Ask Your Question

puppet cert list output to feed a client content file

asked 2014-11-20 11:40:37 -0600

Yeayu gravatar image

Hello all,

I am trying to create a file on a particular server managed by puppet. This file will have as content all the systems currently managed by puppet (fqdn) I have more or less an idea of how to do it, but i would like get your opinion.

In a glance, what I am trying to do is: 1. run puppet cert list -all | grep "webserver" on the puppet master note: naming convention for my webservers is: webserver01, webserver02.... 2. pick up the fqdn associated with each of them and point the output to a file (erb template for example) 3. use that template to generate the content on a particular file to be deployed to a particular server.

The idea is to always have that file up to date, no matter whether systems have been added or removed from puppet master.

Therefore, my question is: would you be using a cron job in the puppet master to generate that content? would you prefer to apply a manifest on the puppet master to perform that command and generate that content each puppet run? any other ideas?

Many thanks in advance.


edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2015-06-12 07:18:09 -0600

sinned gravatar image

The puppet autosign feature has a way you can use it to run a script each time a new CSR comes in. You could put your script there, let it return 1 (but not 0) and it would make your list/erb each time it changes.

Having it return 0 would turn on the autosign feature.

Read up here:

edit flag offensive delete link more

answered 2014-11-21 09:38:08 -0600

rnelson0 gravatar image

You may want to look into puppetdb, which stores reports of all systems that are checking in and allows for API query, and exported resources which these nodes can use to say "I'm available!" and another node can use to answer "Who's available?" Check out these links for examples:

Chapter 6 of Pro Puppet 2 has an example using web servers and load balancers as well.

edit flag offensive delete link more


Although I really like the puppetdb approach you suggested, I was looking for something much more quicker to implament. Any other ideas?

Yeayu gravatar imageYeayu ( 2014-11-23 12:31:40 -0600 )edit

Write an exec for the cert list command, lookup the fqdn with the in operator and append/concat the desired file with the matching line from above?

far4d gravatar imagefar4d ( 2015-06-12 15:13:40 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2014-11-20 11:40:37 -0600

Seen: 266 times

Last updated: Jun 12 '15