📅  最后修改于: 2020-10-31 14:11:55             🧑  作者: Mango
Puppet使用RESTful API作为Puppet主服务器和Puppet代理之间的通信通道。以下是访问此RESTful API的基本URL。
https://brcleprod001:8140/{environment}/{resource}/{key}
https://brcleprod001:8139/{environment}/{resource}/{key}
Puppet通常负责安全性和SSL证书管理。但是,如果希望在群集外部使用RESTful API,则在尝试连接到计算机时,需要自己管理证书。可以通过rest authconfig文件配置Puppet的安全策略。
可以将Curl实用程序用作休息RESTful API连接的基本实用程序。以下是如何使用REST API curl命令检索节点目录的示例。
curl --cert /etc/puppet/ssl/certs/brcleprod001.pem --key
/etc/puppet/ssl/private_keys/brcleprod001.pem
在以下命令集中,我们只是设置SSL证书,具体取决于SSL目录的位置和所使用节点的名称,SSL证书会有所不同。例如,让我们看下面的命令。
curl --insecure -H 'Accept: yaml'
https://brcleprod002:8140/production/catalog/brcleprod001
在上面的命令中,我们只发送一个标头,指定我们想要返回的一种或多种格式,而在生产环境中用于生成brcleprod001目录的RESTful URL将生成以下输出。
--- &id001 !ruby/object:Puppet::Resource::Catalog
aliases: {}
applying: false
classes: []
...
让我们假设另一个示例,我们想从Puppet主服务器取回CA证书。它不需要使用自己的签名SSL证书进行身份验证,因为在身份验证之前这是必需的。
curl --insecure -H 'Accept: s' https://brcleprod001:8140/production/certificate/ca
-----BEGIN CERTIFICATE-----
MIICHTCCAYagAwIBAgIBATANBgkqhkiG9w0BAQUFADAXMRUwEwYDVQQDDAxwdXBw
GET /certificate/{ca, other}
curl -k -H "Accept: s" https://brcelprod001:8140/production/certificate/ca
curl -k -H "Accept: s" https://brcleprod002:8139/production/certificate/brcleprod002
经过身份验证的资源(需要有效的签名证书)。
GET /{environment}/catalog/{node certificate name}
curl -k -H "Accept: pson" https://brcelprod001:8140/production/catalog/myclient
GET /certificate_revocation_list/ca
curl -k -H "Accept: s" https://brcleprod001:8140/production/certificate/ca
GET /{environment}/certificate_requests/{anything} GET
/{environment}/certificate_request/{node certificate name}
curl -k -H "Accept: yaml" https://brcelprod001:8140/production/certificate_requests/all
curl -k -H "Accept: yaml" https://brcleprod001:8140/production/certificate_request/puppetclient
PUT /{environment}/report/{node certificate name}
curl -k -X PUT -H "Content-Type: text/yaml" -d "{key:value}" https://brcleprod002:8139/production
GET /{environment}/node/{node certificate name}
curl -k -H "Accept: yaml" https://brcleprod002:8140/production/node/puppetclient
GET /{environment}/status/{anything}
curl -k -H "Accept: pson" https://brcleprod002:8140/production/certificate_request/puppetclient
在任何计算机上设置新代理后,默认情况下,Puppet代理不会侦听HTTP请求。需要在Puppet中通过在puppet.conf文件中添加“ listen = true”来启用它。这将使Puppet代理能够在Puppet代理启动时侦听HTTP请求。
GET /{environment}/facts/{anything}
curl -k -H "Accept: yaml" https://brcelprod002:8139/production/facts/{anything}
运行-导致客户端进行更新,例如人偶或人偶踢。
PUT /{environment}/run/{node certificate name}
curl -k -X PUT -H "Content-Type: text/pson" -d "{}"
https://brcleprod002:8139/production/run/{anything}