.github/workflows/pe_latest_testing.yml

@@ -51,7 +51,7 @@ jobs:
         echo STEP_ID=Setup-Acceptance-Test-Matrix >> $GITHUB_ENV
         echo STEP_START=$(date +%s) >> $GITHUB_ENV
 
-    # Store the result of the curl call in $forge_response
+    # store the result of the curl call in $forge_response
     - name: Curl Forge for PE versions
       id: curl_forge
       run: |

.rubocop.yml

@@ -4,7 +4,7 @@ require:
 - rubocop-rspec
 AllCops:
   DisplayCopNames: true
-  TargetRubyVersion: '2.4'
+  TargetRubyVersion: '2.5'
   Include:
   - "**/*.rb"
   Exclude:

.sync.yml

@@ -37,14 +37,11 @@ Rakefile:
 spec/default_facts.yml:
   extra_facts:
     pe_build: '2021.4.0'
-    self_service:
-      S0001: true
-      S0002: true
-      S0003: true
-      S0004: true
-      S0005: true
 
 Gemfile:
   optional:
     ":development":
     - gem: github_changelog_generator
+    - gem: 'octokit'
+      version:
+       '= 4.21.0'

CHANGELOG.md

@@ -2,6 +2,20 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## [v1.2.0](https://github.com/puppetlabs/puppetlabs-pe_status_check/tree/v1.2.0) (2022-03-23)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-pe_status_check/compare/v1.1.0...v1.2.0)
+
+### Added
+
+- \(SUP-2903\) Check for new items in discard Directory [\#92](https://github.com/puppetlabs/puppetlabs-pe_status_check/pull/92) ([MartyEwings](https://github.com/MartyEwings))
+
+### Fixed
+
+- Check for non-nil match in S0039 [\#94](https://github.com/puppetlabs/puppetlabs-pe_status_check/pull/94) ([m0dular](https://github.com/m0dular))
+- \(SUP-3116\) Fix replica Detection in 2021.5 [\#93](https://github.com/puppetlabs/puppetlabs-pe_status_check/pull/93) ([MartyEwings](https://github.com/MartyEwings))
+- \(SUP-3099\) Only Alert on 503 messages sent in last run interval [\#91](https://github.com/puppetlabs/puppetlabs-pe_status_check/pull/91) ([elainemccloskey](https://github.com/elainemccloskey))
+
 ## [v1.1.0](https://github.com/puppetlabs/puppetlabs-pe_status_check/tree/v1.1.0) (2022-02-24)
 
 [Full Changelog](https://github.com/puppetlabs/puppetlabs-pe_status_check/compare/v1.0.0...v1.1.0)

Gemfile

@@ -24,8 +24,9 @@ group :development do
   gem "puppet-module-posix-dev-r#{minor_version}", '~> 1.0',     require: false, platforms: [:ruby]
   gem "puppet-module-win-default-r#{minor_version}", '~> 1.0',   require: false, platforms: [:mswin, :mingw, :x64_mingw]
   gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0',       require: false, platforms: [:mswin, :mingw, :x64_mingw]
+  gem "voxpupuli-puppet-lint-plugins", '>= 3.0',                 require: false, platforms: [:ruby]
   gem "github_changelog_generator",                              require: false
-  gem "octokit",  "= 4.21.0"
+  gem "octokit", '= 4.21.0',                                     require: false
 end
 group :system_tests do
   gem "puppet-module-posix-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby]

