Check usage of classes in your Puppet-infra

Written by Ger Apeldoorn on. Posted in Manageable Puppet Infrastructure, Sysadmin

It’s always good to know what the impact is of your change. With these scripts, we can easily see which hosts use a specific class.

Example usage

$ module_usage.sh Random
=================================
DTA Server
Count Modulename
=================================
4 Profile::Random
4 Profile::Random::Accounts
4 Profile::Random::Filesystems
4 Profile::Random::Initd
4 Profile::Random::Ulimit
2 Role::Random

=================================
PRODUCTION Server
Count Modulename
=================================
7 Profile::Random
7 Profile::Random::Accounts
7 Profile::Random::Filesystems
7 Profile::Random::Initd
7 Profile::Random::Ulimit
3 Role::Random

Continue reading for info on how to set this up!

Now you have the numbers, use the details-script for the servernames:

$ module_usage_detail.sh Profile::Random
=================================
OTA Server
Hosts for module Profile::Random
=================================
testing host_522.example.com
testing host_523.example.com
testing host_540.example.com
develop host_556.example.com

=================================
PRODUKTIE Server
Hosts for module Profile::Random
=================================
testing host_549.example.com
accept host_550.example.com
accept host_551.example.com
accept host_552.example.com
prod host_233.example.com
prod host_234.example.com
prod host_235.example.com

Setting up

Generate certificate

puppet cert generate puppetdbquery-puppet-ota.example.com

* Move certificates to /etc/puppetlabs/puppet/ssl/puppetdbquery

mkdir /etc/puppetlabs/puppet/ssl/puppetdbquery
mv /etc/puppetlabs/puppet/ssl/private_keys/puppetdbquery-puppet-ota.example.com.pem /etc/puppetlabs/puppet/ssl/puppetdbquery/puppetdbquery-puppet-ota.example.com-private.pem
mv /etc/puppetlabs/puppet/ssl/certs/puppetdbquery-puppet-ota.example.com.pem /etc/puppetlabs/puppet/ssl/puppetdbquery

* Check permissions

cd /etc/puppetlabs/puppet/ssl/puppetdbquery
chown pe-puppet:RHEL_PuppetAccess puppetdbquery-*
chmod o-r *private.pem

Whitelist certificate

* Add the name to the whitelisted_certificates parameter in the puppet_enterprise::profile::puppetdb

Create config-files for puppet query command

cat /etc/puppetlabs/puppet/ssl/puppetdbquery/ota.conf
{
"puppetdb": {
"server_urls": "https://puppet-ota.example.com:8081",
"cacert": "/etc/puppetlabs/puppet/ssl/certs/ca.pem",
"cert": "/etc/puppetlabs/puppet/ssl/puppetdbquery/puppetdbquery-puppet-ota.example.com.pem",
"key": "/etc/puppetlabs/puppet/ssl/puppetdbquery/puppetdbquery-puppet-ota.example.com-private.pem"
}
}
cat /etc/puppetlabs/puppet/ssl/puppetdbquery/prod.conf
{
"puppetdb": {
"server_urls": "https://puppet-prod.example.com:8081",
"cacert": "/etc/puppetlabs/puppet/ssl/puppetdbquery/ca-prod.pem",
"cert": "/etc/puppetlabs/puppet/ssl/puppetdbquery/puppetdbquery-prod-puppet-ota.example.com.pem",
"key": "/etc/puppetlabs/puppet/ssl/puppetdbquery/puppetdbquery-prod-puppet-ota.example.com-private.pem"
}
}

Create scripts

cat /usr/local/bin/module_usage_detail.sh
#!/bin/bash
echo "================================="
echo "OTA Server"
echo "Hosts for module $1"
echo "================================="
puppet query -c /etc/puppetlabs/puppet/ssl/puppetdbquery/ota.conf "inventory[certname,environment] { resources { type = \"Class\" and title = \"$1\"}}" | jq -r '.[] | "\(.environment)\t\(.certname)"' | sort -k1

echo ""
echo "================================="
echo "PRODUKTIE Server"
echo "Hosts for module $1"
echo "================================="
puppet query -c /etc/puppetlabs/puppet/ssl/puppetdbquery/prod.conf "inventory[certname,environment] { resources { type = \"Class\" and title = \"$1\"}}" | jq -r '.[] | "\(.environment)\t\(.certname)"' | sort -k1
cat /usr/local/bin/module_usage.sh
#!/bin/bash
echo "================================="
echo "OTA Server"
echo "Count Modulename"
echo "================================="
puppet query -c /etc/puppetlabs/puppet/ssl/puppetdbquery/ota.conf "resources[title, count()] { type = \"Class\" and title ~ \"$1\" group by title}" | jq -r '.[] | "\(.count)\t\(.title)"' | sort -k2

echo ""
echo "================================="
echo "PRODUKTIE Server"
echo "Count Modulename"
echo "================================="
puppet query -c /etc/puppetlabs/puppet/ssl/puppetdbquery/prod.conf "resources[title, count()] { type = \"Class\" and title ~ \"$1\" group by title}" | jq -r '.[] | "\(.count)\t\(.title)"' | sort -k2