I have just switched to Puppet Enterprise 3.8 from PE 3.3. I use to use the rake api to create my groups, classes and nodes. This no longer works in PE 3.8 and there does not appear to be any documented way, other than using the dashboard (https://docs.puppetlabs.com/pe/latest/console_classes_groups.html#adding-nodes-to-a-node-group), to add nodes to a given group.
Can someone point me to some documentation of how one automates the adding of nodes to a group?
You can use the Node Classifier API to add groups, or add nodes to a group. You'll need to run these curl commands on the master and include the correct certs with the requests. In the commands below, replace "fqdn" with the fully qualified domain name of your master.
curl -X POST -H 'Content-Type: application/json' \
--cert /etc/puppetlabs/puppet/ssl/certs/fqdn.pem \
--key /etc/puppetlabs/puppet/ssl/private_keys/fqdn.pem \
--cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
-d '{ "name": "foo",
"parent": "00000000-0000-4000-8000-000000000000",
"environment": "production",
"classes": {}
}' \
https://fqdn:4433/classifier-api/v1/groups
curl 'https://fqdn:4433/classifier-api/v1/groups' \
-H "Content-Type: application/json" \
--cert /etc/puppetlabs/puppet/ssl/certs/fqdn.pem \
--key /etc/puppetlabs/puppet/ssl/private_keys/fqdn.pem \
--cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem
{
"environment_trumps": false,
"parent": "00000000-0000-4000-8000-000000000000",
"name": "foo",
"variables": {},
"id": "085e2797-32f3-4920-9412-8e9decf4ef65",
"environment": "production",
"classes": {}
},
curl -X POST -H 'Content-Type: application/json' \
--cert /etc/puppetlabs/puppet/ssl/certs/fqdn.pem \
--key /etc/puppetlabs/puppet/ssl/private_keys/fqdn.pem \
--cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
-d '{ "rule": ["or", ["=", "name", "u38a.vm"]] }' \
https://fqdn:4433/classifier-api/v1/groups/085e2797-32f3-4920-9412-8e9decf4ef65
curl -X POST -H 'Content-Type: application/json' \
--cert /etc/puppetlabs/puppet/ssl/certs/fqdn.pem \
--key /etc/puppetlabs/puppet/ssl/private_keys/fqdn.pem \
--cacert /etc/puppetlabs/puppet/ssl/certs/ca.pem \
-d '{ "rule": ["or", ["=", "name", "u38a.vm"], ["=", "name", "u38.vm"]] }' \
https://fqdn:4433/classifier-api/v1/groups/085e2797-32f3-4920-9412-8e9decf4ef65
Update 2016-04-12
As of Puppet Enterprise 2016.1.1 you can use the new pin/unpin endpoints of the classifier API to do this much more easily:
curl -X POST -H 'Content-Type: application/json' \
--cert $(puppet config print hostcert) \
--key $(puppet config print hostprivkey) \
--cacert $(puppet config print localcacert) \
-d '{"nodes": ["foo.tld", "bar.tld", "baz.tld"]}' \
https://$HOSTNAME:4433/classifier-api/v1/groups/<group id>/pin
curl -X POST -H 'Content-Type: application/json' \
--cert $(puppet config print hostcert) \
--key $(puppet config print hostprivkey) \
--cacert $(puppet config print localcacert) \
-d '{"nodes": ["foo.tld", "bar.tld", "baz.tld"]}' \
https://$HOSTNAME:4433/classifier-api/v1/groups/<group id>/unpin
Use the new (tech preview) commands/unpin-from-all endpoint:
curl -X POST -H 'Content-Type: application/json' \
--cert $(puppet config print hostcert) \
--key $(puppet config print hostprivkey) \
--cacert $(puppet config print localcacert) \
-d '{"nodes": ["foo.tld", "bar.tld", "baz.tld"]}' \
https://$HOSTNAME:4433/classifier-api/v1/commands/unpin-from-all
With all of these endpoints, you can also generate a token and supply that rather than using cert-based auth.