1
require 'puppet/application'
2
require 'puppet/util/network_device'
5
class Puppet::Application::Device < Puppet::Application
10
attr_accessor :args, :agent, :host
13
# Do an initial trap, so that cancels don't get a stack trace.
15
$stderr.puts "Cancelling startup"
21
:detailed_exitcodes => false,
24
:centrallogs => false,
33
option("--centrallogging")
34
option("--debug","-d")
35
option("--verbose","-v")
37
option("--detailed-exitcodes") do |arg|
38
options[:detailed_exitcodes] = true
41
option("--logdest DEST", "-l DEST") do |arg|
43
Puppet::Util::Log.newdestination(arg)
44
options[:setdest] = true
46
puts detail.backtrace if Puppet[:debug]
47
$stderr.puts detail.to_s
51
option("--waitforcert WAITFORCERT", "-w") do |arg|
52
options[:waitforcert] = arg.to_i
55
option("--port PORT","-p") do |arg|
62
puppet-device(8) -- Manage remote network devices
67
Retrieves all configurations from the puppet master and apply
68
them to the remote devices configured in /etc/puppet/device.conf.
70
Currently must be run out periodically, using cron or something similar.
74
puppet device [-d|--debug] [--detailed-exitcodes] [-V|--version]
75
[-h|--help] [-l|--logdest syslog|<file>|console]
76
[-v|--verbose] [-w|--waitforcert <seconds>]
81
Once the client has a signed certificate for a given remote device, it will
82
retrieve its configuration and apply it.
86
One need a /etc/puppet/device.conf file with the following content:
93
* type: the current device type (the only value at this time is cisco)
94
* url: an url allowing to connect to the device
96
Supported url must conforms to:
97
scheme://user:password@hostname/?query
100
* scheme: either ssh or telnet
101
* user: username, can be omitted depending on the switch/router configuration
102
* password: the connection password
103
* query: this is device specific. Cisco devices supports an enable parameter whose
104
value would be the enable password.
108
Note that any configuration parameter that's valid in the configuration file
109
is also a valid long argument. For example, 'server' is a valid configuration
110
parameter, so you can specify '--server <servername>' as an argument.
113
Enable full debugging.
115
* --detailed-exitcodes:
116
Provide transaction information via exit codes. If this is enabled, an
117
exit code of '2' means there were changes, and an exit code of '4' means
118
that there were failures during the transaction. This option only makes
119
sense in conjunction with --onetime.
122
Print this help message
125
Where to send messages. Choose between syslog, the console, and a log file.
126
Defaults to sending messages to syslog, or the console if debugging or
127
verbosity is enabled.
130
Turn on verbose reporting.
133
This option only matters for daemons that do not yet have certificates
134
and it is enabled by default, with a value of 120 (seconds). This causes
135
+puppet agent+ to connect to the server every 2 minutes and ask it to sign a
136
certificate request. This is useful for the initial setup of a puppet
137
client. You can turn off waiting for certificates by specifying a time
142
$ puppet device --server puppet.domain.com
151
Copyright (c) 2011 Puppet Labs, LLC
152
Licensed under the Apache 2.0 License
158
vardir = Puppet[:vardir]
159
confdir = Puppet[:confdir]
160
certname = Puppet[:certname]
163
require 'puppet/util/network_device/config'
164
devices = Puppet::Util::NetworkDevice::Config.devices
166
Puppet.err "No device found in #{Puppet[:deviceconfig]}"
169
devices.each_value do |device|
171
Puppet.info "starting applying configuration to #{device.name} at #{device.url}"
173
# override local $vardir and $certname
174
Puppet.settings.set_value(:confdir, File.join(Puppet[:devicedir], device.name), :cli)
175
Puppet.settings.set_value(:vardir, File.join(Puppet[:devicedir], device.name), :cli)
176
Puppet.settings.set_value(:certname, device.name, :cli)
178
# this will reload and recompute default settings and create the devices sub vardir, or we hope so :-)
179
Puppet.settings.use :main, :agent, :ssl
181
# this init the device singleton, so that the facts terminus
182
# and the various network_device provider can use it
183
Puppet::Util::NetworkDevice.init(device)
185
# ask for a ssl cert if needed, but at least
186
# setup the ssl system for this device.
189
require 'puppet/configurer'
190
configurer = Puppet::Configurer.new
191
report = configurer.run(:network_device => true)
193
puts detail.backtrace if Puppet[:trace]
194
Puppet.err detail.to_s
196
Puppet.settings.set_value(:vardir, vardir, :cli)
197
Puppet.settings.set_value(:confdir, confdir, :cli)
198
Puppet.settings.set_value(:certname, certname, :cli)
203
# Handle the logging settings.
205
if options[:debug] or options[:verbose]
206
Puppet::Util::Log.newdestination(:console)
208
Puppet::Util::Log.level = :debug
210
Puppet::Util::Log.level = :info
214
Puppet::Util::Log.newdestination(:syslog) unless options[:setdest]
218
@host = Puppet::SSL::Host.new
219
waitforcert = options[:waitforcert] || (Puppet[:onetime] ? 0 : 120)
220
cert = @host.wait_for_cert(waitforcert)
226
args[:Server] = Puppet[:server]
227
if options[:centrallogs]
228
logdest = args[:Server]
230
logdest += ":" + args[:Port] if args.include?(:Port)
231
Puppet::Util::Log.newdestination(logdest)
234
Puppet.settings.use :main, :agent, :device, :ssl
236
# Always ignoreimport for agent. It really shouldn't even try to import,
237
# but this is just a temporary band-aid.
238
Puppet[:ignoreimport] = true
240
# We need to specify a ca location for all of the SSL-related i
241
# indirected classes to work; in fingerprint mode we just need
242
# access to the local files and we don't need a ca.
243
Puppet::SSL::Host.ca_location = :remote
245
Puppet::Transaction::Report.indirection.terminus_class = :rest
247
# Override the default; puppetd needs this, usually.
248
# You can still override this on the command-line with, e.g., :compiler.
249
Puppet[:catalog_terminus] = :rest
251
Puppet[:facts_terminus] = :network_device
253
Puppet::Resource::Catalog.indirection.cache_class = :yaml