Skip to content

Instantly share code, notes, and snippets.

View abuxton's full-sized avatar
💭
discombobulated as always

adam buxton abuxton

💭
discombobulated as always
View GitHub Profile
Puppet::Parser::Functions.newfunction(:local_scope,
:type => :rvalue,
:doc => <<-'EOS'
Generates the local scope as a hash. This allows you to use epp functions more
or less like erb templates by passing local scope as the parameters argument.
e.g., `content => epp('mymodname/template.epp', local_scope() )`
EOS
) do |args|
scope = self.to_hash
scope.reject! { |key,val| scope['facts'].include? key }
@jessereynolds
jessereynolds / 0-puppet-node-purging-via-api.md
Last active May 13, 2025 14:08
Puppet - Node Purging via APIs

Puppet Node Purging via API

When you're decomissioning a machine that has been managed by Puppet you may want to programatically clean up the node. There are two parts to this:

  • revoking and deleting the certificate of the node in Puppet's CA
  • deactivating the node in PuppetDB

The following should work for Puppet 4.x and Puppet DB 4.x (including Puppet Enterprise 2016.4.x, 2017.1.x, 2017.2.x).

I've used certificate based auth, and the examples are being run from the puppet master so make use of existing certificates for authentication. When run remotely the cacert, certificate and corresponding private key for authentication will need to be present.

@angelo-v
angelo-v / jwt-decode.sh
Last active June 21, 2025 18:39
Decode a JWT via command line
# will not work in all cases, see https://gist.github.com/angelo-v/e0208a18d455e2e6ea3c40ad637aac53#gistcomment-3439904
function jwt-decode() {
sed 's/\./\n/g' <<< $(cut -d. -f1,2 <<< $1) | base64 --decode | jq
}
JWT=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
jwt-decode $JWT
@tkishel
tkishel / reuse_forgotten_replica.sh
Last active October 3, 2019 21:39
Reset a Replica for Reuse (aka RRR)
#!/bin/bash
# The Puppet Enterprise High Availability documentation states:
#
# Run the forget command whenever a replica node is destroyed,
# even if you plan to replace it with a replica with the same name.
#
# Some users prefer to forget and reuse (instead of destroy and replace) a replica.
# As an alternative, when `/opt/puppetlabs/bin/puppet-enterprise-uninstaller` isn't available,
# this script uninstalls Puppet Enterprise on the Replica.
def get_ca_bundle():
"""Tries to find the platform ca bundle for the system (on linux systems)"""
ca_bundles = [
# list taken from https://golang.org/src/crypto/x509/root_linux.go
"/etc/ssl/certs/ca-certificates.crt", # Debian/Ubuntu/Gentoo etc.
"/etc/pki/tls/certs/ca-bundle.crt", # Fedora/RHEL 6
"/etc/ssl/ca-bundle.pem", # OpenSUSE
"/etc/pki/tls/cacert.pem", # OpenELEC
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", # CentOS/RHEL 7
]
@wyllie
wyllie / parse_ini.sh
Created July 22, 2018 17:04
Parse aws credentials file in bash
#!/usr/bin/env bash
INI_FILE=~/.aws/credentials
while IFS=' = ' read key value
do
if [[ $key == \[*] ]]; then
section=$key
elif [[ $value ]] && [[ $section == '[default]' ]]; then
if [[ $key == 'aws_access_key_id' ]]; then
@soloradish
soloradish / vault_logrotate
Created September 12, 2018 02:25
logrotate setting file for HashiCorp's Vault audit file
# Change the path below to your own audit log path.
/var/log/vault/audit.log {
rotate 30
daily
# Do not execute rotate if the log file is empty.
notifempty
missingok
compress
# Set compress on next rotate cycl to prevent entry loss when performing compression.
delaycompress
@maxschae4
maxschae4 / generate_requests_ca_bundle.py
Created October 11, 2018 22:31
Add internal CA certs to requests bundle
from os import environ, path
from glob import glob
import certifi
# Even if we have trusted certs in our system ca certificates, requests uses it's own
# Mine happen to live in /usr/local/share/ca-certificates
# DON'T update the existing bundle becuase updating requests will overwrite it
cert_dir = "/usr/local/share/ca-certificates"
pwd = path.abspath(path.dirname(__file__))
@mbaitelman
mbaitelman / README.md
Last active November 18, 2024 14:01
Automated Terraform Deployments Using Bitbucket Pipelines