Forge Home

unlock_puppet

Unlock puppet agent runs exceeding runtimeout or runinterval

10,544 downloads

2,383 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 2.0.8 (latest)
  • 2.0.6
  • 2.0.5
  • 2.0.4
  • 2.0.3
  • 2.0.2
  • 2.0.1
  • 1.0.4
  • 1.0.3
  • 1.0.2
  • 1.0.1
  • 1.0.0
  • 0.1.0
released Apr 14th 2020
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
  • Puppet >= 4.10.0 < 7.0.0
  • , , , , , ,
Tasks:
  • unlock_puppet

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'tkishel-unlock_puppet', '2.0.8'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add tkishel-unlock_puppet
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install tkishel-unlock_puppet --version 2.0.8

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

tkishel/unlock_puppet — version 2.0.8 Apr 14th 2020

unlock_puppet task

Table of Contents

  1. Description
  2. Setup
  3. Usage - Basic
  4. Reference - Parameters
  5. Alternate Usage
  6. Getting Help - With Tasks

Description

This module provides an unlock_puppet class and task that ...

  • Kills puppet agent runs exceeding the maximum of runinterval or runtimeout.
  • Restarts the Puppet Agent service (if it is enabled) if the last run report exceeds the maximum of runinterval or runtimeout.
  • Restarts the Puppet Agent and/or PXP Agent service if it is not running.

This is valuable when a puppet agent process is locked, and/or the puppet or pxp-agent service needs to be restarted.

Setup

  • Install the module

Usage

Automated Enforcement

  • Apply the unlock_puppet class to a node
include unlock_puppet

The unlock_puppet class will create a cron job (or scheduled task) to resolve a locked puppet agent process, and/or a stopped Puppet Agent or PXP Agent service.

Ad-Hoc Enforcement

The unlock_puppet task resolve a locked puppet agent process, and/or a stopped Puppet Agent service, but will not resolve a stopped PXP Agent service.

  • Use the puppet task run command
puppet task run unlock_puppet --nodes agent.example.com
[root@master]# puppet task run unlock_puppet --nodes agent.example.com
Starting job ...
Note: The task will run only on permitted nodes.
New job ID: 1
Nodes: 1

Started on agent.example.com ...
Finished on node agent.example.com
  result : checking puppet agent process and service, puppet agent process lock file age 86400 exceeds runinterval 1800 or runtimeout 3600, killing puppet agent process, deleting puppet agent process lock file
  status : success

Job completed. 1/1 nodes succeeded.
Duration: 1 sec

Rather than specifying the nodes directly via --nodes you could use --query to query for nodes than have not reported within a cutoff:

# calculate a `not-responding` datestamp
export CUTOFF_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ" -d "-$(puppet config print runinterval) seconds")

# validate the datestamp using `puppet query`:
date
echo $CUTOFF_DATE
puppet query "nodes { report_timestamp < '$CUTOFF_DATE' }"

# run the task with the query
puppet task run unlock_puppet --query "nodes { report_timestamp < '$CUTOFF_DATE' }"

Reference

Class Parameters

Note that class parameter(s) are only necessary for resource-like class declarations, which are only necessary to uninstall the resources of this module.

ensure

Data type: String

This parameter is optional, with valid options of 'present' (the default) and 'absent'.

To uninstall the cron job (or scheduled task) apply the class using a resource-like class declaration:

class { 'unlock_puppet': ensure => absent }

Task Parameters

force_agent

Boolean, default: false

Ignore runinterval and runtimeout, kill the puppet agent process, and delete its lock file.

force_service

Boolean, default: false

Ignore runinterval and runtimeout, and restart the puppet service (even if it is not enabled).

[root@master]# puppet task run unlock_puppet --nodes agent.example.com force_agent=true force_service=true
Starting job ...
Note: The task will run only on permitted nodes.
New job ID: 2
Nodes: 1

Started on agent.example.com ...
Finished on node agent.example.com
  result : checking puppet agent process and service, stopping puppet service, killing puppet agent process, deleting puppet agent process lock file, starting puppet service
  status : success

Job completed. 1/1 nodes succeeded.
Duration: 4 sec

Alternate Usage

The script executed by this task can be extracted from the files directory of this module and run locally on the command line:

[root@agent]# /usr/local/bin/unlock_puppet.rb
{"status":"success","result":"checking puppet agent process and service, puppet agent process lock file age 86400 exceeds runinterval 1800 or runtimeout 3600, killing puppet agent process, deleting lock file"}

The script accepts the same parameters as the task via the following command line options:

[root@agent]# /usr/local/bin/unlock_puppet.rb --force_agent --force_service
{"status":"success","result":"checking puppet agent process and service, stopping puppet service, killing puppet agent process, deleting puppet agent process lock file, starting puppet service"}

Getting Help

To show help for tasks, run puppet task run --help