puppet kick Man Page

Included in Puppet Enterprise 3.3. A newer version is available; see the version menu above for details.

NAME

puppet-kick - Remotely control puppet agent

SYNOPSIS

Trigger a puppet agent run on a set of hosts.

USAGE

puppet kick [-a|--all] [-c|--class class] [-d|--debug] [-f|--foreground] [-h|--help] [--host host] [--no-fqdn] [--ignoreschedules] [-t|--tag tag] [--test] [-p|--ping] host [host [...]]

DESCRIPTION

This script can be used to connect to a set of machines running 'puppet agent' and trigger them to run their configurations. The most common usage would be to specify a class of hosts and a set of tags, and 'puppet kick' would look up in LDAP all of the hosts matching that class, then connect to each host and trigger a run of all of the objects with the specified tags.

If you are not storing your host configurations in LDAP, you can specify hosts manually.

You will most likely have to run 'puppet kick' as root to get access to the SSL certificates.

'puppet kick' reads 'puppet master''s configuration file, so that it can copy things like LDAP settings.

USAGE NOTES

Puppet kick needs the puppet agent on the target machine to be running as a daemon, be configured to listen for incoming network connections, and have an appropriate security configuration.

The specific changes required are:

  • Set listen = true in the agent's puppet.conf file (or --listen on the command line)
  • Configure the node's firewall to allow incoming connections on port 8139
  • Insert the following stanza at the top of the node's auth.conf file:

      # Allow puppet kick access
      path    /run
      method  save
      auth    any
      allow   workstation.example.com
    

This example would allow the machine workstation.example.com to trigger a Puppet run; adjust the "allow" directive to suit your site. You may also use allow * to allow anyone to trigger a Puppet run, but that makes it possible to interfere with your site by triggering excessive Puppet runs.

See http://docs.puppetlabs.com/guides/rest_auth_conf.html for more details about security settings.

OPTIONS

Note that any setting that's valid in the configuration file is also a valid long argument. For example, 'ssldir' is a valid setting, so you can specify '--ssldir directory' as an argument.

See the configuration file documentation at http://docs.puppetlabs.com/puppet/latest/reference/configuration.html for the full list of acceptable parameters. A commented list of all configuration options can also be generated by running puppet master with '--genconfig'.

--all

Connect to all available hosts. Requires LDAP support at this point.

--class

Specify a class of machines to which to connect. This only works if you have LDAP configured, at the moment.

--debug

Enable full debugging.

--foreground

Run each configuration in the foreground; that is, when connecting to a host, do not return until the host has finished its run. The default is false.

--help

Print this help message

--host

A specific host to which to connect. This flag can be specified more than once.

--ignoreschedules

Whether the client should ignore schedules when running its configuration. This can be used to force the client to perform work it would not normally perform so soon. The default is false.

--parallel

How parallel to make the connections. Parallelization is provided by forking for each client to which to connect. The default is 1, meaning serial execution.

--puppetport

Use the specified TCP port to connect to agents. Defaults to 8139.

--tag

Specify a tag for selecting the objects to apply. Does not work with the --test option.

--test

Print the hosts you would connect to but do not actually connect. This option requires LDAP support at this point.

--ping

Do an ICMP echo against the target host. Skip hosts that don't respond to ping.

EXAMPLE

$ sudo puppet kick -p 10 -t remotefile -t webserver host1 host2

AUTHOR

Luke Kanies

Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License

↑ Back to top