-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathinit.rb
executable file
·61 lines (48 loc) · 1.59 KB
/
init.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#!/opt/puppetlabs/puppet/bin/ruby
#
# Puppet Task to purge nodes
# This can only be run against a Puppet Enterprise CA master.
#
# Parameters:
# * agent_certnames - A comma-separated list of agent certificate names.
#
require 'puppet'
require 'open3'
require 'json'
Puppet.initialize_settings
def targetting_a_ca?
# This task only works when running against your Puppet CA server, so let's check for that.
# In Puppet Enterprise, that means that the bootstrap.cfg file contains 'certificate-authority-service'.
bootstrap_cfg = '/etc/puppetlabs/puppetserver/bootstrap.cfg'
File.exist?(bootstrap_cfg) && !File.readlines(bootstrap_cfg).grep(%r{^[^#].+certificate-authority-service$}).empty?
end
def purge_node(agent)
stdout, stderr, status = Open3.capture3('/opt/puppetlabs/puppet/bin/puppet', 'node', 'purge', agent)
{
stdout: stdout.strip,
stderr: stderr.strip,
exit_code: status.exitstatus,
}
end
results = {}
exitcode = 0
if !targetting_a_ca?
results[:_error] = {
msg: 'Error: This task does not appear to be targetting a Puppet Enterprise CA master. Refusing to continue.',
}
exitcode = 1
else
params = JSON.parse(STDIN.read)
agents = params['agent_certnames'].is_a?(Array) ? params['agent_certnames'] : params['agent_certnames'].split(',')
agents.each do |agent|
results[agent] = {}
if agent == Puppet[:certname]
results[agent][:result] = 'Refusing to purge the Puppet Master'
next
end
output = purge_node(agent)
results[agent][:result] = output[:exit_code].zero? ? 'Node purged' : output
end
end
puts results.to_json
exit exitcode