puppetctl is a wrapper around puppet to aid in system administration changes.
Rather than using a daemonized agent and long strings of options, all runs go through puppetctl run
. Users may disable future runs of puppet for periods of time, or place the host in nooperate
mode to test changes without worrying about puppet coming through and making a change.
Requires Puppet 7 and newer.
Status commands do not require root.
- is-enabled
- is-operating These are systemd-like requests to find out if puppet is enabled (not disabled) or operating (not in noop mode). Returns the usual bash-style 0=true, 1=false as well as a human-readable response
- status Tells you the status of the last puppet run (if you are root). Also tells you the lock-status.
- lock-status Tells you the state of puppetctl locks (who made them, what type, when they expire).
- motd-status Tells you the state of any puppetctl locks, or stays quiet when there are no locks.
Modification commands require root.
- enable Removes your disable lock (if you have one).
- disable Adds a disable lock for you, preventing future puppet runs.
- operate Removes your nooperate lock (if you have one)
- nooperate Adds a nooperate lock for you, placing future puppet runs into noop mode.
- run
Runs puppet (if not disabled). If there is a nooperate lock,
puppet agent
will run with--noop
.
Emergency commands require root and --force
- break-all-locks Forcibly removes all locks on a host. You should not use this, but instead should talk to whoever else placed a lock, and verify it is safe to remove. But for completeness, here it is.
- panic-stop
Kills an actively-running
puppet agent
. This is likely not useful, but terminating a puppet run was not uncommon in the originalpuppetctl
world, so this is here.