puppetdb_foreman 2.0.0 → 3.0.0

data/README.md

@@ -0,0 +1,82 @@
+# puppetdb\_foreman
+
+[![Code Climate](https://codeclimate.com/github/theforeman/puppetdb_foreman/badges/gpa.svg)](https://codeclimate.com/github/theforeman/puppetdb_foreman)
+[![Gem Version](https://badge.fury.io/rb/puppetdb_foreman.svg)](http://badge.fury.io/rb/puppetdb_foreman)
+[![Dependency Status](https://gemnasium.com/theforeman/puppetdb_foreman.svg)](https://gemnasium.com/theforeman/puppetdb_foreman)
+[![Issue stats](http://issuestats.com/github/theforeman/puppetdb_foreman/badge/pr?style=flat)](http://issuestats.com/github/theforeman/puppetdb_foreman)
+
+This is a [Foreman](http://theforeman.org) plugin to interact with [PuppetDB](https://docs.puppetlabs.com/puppetdb/index.html).
+
+It does the following:
+
+  * Disables hosts on PuppetDB after they are deleted in Foreman.
+  * Proxies the PuppetDB Performance Dashboard for access through Foreman.
+  * Compares nodes in PuppetDB to Hosts in Foreman.
+  * Creates Hosts in Foreman from PuppetDB facts.
+
+Feel free to raise issues, ask for features, anything, in the github repository or #theforeman IRC channel in Freenode.
+
+# Installation:
+
+**From packages**
+
+Set up the appropriate repository by following [these instructions](https://theforeman.org/plugins/)
+
+*RPM* users can install the `tfm-rubygem-puppetdb_foreman` (el7) or `rubygem-puppetdb_foreman` (f24) packages.
+
+*deb* users can install the `ruby-puppetdb-foreman` package.
+
+**From Rubygems**
+
+Add to bundler.d/Gemfile.local.rb as:
+
+    gem 'puppetdb_foreman'
+
+then update & restart Foreman:
+
+    bundle update
+
+    service restart foreman or equivalent
+
+
+**Versioning**
+
+puppetdb_foreman uses [Semantic Versioning 2.0.0](http://semver.org/spec/v2.0.0.html)
+
+# Usage:
+
+Go to Administer > Settings > PuppetDB and set `puppetdb_address` with your PuppetDB address, `puppetdb_dashboard_address` (optional) to proxy the dashboard, `puppetdb_enabled` to either true or false if you want to enable or disable PuppetDB integration. Obviously you will need a PuppetDB instance at the address you provide.
+
+Alternatively you can put your settings in `config/settings.yaml`. Please keep in mind these will be overwritten if changed in the application, and if the application is rebooted, YAML rules will overwrite again your manually changed settings. Hence passing your settings in this format is discouraged, but allowed.
+
+for PuppetDB 4
+```yaml
+:puppetdb:
+  :enabled: true
+  :address: 'https://puppetdb:8081/pdb/cmd/v1'
+  :dashboard_address: 'http://puppetdb:8080/pdb/dashboard'
+  :puppetdb_ssl_ca_file: '/etc/puppetlabs/puppet/ssl/certs/ca.pem'
+  :puppetdb_ssl_certificate: '/etc/puppetlabs/puppet/ssl/certs/FQDN.pem'
+  :puppetdb_ssl_private_key: '/etc/puppetlabs/puppet/ssl/private_keys/FQDN.pem'
+```
+
+You can find the dashboard under Monitor > PuppetDB dashboard. Only administrators and users with a role `view_puppetdb_dashboard` will be able to access it. Aside from convenience, the PuppetDB dashboard cannot be served over HTTPS, you can restrict your dashboard requests to only Foreman boxes and serve it securely to your users through HTTPS in Foreman.
+
+![Screenshot](http://i.imgur.com/5d80CtZ.png)
+
+
+# Copyright:
+Copyright 2013 CERN, Switzerland and various authors
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.

