puppet catalog find --terminus json on puppet master

[Matt Zagrabelny]

Greetings,

I'm using puppet 5.5.10 (Debian Buster).

From the puppet master system, I'm trying to get all the resources in a catalog for a given node.

On a node "foo.example.com" I can with:

foo# puppet catalog find --terminus json | wc -l

6271

but on the master I've tried:

puppet# puppet catalog find --terminus json foo.example.com | wc -l

0

If I try a rest terminus I get:

puppet# puppet catalog find --terminus rest foo.example.com | wc -l
Error: Could not call 'find' on 'catalog': Error 403 on SERVER: Not Authorized: Forbidden request: /puppet/v3/catalog/git.d.umn.edu [find]
Error: Could not call 'find' on 'catalog': Error 403 on SERVER: Not Authorized: Forbidden request: /puppet/v3/catalog/git.d.umn.edu [find]
Error: Try 'puppet help catalog find' for usage

Any ideas on how to get a node's catalog from the master?

Thanks,

-m

[David Schmitt]

The most recent releases of puppetserver have an API endpoint specifically designed for this usecase: https://puppet.com/docs/puppetserver/latest/puppet-api/v4/catalog.html

You'll also need to enable access to that endpoint in auth.conf for the server you want to access that API from.

You can experiment with the certless catalog indirector from https://github.com/puppetlabs/ace/blob/master/lib/puppet/indirector/catalog/certless.rbto integrate into the CLI you're asking about, but that'll likely require some work to pass through the required fields.

Cheers, David

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAOLfK3Xf8ePFU33PoOv4w55DYnuLOw7qN7RYVjSE20ZUJKAvyw%40mail.gmail.com.

[Matt Zagrabelny]

Hey David,

Thanks for the reply!

On Tue, Sep 17, 2019 at 5:58 AM David Schmitt <david....@puppet.com> wrote:

The most recent releases of puppetserver have an API endpoint specifically designed for this usecase: https://puppet.com/docs/puppetserver/latest/puppet-api/v4/catalog.html

Okay. I'm only on puppet 5.5.

 

You'll also need to enable access to that endpoint in auth.conf for the server you want to access that API from.

You can experiment with the certless catalog indirector from https://github.com/puppetlabs/ace/blob/master/lib/puppet/indirector/catalog/certless.rbto integrate into the CLI you're asking about, but that'll likely require some work to pass through the required fields.

Hmmm... So for 5.5 using this ruby file is about the only option to generate the catalog on the master?

Thanks for the help!

-m

[David Schmitt]

On Tue, 17 Sep 2019 at 14:13, Matt Zagrabelny <mzag...@d.umn.edu> wrote:

Hey David,

Thanks for the reply!

On Tue, Sep 17, 2019 at 5:58 AM David Schmitt <david....@puppet.com> wrote:

The most recent releases of puppetserver have an API endpoint specifically designed for this usecase: https://puppet.com/docs/puppetserver/latest/puppet-api/v4/catalog.html

Okay. I'm only on puppet 5.5.

New features only get added to new versions.

 

You'll also need to enable access to that endpoint in auth.conf for the server you want to access that API from.

You can experiment with the certless catalog indirector from https://github.com/puppetlabs/ace/blob/master/lib/puppet/indirector/catalog/certless.rbto integrate into the CLI you're asking about, but that'll likely require some work to pass through the required fields.

Hmmm... So for 5.5 using this ruby file is about the only option to generate the catalog on the master?

This still requires availability of the new API in puppetserver.

 

Cheers, David

Thanks for the help!

-m

--

You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAOLfK3WRHRWeWFmpp5sOpdi%2BBcZcHAPQwEoOq_J5ucQAO51nYg%40mail.gmail.com.