如何自动将节点添加到组中?
How to automate adding a Node to a Group?
我刚从 PE 3.3 切换到 Puppet Enterprise 3.8。
我过去常常使用 rake api 来创建我的组、类 和节点。这在 PE 3.8 中不再有效,并且除了使用仪表板 (https://docs.puppetlabs.com/pe/latest/console_classes_groups.html#adding-nodes-to-a-node-group) 之外似乎没有任何记录的方式来将节点添加到给定组。
谁能给我指点一些关于如何自动将节点添加到组中的文档?
可以使用Node Classifier API to add groups, or add nodes to a group. You'll need to run these curl commands on the master and include the correct certs with the requests。在下面的命令中,将 "fqdn" 替换为您的主服务器的完全限定域名。
创建一个名为 "foo" 的组,它是默认组
的子组
curl -X POST -H 'Content-Type: application/json' \
--cert /etc/puppetlabs/puppet/ssl/certs/fqdn.pem \
--key /etc/puppetlabs/puppet/ssl/private_keys/fqdn.pem \
--cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
-d '{ "name": "foo",
"parent": "00000000-0000-4000-8000-000000000000",
"environment": "production",
"classes": {}
}' \
https://fqdn:4433/classifier-api/v1/groups
获取所有群组,这样我们就可以得到新建群组的ID
curl 'https://fqdn:4433/classifier-api/v1/groups' \
-H "Content-Type: application/json" \
--cert /etc/puppetlabs/puppet/ssl/certs/fqdn.pem \
--key /etc/puppetlabs/puppet/ssl/private_keys/fqdn.pem \
--cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem
对该请求的响应将包含新创建的组:
{
"environment_trumps": false,
"parent": "00000000-0000-4000-8000-000000000000",
"name": "foo",
"variables": {},
"id": "085e2797-32f3-4920-9412-8e9decf4ef65",
"environment": "production",
"classes": {}
},
修改新组为"pin"一个节点
curl -X POST -H 'Content-Type: application/json' \
--cert /etc/puppetlabs/puppet/ssl/certs/fqdn.pem \
--key /etc/puppetlabs/puppet/ssl/private_keys/fqdn.pem \
--cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
-d '{ "rule": ["or", ["=", "name", "u38a.vm"]] }' \
https://fqdn:4433/classifier-api/v1/groups/085e2797-32f3-4920-9412-8e9decf4ef65
将新组修改为"pin"另一个节点(您必须提供完整的新规则)
curl -X POST -H 'Content-Type: application/json' \
--cert /etc/puppetlabs/puppet/ssl/certs/fqdn.pem \
--key /etc/puppetlabs/puppet/ssl/private_keys/fqdn.pem \
--cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
-d '{ "rule": ["or", ["=", "name", "u38a.vm"], ["=", "name", "u38.vm"]] }' \
https://fqdn:4433/classifier-api/v1/groups/085e2797-32f3-4920-9412-8e9decf4ef65
更新2016-04-12
从 Puppet Enterprise 2016.1.1 开始,您可以使用 new pin/unpin endpoints of the classifier API 更轻松地执行此操作:
固定节点
curl -X POST -H 'Content-Type: application/json' \
--cert $(puppet config print hostcert) \
--key $(puppet config print hostprivkey) \
--cacert $(puppet config print localcacert) \
-d '{"nodes": ["foo.tld", "bar.tld", "baz.tld"]}' \
https://$HOSTNAME:4433/classifier-api/v1/groups/<group id>/pin
取消固定节点
curl -X POST -H 'Content-Type: application/json' \
--cert $(puppet config print hostcert) \
--key $(puppet config print hostprivkey) \
--cacert $(puppet config print localcacert) \
-d '{"nodes": ["foo.tld", "bar.tld", "baz.tld"]}' \
https://$HOSTNAME:4433/classifier-api/v1/groups/<group id>/unpin
从所有组中取消固定节点
使用新的(技术预览)commands/unpin-from-all端点:
curl -X POST -H 'Content-Type: application/json' \
--cert $(puppet config print hostcert) \
--key $(puppet config print hostprivkey) \
--cacert $(puppet config print localcacert) \
-d '{"nodes": ["foo.tld", "bar.tld", "baz.tld"]}' \
https://$HOSTNAME:4433/classifier-api/v1/commands/unpin-from-all
对于所有这些端点,您还可以 generate a token 并提供它,而不是使用基于证书的身份验证。
我刚从 PE 3.3 切换到 Puppet Enterprise 3.8。 我过去常常使用 rake api 来创建我的组、类 和节点。这在 PE 3.8 中不再有效,并且除了使用仪表板 (https://docs.puppetlabs.com/pe/latest/console_classes_groups.html#adding-nodes-to-a-node-group) 之外似乎没有任何记录的方式来将节点添加到给定组。
谁能给我指点一些关于如何自动将节点添加到组中的文档?
