Puppet doesn't support running commands by
default remotely using the PE MCollective.
This needs us to do come changes in the puppet
config and also to create a shell script to test those changes from puppet
master.
Actually for this to work, we need to change
the config on the mcollective server running on puppet agent nodes.
Since edits in server.cfg are not allowed or
supported by Puppet, we need to utilize /etc/puppetlabs/mcollective/plugin.d
folder.
Using puppet documentation from:
https://docs.puppet.com/mcollective/configure/server.html#plugin-config-directory-optional
We need to create a file names puppet.cfg (we
use an mcollective puppet plugin properites) as seen below:
[root@vardamir ~]$ cat
/etc/puppetlabs/mcollective/plugin.d/puppet.cfg
resource_allow_managed_resources = true
resource_type_whitelist = exec
[root@vardamir~]$
This will allow the mco command to use the exec
resource, any other resource that needs to be enables needs to be comma
separatly listed in the same manner.
Once this change is done on the node running
puppet agent we need to restart the pe-mcollecive service on that node.
A good approach is to handle this as a puppet
module, to manage the puppet.cfg and to notify the pe-mcollecive service if the
file changes.
To start using command from Puppet master,
login to the puppet user peadmin we run like this:
mco puppet resource exec tc_restart
command="/bin/bash -c \"cd
/apps/vfabric-tc-server/vfabric-tc-server-standard-2.9.2.RELEASE/my_tc/bin;./tcruntime-ctl.sh
restart\"" -I beren.mysite.com
From a script it will need further escaping as
we need to run from root or sudo and then use su - peadmin -c " . .
"
Combine this with Jenkins or Rundeck and you can control any node and execute any thing remotely without using SSH.
No comments:
Post a Comment