Skip to content

Instantly share code, notes, and snippets.

View natemccurdy's full-sized avatar

Nate McCurdy natemccurdy

28 followers · 3 following
  • Portland, OR
View GitHub Profile
@natemccurdy
natemccurdy / containment.pp
Created August 10, 2018 18:11
An example of the containment problem with roles and profiles in Puppet
# A WebServer role that may have a containment problem.
class role::webserver {
include profile::base
include profile::nginx
# We want EVERYTHING in base to come before the nginx profile
# but that is only possible if the base profile "contains" all of its
# included classes.
Class['profile::base']
@natemccurdy
natemccurdy / puppet-query.sh
Last active March 24, 2022 07:19
puppetdb query scripts
#!/bin/bash
#
# This script acts a replacement for the "puppet query" command.
# This uses curl and certificates to mimic the built-in query command that uses RBAC tokens.
#
# Use this script when 'puppet query' won't work because PuppetDB has been hotfixed
# and its RBAC integration is broken.
#
# Run this script from a PuppetDB node or a Compile Master that has PuppetDB on it.
#
@natemccurdy
natemccurdy / find_certname_fqdn_mismatches.rb
Last active May 29, 2018 22:32
Show nodes where certname and fqdn are not the same
#!/opt/puppetlabs/puppet/bin/ruby
#
# This script will find any Puppet agent whose certname does NOT match the agent's FQDN.
#
require 'json'
fqdn_values = JSON.parse(`/opt/puppetlabs/puppet/bin/puppet query 'facts[certname,value] { name = "fqdn" }'`)
fqdn_values.each do |result|
puts result['certname'] if result['certname'] != result['value']
@natemccurdy
natemccurdy / init.pp
Created May 2, 2018 20:03
Windows PowerPlan management with Puppet
class win_power_settings (
$power_setting = 'high_performance',
){
case $power_setting {
'power_saver': {
$power_setto = 'a1841308-3541-4fab-bc81-f71556f20b4a'
}
'high_performance': {
$power_setto = '8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c'
@natemccurdy
natemccurdy / recurse_file_permissions.pp
Last active April 26, 2018 18:32
A better alternative to "recuse => true" to set permissions
define recurse_file_permissions (
String[1] $target_dir = $title,
Optional[String[1]] $file_mode = undef,
Optional[String[1]] $dir_mode = undef,
Optional[String[1]] $owner = undef,
Optional[String[1]] $group = undef,
) {
if $facts['os']['family'] == 'windows' {
fail("${module_name} does not support Windows")
@natemccurdy
natemccurdy / PE_API_Reference.md
Last active October 9, 2023 20:25
PE API Reference and Notes
@natemccurdy
natemccurdy / profiles.rb
Created March 20, 2018 20:16
Custom fact to list all profiles
Facter.add(:profiles) do
setcode do
require 'puppet'
# Use the [agent] context because some agents have
# classfile overridden in puppet.conf
Puppet.settings.preferred_run_mode = :agent
classfile = Puppet['classfile']
profiles = []
@natemccurdy
natemccurdy / get_compile_masters.rb
Created January 26, 2018 00:36
Ruby script to get the names of compile masters from 'puppet infra'
#!/opt/puppetlabs/puppet/bin/ruby
# This script returns an array of compile masters in JSON based on the output of `puppet infra status`.
# Useful for feeding into a task or a plan.
require 'facter'
require 'json'
require 'open3'
def puppet_infra_status
stdout, _stderr, _status = Open3.capture3('/opt/puppetlabs/puppet/bin/puppet infra status --format json')
@natemccurdy
natemccurdy / site.pp
Created December 21, 2017 01:05
site.pp classification schemes
# OPTION A
# - Hard failure if pp_role isn't defined.
# - No check to see if the role exists
node default {
# Save the trusted pp_role to a shorter variable so it's easier to work with.
$role = $trusted['extensions']['pp_role']
case $role {
default: {
@natemccurdy
natemccurdy / masters
Last active December 20, 2017 20:47
Script to return list of masters. Useful in Bolt, for loops, and scripting
#!/usr/bin/env ruby
require 'yaml'
require 'optparse'
options = {
file: File.expand_path('masters.yaml'),
type: nil,
environment: nil
}