data/Rakefile

@@ -0,0 +1,47 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'PuppetdbForeman'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path('../test/dummy/Rakefile', __FILE__)
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test
+
+begin
+  require 'rubocop/rake_task'
+  RuboCop::RakeTask.new
+rescue => _
+  puts 'Rubocop not loaded.'
+end
+
+task :default do
+  Rake::Task['rubocop'].execute
+end

data/app/controllers/api/v2/puppetdb_nodes_controller.rb

@@ -0,0 +1,63 @@
+module Api
+  module V2
+    class PuppetdbNodesController < V2::BaseController
+      include Api::Version2
+      before_action :find_node, :only => [:destroy, :import]
+
+      layout 'api/v2/layouts/index_layout', :only => [:index, :unknown]
+
+      api :GET, '/puppetdb_nodes/', N_('List all PuppetDB nodes')
+      def index
+        @nodes = Puppetdb.client.query_nodes
+      end
+
+      api :GET, '/puppetdb_nodes/unknown/', N_('List all PuppetDB nodes without a Host in Foreman')
+      def unknown
+        @foreman_hosts = Host.unscoped.pluck(:name)
+        @puppetdb_hosts = Puppetdb.client.query_nodes
+        @nodes = @puppetdb_hosts - @foreman_hosts
+      end
+
+      api :DELETE, '/puppetdb_nodes/:id/', N_('Deactivate a node in PuppetDB')
+      param :id, String, :required => true
+
+      def destroy
+        uuid = Puppetdb.client.deactivate_node(@node)
+        response = { :job => { :uuid => uuid } }
+        process_success response
+      end
+
+      api :PUT, '/puppetdb_nodes/:id/import/', N_('Import PuppetDB Node to Foreman Host')
+      param :id, :identifier, :required => true
+
+      def import
+        facts = Puppetdb.client.facts(@node)
+        @host = PuppetdbHost.new(:facts => facts).to_host
+      end
+
+      # Overrides because PuppetDB is not backed by ActiveRecord
+      def resource_name
+        'node'
+      end
+
+      def resource_scope
+        @nodes
+      end
+
+      private
+
+      def find_node
+        @node = params[:id]
+      end
+
+      def action_permission
+        case params[:action]
+        when 'unknown'
+          'index'
+        else
+          super
+        end
+      end
+    end
+  end
+end

data/app/controllers/puppetdb_foreman/nodes_controller.rb

@@ -0,0 +1,39 @@
+module PuppetdbForeman
+  class NodesController < ApplicationController
+    include ::Foreman::Controller::ActionPermissionDsl
+
+    before_action :find_node, :only => [:destroy, :import]
+    define_action_permission ['import'], :import
+
+    def controller_permission
+      'puppetdb_nodes'
+    end
+
+    def index
+      @foreman_hosts = Host.unscoped.pluck(:name)
+      @puppetdb_hosts = Puppetdb.client.query_nodes
+      @unknown_hosts = @puppetdb_hosts - @foreman_hosts
+    end
+
+    def destroy
+      Puppetdb.client.deactivate_node(@node)
+      process_success :success_msg => _('Deactivated node %s in PuppetDB') % @node, :success_redirect => puppetdb_foreman_nodes_path
+    rescue => e
+      process_error(:redirect => puppetdb_foreman_nodes_path, :error_msg => _('Failed to deactivate node in PuppetDB: %s') % e.message)
+    end
+
+    def import
+      facts = Puppetdb.client.facts(@node)
+      host = PuppetdbHost.new(:facts => facts).to_host
+      process_success :success_msg => _('Imported host %s from PuppetDB') % @node, :success_redirect => host_path(:id => host)
+    rescue => e
+      process_error(:redirect => puppetdb_foreman_nodes_path, :error_msg => _('Failed to import host from PuppetDB: %s') % e.message)
+    end
+
+    private
+
+    def find_node
+      @node = params[:id]
+    end
+  end
+end

