :x /\s*:\s*$/ { N; s/\s*:\s*\n\s*/ : /g ; bx }'
  • r
    @runlolarun 
    #!/bin/bash
    usage() {
    echo 'Usage:'
    echo "$0 <FQDN> [[<FQDN>]]"
    exit 1
    }
    # Exit with failure if no argument is given.
    [[ $# -lt 1 ]] && usage
    #
    # Strip tabs, returns, and linefeeds from arguments.
    ARGS="${*//[$'\t\r\n']}"
    # Convert to lowercase.
    CERTS="${ARGS,,}"
    # Combine into comma-delimited list.
    LIST="${CERTS// /,}"
    # Puppet primary hostname
    MOM=$(facter -p puppet_master_server)
    # Delete the node(s)
    TASK='/opt/puppetlabs/bin/puppet task run support_tasks::st0317b_purge_node'
    PARAMS="agent_certnames=${LIST} -n ${MOM}"
    echo "${TASK} ${PARAMS}"
    $TASK $PARAMS | sed -e '/^$/d; :x /\s*:\s*$/ { N; s/\s*:\s*\n\s*/ : /g ; bx }'
  • r
    @runlolarun 
    #!/bin/bash
    usage() {
    echo 'Usage:'
    echo "$0 <FQDN> [[<FQDN>]]"
    exit 1
    }
    # Exit with failure if no argument is given.
    [[ $# -lt 1 ]] && usage
    #
    # Strip tabs, returns, and linefeeds from arguments.
    ARGS="${*//[$'\t\r\n']}"
    # Convert to lowercase.
    CERTS="${ARGS,,}"
    # Combine into comma-delimited list.
    LIST="${CERTS// /,}"
    # Puppet primary hostname
    PRI=$(facter -p puppet_master_server)
    # Delete the node(s)
    TASK='/opt/puppetlabs/bin/puppet task run support_tasks::st0317b_purge_node'
    PARAMS="agent_certnames=${LIST} -n ${PRI}"
    echo "${TASK} ${PARAMS}"
    $TASK $PARAMS | sed -e '/^$/d; :x /\s*:\s*$/ { N; s/\s*:\s*\n\s*/ : /g ; bx }'
    # Run cleanup task on Compile Masters
    /opt/puppetlabs/bin/puppet job run -q "
    resources {
    type = 'Class' and
    title = 'Puppet_enterprise::Profile::Master' and
    !(certname = '${PRI}')
    }
    "
  • g
    Hi puppet! I have a Foreman deployment whose CA was set to expire on Saturday and I fortunately was able extend the CA certificate to 2037 using the ca_extend Bolt plan; however, while I did read the documentation and chose to distribute the CA via Puppet manifest, none of my agents can connect and they are reporting the CA has expired. 😞 Any help on this?
  • v
    hopefully you have bolt configured or some other alternatives
  • g
    I do have bolt configured
  • v
    just push new ca file and restart the agent
  • g
    For some of the inventory
  • g
    I don't understand where it failed. It must be that the updated CA certificate was not distributed to the agents?
  • g
    I don't understand where it failed. It must be that the updated CA certificate was not distributed to the agents?
  • v
    correct, if you didn't deploy the code that would do it, there is nothing in place that would do it for you
  • v
    kind of late to do it now via agent
  • g
    It was already done in a base module puppet manifest; I followed these intructions: https://forge.puppet.com/modules/puppetlabs/ca_extend#3-using-a-puppet-file-resource-to-manage-capem
  • s
    This message was deleted.
    g
    v
    • 3
    • 47
1...125126127...428Latest