#! /usr/bin/ruby

# a simple script which fetches external nodes from Foreman

# you can basically use anything that knows how to get http data, e.g. wget/curl etc.

# Foreman url

foreman_url="http://foreman:3000"

require 'net/http'

foreman_url += "/node/#{ARGV[0]}?format=yml"

url = URI.parse(foreman_url)

req = Net::HTTP::Get.new(foreman_url)

res = Net::HTTP.start(url.host, url.port) { |http|

http.request(req)

}

case res

when Net::HTTPOK

puts res.body

else

$stderr.puts "Error retrieving node %s: %s" % [ARGV[0], res.class]

end

# copy this file to your report dir - e.g. /usr/lib/ruby/1.8/puppet/reports/

# add this report in your puppetmaster reports - e.g, in your puppet.conf add:

# reports=log, foreman # (or any other reports you want)

# URL of your Foreman installation

$foreman_url="http://foreman:3000"

require 'puppet'

require 'net/http'

require 'uri'

Puppet::Reports.register_report(:foreman) do

Puppet.settings.use(:reporting)

desc "Sends reports directly to Foreman"

def process

begin

uri = URI.parse($foreman_url)

http = Net::HTTP.new(uri.host, uri.port)

if uri.scheme == 'https' then

http.use_ssl = true

http.verify_mode = OpenSSL::SSL::VERIFY_NONE

end

req = Net::HTTP::Post.new("/reports/create?format=yml")

req.set_form_data({'report' => to_yaml})

response = http.request(req)

rescue Exception => e

raise Puppet::Error, "Could not send report to Foreman at #{$foreman_url}/reports/create?format=yml: #{e}"

end

end

end

#! /usr/bin/env ruby

#

# This scripts runs on remote puppetmasters that you wish to import their nodes facts into Foreman

# it uploads all of the new facts its encounter based on a control file which is stored in /tmp directory.

# This script can run in cron, e.g. once every minute

# if you run it on many puppetmasters at the same time, you might consider adding something like:

# sleep rand(10) # that not all PM hammers the DB at once.

# ohadlevy@gmail.com

# puppet config dir

puppetdir="/var/lib/puppet"

# URL where Foreman lives

url="http://foreman"

# Temp file keeping the last run time

stat_file = "/tmp/foreman_fact_importer"

require 'fileutils'

require 'net/http'

require 'uri'

last_run = File.exists?(stat_file) ? File.stat(stat_file).mtime.utc : Time.now - 365*60*60

FileUtils.touch stat_file

Dir["#{puppetdir}/yaml/facts/*.yaml"].each do |filename|

last_fact = File.stat(filename).mtime.utc

if last_fact > last_run

fact = File.read(filename)

puts "Importing #{filename}"

begin

Net::HTTP.post_form(URI.parse("#{url}/fact_values/create?format=yml"), {'facts'=> fact})

rescue Exception => e

raise "Could not send facts to Foreman: #{e}"

end

end

end

# common/manifests/defines/line.pp -- a trivial mechanism to ensure a line exists in a file

# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>

# See LICENSE for the full license granted to you.

# Usage:

# line { description:

# file => "filename",

# line => "content",

# ensure => {absent,*present*}

# }

#

define myline($file, $line, $ensure = 'present') {

case $ensure {

default : { err ( "unknown ensure value '${ensure}'" ) }

present: {

exec { "echo '${line}' >> '${file}'":

unless => "grep -qFx '${line}' '${file}'",

user => root,

}

}

absent: {

exec { "perl -ni -e 'print unless /^\\Q${line}\\E\$/' '${file}'":

onlyif => "grep -qFx '${line}' '${file}'",

user => root,

}

}

}

}

class foreman::externalnodes {

file{"/etc/puppet/node.rb":

source => "puppet:///foreman/external_node.rb",

mode => 555,

owner => "puppet", group => "puppet",

}

}

# please follow the instructions at: http://theforeman.org/wiki/foreman/Puppet_Facts

# DO NOT enable this class if you have store configs enabled

class foreman::import_facts {

file {"/etc/puppet/push_facts.rb":

mode => 555,

owner => puppet, group => puppet,

source => "puppet:///foreman/push_facts.rb",

}

cron{"send_facts_to_foreman":

command => "/etc/puppet/push_facts.rb",

user => "puppet",

minute => "*/2",

}

}

class foreman {

$railspath="/var/rails"

$foreman_dir="${railspath}/foreman"

$foreman_user="foreman"

import "defines.pp"

# some defaults

Exec {

cwd => $foreman_dir,

path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",

require => User[$foreman_user],

user => $foreman_user,

}

include foreman::import_facts

include foreman::puppetca

include foreman::puppetrun

include foreman::tftp

include foreman::reports

include foreman::externalnodes

file{$railspath: ensure => directory}

file{$foreman_dir:

ensure => directory,

require => User[$foreman_user],

owner => $foreman_user,

}

user { $foreman_user:

shell => '/bin/false',

comment => 'Foreman system account',

ensure => 'present',

home => $foreman_dir,

}

package{"rake":

name => $operatingsystem ? {

default => "rake",

"CentOs" => "rubygem-rake",

"RedHat" => "rubygem-rake",

},

ensure => installed,

before => Exec["db_migrate"],

}

package{"sqlite3-ruby":

name => $operatingsystem ? {

default => "libsqlite3-ruby",

"CentOs" => "rubygem-sqlite3-ruby",

"RedHat" => "rubygem-sqlite3-ruby",

},

ensure => installed,

before => Exec["db_migrate"],

}

# Initial Foreman Install

exec{"install_foreman":