README.md

@@ -89,6 +89,7 @@ Refer to this section for next steps when any indicator reports a `false`.
 |S0019|Determines if there are sufficent jRubies available to serve agents.| Insufficent jRuby availability results in queued puppet agents and overall poor system performance. There can be many causes: [Insufficent server tuning for load](https://support.puppet.com/hc/en-us/articles/360013148854), [a thundering herd](https://support.puppet.com/hc/en-us/articles/215729277), and [insufficient system resources for scale.](https://puppet.com/docs/pe/latest/hardware_requirements.html#hardware_requirements) | If self-sevice fails to resolve the issue, open a ticket referencing S0019 and provide a description of actions so far and the output of the [support script.](https://puppet.com/docs/pe/latest/getting_support_for_pe.html#pe_support_script)
 |S0021|Determines if free memory is less than 10%.| Ensure your system hardware availablity matches the [recommended configuration](https://puppet.com/docs/pe/latest/hardware_requirements.html#hardware_requirements), note this assumes no third-party software using significant resources, adapt requirements accordingly for third-party requirements. | If you have issues with memory utilization in Puppet Enterprise that is not expected, open a Support ticket, referencing S0021 and provide the output of the [support script](https://puppet.com/docs/pe/latest/getting_support_for_pe.html#pe_support_script)
 | S0022        | Determines if there is a valid Puppet Enterprise license in place at `/etc/puppetlabs/license.key` on the primary server which is not expiring in the next 90 days.                | [Get help with Puppet Enterprise license issues](https://support.puppet.com/hc/en-us/articles/360017933313)                                                                                                                                                                                                                                                                                                                                                                              | Open a Support ticket referencing S0022 and provide the output of the following commands `ls -la /etc/puppetlabs/license.key` and `cat /etc/puppetlabs/license.key`. |
+| S0024        | Determines if there are files in the puppetdb discard directory newer than 1 week old                       |   Recent files indicate an issue that causes PuppetDB to reject incoming data. Invesitgate Puppetdb logs at the time the data was rejected to find a cause,                                                                                                                                                                                                                   | Open a Support ticket referencing S0024 and provide a copy of the PuppetDB log for the time in question, along with a sample of the most recent file in the following directory `/opt/puppetlabs/server/data/puppetdb/stockpile/discard/`
 | S0030        | Determines when infrastructure components have the setting `use_cached_catalog` set to true.                        | Don't configure use_cached_catalog on PE infrastructure nodes. It prevents the management of key infrastructure settings. Disable this setting on all infrastructure components. [See our documentation for more information](https://puppet.com/docs/puppet/latest/configuration.html#use-cached-catalog).                                                                                                                                                                                                                     | If you encounter errors after disabling use_cached_catalog, open a Support ticket referencing S0030 and provide the errors.
 | S0031        | Determines if old PE agent packages exist on the primary server. | [Remove the old PE agent packages.](https://support.puppet.com/hc/en-us/articles/4405333422103) |
 | S0033        | Determines if Hiera 5 is in use. | Upgrading to Hiera 5 [offers some major advantages](https://puppet.com/docs/puppet/latest/hiera_migrate)                                                                                                                          | If you're having issues upgrading to Hiera 5 or if your global Hiera configuration file was erroneously modified, open a Support ticket referencing S0033. Provide your global Hiera configuration file `puppet config print hiera_config`; the default location is `/etc/puppetlabs/puppet/hiera.yaml`.

data/common.yaml

@@ -23,7 +23,7 @@ pe_status_check::S0020: ""
 pe_status_check::S0021: "Determines if there are sufficent jrubies available to serve agents"
 pe_status_check::S0022: "Determines if there is a valid Puppet Enterprise license in place at /etc/puppetlabs/license.key on your primary which is not going to expire in the next 90 days"
 pe_status_check::S0023: ""
-pe_status_check::S0024: ""
+pe_status_check::S0024: "Determines if there are files in the puppetdb discard directory newer than 1 week old"
 pe_status_check::S0025: ""
 pe_status_check::S0026: ""
 pe_status_check::S0027: ""
@@ -42,4 +42,4 @@ pe_status_check::S0039: "Determines if Puppetserver has a non zero queue-limit-h
 pe_status_check::S0040: "Determines if the deployment is collecting system metrics"
 pe_status_check::S0041: ""
 pe_status_check::S0042: ""
-pe_status_check::AS001: "Determines if the agent host certificate is expiring within 90 days"
+pe_status_check::AS001: "Determines if the agent host certificate is expiring within 90 days"

