Skip to content

mozilla-it/puppetctl

Repository files navigation

puppetctl

puppetctl is a wrapper around puppet to aid in system administration changes.

Rather than using a daemonized agent and long strings of options, all runs go through puppetctl run. Users may disable future runs of puppet for periods of time, or place the host in nooperate mode to test changes without worrying about puppet coming through and making a change.

Requires Puppet 7 and newer.

Available Subcommands:

Status-Related Commands

Status commands do not require root.

  • is-enabled
  • is-operating These are systemd-like requests to find out if puppet is enabled (not disabled) or operating (not in noop mode). Returns the usual bash-style 0=true, 1=false as well as a human-readable response
  • status Tells you the status of the last puppet run (if you are root). Also tells you the lock-status.
  • lock-status Tells you the state of puppetctl locks (who made them, what type, when they expire).
  • motd-status Tells you the state of any puppetctl locks, or stays quiet when there are no locks.

Modification Commands

Modification commands require root.

  • enable Removes your disable lock (if you have one).
  • disable Adds a disable lock for you, preventing future puppet runs.
  • operate Removes your nooperate lock (if you have one)
  • nooperate Adds a nooperate lock for you, placing future puppet runs into noop mode.
  • run Runs puppet (if not disabled). If there is a nooperate lock, puppet agent will run with --noop.

Emergency Commands

Emergency commands require root and --force

  • break-all-locks Forcibly removes all locks on a host. You should not use this, but instead should talk to whoever else placed a lock, and verify it is safe to remove. But for completeness, here it is.
  • panic-stop Kills an actively-running puppet agent. This is likely not useful, but terminating a puppet run was not uncommon in the original puppetctl world, so this is here.