command => "wget -q http://theforeman.org/foreman-latest.tar.bz2 -O - | tar xjf -",

cwd => $railspath,

creates => "$foreman_dir/public",

notify => Exec["db_migrate"],

require => File[$foreman_dir],

}

exec{"db_migrate":

command => "rake db:migrate",

environment => "RAILS_ENV=production",

refreshonly => true

}

# cleans up the session entries in the database

# if you are using fact or report importers, this creates a session per request

# which can easily result with a lot of old and unrequired in your database

# eventually slowing it down.

cron{"clear_session_table":

command => "(cd $foreman_dir && rake db:sessions:clear)",

environment => "RAILS_ENV=production",

user => $foreman_user,

minute => "15",

hour => "23",

}

cron{"daily summary":

command => "(cd $foreman_dir && rake reports:summarize)",

environment => "RAILS_ENV=production",

user => $foreman_user,

minute => "30",

hour => "07",

}

}

class foreman::passenger {

include apache2::passenger

file{"foreman_vhost":

path => $lsbdistid ? {

default => "/etc/httpd/conf.d/foreman.conf",

"Ubuntu" => "/etc/apache2/conf.d/foreman.conf"

},

content => template("foreman/foreman-vhost.conf.erb"),

mode => 644, notify => Exec["reload-apache2"],

}

exec{"restart_foreman":

command => "/bin/touch $foreman_dir/tmp/restart.txt",

refreshonly => true

}

}

class foreman::puppetca {

file{"/etc/puppet/autosign.conf":

owner => $foreman_user,

group => "puppet",

mode => 644,

require => User[$foreman_user],

}

myline {

"allow_foreman_to_execute_puppetca":

file => "/etc/sudoers",

line => "${foreman_user} ALL = NOPASSWD: /usr/sbin/puppetca";

"do_not_require_tty_in_sudo":

file => "/etc/sudoers",

line => "Defaults:${foreman_user} !requiretty";

}

}

class foreman::puppetrun {

myline {

"allow_foreman_to_execute_puppetrun":

file => "/etc/sudoers",

line => "${foreman_user} ALL = NOPASSWD: /usr/bin/puppetrun"

}

}

# please follow the instructions at: http://theforeman.org/wiki/foreman/Puppet_Reports

class foreman::reports {

# directory where your puppet is installed

$puppet_basedir = $operatingsystem ? {

default => "/usr/lib/ruby/1.8/puppet",

"CentOs" => "/usr/lib/ruby/site_ruby/1.8/puppet",

"RedHat" => "/usr/lib/ruby/site_ruby/1.8/puppet",

}

# foreman reporter

file {"${puppet_basedir}/reports/foreman.rb":

mode => 444,

owner => puppet, group => puppet,

source => "puppet:///foreman/foreman-report.rb",

}

cron{"expire_old_reports":

command => "(cd $foreman_dir && rake reports:expire)",

environment => "RAILS_ENV=production",

user => $foreman_user,

minute => "30",

hour => "7",

}

}

class foreman::tftp {

$tftp_dir = "${foreman_dir}/tftp"

file{$tftp_dir:

owner => $foreman_user,

mode => 644,

require => User[$foreman_user],

ensure => directory,

recurse => true,

}

file {"${tftp_dir}/default":

content => "default local\ntimeout 20\n\nlabel local\nlocalboot 0\n",

mode => 544, owner => root,

require => File[$tftp_dir],

}

}

require 'net/http'

# Query Foreman

module Puppet::Parser::Functions

newfunction(:foreman, :type => :rvalue) do |args|

#URL to query

host = "foreman"

url = "/hosts/query?"

query = []

args.each do |arg|

name, value = arg.split("=")

case name

when "fact", "class"

query << "#{name}=#{value}"

when "verbose"

query << "verbose=yes" if value == "yes"

else

raise Puppet::ParseError, "Foreman: Invalid parameter #{name}"

end

end

begin

response = Net::HTTP.get host,url+query.join("&")+"&format=yml"

rescue Exception => e

raise Puppet::ParseError, "Failed to contact Foreman #{e}"

end

begin

hostlist = YAML::load response

rescue Exception => e

raise Puppet::ParseError, "Failed to parse response from Foreman #{e}"

end

return response

end

end

<VirtualHost <%= ipaddress %>:80>

ServerName <%= fqdn %>

ServerAlias foreman

DocumentRoot <%= scope.lookupvar 'foreman::foreman_dir' %>/public

RailsAutoDetect On

AddDefaultCharset UTF-8

# Grant access to puppet reports

Alias /report /var/lib/puppet/rrd/

<Directory /var/lib/puppet/rrd/>

PassengerEnabled off

Options Indexes

Order deny,allow

Allow from all

</Directory>

</VirtualHost>

<VirtualHost <%= ipaddress %>:443>

ServerName <%= fqdn %>

ServerAlias foreman

RailsAutoDetect On

DocumentRoot <%= scope.lookupvar 'foreman::foreman_dir' %>/public

# Use puppet certificates for SSL

SSLEngine On

SSLCertificateFile /var/lib/puppet/ssl/certs/<%= fqdn %>.pem

SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/<%= fqdn %>.pem

SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem

SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem

SSLVerifyClient optional

SSLOptions +StdEnvVars

SSLVerifyDepth 3

</VirtualHost>