I wanted to use the puppetdb api to be able to sniff out some various anomalies that the console doesn't easily show me. I wanted to do this via powershell because I know it better than bash or Python or whatever language smarter folks than me would use. I had to wade through some poorly documented challenges and I thought I would share them with the other kids here.
Firstly, you need to make the certs meet up nicely. The instructions for curl give three certs to use, but powershell's invoke-webrequest only accepts one. I had to install openssl (cinst openssl.light) and run: openssl pkcs12 -export -out c:\pupcert.pfx -inkey "C:\ProgramData\PuppetLabs\puppet\etc\ssl\private_keys\<NODENAMEREDACTED>.pem" -in "C:\ProgramData\PuppetLabs\puppet\etc\ssl\certs\<NODENAMEREDACTED>.pem" -certfile "C:\ProgramData\PuppetLabs\puppet\etc\ssl\certs\ca.pem" I entered no password, but don't tell nobody. Before it works, you'll need to whitelist the node you plan on using to run the script at "/etc/puppetlabs/puppetdb/certificate-whitelist". If you do not, you will get the error "You shall not pass!" or somesuch sass. Then, you can read the cert and start making requests and working with the data. Here is a small script to view nodes that don't have the package "newrelic_dotnet_agent" in their catalog. $package = "newrelic_dotnet_agent" $cert = get-pfxCertificate c:\pupcert.pfx $a = Invoke-WebRequest -Uri https://puppet:8081/v3/nodes -method GET -Certificate $cert $c = $a.Content | ConvertFrom-Json foreach ($b in $c){ $d = $b.name $e = Invoke-WebRequest -Uri https://puppet:8081/v3/nodes/$d/resources/Package/$package -method GET -Certificate $cert if ($e.content -eq "[ ]"){ $d } clear-variable $e } I hope this saves someone else a lot of hassle working with certs and whitelists and specificurls. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2340a9d0-6bed-4546-9d9d-0f3c6f291ce9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
