Uploaded image for project: 'PuppetDB'
  1. PuppetDB
  2. PDB-1538

Add Documentation related to PowerShell / PuppetDB API access



    • Task
    • Status: Closed
    • Normal
    • Resolution: Won't Fix
    • None
    • None
    • PuppetDB


      From https://groups.google.com/forum/#!msg/puppet-users/UFm6Oo5sNd4/Gi-R1z6x3g0J :

      wanted to use the puppetdb api to be able to sniff out some various anomalies that the console doesn't easily show me. I wanted to do this via powershell because I know it better than bash or Python or whatever language smarter folks than me would use. I had to wade through some poorly documented challenges and I thought I would share them with the other kids here.

      Firstly, you need to make the certs meet up nicely. The instructions for curl give three certs to use, but powershell's invoke-webrequest only accepts one. I had to install openssl (cinst openssl.light) and run:

      openssl pkcs12 -export -out c:\pupcert.pfx -inkey "C:\ProgramData\PuppetLabs\puppet\etc\ssl\private_keys\<NODENAMEREDACTED>.pem" -in "C:\ProgramData\PuppetLabs\puppet\etc\ssl\certs\<NODENAMEREDACTED>.pem" -certfile "C:\ProgramData\PuppetLabs\puppet\etc\ssl\certs\ca.pem"

      I entered no password, but don't tell nobody.
      Before it works, you'll need to whitelist the node you plan on using to run the script at "/etc/puppetlabs/puppetdb/certificate-whitelist". If you do not, you will get the error "You shall not pass!" or somesuch sass.
      Then, you can read the cert and start making requests and working with the data. Here is a small script to view nodes that don't have the package "newrelic_dotnet_agent" in their catalog.

      $package = "newrelic_dotnet_agent"
      $cert = get-pfxCertificate c:\pupcert.pfx
      $a = Invoke-WebRequest -Uri https://puppet:8081/v3/nodes -method GET -Certificate $cert
      $c = $a.Content | ConvertFrom-Json

      foreach ($b in $c){
      $d = $b.name
      $e = Invoke-WebRequest -Uri https://puppet:8081/v3/nodes/$d/resources/Package/$package -method GET -Certificate $cert
      if ($e.content -eq "[ ]")

      Unknown macro: { $d }

      clear-variable $e

      I hope this saves someone else a lot of hassle working with certs and whitelists and specificurls.

      Adding the information presented here to PuppetDB documentation for PowerShell has been known to produce good Windows karma.




            Unassigned Unassigned
            rob Rob Reynolds
            0 Vote for this issue
            2 Start watching this issue



              Zendesk Support