.github/workflows/pe_latest_testing.yml

@@ -51,7 +51,7 @@ jobs:
         echo STEP_ID=Setup-Acceptance-Test-Matrix >> $GITHUB_ENV
         echo STEP_START=$(date +%s) >> $GITHUB_ENV
 
-    # Store the result of the curl call in $forge_response
+    # store the result of the curl call in $forge_response
     - name: Curl Forge for PE versions
       id: curl_forge
       run: |

CHANGELOG.md

@@ -2,6 +2,18 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## [v0.2.0](https://github.com/puppetlabs/puppet_operational_dashboards/tree/v0.2.0) (2022-03-11)
+
+[Full Changelog](https://github.com/puppetlabs/puppet_operational_dashboards/compare/v0.1.2...v0.2.0)
+
+### Added
+
+- Use retrieve\_token as a Deferred function [\#21](https://github.com/puppetlabs/puppet_operational_dashboards/pull/21) ([m0dular](https://github.com/m0dular))
+
+### Fixed
+
+- Fix postgres auth for Telegraf agents [\#19](https://github.com/puppetlabs/puppet_operational_dashboards/pull/19) ([m0dular](https://github.com/m0dular))
+
 ## [v0.1.2](https://github.com/puppetlabs/puppet_operational_dashboards/tree/v0.1.2) (2022-03-08)
 
 [Full Changelog](https://github.com/puppetlabs/puppet_operational_dashboards/compare/v0.1.1...v0.1.2)

README.md

@@ -35,12 +35,9 @@ Doing so will:
 * Install and configure Telegraf to collect metrics from your PE infrastructure.  FOSS users can specify a list of infrastructure nodes via the `puppet_operational_dashboards::telegraf::agent` parameters.
 * Install and configure Grafana with several dashboards to display data from InfluxDB
 
-Note that this will save an InfluxDB administrative token to the user's home directory, typically `/root/.influxdb_token`.  The type and provider code can use this token, but it is not available to Puppet server to be used in compiling catalogs.  In order to use the Telegraf token created by this module, you will need to either:
+Note that this will save an InfluxDB administrative token to the user's home directory, typically `/root/.influxdb_token`.  The `puppetlabs/influxdb` types and providers can make use of this file during catalog application.  The manifests in this module are also able to use it via [deferred functions](https://puppet.com/docs/puppet/7/deferring_functions.html), which also run on the agent as the first step of catalog application.  Therefore, it is possible to use this file for all token-based operations in this module, and no further configuration is required.
 
-* Supply this admin token via the `influxdb::token` parameter.
-* Supply the Telegraf token via the `puppet_operational_dashboards::telegraf_token` parameter.
-
-These are both `Sensitive` strings, so the recommended way is to encrypt them with [hiera-eyaml](https://github.com/voxpupuli/hiera-eyaml) and use the encrypted value in hiera.  For example:
+It is also possible to specify this token via the `influxdb::token` parameter in hiera.  The Telegraf token used by the `telegraf` service and Grafana datasource can also be set via `puppet_operational_dashboards::telegraf_token`.  These are both `Sensitive` strings, so the recommended way to use them is to encrypt them with [hiera-eyaml](https://github.com/voxpupuli/hiera-eyaml) and use the encrypted value in hiera data.  After setting up a hierarchy to use the [eyaml backend](https://github.com/voxpupuli/hiera-eyaml#with-hiera-5), the values can be added to hiera data and automatically converted to `Sensitive`:
 
 ```
 influxdb::token: <eyaml_encrypted_string>
@@ -49,6 +46,8 @@ lookup_options:
      convert_to: "Sensitive"
 ```
 
+These parameters take precedence over the file on disk if both are specified.
+
 
 ## Usage
 

REFERENCE.md

@@ -17,7 +17,7 @@
 
 ### Functions
 
-* [`puppet_operational_dashboards::hosts_with_pe_profile`](#puppet_operational_dashboardshosts_with_pe_profile): function used to determine hosts with a Puppet Enterprise profile
+* [`puppet_operational_dashboards::hosts_with_profile`](#puppet_operational_dashboardshosts_with_profile)
 * [`puppet_operational_dashboards::pe_profiles_on_host`](#puppet_operational_dashboardspe_profiles_on_host): function used to determine hosts with a Puppet Enterprise profile
 