lib/facter/pe_status_check.rb

@@ -203,6 +203,22 @@
     { S0022: validity }
   end
 
+  chunk(:S0024) do
+    next unless PEStatusCheck.primary? || PEStatusCheck.replica? || PEStatusCheck.compiler?
+
+    # Check discard directory. Newest file should not be less than a run interval old. Recent files indicate an issue that causes PuppetDB to reject incoming data.
+    newestfile = Dir.glob('/opt/puppetlabs/server/data/puppetdb/stockpile/discard/*.*').max_by { |f| File.mtime(f) }
+    # get the timestamp for the most recent file
+    if newestfile
+      newestfile_time = File.mtime(newestfile)
+      #  Newest file should be older than 2 run intervals
+      { S0024: newestfile_time <= (Time.now - (Puppet.settings['runinterval'] * 2)).utc }
+    #  Should return true if the file is older than two runintervals, or folder is empty, and false if sooner than two run intervals
+    else
+      { S0024: true }
+    end
+  end
+
   chunk(:S0030) do
     # check for use_cached_catalog logic flip as false is the desired state
     { S0030: !Puppet.settings['use_cached_catalog'] }
@@ -276,11 +292,17 @@
     # PuppetServer
     next unless PEStatusCheck.primary? || PEStatusCheck.replica? || PEStatusCheck.compiler? || PEStatusCheck.legacy_compiler?
     logfile = File.dirname(Puppet.settings['logdir'].to_s) + '/puppetserver/puppetserver-access.log'
-    apache_regex = %r{^(\S+) \S+ (\S+) \[([^\]]+)\] "([A-Z]+) ([^ "]+)? HTTP/[0-9.]+" (?<status>[0-9]{3})}
+    apache_regex = %r{^(\S+) \S+ (\S+) (?<time>\[([^\]]+)\]) "([A-Z]+) ([^ "]+)? HTTP/[0-9.]+" (?<status>[0-9]{3})}
 
     has_503 = File.foreach(logfile).any? do |line|
       match = line.match(apache_regex)
-      match and match[:status] == '503'
+      next unless match && match[:time] && match[:status]
+
+      time = Time.strptime(match[:time], '[%d/%b/%Y:%H:%M:%S %Z]')
+      since_lastrun = Time.now - time
+      current = since_lastrun.to_i <= Puppet.settings['runinterval']
+
+      match[:status] == '503' and current
     end
 
     { S0039: !has_503 }

lib/shared/pe_status_check.rb

@@ -16,6 +16,11 @@ def get_resource(resource, name)
     Puppet::Indirector::Indirection.instance(:resource).find("#{resource}/#{name}")
   end
 
+  # checks puppetlabs.services.ca.certificate-authority-service/certificate-authority-service  exists in puppetserver bootstrap
+  def ca_bootstrap?
+    return true if File.exist?('/etc/puppetlabs/puppetserver/bootstrap.cfg') && File.foreach('/etc/puppetlabs/puppetserver/bootstrap.cfg').grep(%r{certificate-authority-service}).any?
+  end
+
   # Check if the service is running
   # @param name [String] The name of the service
   # @param service [Puppet::Resource] An optional service resource to use
@@ -113,16 +118,17 @@ def primary?
     service_file_exist?('pe-puppetserver') &&
       service_file_exist?('pe-orchestration-services') &&
       service_file_exist?('pe-console-services') &&
-      service_file_exist?('pe-puppetdb')
+      service_file_exist?('pe-puppetdb') &&
+      ca_bootstrap?
   end
 
   # Check if replica node
   # @return [Boolean]
   def replica?
     service_file_exist?('pe-puppetserver') &&
-      !service_file_exist?('pe-orchestration-services') &&
       service_file_exist?('pe-console-services') &&
-      service_file_exist?('pe-puppetdb')
+      service_file_exist?('pe-puppetdb') &&
+      !ca_bootstrap?
   end
 
