Skip to content

jpadams/puppetconf_api

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
01_status1.sh
01_status1.sh
 
 
02_status2.sh
02_status2.sh
 
 
03_generate.sh
03_generate.sh
 
 
04_status3.sh
04_status3.sh
 
 
05_whitelist_GUI
05_whitelist_GUI
 
 
06_pdb.sh
06_pdb.sh
 
 
07_ds1.sh
07_ds1.sh
 
 
08_ds2.sh
08_ds2.sh
 
 
09_groups1.sh
09_groups1.sh
 
 
10_groups2.sh
10_groups2.sh
 
 
11_groups3.sh
11_groups3.sh
 
 
README.md
README.md
 
 
apifun.sh
apifun.sh
 
 
reset_ds.sh
reset_ds.sh
 
 
status.py
status.py
 
 
web_links.html
web_links.html
 
 
x_activity_csv.sh
x_activity_csv.sh
 
 
x_install_puppetclassify.sh
x_install_puppetclassify.sh
 
 
x_show_group.py
x_show_group.py
 
 
x_sign_cert.sh
x_sign_cert.sh
 
 
x_status.py
x_status.py
 
 
x_windows_status1.ps1
x_windows_status1.ps1
 
 
x_windows_status2.ps1
x_windows_status2.ps1
 
 

Repository files navigation

puppetconf_api

#####Recent changes: I changed (most of) the examples to use $(puppet config print hostcert) instead of `puppet config print hostcert` for command substitution since that syntax works on Windows as well as *nix.

I also added "--tlsv1" to all of the curl commands because I realized that some people's curl might be trying to use SSLv2 or SSLv3 which are disabled in Puppet services because of vulnerabilities like POODLE. This forces curl to use a protocol in the TLS 1.x family. PE 2015.2.x uses TLS 1.2 by default. You can check this out with curl by trying to use a different explicit protocol like "--sslv3" with the "-v" verbose option and watching it fail. You can also use these fun openssl commands:

openssl s_client -ssl3 -connect learning.puppetlabs.vm:8140
openssl s_client -tls1 -connect learning.puppetlabs.vm:8140

The presentation we used is available on SlideShare at http://www.slideshare.net/JeremyAdams2/puppetconf-2015-puppet-api-roundup

These examples were done on the Learning VM that you can find at http://learn.puppetlabs.com.

If you want to set up your Learning VM to be able to hit the Console Services 'status' API via HTTP on port 8123 like I do in my first example, see the docs here: https://docs.puppetlabs.com/pe/latest/status_api.html#authenticating-requests

I installed a couple of python things for these examples.

pip install httpie
pip install requests

#####If you are going to try to manage the CA API for cert signing from a machine other than the master: Warning: If you are running PE 2015.2 or 2015.2.1, you will need to fix a puppet_enterprise profile class before you can manage the client_whitelist. This only affects the Puppet Server's CA whitelist, not PuppetDB or Console. This is so you don't get frustrated when it doesn't work when you try this at home. This is patched in the 2015.2.2 release that probably came out as you're reading this.

  1. Edit /opt/puppetlabs/puppet/modules/puppet_enterprise/manifests/profile/certificate_authority.pp
  2. Change line #37
    • From: value => pe_join($_client_whitelist, ', '),
    • To: value => [$puppet_enterprise::params::console_client_certname] + $client_whitelist,

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

8 stars

Watchers

5 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages