Use Puppet to configure the cron? Also I strongly advise against having all the Puppet agents running at the same time, depending on the scale you will likely see performance issues on the foreman server/proxy.
I have an example using the hostname to create a random number and using that to create a cron at [1]. but you could use a parameter there instead. [1] https://github.com/sean797/sat6/blob/master/puppet/modules/puppet/manifests/init.pp#L23-L28 On Mon, Dec 19, 2016 at 4:06 PM, Marc Haber <[email protected]> wrote: > Hi, > > I am currently consulting for an installation where the change > management process does not allow changed to be automated. They are, > however, using puppet, but the puppet agent is executed manually. > > They are preparing to move away from this modus and would like to have > a cron job that will allow hourly puppet agent runs in certain time > slots (such as tuesday morning 0300-0600), so that people know when > changes are going to happen automatically and look at the reports. > Currently, I am controlling this via parameters attached to the host > group. > > The hourly cron job logs in to foreman with a set of credentials and > downloads the host data via curl http://foreman/api/hosts/#{fqdn_s}. > Of course, this way any host can download any host's data, and while > the foreman account being used here has not many privileges, I am not > comfortable with this solution. > > I would prefer to have the host use its puppet certificate to download > the catalog and then evaluate the catalog for the parameters that > might be useful to control whether an actual puppet agent should be > invoked or not. If this is not possible, I'd prefer having a small > network service on the foreman host that verfies a callign client with > its puppet certificate and then return the list of relevant parameters > so that the client can decide whether to do an actual puppet run or not. > > Has this already been done? Is there a less ugly solution? > > Greetings > Marc > > -- > ------------------------------------------------------------ > ----------------- > Marc Haber | "I don't trust Computers. They | Mailadresse im Header > Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 > Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421 > > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/foreman-users. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
