Puppet agent – Disable all agent from jump-server


The situation:

In every larger environment when you debug or you would like to update something, good if you disable automatic changes (configuration management tool(s)). Now I will explain one solution, how can you disable all puppet-agent on (affected) hosts.

Script usage:

script to disable puppet agent on described hosts. Script also print out, if puppet agent was disabled previously (no overwrite it. Default behavior if you set twice disable message, first-one will be vaild). The script was tested & worked on CentOS 6.6 & on CentOS 6.7.


./disable_puppet_agent.sh pmikaczo 5 "disable due rollout disable message with spaces" /etc/hosts result.txt
  • ./disable_puppet_agent.sh –> Name of the script
  • pmikaczo –> User who will SSH into the target server (this user must to be have an account on the target-server & must to have root rights (can be root with sudo command)
  • 5 –> Timeout value in SEC. If the next-one host is not reachable, the script skip it after elapsed declared timeout value.
  • “disable due rollout disable message with spaces” –> The comment what the script will be left as “Disable Message”.
  • /etc/hosts –> Source of target servers. Input’s format:

If you would like to use “/etc/hosts” as source, please modify the script:


timeout $TIMEOUT sshpass -p $password ssh -oStrictHostKeyChecking=no -T -l $USER $line SSH


timeout $TIMEOUT sshpass -p $password ssh -oStrictHostKeyChecking=no -T -l $USER $(echo $line | awk '{print $1}') SSH
  • result.txt –> The script’s output (where it could be SSH in, where was disabled puppet agent,…) filename.



Check it in here. If you would like to improve it, just do & push it to GIT.

Leave a Reply