可以使用Node Classifier API to add groups, or add nodes to a group. You'll need to run these curl commands on the master and include the correct certs with the requests。在下面的命令中,将 "fqdn" 替换为您的主服务器的完全限定域名。
创建一个名为 "foo" 的组,它是默认组
的子组curl -X POST -H 'Content-Type: application/json' \
--cert /etc/puppetlabs/puppet/ssl/certs/fqdn.pem \
--key /etc/puppetlabs/puppet/ssl/private_keys/fqdn.pem \
--cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
-d '{ "name": "foo",
"parent": "00000000-0000-4000-8000-000000000000",
"environment": "production",
"classes": {}
}' \
https://fqdn:4433/classifier-api/v1/groups
获取所有群组,这样我们就可以得到新建群组的ID
curl 'https://fqdn:4433/classifier-api/v1/groups' \
-H "Content-Type: application/json" \
--cert /etc/puppetlabs/puppet/ssl/certs/fqdn.pem \
--key /etc/puppetlabs/puppet/ssl/private_keys/fqdn.pem \
--cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem
对该请求的响应将包含新创建的组:
{
"environment_trumps": false,
"parent": "00000000-0000-4000-8000-000000000000",
"name": "foo",
"variables": {},
"id": "085e2797-32f3-4920-9412-8e9decf4ef65",
"environment": "production",
"classes": {}
},
修改新组为"pin"一个节点
curl -X POST -H 'Content-Type: application/json' \
--cert /etc/puppetlabs/puppet/ssl/certs/fqdn.pem \
--key /etc/puppetlabs/puppet/ssl/private_keys/fqdn.pem \
--cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
-d '{ "rule": ["or", ["=", "name", "u38a.vm"]] }' \
https://fqdn:4433/classifier-api/v1/groups/085e2797-32f3-4920-9412-8e9decf4ef65
将新组修改为"pin"另一个节点(您必须提供完整的新规则)
curl -X POST -H 'Content-Type: application/json' \
--cert /etc/puppetlabs/puppet/ssl/certs/fqdn.pem \
--key /etc/puppetlabs/puppet/ssl/private_keys/fqdn.pem \
--cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
-d '{ "rule": ["or", ["=", "name", "u38a.vm"], ["=", "name", "u38.vm"]] }' \
https://fqdn:4433/classifier-api/v1/groups/085e2797-32f3-4920-9412-8e9decf4ef65
更新2016-04-12
从 Puppet Enterprise 2016.1.1 开始,您可以使用 new pin/unpin endpoints of the classifier API 更轻松地执行此操作:
固定节点
curl -X POST -H 'Content-Type: application/json' \
--cert $(puppet config print hostcert) \
--key $(puppet config print hostprivkey) \
--cacert $(puppet config print localcacert) \
-d '{"nodes": ["foo.tld", "bar.tld", "baz.tld"]}' \
https://$HOSTNAME:4433/classifier-api/v1/groups/<group id>/pin
取消固定节点
curl -X POST -H 'Content-Type: application/json' \
--cert $(puppet config print hostcert) \
--key $(puppet config print hostprivkey) \
--cacert $(puppet config print localcacert) \
-d '{"nodes": ["foo.tld", "bar.tld", "baz.tld"]}' \
https://$HOSTNAME:4433/classifier-api/v1/groups/<group id>/unpin
从所有组中取消固定节点
使用新的(技术预览)commands/unpin-from-all端点:
curl -X POST -H 'Content-Type: application/json' \
--cert $(puppet config print hostcert) \
--key $(puppet config print hostprivkey) \
--cacert $(puppet config print localcacert) \
-d '{"nodes": ["foo.tld", "bar.tld", "baz.tld"]}' \
https://$HOSTNAME:4433/classifier-api/v1/commands/unpin-from-all
对于所有这些端点,您还可以 generate a token 并提供它,而不是使用基于证书的身份验证。