Lita Handler for Interacting with Puppet
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
locales
spec
templates
.gitignore
.rubocop.yml
.travis.yml
CONTRIBUTING.md
Gemfile
LICENSE
README.md
Rakefile
lita-puppet.gemspec

README.md

lita-puppet

Build Status MIT License Gem Version Code Climate

A Lita handler plugin for some basic Puppet operations.

Installation

Add lita-puppet to your Lita instance's Gemfile:

gem "lita-puppet"

Prerequisites

  • Some of the commands require a PuppetDB server, and it must be specified in the configuration.
  • Other commands require that Lita has SSH access to machines using an SSH key, and that Lita has Passwordless sudo capabilities. This sounds scary, but it can be done in a very restrictive way (and if you're using puppet, you can automate it).
  • Lita authorization groups are used to restrict certain commands

Configuration

  • config.handlers.puppet.master_hostname - Puppet Master's hostname
  • config.handlers.puppet.puppetdb_url - PuppetDB hostname (for the puppetdb-ruby gem)
  • config.handlers.puppet.puppetdb_api_vers - PuppetDB api version (for the puppetdb-ruby gem)
  • config.handlers.puppet.puppetdb_key - key file for puppetdb ssl (for the puppetdb-ruby gem)
  • config.handlers.puppet.puppetdb_cert - cert file for puppetdb (for the puppetdb-ruby gem)
  • config.handlers.puppet.puppetdb_ca_cert - ca file for puppetdb (for the puppetdb-ruby gem)
  • config.handlers.puppet.ssh_user - SSH user for the Puppet Master for r10k deployments

PuppetDB APIv4

If you are using this with version 4 of the PuppetDB api you append /pdq/query to the end of the PuppetDB server url. See this issue for more info

Usage

Deploying an environment via r10k

puppet r10k [environment [module]]

This requires the user is a member of the puppet_admins authorization group.

This is also available as:

puppet deploy [environment [module]]
pp deploy [environment [module]]
pp r10k [environment [module]]

Trigger a manual run of the Puppet agent on a host

puppet agent run on <host>

This requires the user is a member of the puppet_admins authorization group.

This is also available as:

puppet run on <host>
puppet run <host>
pp agent run on <host>
pp run on <host>
pp on <host>

Though we don't recomend that last one...

Remove an SSL cert from the Puppet Master

puppet cert clean <host>

This requires the user is a member of the puppet_admins authorization group.

This is also available as:

pp cert clean <host>

Note though that this doesn't do anything on the client side. If you want puppet to work on the <host> machine you'll need to generate a new cert. Usually you run this if you're planning to do that anyway though.

Query PuppetDB for the Roles and Profiles used by a node

puppet roles and profiles <certname>

This is also available as:

puppet r&p <certname>
puppet profiles <certname>
puppet roles <certname>
pp roles and profiles <certname>
pp r&p <certname>
pp profiles <certname>
pp roles <certname>

Where <certname> is the SSL certificate name used for Puppet. This is usually the FQDN for the host. This query assumes you use the roles and profiles paradigm with the classes namespaced as profile::example and role::example etc.. Using only roles or profiles in the command will only return the requested information.

Query PuppetDB for the nodes associated with a class

puppet class nodes <class>

This is also available as:

pp class nodes <class>

Where <class> is a class name as it shows up in the catalog. Usually something like Role::Foo_bar

Query PuppetDB for the fact value of a given node

puppet fact <certname> <fact>

This is also available as:

pp fact <certname> <fact>

Query PuppetDB for some basic info about a node

puppet <certname> info

This is also available as:

pp <certname> info

This queries the PuppetDB nodes endpoint