Puppet使用RESTful API作为Puppet master和Puppet代理之间的通信通道.以下是访问此RESTful API的基本URL.
https://brcleprod001:8140/{environment}/{resource}/{key } https://brcleprod001:8139/{environment}/{resource}/{key}REST API安全性
Puppet通常负责安全性和SSL证书管理.但是,如果希望在群集外部使用RESTful API,则在尝试连接到计算机时,需要自己管理证书.可以通过其余的authconfig文件配置Puppet的安全策略.
测试REST API
Curl实用程序可用作休息的基本实用程序RESTful API连接.以下是我们如何使用REST API curl命令检索节点目录的示例.
curl --cert/etc/puppet/ssl/certs/brcleprod001.pem --key /etc/puppet/ssl/private_keys/brcleprod001.pem
在以下命令集中我们只是设置SSL证书,这取决于SSL目录的位置和正在使用的节点的名称.例如,让我们看看以下命令.
curl --insecure -H 'Accept: yaml' https://brcleprod002:8140/production/catalog/brcleprod001
在上面的命令中,我们只发送一个标题,指定我们想要的格式或格式为RESTful URL在生产环境中生成 brcleprod001 的目录,将生成以下输出.
--- &id001 !ruby/object:Puppet::Resource::Catalog aliases: {} applying: false classes: [] ...让我们假设另一个例子,我们想从Puppet master获取CA证书.它不需要使用自己签名的SSL证书进行身份验证,因为这是在进行身份验证之前需要的.
curl --insecure -H 'Accept: s' https://brcleprod001:8140/production/certificate/ca -----BEGIN CERTIFICATE----- MIICHTCCAYagAwIBAgIBATANBgkqhkiG9w0BAQUFADAXMRUwEwYDVQQDDAxwdXBw
Puppet Master和Agent共享API参考
GET /certificate/{ca, other} curl -k -H "Accept: s" https://brcelprod001:8140/production/certificate/ca curl -k -H "Accept: s" https://brcleprod002:8139/production/certificate/brcleprod002Puppet Master API参考
经过身份验证的资源(需要有效的签名证书).
目录
GET /{environment}/catalog/{node certificate name} curl -k -H "Accept: pson" https://brcelprod001:8140/production/catalog/myclient证书撤销清单
GET /certificate_revocation_list/ca curl -k -H "Accept: s" https://brcleprod001:8140/production/certificate/ca
证书申请
GET /{environment}/certificate_requests/{anything} GET /{environment}/certificate_request/{node certificate name} curl -k -H "Accept: yaml" https://brcelprod001:8140/production/certificate_requests/all curl -k -H "Accept: yaml" https://brcleprod001:8140/production/certificate_request/puppetclient报告提交报告
PUT /{environment}/report/{node certificate name} curl -k -X PUT -H "Content-Type: text/yaml" -d "{key:value}" https://brcleprod002:8139/productionNode : 关于特定节点的事实
GET /{environment}/node/{node certificate name} curl -k -H "Accept: yaml" https://brcleprod002:8140/production/node/puppetclient状态和减号;用于测试
GET /{environment}/status/{anything} curl -k -H "Accept: pson" https://brcleprod002:8140/production/certificate_request/puppetclientPuppet Agent API参考
何时在任何计算机上都设置了新代理,默认情况下,Puppet代理不会侦听HTTP请求.需要在puppet.conf文件中添加"listen = true"在Puppet中启用它.这将使Puppet代理在Puppet代理启动时侦听HTTP请求.
事实
GET /{environment}/facts/{anything} curl -k -H "Accept: yaml" https://brcelprod002:8139/production/facts/{anything}运行 : 导致客户端像puppetturn或puppet kick一样更新.
PUT /{environment}/run/{node certificate name} curl -k -X PUT -H "Content-Type: text/pson" -d "{}" https://brcleprod002:8139/production/run/{anything}