natemccurdy · March 24, 2022 07:19
diff --git a/puppet-query.sh b/puppet-query.sh
 #!/bin/bash
 #
 # This script acts a replacement for the "puppet query" command.
 # This uses curl and certificates to mimic the built-in query command that uses RBAC tokens.
 #
 # Use this script when 'puppet query' won't work because PuppetDB has been hotfixed
 # and its RBAC integration is broken.
 #
 # Run this script from a PuppetDB node or a Compile Master that has PuppetDB on it.
 #
 # Usage:
 #   ./puppet-qeury.sh '<PQL_QUERY>'
 #
 # Example:
 #   ./puppet-query.sh 'facts[value] {name = "datacenter" and certname = "foo.corp.net"}'
 #

 [[ -n $1 ]] || { echo -e "\nFAIL: Missing the query!\nUsage: ${0} '<PQL_QUERY>'\n" >&2; exit 1; }

 query="${1}"

 local_certname="$(puppet agent --configprint certname)"

 curl -sk https://localhost:8081/pdb/query/v4 \
  -X GET \
  --cert   "/etc/puppetlabs/puppet/ssl/certs/${local_certname}.pem" \
  --key    "/etc/puppetlabs/puppet/ssl/private_keys/${local_certname}.pem" \
  --cacert "/etc/puppetlabs/puppet/ssl/certs/ca.pem" \
  --data-urlencode "query=${query}"
diff --git a/query_latest_report.sh b/query_latest_report.sh
 #!/bin/bash
 #
 # This script will query for the latest report of a Puppet agent
 # and output it as JSON to STDOUT.
 #
 # Usage:
 #   ./query_latest_report.sh <AGENT_CERTNAME>
 #
 # Example:
 #   ./query_latest_report.sh web001.corp.net
 #

 [[ -n $1 ]] || { echo -e "\nFAIL: Missing agent certname to search for!\nUSAGE: ${0} <AGENT_CERTNAME>\n" >&2; exit 1; }

 node="$1"

 local_certname="$(puppet agent --configprint certname)"

 curl -sk https://localhost:8081/pdb/query/v4 \
  -X GET \
  --cert   "/etc/puppetlabs/puppet/ssl/certs/${local_certname}.pem" \
  --key    "/etc/puppetlabs/puppet/ssl/private_keys/${local_certname}.pem" \
  --cacert "/etc/puppetlabs/puppet/ssl/certs/ca.pem" \
  --data-urlencode 'query=reports { certname = '"'${node}'"' and latest_report? = true }' | python -m json.tool
diff --git a/query_report_before_a_timestamp.sh b/query_report_before_a_timestamp.sh
 #!/bin/bash
 #
 # This script will query for the latest report just before a given timestamp
 # and output it as JSON to STDOUT.
 #
 # Usage:
 #   ./query_report_before_a_timestamp.sh <AGENT_CERTNAME> <TIMESTAMP>
 #
 # Example:
 #   ./query_report_before_a_timestamp.sh web001.corp.net 2018-06-07T00:00:00.000Z
 #

 [[ -n $1 ]] || { echo -e "\nFAIL: Missing agent certname to search for!\nUsage: ${0} foo.corp.net 2018-06-07T00:00:00.000Z\n" >&2; exit 1; }
 [[ -n $2 ]] || { echo -e "\nFAIL: Missing timestamp to search for!\nUsage: ${0} foo.corp.net 2018-06-07T00:00:00.000Z\n" >&2; exit 1; }

 node="$1"
 timestamp="$2"

 local_certname="$(puppet agent --configprint certname)"

 curl -sk https://localhost:8081/pdb/query/v4 \
  -X GET \
  --cert   "/etc/puppetlabs/puppet/ssl/certs/${local_certname}.pem" \
  --key    "/etc/puppetlabs/puppet/ssl/private_keys/${local_certname}.pem" \
  --cacert "/etc/puppetlabs/puppet/ssl/certs/ca.pem" \
  --data-urlencode 'query=reports { certname = '"'${node}'"' and producer_timestamp < '"'${timestamp}'"' order by producer_timestamp desc limit 1 }' | python -m json.tool
	#!/bin/bash
	#
	# This script acts a replacement for the "puppet query" command.
	# This uses curl and certificates to mimic the built-in query command that uses RBAC tokens.
	#
	# Use this script when 'puppet query' won't work because PuppetDB has been hotfixed
	# and its RBAC integration is broken.
	#
	# Run this script from a PuppetDB node or a Compile Master that has PuppetDB on it.
	#
	# Usage:
	# ./puppet-qeury.sh '<PQL_QUERY>'
	#
	# Example:
	# ./puppet-query.sh 'facts[value] {name = "datacenter" and certname = "foo.corp.net"}'
	#

	[[ -n $1 ]] \|\| { echo -e "\nFAIL: Missing the query!\nUsage: ${0} '<PQL_QUERY>'\n" >&2; exit 1; }

	query="${1}"

	local_certname="$(puppet agent --configprint certname)"

	curl -sk https://localhost:8081/pdb/query/v4 \
	-X GET \
	--cert "/etc/puppetlabs/puppet/ssl/certs/${local_certname}.pem" \
	--key "/etc/puppetlabs/puppet/ssl/private_keys/${local_certname}.pem" \
	--cacert "/etc/puppetlabs/puppet/ssl/certs/ca.pem" \
	--data-urlencode "query=${query}"
	#!/bin/bash
	#
	# This script will query for the latest report of a Puppet agent
	# and output it as JSON to STDOUT.
	#
	# Usage:
	# ./query_latest_report.sh <AGENT_CERTNAME>
	#
	# Example:
	# ./query_latest_report.sh web001.corp.net
	#

	[[ -n $1 ]] \|\| { echo -e "\nFAIL: Missing agent certname to search for!\nUSAGE: ${0} <AGENT_CERTNAME>\n" >&2; exit 1; }

	node="$1"

	local_certname="$(puppet agent --configprint certname)"

	curl -sk https://localhost:8081/pdb/query/v4 \
	-X GET \
	--cert "/etc/puppetlabs/puppet/ssl/certs/${local_certname}.pem" \
	--key "/etc/puppetlabs/puppet/ssl/private_keys/${local_certname}.pem" \
	--cacert "/etc/puppetlabs/puppet/ssl/certs/ca.pem" \
	--data-urlencode 'query=reports { certname = '"'${node}'"' and latest_report? = true }' \| python -m json.tool