📌  相关文章
📜  puppet RESTful API

📅  最后修改于: 2021-01-08 05:05:15             🧑  作者: Mango

puppet RESTful API

为了提供Puppet主服务器与代理之间的通信,Puppet使用RESTful API。访问RESTful API的URL为:

https://brcleprod001:8140/{environment}/{resource}/{key} 
https://brcleprod001:8139/{environment}/{resource}/{key}

安全

Puppet通常处理与安全性和SSL证书相关的管理任务。尽管如此,在尝试连接到系统时,如果要应用群集的RESTful API,则必须自己处理证书。要为Puppet配置安全策略,请使用自动配置文件。

测试REST API

要测试RESTful API连接性,我们可以使用curl实用程序。让我们看一个使用REST API curl命令检索节点目录的示例:

curl --cert /etc/puppet/ssl/certs/brcleprod001.pem --key 
   /etc/puppet/ssl/private_keys/brcleprod001.pem

在下一系列命令中,我们将设置SSL证书。它取决于SSL目录的位置和所使用的节点名称。例如,考虑以下命令:

curl --insecure -H 'Accept: yaml' 
https://brcleprod002:8140/production/catalog/brcleprod001

上面的命令发送一个标头,该标头用于定义要返回的格式,并发送一个RESTful URL,以在生产环境中为brcleprod001创建目录并产生给定的输出:

--- &id001 !ruby/object:Puppet::Resource::Catalog 
aliases: {} 
applying: false 
classes: [] 
...

让我们考虑另一个示例,从Puppet主服务器获取CA证书。无需使用其自己的签名SSL证书进行身份验证。必须先进行身份验证,然后才能进行身份验证。

curl --insecure -H 'Accept: s' https://brcleprod001:8140/production/certificate/ca

-----BEGIN CERTIFICATE-----
MIICHTCCAYagAwIBAgIBATANBgkqhkiG9w0BAQUFADAXMRUwEwYDVQQDDAxwdXBw

Puppet Master和Agent共享API参考

GET /certificate/{ca, other}  

curl -k -H "Accept: s" https://brcelprod001:8140/production/certificate/ca 
curl -k -H "Accept: s" https://brcleprod002:8139/production/certificate/brcleprod002

puppet 大师API参考

经过身份验证的资源(需要有效的签名证书)。

产品目录

GET /{environment}/catalog/{node certificate name} 

curl -k -H "Accept: pson" https://brcelprod001:8140/production/catalog/myclient

证书吊销列表

GET /certificate_revocation_list/ca 

curl -k -H "Accept: s" https://brcleprod001:8140/production/certificate/ca

证书申请

GET /{environment}/certificate_requests/{anything} GET 
/{environment}/certificate_request/{node certificate name}  

curl -k -H "Accept: yaml" https://brcelprod001:8140/production/certificate_requests/all 
curl -k -H "Accept: yaml" https://brcleprod001:8140/production/certificate_request/puppetclient

提交一份报告

PUT /{environment}/report/{node certificate name}  
curl -k -X PUT -H "Content-Type: text/yaml" -d "{key:value}" https://brcleprod002:8139/production

节点?有关特定节点的事实

GET /{environment}/node/{node certificate name}  

curl -k -H "Accept: yaml" https://brcleprod002:8140/production/node/puppetclient

状态 ?用于测试

GET /{environment}/status/{anything}  

curl -k -H "Accept: pson" https://brcleprod002:8140/production/certificate_request/puppetclient

人偶代理API参考

在计算机上添加新代理时,默认情况下,Puppet代理不侦听HTTP请求。我们必须手动启用它。将以下行复制到puppet.conf文件中:

"listen=true"

现在,Puppet代理可以侦听HTTP请求。

事实

GET /{environment}/facts/{anything}  

curl -k -H "Accept: yaml" https://brcelprod002:8139/production/facts/{anything}

运行-像操纵client或踢puppet 一样更新客户端。

curl -k -X PUT -H "Content-Type: text/pson" -d "{}" 
https://brcleprod002:8139/production/run/{anything}