 ## Classes
@@ -50,11 +50,11 @@ The following parameters are available in the `puppet_operational_dashboards` cl
 * [`initial_org`](#initial_org)
 * [`initial_bucket`](#initial_bucket)
 * [`influxdb_token`](#influxdb_token)
-* [`telegraf_token`](#telegraf_token)
 * [`telegraf_token_name`](#telegraf_token_name)
 * [`manage_telegraf`](#manage_telegraf)
 * [`manage_telegraf_token`](#manage_telegraf_token)
 * [`use_ssl`](#use_ssl)
+* [`influxdb_token_file`](#influxdb_token_file)
 
 ##### <a name="manage_influxdb"></a>`manage_influxdb`
 
@@ -113,14 +113,6 @@ See the puppetlabs/influxdb documentation for more information about this token.
 
 Default value: `lookup(influxdb::token, undef, undef, undef)`
 
-##### <a name="telegraf_token"></a>`telegraf_token`
-
-Data type: `Optional[Sensitive[String]]`
-
-Telegraf token in Sensitive format.  This parameter is preferred over $telegraf_token_name if both are given
-
-Default value: ``undef``
-
 ##### <a name="telegraf_token_name"></a>`telegraf_token_name`
 
 Data type: `String`
@@ -153,6 +145,19 @@ Whether to use SSL when querying InfluxDB.  Defaults to true
 
 Default value: ``true``
 
+##### <a name="influxdb_token_file"></a>`influxdb_token_file`
+
+Data type: `String`
+
+Location on disk of an InfluxDB admin token.
+This file is written to by the influxdb class during installation and read by the type and providers,
+as well Deferred functions in this module.
+
+Default value: `lookup(influxdb::token_file, undef, undef, $facts['identity']['user'] ? {
+      'root'  => '/root/.influxdb_token',
+      default => "/home/${facts['identity']['user']}/.influxdb_token"
+  })`
+
 ### <a name="puppet_operational_dashboardsprofiledashboards"></a>`puppet_operational_dashboards::profile::dashboards`
 
 Installs Grafana and several dashboards to display Puppet metrics.  Included via the base class.
@@ -187,15 +192,17 @@ The following parameters are available in the `puppet_operational_dashboards::pr
 * [`manage_grafana_repo`](#manage_grafana_repo)
 * [`influxdb_host`](#influxdb_host)
 * [`influxdb_port`](#influxdb_port)
-* [`initial_bucket`](#initial_bucket)
+* [`influxdb_bucket`](#influxdb_bucket)
+* [`telegraf_token_name`](#telegraf_token_name)
+* [`influxdb_token_file`](#influxdb_token_file)
 
 ##### <a name="token"></a>`token`
 
-Data type: `Sensitive[String]`
+Data type: `Optional[Sensitive[String]]`
 
 Token in Sensitive format used to query InfluxDB. The token must grant priviledges to query the associated bucket in InfluxDB
 
-Default value: `$puppet_operational_dashboards::telegraf_token`
+Default value: ``undef``
 
 ##### <a name="grafana_host"></a>`grafana_host`
 
@@ -279,7 +286,7 @@ which looks up the value of influxdb::port with a default of 8086
 
 Default value: `$puppet_operational_dashboards::influxdb_port`
 
-##### <a name="initial_bucket"></a>`initial_bucket`
+##### <a name="influxdb_bucket"></a>`influxdb_bucket`
 
 Data type: `String`
 
@@ -288,6 +295,23 @@ which looks up the value of influxdb::initial_bucket with a default of 'puppet_d
 
 Default value: `$puppet_operational_dashboards::initial_bucket`
 
+##### <a name="telegraf_token_name"></a>`telegraf_token_name`
+
+Data type: `String`
+
+Name of the token to retrieve from InfluxDB if not given $token
+
+Default value: `$puppet_operational_dashboards::telegraf_token_name`
+
+##### <a name="influxdb_token_file"></a>`influxdb_token_file`
+
+Data type: `String`
+
+Location on disk of an InfluxDB admin token.
+This token is used in this class in a Deferred function call to retrieve a Telegraf token if $token is unset
+
+Default value: `$puppet_operational_dashboards::influxdb_token_file`
+
 ### <a name="puppet_operational_dashboardsprofilepostgres_access"></a>`puppet_operational_dashboards::profile::postgres_access`
 
