7

Is it possible to issue a command from master puppet, to a node, to run agent and apply the latest configuration to it?

Like, I have lost password for a user and i am not able to login, but puppet agent is installed on the server and I can apply the changes on the server by running the puppet agent, but as its not running automatically and I cannot login to run it manually, how to run it and apply configuration through the puppet master? (if possible)

Matt Borja
  • 125
  • 6
Farhan
  • 4,210
  • 9
  • 47
  • 76
  • 1
    Similar to what Zoredache mentions below, if the agent isn't running, there's no way to force it to check back in. Puppet is a pull system, not a push one (the agent decides when to check in, not the master). To reduce the chance of this happening in the future, you could (a) set up ssh key exchange between the puppetmaster and the clients for root login, (b) create cron jobs to start puppet agent if it's not running. – Mike Renfro Mar 21 '13 at 21:50
  • what is the agent is demonized? is there any way to push the changes to it? – Farhan Mar 22 '13 at 16:06
  • *If the agent is running on the client*, you can do whatever you want by editing manifests on the puppetmaster and waiting on the agent to check in: install packages, copy ssh keys from the puppetmaster, rewrite configuration files, etc. *If the agent is not running on the client*, and you have no other working means of remote access as root, you will have to fix it physically with a rescue CD or some other method, which would be a different question. – Mike Renfro Mar 23 '13 at 01:34
  • have a look at this: https://github.com/alcCapone/doll Very basic, but still helpful – user2124712 Dec 01 '15 at 13:26
  • What version of Puppet? – shearn89 Dec 22 '21 at 09:26

2 Answers2

2

Try

puppet kick --host <hostname>

Reference: kick man page.

рüффп
  • 620
  • 1
  • 11
  • 24
iamauser
  • 329
  • 2
  • 3
  • 12
  • Of course this assumes that his agent is daemonized. But since he mentions the agent is not running automatically, I suspect this will not help. – Zoredache Mar 21 '13 at 16:32
  • As I understood, puppet should be configured on the client, but not necessarily need to be daemonized. In addition the client needs to be configured to be able listen to port 8139 for tcp connections. Related note, I realized that puppet kick is deprecated, don't know if it has an improved method. – iamauser Mar 22 '13 at 15:01
  • had been trying all day, no success. it gives error : Triggering vpmve.co.uk Host vpmve.co.uk failed: Connection refused - connect(2) vpmve.co.uk finished with exit code 2 Failed: vpmve.co.uk – Farhan Mar 22 '13 at 16:05
  • Yes, I ran across the same problem, trying myself, haven't looked in detail though. You could use a trace and debug for the command to see what's going on. e.g. `puppet kick --trace --host --debug` – iamauser Mar 22 '13 at 16:09
  • 4
    `kick` won't work unless `listen = true` is set in the agent's `puppet.conf`. It's also [deprecated](https://projects.puppetlabs.com/issues/15735), you probably don't want to start using it now. – Shane Madden Mar 23 '13 at 23:29
  • so that means the master cannot trigger the client run in any way :( only traditional ssh passwordless key way out? – Farhan Mar 25 '13 at 08:13
  • `kick` is deprecated... so what the 'right' way to do this now? – John Mee May 22 '14 at 05:26
  • I use puppet-kick on old debian squeeze. Yes, it's deprecated, and puppetlabs suggest to use mcolletive. – GabrieleV Oct 13 '14 at 09:55
  • @iamuser Please update documentation link : https://docs.puppet.com/puppet/3/reference/man/kick.html thanks :) – Gagan93 Oct 06 '16 at 08:19
  • I believe Puppet Bolt is the new orchestration framework. Although I've commonly used Ansible for orchestration alongside Puppet for config management... – shearn89 Dec 22 '21 at 09:28
2

According to their Deprecated Command Line Features:

[In Puppet 4.0] The puppet kick command is gone, and the agent daemon will no longer listen for incoming HTTPS connections.

If you or your scripts use puppet kick, you’ll need to either install MCollective for a more robust and parallel task running system or use a parallel SSH tool to kick off Puppet runs. If you use Puppet Enterprise, you can already use its orchestration features to trigger Puppet runs.

You’ll probably want to close port 8139, while you’re at it.

(Emphasis mine on closing port 8139)

Matt Borja
  • 125
  • 6