On Tue, 20 Oct 2015, Corey Osman wrote:
We are trying to create some decommission orchestration scripts and need to
perform the following tasks.
1. clean cert
2. remove node from puppetdb
3. remove reports from pe-console
Now it looks like puppet node —clean <CERTNAME> can perform just about all
those task and even more so in 2015.02.
However, I’ll need to run that command via a REST API through VMware VRO.
It seems as if this command is exposed via REST but maybe not all the
functionality is available.
https://github.com/puppetlabs/puppet/blob/3.8.3/api/docs/http_node.md
<https://github.com/puppetlabs/puppet/blob/3.8.3/api/docs/http_node.md>
So my question is: Does this docoument cover all the available http calls?
As I am looking for the clean functionally to be present in the REST API.
Also, where in the puppet server code base does this link back to? Does the
puppet server automatically wrap all the puppet faces into a RESTFUL API?
Hey Corey. The 'puppet node --clean' functionality is actually a wrapper that
uses quite a few different API calls under the hood to clean up all the bits
of data that nodes leave around:
https://github.com/puppetlabs/puppet/blob/master/lib/puppet/face/node/clean.rb#L47-L52
If you look at the different actions in that method, some of them are
definitely available over HTTP, like certificate revocation and removing
reports, but `puppet node --clean` command isn't itself exposed over the node
REST endpoint, which is why the docs you found show only the 'find' action.
Just to be clear on terminology, the 'puppet server' doesn't support faces; it
just terminates network connections. Faces is part of the ruby puppet
codebase that, at its heart, is a two-part API :
- bits that let you build command-line applications, with help/usage info,
subcommands, etc
- bits that expose those actions for use by other faces, so once you're in the
framework you can compose actions (like node cleaning) by calling into other
faces - you can see this in line 56/57 where it calls into `Puppet::Face[:ca]`
There are quite a few classes that use the Indirector in Puppet to provide a
REST implementation (aka 'terminus') over their operations, so HTTP verbs like
GET, POST, DELETE, etc try to do what you'd expect. But the answer to your
direct question is no, there's not an automatic 1:1 mapping between actions
exposed by a particular face and operations available on the corresponding
REST endpoint.
(Also, the above is "to the best of my understanding" and could be wrong!)
Eric Sorenson - eric.soren...@puppetlabs.com - freenode #puppet: eric0
puppet platform // coffee // techno // bicycles