 Allows Telegraf to connect and collect metrics from postgres nodes
@@ -312,7 +336,7 @@ Data type: `Array`
 
 A list of FQDNs running Telegraf to allow access to
 
-Default value: `[$trusted['certname']]`
+Default value: `puppet_operational_dashboards::hosts_with_profile('Puppet_operational_dashboards::Telegraf::Agent')`
 
 ### <a name="puppet_operational_dashboardstelegrafagent"></a>`puppet_operational_dashboards::telegraf::agent`
 
@@ -352,44 +376,48 @@ The following parameters are available in the `puppet_operational_dashboards::te
 * [`postgres_hosts`](#postgres_hosts)
 * [`profiles`](#profiles)
 * [`local_services`](#local_services)
+* [`token_name`](#token_name)
+* [`influxdb_token_file`](#influxdb_token_file)
 
 ##### <a name="token"></a>`token`
 
-Data type: `Sensitive[String]`
+Data type: `Optional[Sensitive[String]]`
 
 Telegraf token in Sensitive format.
 
+Default value: ``undef``
+
 ##### <a name="influxdb_host"></a>`influxdb_host`
 
 Data type: `String`
 
 FQDN of the InfluxDB host.  Defaults to $facts['fqdn']
 
-Default value: `$facts['networking']['fqdn']`
+Default value: `$puppet_operational_dashboards::influxdb_host`
 
 ##### <a name="influxdb_port"></a>`influxdb_port`
 
 Data type: `Integer`
 
 Port used by the InfluxDB service.  Defaults to 8086.
 
-Default value: `8086`
+Default value: `$puppet_operational_dashboards::influxdb_port`
 
 ##### <a name="influxdb_org"></a>`influxdb_org`
 
 Data type: `String`
 
 Name of the InfluxDB organization. Defaults to 'puppetlabs'.
 
-Default value: `'puppetlabs'`
+Default value: `$puppet_operational_dashboards::initial_org`
 
 ##### <a name="influxdb_bucket"></a>`influxdb_bucket`
 
 Data type: `String`
 
 Name of the InfluxDB bucket to query. Defaults to 'puppet_data'.
 
-Default value: `'puppet_data'`
+Default value: `$puppet_operational_dashboards::initial_bucket`
 
 ##### <a name="use_ssl"></a>`use_ssl`
 
@@ -467,7 +495,7 @@ Data type: `Array`
 Array of Puppet server hosts to collect metrics from.  Defaults to all Puppet server hosts in a PE infrastructure.
 FOSS users need to supply a list of FQDNs
 
-Default value: `puppet_operational_dashboards::hosts_with_pe_profile('Master')`
+Default value: `puppet_operational_dashboards::hosts_with_profile('Puppet_enterprise::Profile::Master')`
 
 ##### <a name="puppetdb_hosts"></a>`puppetdb_hosts`
 
@@ -476,7 +504,7 @@ Data type: `Array`
 Array of PuppetDB hosts to collect metrics from.  Defaults to all PuppetDB hosts in a PE infrastructure.
 FOSS users need to supply a list of FQDNs
 
-Default value: `puppet_operational_dashboards::hosts_with_pe_profile('Puppetdb')`
+Default value: `puppet_operational_dashboards::hosts_with_profile('Puppet_enterprise::Profile::Puppetdb')`
 
 ##### <a name="postgres_hosts"></a>`postgres_hosts`
 
@@ -485,7 +513,7 @@ Data type: `Array`
 Array of Postgres hosts to collect metrics from.  Defaults to all Postgres in a PE infrastructure.
 FOSS users need to supply a list of FQDNs.
 
-Default value: `puppet_operational_dashboards::hosts_with_pe_profile('Database')`
+Default value: `puppet_operational_dashboards::hosts_with_profile('Puppet_enterprise::Profile::Database')`
 
 ##### <a name="profiles"></a>`profiles`
 
@@ -504,6 +532,23 @@ Array of FOSS services to collect from when collection_method is set to 'local'.
 