data/app/controllers/puppetdb_foreman/puppetdb_controller.rb

@@ -1,34 +1,30 @@
 module PuppetdbForeman
   class PuppetdbController < ApplicationController
-
     protect_from_forgery :except => :index
 
     def index
-      begin
-        uri = URI.parse(Setting[:puppetdb_dashboard_address])
-        puppetdb_url, layout = case params[:puppetdb]
-                               when 'd3.v2', 'charts'                                                    then ["#{uri.path}#{request.original_fullpath}", false]
-                               when 'v3', 'metrics', 'pdb/meta/v1/version', 'pdb/meta/v1/version/latest' then [request.original_fullpath, false]
-                               else                                                                      ["#{uri.path}/index.html", true]
-                               end
-        result = Net::HTTP.get_response(uri.host, puppetdb_url, uri.port)
-        render :text => result.body, :layout => layout
-      rescue SocketError => error
-        @proxy_error = "Problem connecting to host #{uri.host} on port #{uri.port}"
-        render :action => :error, :layout => true
-      rescue Errno::ECONNREFUSED => error
-        @proxy_error = "#{uri.host} refused our connection"
-        render :action => :error, :layout => true
-      rescue EOFError => error
-        @proxy_error = "Don't use ssl (https)"
-        render :action => :error, :layout => true
-      end
+      uri = URI.parse(Setting[:puppetdb_dashboard_address])
+      puppetdb_url, layout = case params[:puppetdb]
+                             when 'd3.v2', 'charts' then ["#{uri.path}#{request.original_fullpath}", false]
+                             when 'v3', 'metrics', 'pdb/meta/v1/version', 'pdb/meta/v1/version/latest', 'pdb/dashboard/data' then [request.original_fullpath, false]
+                             else ["#{uri.path}/index.html", true]
+                             end
+      result = Net::HTTP.get_response(uri.host, puppetdb_url, uri.port)
+      render :text => result.body, :layout => layout
+    rescue SocketError
+      @proxy_error = "Problem connecting to host #{uri.host} on port #{uri.port}"
+      render :action => :error, :layout => true
+    rescue Errno::ECONNREFUSED
+      @proxy_error = "#{uri.host} refused our connection"
+      render :action => :error, :layout => true
+    rescue EOFError
+      @proxy_error = "Don't use ssl (https)"
+      render :action => :error, :layout => true
     end
 
     # Override from application controller to fix issue
     def api_request?
       request.format && (request.format.json? || request.format.yaml?)
     end
-
   end
 end

data/app/models/concerns/orchestration/puppetdb.rb

@@ -0,0 +1,27 @@
+module Orchestration
+  module Puppetdb
+    extend ActiveSupport::Concern
+
+    included do
+      before_destroy :queue_puppetdb_destroy
+    end
+
+    protected
+
+    def queue_puppetdb_destroy
+      return unless ::Puppetdb.ready? && errors.empty?
+      queue.create(:name   => _('Deactivating node %s in PuppetDB') % self, :priority => 60,
+                   :action => [self, :delPuppetdb])
+    end
+
+    def delPuppetdb
+      Rails.logger.info "Deactivating node in PuppetDB: #{name}"
+      ::Puppetdb.client.deactivate_node(name)
+    rescue => e
+      failure _("Failed to deactiate node %{name} in PuppetDB: %{message}\n ") %
+              { :name => name, :message => e.message }, e
+    end
+
+    def setPuppetdb; end
+  end
+end

