Man Page: puppet kick
Included in Puppet Enterprise 3.8. A newer version is available; see the version menu above for details.
puppet-kick - Remotely control puppet agent
Trigger a puppet agent run on a set of hosts.
puppet kick [-a|--all] [-c|--class class] [-d|--debug] [-f|--foreground] [-h|--help] [--host host] [--no-fqdn] [--ignoreschedules] [-t|--tag tag] [--test] [-p|--ping] host [host [...]]
This script can be used to connect to a set of machines running 'puppet agent' and trigger them to run their configurations. The most common usage would be to specify a class of hosts and a set of tags, and 'puppet kick' would look up in LDAP all of the hosts matching that class, then connect to each host and trigger a run of all of the objects with the specified tags.
If you are not storing your host configurations in LDAP, you can specify hosts manually.
You will most likely have to run 'puppet kick' as root to get access to the SSL certificates.
'puppet kick' reads 'puppet master''s configuration file, so that it can copy things like LDAP settings.
Puppet kick needs the puppet agent on the target machine to be running as a daemon, be configured to listen for incoming network connections, and have an appropriate security configuration.
The specific changes required are:
listen = truein the agent's
--listenon the command line)
- Configure the node's firewall to allow incoming connections on port 8139
Insert the following stanza at the top of the node's
# Allow puppet kick access path /run method save auth any allow workstation.example.com
This example would allow the machine
workstation.example.com to trigger a
Puppet run; adjust the "allow" directive to suit your site. You may also use
allow * to allow anyone to trigger a Puppet run, but that makes it possible
to interfere with your site by triggering excessive Puppet runs.
http://docs.puppetlabs.com/guides/rest_auth_conf.html for more details
about security settings.
Note that any setting that's valid in the configuration file is also a valid long argument. For example, 'ssldir' is a valid setting, so you can specify '--ssldir directory' as an argument.
See the configuration file documentation at http://docs.puppetlabs.com/puppet/latest/reference/configuration.html for the full list of acceptable parameters. A commented list of all configuration options can also be generated by running puppet master with '--genconfig'.
Connect to all available hosts. Requires LDAP support at this point.
Specify a class of machines to which to connect. This only works if you have LDAP configured, at the moment.
Enable full debugging.
Run each configuration in the foreground; that is, when connecting to a host, do not return until the host has finished its run. The default is false.
Print this help message
A specific host to which to connect. This flag can be specified more than once.
Whether the client should ignore schedules when running its configuration. This can be used to force the client to perform work it would not normally perform so soon. The default is false.
How parallel to make the connections. Parallelization is provided by forking for each client to which to connect. The default is 1, meaning serial execution.
Use the specified TCP port to connect to agents. Defaults to 8139.
Specify a tag for selecting the objects to apply. Does not work with the --test option.
Print the hosts you would connect to but do not actually connect. This option requires LDAP support at this point.
Do an ICMP echo against the target host. Skip hosts that don't respond to ping.
$ sudo puppet kick -p 10 -t remotefile -t webserver host1 host2
Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License