   # Check if Compiler node

manifests/init.pp

@@ -13,7 +13,7 @@
   $negatives = getvar('facts.pe_status_check', []).filter | $k, $v | { $v == false and ! ($k in $indicator_exclusions) }
 
   $negatives.each |$indicator, $_v| {
-    $in_message = lookup("pe_status_check::${indicator}", {default_value => 'Determines there is a fault'})
+    $in_message = lookup("pe_status_check::${indicator}", { default_value => 'Determines there is a fault' })
     notify { "pe_status_check ${indicator}":
       message => "${indicator} is at fault. The indicator ${in_message}, refer to documentation for required action",
     }

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-pe_status_check",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "author": "Marty Ewings",
   "summary": "A Puppet Enterprise Module to Promote Preventative Maintenance and Self Service",
   "license": "Apache-2.0",
@@ -58,5 +58,5 @@
   ],
   "pdk-version": "2.3.0",
   "template-url": "https://github.com/puppetlabs/pdk-templates#main",
-  "template-ref": "tags/2.3.0-0-g8aaceff"
+  "template-ref": "heads/main-0-gf3911d3"
 }

spec/acceptance/pe_status_check_spec.rb

@@ -15,7 +15,7 @@
     # Test Confirms all facts are false which is another indicator the class is performing correctly
     describe 'check no pe_status_check fact is false' do
       it 'if idempotent all facts should be true' do
-        expect(host_inventory['facter']['pe_status_check'].size).to eq(27)
+        expect(host_inventory['facter']['pe_status_check'].size).to eq(28)
         expect(host_inventory['facter']['pe_status_check'].filter { |_k, v| !v }).to be_empty
       end
     end
@@ -204,6 +204,12 @@ class {'pe_status_check':
         expect(result.stdout).to match(%r{false})
         run_shell('mv /tmp/license.key /etc/puppetlabs/license.key')
       end
+      it 'if S0024 conditions for false are met' do
+        run_shell('touch -d "30 minutes ago"  /opt/puppetlabs/server/data/puppetdb/stockpile/discard/test.file')
+        result = run_shell('facter -p pe_status_check.S0024')
+        expect(result.stdout).to match(%r{false})
+        run_shell('touch -d "2 days ago"  /opt/puppetlabs/server/data/puppetdb/stockpile/discard/test.file')
+      end
       it 'if S0030 conditions for false are met' do
         run_shell('puppet config set use_cached_catalog true', expect_failures: false)
         result = run_shell('facter -p pe_status_check.S0030')
@@ -217,10 +223,8 @@ class {'pe_status_check':
         run_shell('rm -rf /opt/puppetlabs/server/data/packages/public/2018.1.5')
       end
       it 'if S0039 conditions for false are met' do
-        # rubocop:disable Layout/LineLength
         run_shell('export logdir=$(puppet config print logdir) &&
-         cp $logdir/../puppetserver/puppetserver-access.log $logdir/../puppetserver/puppetserver-access.log.bk &&
-         echo "0.0.0.0 - - [04/Feb/2022:17:04:09 +0000] \"PUT /puppet/v3/report/foo.bar.com?environment=production HTTP/1.1\" 503 12 \"-\" \"Agent String\" 91 16051 85" >> $logdir/../puppetserver/puppetserver-access.log')
+         cp $logdir/../puppetserver/puppetserver-access.log $logdir/../puppetserver/puppetserver-access.log.bk && sed -i \'s/ 200 / 503 /\' /var/log/puppetlabs/puppetserver/puppetserver-access.log')
         # rubocop:enable Layout/LineLength
         result = run_shell('facter -p pe_status_check.S0039')
         expect(result.stdout).to match(%r{false})

spec/default_facts.yml

@@ -7,10 +7,4 @@ ipaddress6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA"
 is_pe: false
 macaddress: "AA:AA:AA:AA:AA:AA"
 pe_build: 2021.4.0
-self_service:
-  S0001: true
-  S0002: true
-  S0003: true
-  S0004: true
-  S0005: true