data/app/models/puppetdb_foreman/host_extensions.rb

@@ -2,77 +2,25 @@ module PuppetdbForeman
   module HostExtensions
     extend ActiveSupport::Concern
     included do
-      before_destroy :deactivate_host
-      after_build :deactivate_host
-
-      def deactivate_host
-        logger.debug "Deactivating host #{name} in Puppetdb"
-        return false unless puppetdb_configured?
-
-        if puppetdb_enabled?
-          begin
-            uri = URI.parse(Setting[:puppetdb_address])
-            req = Net::HTTP::Post.new(uri.path)
-            req['Accept'] = 'application/json'
-            req.content_type = 'application/json'
-
-            res             = Net::HTTP.new(uri.host, uri.port)
-            res.use_ssl     = uri.scheme == 'https'
-            if res.use_ssl?
-              if Setting[:puppetdb_ssl_ca_file]
-                res.ca_file = Setting[:puppetdb_ssl_ca_file]
-                res.verify_mode = OpenSSL::SSL::VERIFY_PEER
-              else
-                res.verify_mode = OpenSSL::SSL::VERIFY_NONE
-              end
-              if Setting[:puppetdb_ssl_certificate] &&
-                Setting[:puppetdb_ssl_private_key]
-                res.cert = OpenSSL::X509::Certificate.new(
-                  File.read(Setting[:puppetdb_ssl_certificate]))
-                res.key  = OpenSSL::PKey::RSA.new(
-                  File.read(Setting[:puppetdb_ssl_private_key]), nil)
-              end
-
-            end
+      include Orchestration::Puppetdb
 
-            if uri.path.start_with?("/pdb")
-              logger.debug "Using PuppetDB API v3"
-              req.body = {
-                 "command" => "deactivate node",
-                 "version" => 3,
-                 "payload" => {
-                   "certname" => name,
-                   "producer_timestamp" => "#{Time.now.iso8601}"
-                 }
-               }.to_json
-            else
-              logger.debug "Using PuppetDB API v1"
-              req.body = {
-                "command" => "deactivate node",
-                "version" => 1,
-                "payload" => name
-              }.to_json
-            end
-            res.start { |http| http.request(req) }
-
-          rescue => e
-            errors.add(:base, _("Could not deactivate host on PuppetDB: #{e}"))
-          end
-          errors.empty?
-        end
-      end
+      after_build :deactivate_host
+    end
 
-      private
+    def deactivate_host
+      logger.debug "Deactivating host #{name} in PuppetDB"
+      return true unless Puppetdb.enabled?
 
-      def puppetdb_configured?
-        if puppetdb_enabled? && Setting[:puppetdb_address].blank?
-          errors.add(:base, _("PuppetDB plugin is enabled but not configured. Please configure it before trying to delete a host."))
-        end
-        errors.empty?
+      unless Puppetdb.configured?
+        errors.add(:base,
+                   _('PuppetDB plugin is enabled but not configured. Please configure it before trying to delete a host.'))
       end
 
-      def puppetdb_enabled?
-        [true, 'true'].include? Setting[:puppetdb_enabled]
+      begin
+        Puppetdb.client.deactivate_node(name)
+      rescue => e
+        errors.add(:base, _("Could not deactivate host on PuppetDB: #{e}"))
+        return false
       end
     end
   end

data/app/models/setting/puppetdb.rb

@@ -1,12 +1,15 @@
 class Setting::Puppetdb < ::Setting
   BLANK_ATTRS << 'puppetdb_address'
+  BLANK_ATTRS << 'puppetdb_ssl_ca_file'
+  BLANK_ATTRS << 'puppetdb_ssl_certificate'
+  BLANK_ATTRS << 'puppetdb_ssl_private_key'
 
