Do you think IIT Guwahati certified course can help you in your career?
Introduction
Hello readers! When we are using Puppet, managing the nodes can become can make us a bit confused. We found a helpful tool to take care of that. It lies within the management of nodes in Puppet. We can call it a node classifier API v1. The blog will look into grouping and classifying nodes and see how different levels in it work. We will explore the best practices for categorising node groups too. Let us read more to know more.
Forming Node Classifier API Requests
HTTP(S) requests to the node classifier API must be well-formed.
The node classifier service defaults to listening on port 4433, and all endpoints are relative to the "/classifier-api/" directory.
We can alter the port on which the classifier API listens if necessary.
Requests for Node classifier API must include the following URI path:
The variables in the path get derived from the following:
DNS: The DNS name of the PE console host. We can use localhost, enter the DNS name manually, or use a puppet command.
VERSION: Both Node classifier API v1 or Node classifier API v2.
ENDPOINT: One or more parts, such as groups or classes, that define the endpoint. Some endpoints need additional parts or sections, such as GET /v1/environments/environment>/classes.
To build a complete curl command, we must specify suitable curl arguments and authentication. Along with that, maybe the content type and/or other parameters that are unique to the endpoint we are calling.
Rule Condition Grammar
Rules can be used to dynamically group nodes into groups. We must use suitable rule condition syntax when building requests to endpoints that enable rule definition.
The value for the regex operator ~ is read as a Java regular expression. To match regex characters in the fact-value, use literal backslashes to escape them.
The fact-value (which is always a string) is coerced to a number for the numeric comparison operators (">", ">=", "", and "="), either integral or floating-point. The numeric operation evaluates to false if the value cannot be forced to a number.
The rule for the fact path can be either a string indicating a top-level field (such as name, which represents the node name). It can also be a list of strings and indices signifying looking up a field in a nested data structure.
The first and second entries in a list of strings or indices must be strings, whereas succeeding entries can be indices.
Regular facts begin with the word "fact" (for example, ["fact", "architecture"), whereas trusted facts begin with the word "trusted" (for example, ["trusted", "certname"]).
Node Classifier API Authentication
Node classifier API requests must be authenticated. This can be achieved or accomplished through the use of RBAC authentication tokens or the list of permitted RBAC certificates.
Authenticating with Tokens
RBAC authentication tokens can be used to make calls to the node classifier API.
Authenticating With an Allowed Certificate
We can also use a certificate from RBAC's certificate allowlist to authenticate requests. /etc/puppetlabs/console-services/rbac-certificate-allowlistis the location of the RBAC allowlist. If we make changes to this file, we must restart the pe-console-services service by running the following command.
sudo service pe-console-services reload
To run the script and attach the certificate to a curl request, we must have the permitted certificate name and the private key. The certname in the request must match one in the /etc/puppetlabs/console-services/rbac-certificate-allowlist file.
For authentication, we do not need to utilise an agent certificate. Puppet cert generate can be used to generate a new certificate for usage with the API.
Using Pagination Parameters
If we have a significant or large number of classes, groups, nodes, node check-ins, or environments in our installation, node classifier API GET calls may return unnecessarily large results.
We can limit the number or amount of items that are returned by appending the limit and offset parameters to the request URI paths:
Limit: Set the maximum amount of elements permitted in the response. The value must be an integer that is not negative.
Offset: Set the number of items to pass from the start of the list of possible outcomes. The value must be a non-negative integer with an index of zero. If offset=10, the answer passes the first ten results and begins with the 11th record.
When non-integer values are used for these parameters, a 400 Bad request response is returned.
Groups Endpoints
The endpoints for groups update, read, create and delete them.
Each group belongs to an environment, applies classes (with class parameters) to nodes within the group, and matches nodes depending on the rules of the group. There is a lot we can do with this endpoint because groups are crucial to the classification process.
Let us look at them and discover some of them and what they do.
GET /v1/groups
It returns a list of all node groups in the node classifier.
POST /v1/groups
It creates a node group with a unique ID generated at random.
GET /v1/groups/<id>
It Finds or retrieves a certain node group.
PUT /v1/groups/<id>
It makes a node group with a distinct or specific ID.
POST /v1/groups/<id>
For a specific node group, change the environment, parent node group, rules, classes, name, class parameters, configuration data, and variables.
DELETE /v1/groups/<id>
To delete the node group with the supplied ID, use the "/v1/groups/id>" endpoint.
POST /v1/groups/<id>/pin
Specific nodes can be pinned to a node group.
POST /v1/groups/<id>/unpin
Unpin certain nodes from a particular node group.
GET /v1/groups/<id>/rules
Resolve the rules for a given node group and then translate those rules to interact with PuppetDB nodes and inventory endpoints.
Classes Endpoint
To get a list of all classes, use the "classes" endpoint.
Use the GET /v1/environments/environment>/classes or GET /v1/environments/environment>/classes/name> endpoints to receive a list of all classes in a certain environment or a specific class from a specific environment.
The output of the classes endpoint (as well as the environments/environment>/classes endpoints) is useful for establishing or updating node groups, which often reference one or more classes. The Groups endpoints allow us to create and edit node groups.
Puppet provides class information to the node classifier. The classes endpoint should not be used to update, create, or delete classes.
GET /v1/classes
It retrieves a list of all classes that the node classifier is aware of. This is at the moment of the request.
Classification Endpoints
The classification endpoints accept a node name and a series of facts before returning information about how the specified node is classed. The output can be used to put the node group classification criteria to the test.
POST /v1/classified/nodes/<name>
Retrieve the classification information for a given node depending on the data in the request's body.
POST /v1/classified/nodes/<name>/explanation
Get a thorough explanation of how a node is categorised based on the information in the request's body.
Commands Endpoint
To unpin specified nodes from all node groups to which they are pinned, use the commands endpoint. Use the POST /v1/groups/id>/unpin endpoint to unpin one or more nodes from a single node group.
To re-pin unpinned nodes, use thePOST /v1/groups/id>/pin endpoint.
POST /v1/commands/unpin-from-all
Remove one or more individual nodes from all node groups to which they are pinned. Nodes assigned to node groups by dynamic rules are unaffected by unpinning.
Frequently Asked Questions
How do I turn off or disable Puppet?
If you wish to disable the Puppet agent on a specific node, use the command "puppet agent –disable." You can indicate a reason for disabling the agent on a certain node. The message you provide will be printed the next time someone types puppet agent on node.
What are the advantages of using Puppet DevOps?
DevOps increases the agility of your organisation by removing silos and enhancing cooperation across teams, from development to operations to QA to security. Puppet can assist in automating the complete application development lifecycle, beginning with basic infrastructure and ending with application maintenance.
Is Puppet synonymous with Docker?
Puppet manages files, packages, and services, whereas Docker creates documents within a delivery unit known as a container. Puppet contains numerous tools for easily configuring a system, while Docker is used for creating and delivering applications.
Conclusion
In the article, we came to know about the basic concepts of Node classifier API v1. We found out about its different elements and also got an idea of the different endpoints. We also got to know about forming API requests and rule condition grammar. Refer to our courses and explore Coding Ninjas Studio to find more exciting stuff. You can also look into the interview experiences and solve different problems. Look into our Guided paths, test series, libraries and resources to know more.
34+ registered 
