Revision 3a3a042e
Added by Ohad Levy about 14 years ago
- ID 3a3a042ea698542c9667d66f599945913edefa44
extras/puppet/foreman/files/external_node.rb | ||
---|---|---|
#! /usr/bin/ruby
|
||
# a simple script which fetches external nodes from Foreman
|
||
# you can basically use anything that knows how to get http data, e.g. wget/curl etc.
|
||
|
||
# Foreman url
|
||
foreman_url="http://foreman:3000"
|
||
|
||
require 'net/http'
|
||
|
||
foreman_url += "/node/#{ARGV[0]}?format=yml"
|
||
url = URI.parse(foreman_url)
|
||
req = Net::HTTP::Get.new(foreman_url)
|
||
res = Net::HTTP.start(url.host, url.port) { |http|
|
||
http.request(req)
|
||
}
|
||
|
||
case res
|
||
when Net::HTTPOK
|
||
puts res.body
|
||
else
|
||
$stderr.puts "Error retrieving node %s: %s" % [ARGV[0], res.class]
|
||
end
|
||
|
||
|
extras/puppet/foreman/files/foreman-report.rb | ||
---|---|---|
# copy this file to your report dir - e.g. /usr/lib/ruby/1.8/puppet/reports/
|
||
# add this report in your puppetmaster reports - e.g, in your puppet.conf add:
|
||
# reports=log, foreman # (or any other reports you want)
|
||
|
||
# URL of your Foreman installation
|
||
$foreman_url="http://foreman:3000"
|
||
|
||
require 'puppet'
|
||
require 'net/http'
|
||
require 'uri'
|
||
|
||
Puppet::Reports.register_report(:foreman) do
|
||
Puppet.settings.use(:reporting)
|
||
desc "Sends reports directly to Foreman"
|
||
|
||
def process
|
||
begin
|
||
uri = URI.parse($foreman_url)
|
||
http = Net::HTTP.new(uri.host, uri.port)
|
||
if uri.scheme == 'https' then
|
||
http.use_ssl = true
|
||
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
||
end
|
||
req = Net::HTTP::Post.new("/reports/create?format=yml")
|
||
req.set_form_data({'report' => to_yaml})
|
||
response = http.request(req)
|
||
rescue Exception => e
|
||
raise Puppet::Error, "Could not send report to Foreman at #{$foreman_url}/reports/create?format=yml: #{e}"
|
||
end
|
||
end
|
||
end
|
extras/puppet/foreman/files/push_facts.rb | ||
---|---|---|
#! /usr/bin/env ruby
|
||
#
|
||
# This scripts runs on remote puppetmasters that you wish to import their nodes facts into Foreman
|
||
# it uploads all of the new facts its encounter based on a control file which is stored in /tmp directory.
|
||
# This script can run in cron, e.g. once every minute
|
||
# if you run it on many puppetmasters at the same time, you might consider adding something like:
|
||
# sleep rand(10) # that not all PM hammers the DB at once.
|
||
# ohadlevy@gmail.com
|
||
|
||
# puppet config dir
|
||
puppetdir="/var/lib/puppet"
|
||
|
||
# URL where Foreman lives
|
||
url="http://foreman"
|
||
|
||
# Temp file keeping the last run time
|
||
stat_file = "/tmp/foreman_fact_importer"
|
||
|
||
require 'fileutils'
|
||
require 'net/http'
|
||
require 'uri'
|
||
|
||
last_run = File.exists?(stat_file) ? File.stat(stat_file).mtime.utc : Time.now - 365*60*60
|
||
FileUtils.touch stat_file
|
||
|
||
Dir["#{puppetdir}/yaml/facts/*.yaml"].each do |filename|
|
||
last_fact = File.stat(filename).mtime.utc
|
||
if last_fact > last_run
|
||
fact = File.read(filename)
|
||
puts "Importing #{filename}"
|
||
begin
|
||
Net::HTTP.post_form(URI.parse("#{url}/fact_values/create?format=yml"), {'facts'=> fact})
|
||
rescue Exception => e
|
||
raise "Could not send facts to Foreman: #{e}"
|
||
end
|
||
end
|
||
end
|
extras/puppet/foreman/manifests/defines.pp | ||
---|---|---|
# common/manifests/defines/line.pp -- a trivial mechanism to ensure a line exists in a file
|
||
# Copyright (C) 2007 David Schmitt <david@schmitt.edv-bus.at>
|
||
# See LICENSE for the full license granted to you.
|
||
|
||
# Usage:
|
||
# line { description:
|
||
# file => "filename",
|
||
# line => "content",
|
||
# ensure => {absent,*present*}
|
||
# }
|
||
#
|
||
|
||
define myline($file, $line, $ensure = 'present') {
|
||
case $ensure {
|
||
default : { err ( "unknown ensure value '${ensure}'" ) }
|
||
present: {
|
||
exec { "echo '${line}' >> '${file}'":
|
||
unless => "grep -qFx '${line}' '${file}'",
|
||
user => root,
|
||
}
|
||
}
|
||
absent: {
|
||
exec { "perl -ni -e 'print unless /^\\Q${line}\\E\$/' '${file}'":
|
||
onlyif => "grep -qFx '${line}' '${file}'",
|
||
user => root,
|
||
}
|
||
}
|
||
}
|
||
}
|
extras/puppet/foreman/manifests/externalnodes.pp | ||
---|---|---|
class foreman::externalnodes {
|
||
file{"/etc/puppet/node.rb":
|
||
source => "puppet:///foreman/external_node.rb",
|
||
mode => 555,
|
||
owner => "puppet", group => "puppet",
|
||
}
|
||
|
||
}
|
extras/puppet/foreman/manifests/import_facts.pp | ||
---|---|---|
# please follow the instructions at: http://theforeman.org/wiki/foreman/Puppet_Facts
|
||
# DO NOT enable this class if you have store configs enabled
|
||
|
||
class foreman::import_facts {
|
||
file {"/etc/puppet/push_facts.rb":
|
||
mode => 555,
|
||
owner => puppet, group => puppet,
|
||
source => "puppet:///foreman/push_facts.rb",
|
||
}
|
||
|
||
cron{"send_facts_to_foreman":
|
||
command => "/etc/puppet/push_facts.rb",
|
||
user => "puppet",
|
||
minute => "*/2",
|
||
}
|
||
|
||
}
|
extras/puppet/foreman/manifests/init.pp | ||
---|---|---|
class foreman {
|
||
|
||
$railspath="/var/rails"
|
||
$foreman_dir="${railspath}/foreman"
|
||
$foreman_user="foreman"
|
||
|
||
import "defines.pp"
|
||
|
||
# some defaults
|
||
Exec {
|
||
cwd => $foreman_dir,
|
||
path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
|
||
require => User[$foreman_user],
|
||
user => $foreman_user,
|
||
}
|
||
|
||
include foreman::import_facts
|
||
include foreman::puppetca
|
||
include foreman::puppetrun
|
||
include foreman::tftp
|
||
include foreman::reports
|
||
include foreman::externalnodes
|
||
|
||
file{$railspath: ensure => directory}
|
||
file{$foreman_dir:
|
||
ensure => directory,
|
||
require => User[$foreman_user],
|
||
owner => $foreman_user,
|
||
}
|
||
|
||
user { $foreman_user:
|
||
shell => '/bin/false',
|
||
comment => 'Foreman system account',
|
||
ensure => 'present',
|
||
home => $foreman_dir,
|
||
}
|
||
|
||
package{"rake":
|
||
name => $operatingsystem ? {
|
||
default => "rake",
|
||
"CentOs" => "rubygem-rake",
|
||
"RedHat" => "rubygem-rake",
|
||
},
|
||
ensure => installed,
|
||
before => Exec["db_migrate"],
|
||
}
|
||
|
||
package{"sqlite3-ruby":
|
||
name => $operatingsystem ? {
|
||
default => "libsqlite3-ruby",
|
||
"CentOs" => "rubygem-sqlite3-ruby",
|
||
"RedHat" => "rubygem-sqlite3-ruby",
|
||
},
|
||
ensure => installed,
|
||
before => Exec["db_migrate"],
|
||
}
|
||
# Initial Foreman Install
|
||
exec{"install_foreman":
|
||
command => "wget -q http://theforeman.org/foreman-latest.tar.bz2 -O - | tar xjf -",
|
||
cwd => $railspath,
|
||
creates => "$foreman_dir/public",
|
||
notify => Exec["db_migrate"],
|
||
require => File[$foreman_dir],
|
||
}
|
||
|
||
exec{"db_migrate":
|
||
command => "rake db:migrate",
|
||
environment => "RAILS_ENV=production",
|
||
refreshonly => true
|
||
}
|
||
|
||
# cleans up the session entries in the database
|
||
# if you are using fact or report importers, this creates a session per request
|
||
# which can easily result with a lot of old and unrequired in your database
|
||
# eventually slowing it down.
|
||
cron{"clear_session_table":
|
||
command => "(cd $foreman_dir && rake db:sessions:clear)",
|
||
environment => "RAILS_ENV=production",
|
||
user => $foreman_user,
|
||
minute => "15",
|
||
hour => "23",
|
||
}
|
||
|
||
cron{"daily summary":
|
||
command => "(cd $foreman_dir && rake reports:summarize)",
|
||
environment => "RAILS_ENV=production",
|
||
user => $foreman_user,
|
||
minute => "30",
|
||
hour => "07",
|
||
}
|
||
}
|
extras/puppet/foreman/manifests/passenger.pp | ||
---|---|---|
class foreman::passenger {
|
||
include apache2::passenger
|
||
|
||
file{"foreman_vhost":
|
||
path => $lsbdistid ? {
|
||
default => "/etc/httpd/conf.d/foreman.conf",
|
||
"Ubuntu" => "/etc/apache2/conf.d/foreman.conf"
|
||
},
|
||
content => template("foreman/foreman-vhost.conf.erb"),
|
||
mode => 644, notify => Exec["reload-apache2"],
|
||
}
|
||
|
||
exec{"restart_foreman":
|
||
command => "/bin/touch $foreman_dir/tmp/restart.txt",
|
||
refreshonly => true
|
||
}
|
||
|
||
}
|
extras/puppet/foreman/manifests/puppetca.pp | ||
---|---|---|
class foreman::puppetca {
|
||
|
||
file{"/etc/puppet/autosign.conf":
|
||
owner => $foreman_user,
|
||
group => "puppet",
|
||
mode => 644,
|
||
require => User[$foreman_user],
|
||
}
|
||
|
||
myline {
|
||
"allow_foreman_to_execute_puppetca":
|
||
file => "/etc/sudoers",
|
||
line => "${foreman_user} ALL = NOPASSWD: /usr/sbin/puppetca";
|
||
"do_not_require_tty_in_sudo":
|
||
file => "/etc/sudoers",
|
||
line => "Defaults:${foreman_user} !requiretty";
|
||
}
|
||
|
||
}
|
extras/puppet/foreman/manifests/puppetrun.pp | ||
---|---|---|
class foreman::puppetrun {
|
||
|
||
myline {
|
||
"allow_foreman_to_execute_puppetrun":
|
||
file => "/etc/sudoers",
|
||
line => "${foreman_user} ALL = NOPASSWD: /usr/bin/puppetrun"
|
||
}
|
||
|
||
}
|
extras/puppet/foreman/manifests/reports.pp | ||
---|---|---|
# please follow the instructions at: http://theforeman.org/wiki/foreman/Puppet_Reports
|
||
|
||
class foreman::reports {
|
||
# directory where your puppet is installed
|
||
$puppet_basedir = $operatingsystem ? {
|
||
default => "/usr/lib/ruby/1.8/puppet",
|
||
"CentOs" => "/usr/lib/ruby/site_ruby/1.8/puppet",
|
||
"RedHat" => "/usr/lib/ruby/site_ruby/1.8/puppet",
|
||
}
|
||
|
||
# foreman reporter
|
||
file {"${puppet_basedir}/reports/foreman.rb":
|
||
mode => 444,
|
||
owner => puppet, group => puppet,
|
||
source => "puppet:///foreman/foreman-report.rb",
|
||
}
|
||
|
||
cron{"expire_old_reports":
|
||
command => "(cd $foreman_dir && rake reports:expire)",
|
||
environment => "RAILS_ENV=production",
|
||
user => $foreman_user,
|
||
minute => "30",
|
||
hour => "7",
|
||
}
|
||
|
||
}
|
extras/puppet/foreman/manifests/tftp.pp | ||
---|---|---|
class foreman::tftp {
|
||
$tftp_dir = "${foreman_dir}/tftp"
|
||
|
||
file{$tftp_dir:
|
||
owner => $foreman_user,
|
||
mode => 644,
|
||
require => User[$foreman_user],
|
||
ensure => directory,
|
||
recurse => true,
|
||
}
|
||
|
||
file {"${tftp_dir}/default":
|
||
content => "default local\ntimeout 20\n\nlabel local\nlocalboot 0\n",
|
||
mode => 544, owner => root,
|
||
require => File[$tftp_dir],
|
||
}
|
||
|
||
}
|
extras/puppet/foreman/plugins/puppet/parser/functions/foreman.rb | ||
---|---|---|
require 'net/http'
|
||
|
||
# Query Foreman
|
||
module Puppet::Parser::Functions
|
||
newfunction(:foreman, :type => :rvalue) do |args|
|
||
#URL to query
|
||
host = "foreman"
|
||
url = "/hosts/query?"
|
||
query = []
|
||
args.each do |arg|
|
||
name, value = arg.split("=")
|
||
case name
|
||
when "fact", "class"
|
||
query << "#{name}=#{value}"
|
||
when "verbose"
|
||
query << "verbose=yes" if value == "yes"
|
||
else
|
||
raise Puppet::ParseError, "Foreman: Invalid parameter #{name}"
|
||
end
|
||
end
|
||
|
||
begin
|
||
response = Net::HTTP.get host,url+query.join("&")+"&format=yml"
|
||
rescue Exception => e
|
||
raise Puppet::ParseError, "Failed to contact Foreman #{e}"
|
||
end
|
||
|
||
begin
|
||
hostlist = YAML::load response
|
||
rescue Exception => e
|
||
raise Puppet::ParseError, "Failed to parse response from Foreman #{e}"
|
||
end
|
||
return response
|
||
end
|
||
end
|
extras/puppet/foreman/templates/foreman-vhost.conf.erb | ||
---|---|---|
<VirtualHost <%= ipaddress %>:80>
|
||
ServerName <%= fqdn %>
|
||
ServerAlias foreman
|
||
DocumentRoot <%= scope.lookupvar 'foreman::foreman_dir' %>/public
|
||
|
||
RailsAutoDetect On
|
||
AddDefaultCharset UTF-8
|
||
|
||
# Grant access to puppet reports
|
||
Alias /report /var/lib/puppet/rrd/
|
||
<Directory /var/lib/puppet/rrd/>
|
||
PassengerEnabled off
|
||
Options Indexes
|
||
Order deny,allow
|
||
Allow from all
|
||
</Directory>
|
||
</VirtualHost>
|
||
|
||
<VirtualHost <%= ipaddress %>:443>
|
||
ServerName <%= fqdn %>
|
||
ServerAlias foreman
|
||
|
||
RailsAutoDetect On
|
||
DocumentRoot <%= scope.lookupvar 'foreman::foreman_dir' %>/public
|
||
|
||
# Use puppet certificates for SSL
|
||
|
||
SSLEngine On
|
||
SSLCertificateFile /var/lib/puppet/ssl/certs/<%= fqdn %>.pem
|
||
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/<%= fqdn %>.pem
|
||
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
|
||
SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem
|
||
SSLVerifyClient optional
|
||
SSLOptions +StdEnvVars
|
||
SSLVerifyDepth 3
|
||
|
||
</VirtualHost>
|
Also available in: Unified diff
removing puppet module from Foreman repo, as it now has its own repo - http://github.com/ohadlevy/puppet-foreman