natemccurdy/puppet-query.sh

## puppet-query.sh
#!/bin/bash
#
# This script acts a replacement for the "puppet query" command.
# This uses curl and certificates to mimic the built-in query command that uses RBAC tokens.
#
# Use this script when 'puppet query' won't work because PuppetDB has been hotfixed
# and its RBAC integration is broken.
#
# Run this script from a PuppetDB node or a Compile Master that has PuppetDB on it.
#
# Usage:
#   ./puppet-qeury.sh '<PQL_QUERY>'
#
# Example:
#   ./puppet-query.sh 'facts[value] {name = "datacenter" and certname = "foo.corp.net"}'
#

[[ -n $1 ]] || { echo -e "\nFAIL: Missing the query!\nUsage: ${0} '<PQL_QUERY>'\n" >&2; exit 1; }

query="${1}"

local_certname="$(puppet agent --configprint certname)"

curl -sk https://localhost:8081/pdb/query/v4 \
  -X GET \
  --cert   "/etc/puppetlabs/puppet/ssl/certs/${local_certname}.pem" \
  --key    "/etc/puppetlabs/puppet/ssl/private_keys/${local_certname}.pem" \
  --cacert "/etc/puppetlabs/puppet/ssl/certs/ca.pem" \
  --data-urlencode "query=${query}"

## query_latest_report.sh
#!/bin/bash
#
# This script will query for the latest report of a Puppet agent
# and output it as JSON to STDOUT.
#
# Usage:
#   ./query_latest_report.sh <AGENT_CERTNAME>
#
# Example:
#   ./query_latest_report.sh web001.corp.net
#

[[ -n $1 ]] || { echo -e "\nFAIL: Missing agent certname to search for!\nUSAGE: ${0} <AGENT_CERTNAME>\n" >&2; exit 1; }

node="$1"

local_certname="$(puppet agent --configprint certname)"

curl -sk https://localhost:8081/pdb/query/v4 \
  -X GET \
  --cert   "/etc/puppetlabs/puppet/ssl/certs/${local_certname}.pem" \
  --key    "/etc/puppetlabs/puppet/ssl/private_keys/${local_certname}.pem" \
  --cacert "/etc/puppetlabs/puppet/ssl/certs/ca.pem" \
  --data-urlencode 'query=reports { certname = '"'${node}'"' and latest_report? = true }' | python -m json.tool

## query_report_before_a_timestamp.sh
#!/bin/bash
#
# This script will query for the latest report just before a given timestamp
# and output it as JSON to STDOUT.
#
# Usage:
#   ./query_report_before_a_timestamp.sh <AGENT_CERTNAME> <TIMESTAMP>
#
# Example:
#   ./query_report_before_a_timestamp.sh web001.corp.net 2018-06-07T00:00:00.000Z
#

[[ -n $1 ]] || { echo -e "\nFAIL: Missing agent certname to search for!\nUsage: ${0} foo.corp.net 2018-06-07T00:00:00.000Z\n" >&2; exit 1; }
[[ -n $2 ]] || { echo -e "\nFAIL: Missing timestamp to search for!\nUsage: ${0} foo.corp.net 2018-06-07T00:00:00.000Z\n" >&2; exit 1; }

node="$1"
timestamp="$2"

local_certname="$(puppet agent --configprint certname)"

curl -sk https://localhost:8081/pdb/query/v4 \
  -X GET \
  --cert   "/etc/puppetlabs/puppet/ssl/certs/${local_certname}.pem" \
  --key    "/etc/puppetlabs/puppet/ssl/private_keys/${local_certname}.pem" \
  --cacert "/etc/puppetlabs/puppet/ssl/certs/ca.pem" \
  --data-urlencode 'query=reports { certname = '"'${node}'"' and producer_timestamp < '"'${timestamp}'"' order by producer_timestamp desc limit 1 }' | python -m json.tool
	#!/bin/bash
	#
	# This script acts a replacement for the "puppet query" command.
	# This uses curl and certificates to mimic the built-in query command that uses RBAC tokens.
	#
	# Use this script when 'puppet query' won't work because PuppetDB has been hotfixed
	# and its RBAC integration is broken.
	#
	# Run this script from a PuppetDB node or a Compile Master that has PuppetDB on it.
	#
	# Usage:
	# ./puppet-qeury.sh '<PQL_QUERY>'
	#
	# Example:
	# ./puppet-query.sh 'facts[value] {name = "datacenter" and certname = "foo.corp.net"}'
	#

	[[ -n $1 ]] \|\| { echo -e "\nFAIL: Missing the query!\nUsage: ${0} '<PQL_QUERY>'\n" >&2; exit 1; }

	query="${1}"

	local_certname="$(puppet agent --configprint certname)"

	curl -sk https://localhost:8081/pdb/query/v4 \
	-X GET \
	--cert "/etc/puppetlabs/puppet/ssl/certs/${local_certname}.pem" \
	--key "/etc/puppetlabs/puppet/ssl/private_keys/${local_certname}.pem" \
	--cacert "/etc/puppetlabs/puppet/ssl/certs/ca.pem" \
	--data-urlencode "query=${query}"
	#!/bin/bash
	#
	# This script will query for the latest report of a Puppet agent
	# and output it as JSON to STDOUT.
	#
	# Usage:
	# ./query_latest_report.sh <AGENT_CERTNAME>
	#
	# Example:
	# ./query_latest_report.sh web001.corp.net
	#

	[[ -n $1 ]] \|\| { echo -e "\nFAIL: Missing agent certname to search for!\nUSAGE: ${0} <AGENT_CERTNAME>\n" >&2; exit 1; }

	node="$1"

	local_certname="$(puppet agent --configprint certname)"

	curl -sk https://localhost:8081/pdb/query/v4 \
	-X GET \
	--cert "/etc/puppetlabs/puppet/ssl/certs/${local_certname}.pem" \
	--key "/etc/puppetlabs/puppet/ssl/private_keys/${local_certname}.pem" \
	--cacert "/etc/puppetlabs/puppet/ssl/certs/ca.pem" \
	--data-urlencode 'query=reports { certname = '"'${node}'"' and latest_report? = true }' \| python -m json.tool