 Default value: `[]`
 
+##### <a name="token_name"></a>`token_name`
+
+Data type: `String`
+
+Name of the token to retrieve from InfluxDB if not given $token
+
+Default value: `$puppet_operational_dashboards::telegraf_token_name`
+
+##### <a name="influxdb_token_file"></a>`influxdb_token_file`
+
+Data type: `String`
+
+Location on disk of an InfluxDB admin token.
+This token is used in this class in a Deferred function call to retrieve a Telegraf token if $token is unset
+
+Default value: `$puppet_operational_dashboards::influxdb_token_file`
+
 ## Defined types
 
 ### <a name="puppet_operational_dashboardstelegrafconfig"></a>`puppet_operational_dashboards::telegraf::config`
@@ -542,25 +587,23 @@ Default value: `'present'`
 
 ## Functions
 
-### <a name="puppet_operational_dashboardshosts_with_pe_profile"></a>`puppet_operational_dashboards::hosts_with_pe_profile`
+### <a name="puppet_operational_dashboardshosts_with_profile"></a>`puppet_operational_dashboards::hosts_with_profile`
 
 Type: Puppet Language
 
-Queries PuppetDB for hosts with the specified Puppet Enterprise profile.
-Used by this module to identify hosts with Puppet Enterprise API endpoints.
+The puppet_operational_dashboards::hosts_with_profile function.
 
-#### `puppet_operational_dashboards::hosts_with_pe_profile(String $profile)`
+#### `puppet_operational_dashboards::hosts_with_profile(String $profile)`
 
-Queries PuppetDB for hosts with the specified Puppet Enterprise profile.
-Used by this module to identify hosts with Puppet Enterprise API endpoints.
+The puppet_operational_dashboards::hosts_with_profile function.
 
-Returns: `Array[String]` An array of certnames from the query, or the local certname when the query returns no hosts.
+Returns: `Array[String]`
 
 ##### `profile`
 
 Data type: `String`
 
-The short name of the Puppet Enterprise profile to query.
+
 
 ### <a name="puppet_operational_dashboardspe_profiles_on_host"></a>`puppet_operational_dashboards::pe_profiles_on_host`
 

files/matrix/latest.json

@@ -0,0 +1 @@
+{"platforms":[{"label":"CentOS-7","provider":"provision::provision_service","image":"centos-7"},{"label":"centos-stream-8","provider":"provision::provision_service","image":"centos-cloud/centos-stream-8"},{"label":"RedHat-7","provider":"provision::provision_service","image":"rhel-7"},{"label":"Ubuntu-1804","provider":"provision::provision_service","image":"ubuntu-1804-lts"},{"label":"RedHat-8","provider":"provision::provision_service","image":"rhel-8"},{"label":"Sles-12","provider":"provision::provision_service","image":"sles-12"},{"label":"AlmaLinux-8","provider":"provision::provision_service","image":"almalinux-cloud/almalinux-8"},{"label":"Rocky-Linux-8","provider":"provision::provision_service","image":"rocky-linux-cloud/rocky-linux-8"}]}

files/matrix/lts.json

@@ -0,0 +1 @@
+{"platforms":[{"label":"CentOS-7","provider":"provision::provision_service","image":"centos-7"},{"label":"centos-stream-8","provider":"provision::provision_service","image":"centos-cloud/centos-stream-8"},{"label":"RedHat-7","provider":"provision::provision_service","image":"rhel-7"},{"label":"Ubuntu-1804","provider":"provision::provision_service","image":"ubuntu-1804-lts"},{"label":"RedHat-8","provider":"provision::provision_service","image":"rhel-8"},{"label":"Sles-12","provider":"provision::provision_service","image":"sles-12"},{"label":"AlmaLinux-8","provider":"provision::provision_service","image":"almalinux-cloud/almalinux-8"},{"label":"Rocky-Linux-8","provider":"provision::provision_service","image":"rocky-linux-cloud/rocky-linux-8"}]}

functions/hosts_with_profile.pp

@@ -0,0 +1,24 @@
+# @summary function used to determine hosts with a profile class
+#
+# Queries PuppetDB for hosts with the specified profile.
+# Used by this module to identify hosts with Puppet Enterprise API endpoints and Telegraf hosts
+#
+# @param profile [String]
+#   The full name of the profile to query.
+#
+# @return [Array[String]]
+#   An array of certnames from the query
+
+function puppet_operational_dashboards::hosts_with_profile(
+  String $profile,
+) >> Array[String] {
+  if $settings::storeconfigs {
+  puppetdb_query("resources[certname] {
+      type = 'Class' and
+      title = '${profile}' and
+      nodes { deactivated is null and expired is null }
+    }").map |$nodes| { $nodes['certname'] }
+  } else {
+    []
+  }
+}