Skip to content

Instantly share code, notes, and snippets.

@natemccurdy
Last active March 24, 2022 07:19
Show Gist options
  • Save natemccurdy/44e291a43b37e0d3816e8480f15329e8 to your computer and use it in GitHub Desktop.
Save natemccurdy/44e291a43b37e0d3816e8480f15329e8 to your computer and use it in GitHub Desktop.
puppetdb query scripts
#!/bin/bash
#
# This script acts a replacement for the "puppet query" command.
# This uses curl and certificates to mimic the built-in query command that uses RBAC tokens.
#
# Use this script when 'puppet query' won't work because PuppetDB has been hotfixed
# and its RBAC integration is broken.
#
# Run this script from a PuppetDB node or a Compile Master that has PuppetDB on it.
#
# Usage:
# ./puppet-qeury.sh '<PQL_QUERY>'
#
# Example:
# ./puppet-query.sh 'facts[value] {name = "datacenter" and certname = "foo.corp.net"}'
#
[[ -n $1 ]] || { echo -e "\nFAIL: Missing the query!\nUsage: ${0} '<PQL_QUERY>'\n" >&2; exit 1; }
query="${1}"
local_certname="$(puppet agent --configprint certname)"
curl -sk https://localhost:8081/pdb/query/v4 \
-X GET \
--cert "/etc/puppetlabs/puppet/ssl/certs/${local_certname}.pem" \
--key "/etc/puppetlabs/puppet/ssl/private_keys/${local_certname}.pem" \
--cacert "/etc/puppetlabs/puppet/ssl/certs/ca.pem" \
--data-urlencode "query=${query}"
#!/bin/bash
#
# This script will query for the latest report of a Puppet agent
# and output it as JSON to STDOUT.
#
# Usage:
# ./query_latest_report.sh <AGENT_CERTNAME>
#
# Example:
# ./query_latest_report.sh web001.corp.net
#
[[ -n $1 ]] || { echo -e "\nFAIL: Missing agent certname to search for!\nUSAGE: ${0} <AGENT_CERTNAME>\n" >&2; exit 1; }
node="$1"
local_certname="$(puppet agent --configprint certname)"
curl -sk https://localhost:8081/pdb/query/v4 \
-X GET \
--cert "/etc/puppetlabs/puppet/ssl/certs/${local_certname}.pem" \
--key "/etc/puppetlabs/puppet/ssl/private_keys/${local_certname}.pem" \
--cacert "/etc/puppetlabs/puppet/ssl/certs/ca.pem" \
--data-urlencode 'query=reports { certname = '"'${node}'"' and latest_report? = true }' | python -m json.tool
#!/bin/bash
#
# This script will query for the latest report just before a given timestamp
# and output it as JSON to STDOUT.
#
# Usage:
# ./query_report_before_a_timestamp.sh <AGENT_CERTNAME> <TIMESTAMP>
#
# Example:
# ./query_report_before_a_timestamp.sh web001.corp.net 2018-06-07T00:00:00.000Z
#
[[ -n $1 ]] || { echo -e "\nFAIL: Missing agent certname to search for!\nUsage: ${0} foo.corp.net 2018-06-07T00:00:00.000Z\n" >&2; exit 1; }
[[ -n $2 ]] || { echo -e "\nFAIL: Missing timestamp to search for!\nUsage: ${0} foo.corp.net 2018-06-07T00:00:00.000Z\n" >&2; exit 1; }
node="$1"
timestamp="$2"
local_certname="$(puppet agent --configprint certname)"
curl -sk https://localhost:8081/pdb/query/v4 \
-X GET \
--cert "/etc/puppetlabs/puppet/ssl/certs/${local_certname}.pem" \
--key "/etc/puppetlabs/puppet/ssl/private_keys/${local_certname}.pem" \
--cacert "/etc/puppetlabs/puppet/ssl/certs/ca.pem" \
--data-urlencode 'query=reports { certname = '"'${node}'"' and producer_timestamp < '"'${timestamp}'"' order by producer_timestamp desc limit 1 }' | python -m json.tool
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment