puppet-enterprise - How to automate adding a Node to a Group?

Question

I have just switched to Puppet Enterprise 3.8 from PE 3.3. I use to use the rake api to create my groups, classes and nodes. This no longer works in PE 3.8 and there does not appear to be any documented way, other than using the dashboard (https://docs.puppetlabs.com/pe/latest/console_classes_groups.html#adding-nodes-to-a-node-group), to add nodes to a given group.

Can someone point me to some documentation of how one automates the adding of nodes to a group?

score 4 · Accepted Answer

您可以使用节点分类器 API添加组，或将节点添加到组。您需要在 master 上运行这些 curl 命令，并在 requests 中包含正确的证书。在以下命令中，将“fqdn”替换为您的主服务器的完全限定域名。

创建一个名为“foo”的组，它是默认组的子组

curl -X POST -H 'Content-Type: application/json' \
  --cert /etc/puppetlabs/puppet/ssl/certs/fqdn.pem \
  --key /etc/puppetlabs/puppet/ssl/private_keys/fqdn.pem \
  --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
  -d '{ "name": "foo",
        "parent": "00000000-0000-4000-8000-000000000000",
        "environment": "production",
        "classes": {}
      }' \
  https://fqdn:4433/classifier-api/v1/groups

获取所有组，以便我们可以获取新创建的组的 ID

curl 'https://fqdn:4433/classifier-api/v1/groups' \
   -H "Content-Type: application/json" \
   --cert /etc/puppetlabs/puppet/ssl/certs/fqdn.pem \
   --key /etc/puppetlabs/puppet/ssl/private_keys/fqdn.pem \
   --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem

对该请求的响应将包含新创建的组：

{
  "environment_trumps": false,
  "parent": "00000000-0000-4000-8000-000000000000",
  "name": "foo",
  "variables": {},
  "id": "085e2797-32f3-4920-9412-8e9decf4ef65",
  "environment": "production",
  "classes": {}
},

修改新组以“固定”一个节点

curl -X POST -H 'Content-Type: application/json' \
  --cert /etc/puppetlabs/puppet/ssl/certs/fqdn.pem \
  --key /etc/puppetlabs/puppet/ssl/private_keys/fqdn.pem \
  --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
  -d '{ "rule": ["or", ["=", "name", "u38a.vm"]] }' \
  https://fqdn:4433/classifier-api/v1/groups/085e2797-32f3-4920-9412-8e9decf4ef65

修改新组以“固定”另一个节点（您必须提供完整的新规则）

curl -X POST -H 'Content-Type: application/json' \
  --cert /etc/puppetlabs/puppet/ssl/certs/fqdn.pem \
  --key /etc/puppetlabs/puppet/ssl/private_keys/fqdn.pem \
  --cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
  -d '{ "rule": ["or", ["=", "name", "u38a.vm"], ["=", "name", "u38.vm"]] }' \
  https://fqdn:4433/classifier-api/v1/groups/085e2797-32f3-4920-9412-8e9decf4ef65

2016-04-12 更新

从 Puppet Enterprise 2016.1.1 开始，您可以使用分类器 API 的新 pin/unpin 端点更轻松地执行此操作：

固定节点

curl -X POST -H 'Content-Type: application/json' \
  --cert $(puppet config print hostcert) \
  --key $(puppet config print hostprivkey) \
  --cacert $(puppet config print localcacert) \
-d '{"nodes": ["foo.tld", "bar.tld", "baz.tld"]}' \
  https://$HOSTNAME:4433/classifier-api/v1/groups/<group id>/pin

取消固定节点

curl -X POST -H 'Content-Type: application/json' \
  --cert $(puppet config print hostcert) \
  --key $(puppet config print hostprivkey) \
  --cacert $(puppet config print localcacert) \
-d '{"nodes": ["foo.tld", "bar.tld", "baz.tld"]}' \
  https://$HOSTNAME:4433/classifier-api/v1/groups/<group id>/unpin

从所有组中取消固定节点

使用新的（技术预览）commands/unpin-from-all端点：

curl -X POST -H 'Content-Type: application/json' \
  --cert $(puppet config print hostcert) \
  --key $(puppet config print hostprivkey) \
  --cacert $(puppet config print localcacert) \
-d '{"nodes": ["foo.tld", "bar.tld", "baz.tld"]}' \
  https://$HOSTNAME:4433/classifier-api/v1/commands/unpin-from-all

使用所有这些端点，您还可以生成令牌并提供该令牌，而不是使用基于证书的身份验证。