Using Bolt with orchestrator
Bolt enables running a series of tasks — called plans — to help you automate the manual work of maintaining your infrastructure. When you pair Bolt with PE, you get advanced automation with the management and logging capabilities of PE
Bolt connects directly to remote nodes with SSH or WinRM, so you are not required to install any agent software. To learn more about Bolt, see the Bolt documentation.
You can configure Bolt to use the orchestrator API and perform actions on PE nodes. When you run Bolt plans, the plan logic is processed locally on the node running Bolt while corresponding commands, scripts, tasks, and file uploads run remotely using the orchestrator API.
Before you can use Bolt with PE, you must install Bolt.
To set up Bolt to use the orchestrator API, you must:
bolt_shimmodule in a PE environment.
Assign task permissions to a user role.
Adjust the orchestrator configuration files, as needed.
Configure Bolt to connect to PuppetDB.
Install the Bolt module in a PE environment
Bolt uses a task to execute commands, upload files,
and run scripts over orchestrator. To install this task, install the
puppetlabs-bolt_shim module from the Forge. Install the code in the same environment as
the other tasks you want to run. Use the following Puppetfile line:
mod 'puppetlabs-bolt_shim', '0.3.0'
In addition to the
bolt_shim module, any task or module content you want to
execute over Puppet Communications
Protocol (PCP) must be present in
the PE environment. For details about downloading and
installing modules for Bolt, see Set up Bolt to download and
install modules. By allowing only content that is present in the PE environment to be executed over PCP, you
maintain role-based access control over the nodes you manage in PE.
applyaction, you must install the
puppetlabs-apply_helpersmodule. Use the following Puppetfile line:
mod 'puppetlabs-apply_helpers', '0.2.1'
apply. You might need to increase the Java heap size for orchestration services.
Assign task permissions to a user role
In the console, click.
From the list of user roles, click the role you want to have task permissions.
On the Permissions tab, in the Type box, select Tasks.
For Permission, select Run tasks, and select All from the Instance drop-down list.
Click Add permission, and commit the change.
Configure the bolt.yaml file
Configure Bolt to connect to orchestrator in the
pcp section of the Bolt configuration file. This configuration is not
puppet task. By default, Bolt uses the production environment in PE when running tasks.
||The path to the CA certificate.||String|
||Set interval, in seconds, to poll orchestrator for job status.||Integer|
||Set time, in seconds, to wait for orchestrator job status.||Integer|
||The URL of the orchestrator API.||String|
||The environment the orchestrator loads task code from. This
||Path to the token file.||String|
You can also set configuration data in inventory.yaml. For example:
pcp: service-url: "https://expensive-tower.delivery.puppetlabs.net:8143" cacert: /tmp/ca.pem task-environment: production job-poll-timeout: 2 token-file: ~/.puppetlabs/token
See Bolt project directories for more information on bolt configuration files.
config: transport: pcp pcp: service-url: https://FQDN:8143 cacert: certs/the_ca.pem token-file: tokens/the_sv.pem task-environment: production
Configure Bolt to connect to PuppetDB
Bolt can authenticate with PuppetDB through an SSL client certificate or a PE RBAC token. For more information see the Bolt docs for Connecting Bolt to PuppetDB.
Specify the transport
Bolt runs tasks through the
orchestrator when a target uses the
pcp transport. Specify the transport for specific nodes by using the
PCP protocol in the target's URI, like
pcp://puppet.certname, or setting
transport in a
config section in
inventory.yaml. Change the default transport for all
nodes by setting
bolt.yaml or passing
--transport pcp on the command
View available tasks
To view a list of available tasks from the orchestrator API, run
show (instead of the command
bolt task show).