Last active
February 16, 2016 10:02
-
-
Save cdodd/a53b52318f63d9ff6699 to your computer and use it in GitHub Desktop.
AWS Puppet Cert Cleaner
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import subprocess | |
| import boto.ec2 as ec2 | |
| import boto.utils | |
| # Get all "private_dns_name"s from AWS | |
| conn = ec2.connect_to_region( | |
| boto.utils.get_instance_metadata()['placement']['availability-zone'][:-1] | |
| ) | |
| instance_list = [i.private_dns_name.split('.')[0] | |
| for r in conn.get_all_instances() | |
| for i in r.instances] | |
| # Get the puppet cert data | |
| stdout, stderr = subprocess.Popen( | |
| ['puppet', 'cert', 'list', '--all'], | |
| stdout=subprocess.PIPE, | |
| stderr=subprocess.PIPE, | |
| ).communicate() | |
| # Iterate over each host in the puppet data and see if a matching instance | |
| # exists anywhere in AWS, if not then clean the cert. | |
| for line in stdout.split('\n'): | |
| if not line.startswith('+ "ip'): | |
| continue | |
| host = line.split('.')[0].lstrip('+ "') | |
| fqdn = line.split()[1].strip('"') | |
| if host not in instance_list: | |
| stdout, stderr = subprocess.Popen( | |
| ['puppet', 'cert', 'clean', fqdn], | |
| stdout=subprocess.PIPE, | |
| stderr=subprocess.PIPE, | |
| ).communicate() | |
| print 'Cleaned cert: ' + fqdn |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment