foreman_probing 0.0.1

data/README.md

@@ -0,0 +1,102 @@
+# ForemanProbing
+A plugin enabling Foreman to detect machines on the network and make the show up
+as Hosts.
+
+## Installation
+The installation is split into four parts. General prerequisites and installing
+Foreman, Smart Proxy and Smart Proxy Dynflow Core plugins
+
+### Prerequisites
+1. Install nmap
+2. This assumes the following directory structure
+
+```
+$PROJECT_ROOT
++- foreman
++- foreman_probing
++- smart-proxy-probing
++- smart_proxy_dynflow
+`- smart-proxy
+```
+
+### Installing the Foreman plugin
+1. Clone this repository
+2. Tell Foreman to load the gem
+
+```shell
+# In Foreman's checkout
+cat <<-END > bundler.d/foreman_probing.rb
+gem 'foreman_probing', :path => '../foreman_probing'
+END
+```
+
+3. Run `bundle install`
+4. Run the migrations and seeds
+
+```shell
+bundle exec rake db:migrate
+bundle exec rake db:seed
+```
+
+### Installing the Smart Proxy plugin
+1. Clone the `smart-proxy-probing` repository
+2. Enable the plugin
+```shell
+# In smart-proxy checkout
+cat <<-END > config/settings.d/probing.yml
+---
+:enabled: true
+END
+
+cat <<-END > bundler.d/smart-proxy-probing.rb
+gem 'smart-proxy-probing', :path => '../smart-proxy-probing'
+END
+```
+3. Run `bundle install`
+
+### Installing the Smart Proxy Dynflow Core plugin
+1. Clone this repository
+2. Enable the plugin
+
+```shell
+# in smart_proxy_dynflow
+cat <<-END > bundler.d/foreman_probing_core.rb
+gem 'foreman_probing_core', :path => '../foreman_probing'
+END
+```
+
+## Usage
+1. Navigate to Monitor > Network scans
+2. Click Run Scan
+3. Fill out the form
+4. Run the scan
+5. Wait for it to finish
+6. Observe Hosts created for the scanned machines
+7. Use Remote Execution or Ansible to manage the hosts
+8. (optional) Use Remote Execution or Ansible to deploy agents (Puppet, Katello,
+   Chef, Salt minion...)
+   
+## Ansible roles
+Some of the roles need `foreman_url` parameter to be set. It would be probably best to set this parameter as global and be done with it.
+
+## Contributing
+
+Fork and send a Pull Request. Thanks!
+
+## Copyright
+
+Copyright (c) *2017* *Adam Ruzicka*
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+

data/Rakefile

@@ -0,0 +1,47 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'ForemanProbing'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path('../test/dummy/Rakefile', __FILE__)
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test
+
+begin
+  require 'rubocop/rake_task'
+  RuboCop::RakeTask.new
+rescue => _
+  puts 'Rubocop not loaded.'
+end
+
+task :default do
+  Rake::Task['rubocop'].execute
+end

data/app/controllers/foreman_probing/api/v2/scans_controller.rb

@@ -0,0 +1,66 @@
+module ForemanProbing
+  module Api::V2
+    class ScansController < ::Api::V2::BaseController
+      include ::Api::Version2
+      include ::Foreman::Renderer
+
+      resource_description do
+        resource_id 'foreman_probing'
+        api_version 'v2'
+        api_base_url '/foreman_probing/api'
+      end
+
+      before_action :find_resource, :only => %w{show rerun}
+
+      def resource_class
+        ForemanProbing::Scan
+      end
+
+      api :GET, '/scans', N_('List scans')
+      param_group :search_and_pagination, ::Api::V2::BaseController
+      def index
+        @scans = resource_scope.order(:id => 'desc').paginate(:page => params[:page])
+      end
+
+      api :POST, '/scans', N_('Create a scan')
+      param :targeting_type, String, :required => true,
+        :desc => N_('Type of targeting, one of %{options}') % { :options => ForemanProbing::ScanComposer::TARGETING_TYPES.join(', ') }
+      param :scan_type, String, :required => true, :desc => N_('Type of the scan, one of %{options}') % { :options => %w{TCP UDP ICMP}.join(', ') }
+      param :ports, String, :desc => N_('The ports to probe')
+      param :proxy_id, :identifier, :required => true, :desc => N_('The smart proxy to run the scan from')
+      param :direct, String, :desc => N_('Comma separated list of IPv4 addresses, subnets or ranges')
+      param :subnet_id, :identifier, :desc => N_('ID of subnet to scan')
+      param :search_query, String, :desc => N_('Scan hosts matching the search query')
+      def create
+        @composer = ScanComposer.new_from_params(params[:foreman_probing_scan])
+        @scan = @composer.compose!
+        @scan.save!
+        task = ForemanTasks.async_task(::Actions::ForemanProbing::PerformScan,
+                                       @scan,
+                                       @scan.ports)
+        @scan.task = task
+        @scan.save!
+        set_auto_refresh
+        redirect_to @scan
+      end
+
+      api :POST, '/scans/:id', N_('Rerun scan')
+      param :id, :identifier, :required => true, :desc => N_('ID of scan to rerun')
+      def rerun
+        composer = ScanComposer.new_from_scan(ForemanProbing::Scan.find(params['id']))
+        @scan = composer.compose!
+        @scan.save!
+        task = ForemanTasks.async_task(::Actions::ForemanProbing::PerformScan,
+                                       @scan,
+                                       @scan.ports)
+        @scan.task = task
+        @scan.save!
+        render :action => 'show'
+      end
+
+      api :GET, '/scans/:id', N_('Show scan')
+      param :id, :identifier, :required => true, :desc => N_('ID of scan to show')
+      def show; end
+    end
+  end
+end

data/app/controllers/foreman_probing/hosts_controller.rb

@@ -0,0 +1,14 @@
+module ForemanProbing
+  # Example: Plugin's HostsController inherits from Foreman's HostsController
+  class HostsController < ::HostsController
+    before_action :find_resource, :only => :open_ports
+
+    def open_ports
+      render :partial => 'open_ports'
+    end
+
+    private
+
+    define_action_permission ['open_ports'], :view
+  end
+end

data/app/controllers/foreman_probing/scans_controller.rb

@@ -0,0 +1,47 @@
+module ForemanProbing
+  class ScansController < ::ApplicationController
+
+    def index
+      @scans = resource_base.order(:id => 'desc').paginate(:page => params[:page])
+    end
+
+    def new
+      @scan = ForemanProbing::Scan.new
+      @scan.target_kind = params.fetch(:target_kind, 'direct')
+      @scan.search_query = params[:search_query]
+      @scan.targeting = ::ForemanProbing::Targeting.new
+    end
+
+    def create
+      @composer = ScanComposer.new_from_params(params[:foreman_probing_scan])
+      @scan = @composer.compose!
+      @scan.save!
+      task = ForemanTasks.async_task(::Actions::ForemanProbing::PerformScan,
+                                     @scan,
+                                     @scan.ports)
+      @scan.task = task
+      @scan.save!
+      set_auto_refresh
+      redirect_to @scan
+    end
+
+    def rerun
+      composer = ScanComposer.new_from_scan(ForemanProbing::Scan.find(params['id']))
+      @scan = composer.compose!
+
+      render :action => 'new'
+    end
+
+    def show
+      @scan = ::ForemanProbing::Scan.find(params['id'])
+      set_auto_refresh
+    end
+
+    private
+
+    def set_auto_refresh
+      @auto_refresh = @scan.task.try(:pending?)
+    end
+
+  end
+end

data/app/helpers/concerns/foreman_probing/hosts_helper_extensions.rb

@@ -0,0 +1,9 @@
+module ForemanProbing
+  module HostsHelperExtensions
+    def host_title_actions(*args)
+      title_actions(button_group(link_to(_('Probe'), new_foreman_probing_scan_path(:search_query => "name = #{args.first.name}", :target_kind => 'host'), :id => :run_button, :class => 'btn btn-default')))
+
+      super(*args)
+    end
+  end
+end

data/app/helpers/concerns/foreman_probing/subnet_helper_extensions.rb

@@ -0,0 +1,7 @@
+module ForemanProbing
+  module SubnetHelperExtensions
+    def multiple_actions
+      super + [[_('Probe'), new_job_invocation_path, false]]
+    end
+  end
+end

data/app/helpers/foreman_probing/scans_helper.rb

@@ -0,0 +1,42 @@
+module ForemanProbing
+  module ScansHelper
+    def scan_task_buttons(scan)
+      task = scan.task
+      task_authorizer = Authorizer.new(User.current, :collection => [task])
+      buttons = []
+      buttons << link_to(_('Rerun'), rerun_foreman_probing_scan_path(scan), :class => 'btn btn-default', :title => _('Refresh this page'))
+      buttons << link_to(_('Refresh'), {}, :class => 'btn btn-default', :title => _('Refresh this page'))
+      # if authorized_for(hash_for_new_job_invocation_path)
+      #   buttons << link_to(_('Rerun'), rerun_job_invocation_path(:id => job_invocation.id),
+      #                      :class => 'btn btn-default',
+      #                      :title => _('Rerun the job'))
+      # end
+      if authorized_for(:permission => :view_foreman_tasks, :auth_object => task, :authorizer => task_authorizer)
+        buttons << link_to(_('Task'), foreman_tasks_task_path(task),
+                           :class => 'btn btn-default',
+                           :title => _('See the task details'))
+      end
+      if authorized_for(:permission => :edit_foreman_tasks, :auth_object => task, :authorizer => task_authorizer)
+        buttons << link_to(_('Cancel Task'), cancel_foreman_tasks_task_path(task),
+                           :class => 'btn btn-danger',
+                           :title => _('Try to cancel the task'),
+                           :disabled => !task.cancellable?,
+                           :method => :post)
+      end
+      return buttons
+    end
+
+    def targeting_label(targeting)
+      case targeting
+      when ::ForemanProbing::Targeting::Search
+        "with search query '#{targeting.raw_targets}'"
+      when ::ForemanProbing::Targeting::Direct
+        "direct '#{targeting.raw_targets}'"
+      when ::ForemanProbing::Targeting::SubnetDiscovery
+        'subnet discovery'
+      when ::ForemanProbing::Targeting::Subnet
+        "subnet #{targeting.subnet.name}"
+      end
+    end
+  end
+end

data/app/lib/actions/create_subnets.rb

@@ -0,0 +1,27 @@
+module Actions
+  module ForemanProbing
+    class CreateSubnets < Actions::EntryAction
+      middleware.use Actions::Middleware::KeepCurrentUser
+      def run
+        proxy = SmartProxy.find(input[:proxy_id])
+        output[:subnet_ids] = input[:scan][:proxy_output][:local_addresses].map do |str, hash|
+          network_addr = IPAddr.new(hash[:addr]).mask(hash[:cidr]).to_s
+          subnet = Subnet.where(:network => network_addr, :mask => hash[:netmask]).first
+          if subnet.nil?
+            subnet = Subnet.new
+            subnet.network = network_addr
+            subnet.mask = hash[:netmask]
+            subnet.name = "#{str} at #{proxy.name}"
+            subnet.location_ids = proxy.location_ids
+            subnet.organization_ids = proxy.organization_ids
+            subnet.save!
+          end
+          proxy.subnets << subnet
+          proxy.save!
+          subnet.id
+        end
+      end
+      
+    end
+  end
+end

data/app/lib/actions/import_host_facts.rb

@@ -0,0 +1,85 @@
+module Actions
+  module ForemanProbing
+    class ImportHostFacts < ::Dynflow::Action
+      middleware.use Actions::Middleware::KeepCurrentUser
+      def run
+        facts = input[:facts]
+        # If we're not scanning an already existing host and it is down, we don't want to import it to Foreman
+        unless (input[:options][:host_id].nil? && facts.fetch(:status, {})[:state] == 'down')
+          host = determine_host(facts)
+          facts = try_match_interface_names(host, facts)
+          facts.delete(:hostnames)
+          ::User.as :admin do
+            state          = host.import_facts(facts)
+            output[:state] = state
+            output[:facts] = facts
+          end
+          try_set_subnet!(host)
+          host.smart_proxy_ids << input[:proxy_id]
+          output[:host_id] = host.id
+          output[:hostname] = host.name
+          scan = ::ForemanProbing::Scan.find(input[:scan_id])
+          host.organization_id ||= scan.organization_ids.first
+          host.location_id ||= scan.location_ids.first
+          host.scans << scan
+          host.save!
+        end
+      rescue ::Foreman::Exception => e
+        # This error is what is thrown by Host#ImportHostAndFacts when
+        # the Host is in the build state. This can be refactored once
+        # issue #3959 is fixed.
+        raise e unless e.code == 'ERF51-9911'
+      end
+
+      private
+
+      def try_match_interface_names(host, facts)
+        names = host.interfaces.where(:mac => facts.fetch(:addresses, {}).fetch(:hwaddr, {}).keys).map(&:identifier)
+        if names.count != facts[:addresses][:ipv4].keys.count
+          names = facts[:addresses][:ipv4].keys.count.times.map { |i| "unknown#{i}" }
+        end
+        names.each_with_index do |name, i|
+          [:ipv4, :ipv6, :hwaddr].each do |kind|
+            addr = facts[:addresses].fetch(kind, {}).keys[i]
+            facts[:addresses].fetch(kind, {}).fetch(addr, {})[:identifier] = name
+          end
+        end
+        facts
+      end
+
+      def try_set_subnet!(host)
+        return unless host.subnet.nil? # We don't want to redefine already set subnet
+        subnet = if input[:subnet_id]
+                   Subnet.find(input[:subnet_id])
+                 else
+                   Subnet.all.find { |subnet| subnet.ipaddr.include? host.ip } # Try to find a defined subnet
+                 end
+        if subnet
+          host.location_id = subnet.location_ids.first
+          host.organization_id = subnet.organization_ids.first
+          host.subnet = subnet
+        end
+      end
+
+      def determine_host(facts)
+        macs = facts[:addresses].fetch(:hwaddr, {}).keys
+        unless macs.empty?
+          ifaces = ::Nic::Managed.where(:mac => macs)
+          return ifaces.first.host unless ifaces.empty?
+        end
+        Host::Managed.import_host(determine_hostname(facts).dup)
+      end
+
+      def determine_hostname(facts)
+        # Try to use first of its hostnames, fallback to some of its addresses
+        if !facts[:hostnames].empty?
+          facts[:hostnames].first[:name]
+        else
+          name = facts[:addresses].map { |_kind, values| values.keys }.flatten.first
+          raise 'Cannot determine host name' if name.nil?
+          name
+        end
+      end
+    end
+  end
+end

data/app/lib/actions/perform_scan.rb

@@ -0,0 +1,26 @@
+module Actions
+  module ForemanProbing
+    class PerformScan < Actions::EntryAction
+      include ::Actions::Helpers::WithContinuousOutput
+      include ::Actions::Helpers::WithDelegatedAction
+
+      # middleware.do_not_use Dynflow::Middleware::Common::Transaction
+      middleware.use Actions::Middleware::KeepCurrentUser
+
+      def plan(scan, ports, options = {})
+        options[:subnet_discovery] = true if scan.targeting.is_a? ::ForemanProbing::Targeting::SubnetDiscovery
+        scanned = plan_delegated_action(scan.smart_proxy, 'ForemanProbingCore::Actions::UseProbe',
+                                        :targets => scan.targeting.targets,
+                                        :scan_type => scan.scan_type,
+                                        :ports => ports,
+                                        :options => options)
+        plan_action(CreateSubnets, :proxy_id => scan.smart_proxy_id, :scan => scanned.output) if scan.targeting.is_a? ::ForemanProbing::Targeting::SubnetDiscovery
+        plan_action(::Actions::ForemanProbing::ProcessScan,
+                    :scan_id  => scan.id,
+                    :scan     => scanned.output,
+                    :proxy_id => scan.smart_proxy_id,
+                    :options  => options)
+      end
+    end
+  end
+end

data/app/lib/actions/process_host.rb

@@ -0,0 +1,18 @@
+module Actions
+  module ForemanProbing
+    class ProcessHost < Actions::EntryAction
+      middleware.use Actions::Middleware::KeepCurrentUser
+      def plan(input)
+        sequence do
+          parsed_scan = plan_action(::Actions::ForemanProbing::ImportHostFacts,
+                                    :scan_id => input[:scan_id],
+                                    :facts => input[:facts],
+                                    :proxy_id => input[:proxy_id],
+                                    :options => input[:options])
+          plan_action(::Actions::ForemanProbing::UpdateProbingFacet, :parsed_scan => parsed_scan.output)
+        end
+      end
+      
+    end
+  end
+end

data/app/lib/actions/process_scan.rb

@@ -0,0 +1,21 @@
+module Actions
+  module ForemanProbing
+    class ProcessScan < Actions::ActionWithSubPlans
+
+      def plan(*args)
+        plan_self(*args)
+      end
+
+      def create_sub_plans
+        input[:scan][:proxy_output][:facts].map do |report|
+          trigger(::Actions::ForemanProbing::ProcessHost,
+                  :scan_id => input[:scan_id],
+                  :facts => report,
+                  :proxy_id => input[:proxy_id],
+                  :options => input[:options] || {})
+        end
+      end
+      
+    end
+  end
+end

data/app/lib/actions/scan_host.rb

@@ -0,0 +1,35 @@
+module Actions
+  module ForemanProbing
+    class ScanHost < Actions::EntryAction
+      middleware.use Actions::Middleware::KeepCurrentUser
+      include ::Actions::Helpers::WithDelegatedAction
+
+      middleware.do_not_use Dynflow::Middleware::Common::Transaction
+
+      def plan(host, probes, proxy_selector = ::ForemanProbingProxySelector.new, port_overrides = {})
+        action_subject(host, :probes => probes.map(&:to_s))
+
+        hostname = find_ip_or_hostname(host)
+        proxy = proxy_selector.determine_proxy(host)
+        plan_delegated_action(proxy, ForemanProbingCore::Actions::UseProbe, hostname, probes, port_overrides)
+        plan_self
+      end
+
+      private
+      
+      def find_ip_or_hostname(host)
+        %w(execution primary provision).each do |flag|
+          interface = host.send(flag + '_interface')
+          return interface.ip if interface && interface.ip.present?
+        end
+
+        host.interfaces.each do |interface|
+          return interface.ip unless interface.ip.blank?
+        end
+
+        return host.fqdn
+      end
+      
+    end
+  end
+end

data/app/lib/actions/update_probing_facet.rb

@@ -0,0 +1,44 @@
+module Actions
+  module ForemanProbing
+    class UpdateProbingFacet < Actions::EntryAction
+
+      middleware.use Actions::Middleware::KeepCurrentUser
+
+      def run
+        data = input[:parsed_scan]
+        if data.key? :host_id
+          host = Host.find(data[:host_id])
+          host.probing_facet ||= ::ForemanProbing::ProbingFacet.new
+          host.probing_facet.status = data['facts'].fetch('status', {}).fetch('state', 'down')
+
+          %w(tcp udp).each do |protocol|
+            update_ports protocol, host.probing_facet
+          end
+
+          host.probing_facet.save!
+        end
+      end
+
+      def rescue_strategy
+        Dynflow::Action::Rescue::Skip
+      end
+
+      private
+
+      def update_ports(protocol, facet)
+        protocol_base = input[:parsed_scan]['facts'].fetch(:ports, {}).fetch(protocol, {})
+        up, down = protocol_base.partition { |number, value| value['state'] == 'open' }
+                     .map { |part| part.map(&:first).map(&:to_i) }
+        known = facet.scanned_ports.where(:protocol => protocol).pluck(:number)
+        to_create = up - known
+        to_update = known & up
+        to_remove = known & down
+        facet.scanned_ports.where(:protocol => protocol, :number => to_remove).delete_all
+        facet.scanned_ports.where(:protocol => protocol, :number => to_update).each(&:touch)
+        to_create.each do |number|
+          facet.scanned_ports << ::ForemanProbing::Port.new(:protocol => protocol, :number => number, :state => protocol_base[number.to_s]['state'])
+        end
+      end
+    end
+  end
+end

data/app/models/concerns/foreman_probing/foreman_tasks_task_extensions.rb

@@ -0,0 +1,9 @@
+module ForemanProbing
+  module ForemanTasksTaskExtensions
+    def self.prepended(base)
+      base.instance_eval do
+        has_one :scan, :dependent => :nullify, :foreign_key => 'task_id', :class_name => '::ForemanProbing::ScanHost'
+      end
+    end
+  end
+end

data/app/models/concerns/foreman_probing/host_extensions.rb

@@ -0,0 +1,10 @@
+module ForemanProbing
+  module HostExtensions
+    def self.prepended(base)
+      base.instance_eval do
+        has_many :scan_hosts, :class_name => '::ForemanProbing::ScanHost', :foreign_key => :host_id
+        has_many :scans, :through => :scan_hosts, :class_name => '::ForemanProbing::Scan'
+      end
+    end
+  end
+end

data/app/models/concerns/foreman_probing/subnet_extensions.rb

@@ -0,0 +1,21 @@
+module ForemanProbing
+  module SubnetExtensions
+    extend ActiveSupport::Concern
+
+    included do
+      # execute callbacks
+      has_many :probing_proxies, :dependent => :destroy
+    end
+
+    # create or overwrite instance methods...
+    def probe!(probe)
+
+    end
+
+    module ClassMethods
+      # create or overwrite class methods...
+      def class_method_name
+      end
+    end
+  end
+end

data/app/models/foreman_probing/fact_name.rb

@@ -0,0 +1,11 @@
+module ForemanProbing
+  class FactName < ::FactName
+    # Define the class that fact names that come from Ansible should have
+    # It allows us to filter facts by origin, and also to display the origin
+    # in the fact values table (/fact_values)
+    def origin
+      'foreman_probing/Network Scan'
+    end
+    
+  end
+end