Hi, I am currently consulting for an installation where the change management process does not allow changed to be automated. They are, however, using puppet, but the puppet agent is executed manually.
They are preparing to move away from this modus and would like to have a cron job that will allow hourly puppet agent runs in certain time slots (such as tuesday morning 0300-0600), so that people know when changes are going to happen automatically and look at the reports. Currently, I am controlling this via parameters attached to the host group. The hourly cron job logs in to foreman with a set of credentials and downloads the host data via curl http://foreman/api/hosts/#{fqdn_s}. Of course, this way any host can download any host's data, and while the foreman account being used here has not many privileges, I am not comfortable with this solution. I would prefer to have the host use its puppet certificate to download the catalog and then evaluate the catalog for the parameters that might be useful to control whether an actual puppet agent should be invoked or not. If this is not possible, I'd prefer having a small network service on the foreman host that verfies a callign client with its puppet certificate and then return the list of relevant parameters so that the client can decide whether to do an actual puppet run or not. Has this already been done? Is there a less ugly solution? Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421 -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