-  def self.load_defaults
+  def self.default_settings
     if SETTINGS[:puppetdb].present?
       default_enabled = SETTINGS[:puppetdb][:enabled]
       default_address = SETTINGS[:puppetdb][:address]
       default_dashboard_address = SETTINGS[:puppetdb][:dashboard_address]
-      default_ssl_ca_file= SETTINGS[:puppetdb][:ssl_ca_file]
+      default_ssl_ca_file = SETTINGS[:puppetdb][:ssl_ca_file]
       default_ssl_certificate = SETTINGS[:puppetdb][:ssl_certificate]
       default_ssl_private_key = SETTINGS[:puppetdb][:ssl_private_key]
     end
@@ -14,44 +17,32 @@ class Setting::Puppetdb < ::Setting
     default_enabled = false if default_enabled.nil?
     default_address ||= 'https://puppetdb:8081/pdb/cmd/v1'
     default_dashboard_address ||= 'http://puppetdb:8080/pdb/dashboard'
-    default_ssl_ca_file ||= "#{SETTINGS[:ssl_ca_file]}"
-    default_ssl_certificate ||= "#{SETTINGS[:ssl_certificate]}"
-    default_ssl_private_key ||= "#{SETTINGS[:ssl_priv_key]}"
-
-    Setting.transaction do
-      [
-        self.set('puppetdb_enabled', _("Integration with PuppetDB, enabled will deactivate a host in PuppetDB when it's deleted in Foreman"), default_enabled)
-      ].compact.each { |s| self.create s.update(:category => 'Setting::Puppetdb')}
-    end
-
-    Setting.transaction do
-      [
-        self.set('puppetdb_address', _('Foreman will send PuppetDB requests to this address'), default_address)
-      ].compact.each { |s| self.create s.update(:category => 'Setting::Puppetdb')}
-    end
+    default_ssl_ca_file ||= (SETTINGS[:ssl_ca_file]).to_s
+    default_ssl_certificate ||= (SETTINGS[:ssl_certificate]).to_s
+    default_ssl_private_key ||= (SETTINGS[:ssl_priv_key]).to_s
+
+    [
+      set('puppetdb_enabled', _("Integration with PuppetDB, enabled will deactivate a host in PuppetDB when it's deleted in Foreman"), default_enabled),
+      set('puppetdb_address', _('Foreman will send PuppetDB requests to this address'), default_address),
+      set('puppetdb_dashboard_address', _('Foreman will proxy PuppetDB Performance Dashboard requests to this address'), default_dashboard_address),
+      set('puppetdb_ssl_ca_file', _('Foreman will send PuppetDB requests with this CA file'), default_ssl_ca_file),
+      set('puppetdb_ssl_certificate', _('Foreman will send PuppetDB requests with this certificate file'), default_ssl_certificate),
+      set('puppetdb_ssl_private_key', _('Foreman will send PuppetDB requests with this key file'), default_ssl_private_key)
+    ]
+  end
 
-    Setting.transaction do
-      [
-        self.set('puppetdb_dashboard_address', _('Foreman will proxy PuppetDB Performance Dashboard requests to this address'), default_dashboard_address)
-      ].compact.each { |s| self.create s.update(:category => 'Setting::Puppetdb')}
-    end
+  def self.load_defaults
+    # Check the table exists
+    return unless super
 
-    Setting.transaction do
-      [
-        self.set('puppetdb_ssl_ca_file', _('Foreman will send PuppetDB requests with this CA file'), default_ssl_ca_file)
-      ].compact.each { |s| self.create s.update(:category => 'Setting::Puppetdb')}
+    transaction do
+      default_settings.each { |s| create! s.update(:category => 'Setting::Puppetdb') }
     end
 
-    Setting.transaction do
-      [
-        self.set('puppetdb_ssl_certificate', _('Foreman will send PuppetDB requests with this certificate file'), default_ssl_certificate)
-      ].compact.each { |s| self.create s.update(:category => 'Setting::Puppetdb')}
-    end
+    true
+  end
 
-    Setting.transaction do
-      [
-        self.set('puppetdb_ssl_private_key', _('Foreman will send PuppetDB requests with this key file'), default_ssl_private_key)
-      ].compact.each { |s| self.create s.update(:category => 'Setting::Puppetdb')}
-    end
+  def self.humanized_category
+    N_('PuppetDB')
   end
 end