Showing with 29 additions and 6 deletions.
  1. +8 −0 CHANGELOG.md
  2. +13 −4 README.md
  3. +1 −0 data/static.yaml
  4. +5 −0 lib/facter/agent_status_check.rb
  5. +1 −1 metadata.json
  6. +1 −1 plans/agent_summary.pp
8 changes: 8 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,14 @@

All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).

## [v2.2.0](https://github.com/puppetlabs/puppetlabs-pe_status_check/tree/v2.2.0) (2022-07-15)

[Full Changelog](https://github.com/puppetlabs/puppetlabs-pe_status_check/compare/v2.1.1...v2.2.0)

### Added

- \(Sup-3465\) check for certname in incorrect configuration section [\#147](https://github.com/puppetlabs/puppetlabs-pe_status_check/pull/147) ([MartyEwings](https://github.com/MartyEwings))

## [v2.1.1](https://github.com/puppetlabs/puppetlabs-pe_status_check/tree/v2.1.1) (2022-07-11)

[Full Changelog](https://github.com/puppetlabs/puppetlabs-pe_status_check/compare/v2.1.0...v2.1.1)
Expand Down
17 changes: 13 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,15 +136,21 @@ Please find some examples of using pe_client_tools to query the status check fac

1. To find the complete output of pe_status_check from all nodes listed by certname:

`puppet query 'facts[certname,value] { name = "pe_status_check" }'`

```shell
puppet query 'facts[certname,value] { name = "pe_status_check" }'
```

2. To find the complete output of agen_status_check from all nodes listed by certname (this could be a large query based on the number of agent nodes, further filtering is advised ):

`puppet query 'facts[certname,value] { name = "agent_status_check" }'`
```shell
puppet query 'facts[certname,value] { name = "agent_status_check" }'
```

3. To find those nodes with a specific status check set to false:

`puppet query 'inventory[certname] { facts.pe_status_check.S0001 = false }'`
```shell
puppet query 'inventory[certname] { facts.pe_status_check.S0001 = false }'
```

#### Setup Requirements

Expand Down Expand Up @@ -216,6 +222,7 @@ A failure to determine node type will result in a safe subset of checks being ru
This fact is confined to run on infrastructure nodes only.

Refer below for next steps when any indicator reports a `false`.

| Indicator ID | Description | Self-service steps | What to include in a Support ticket |
|--------------|------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| S0001 | Determines if the puppet service is running on agents. | Starts the puppet service - `puppet resource service puppet ensure=running` | If the service fails to start, open a Support ticket referencing S0001, and provide `syslog` and any errors output when attempting to restart the service. |
Expand Down Expand Up @@ -258,10 +265,12 @@ Refer below for next steps when any indicator reports a `false`.
This fact is confined to run on only agent nodes that a NOT infrastructure nodes.
Refer below for next steps when any indicator reports a `false`.
| Indicator ID | Description | Self-service steps | What to include in a Support ticket |
|--------------|------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| AS001 | Determines if the agent host certificate is expiring in the next 90 days. | Puppet Enterprise has a plan built into extend agent certificates. Use a puppet query to find expiring host certificates and pass the node ID to this plan: `puppet plan run enterprise_tasks::agent_cert_regen agent=$(puppet query 'inventory[certname] { facts.agent_status_check.AS001 = false }' \| jq -r '.[].certname' \| paste -sd, -) master=$(puppet config print certname)` | If the plan fails to run, open a support ticket referencing AS001 and provide the error message received when running the plan. |
| AS002 | Determines if the pxp-agent has an established connection to a pxp broker | Ensure the pxp-agent service is running, if running check `/var/log/puppetlabs/pxp-agent/pxp-agent.log` (on *nix) or `C:/ProgramData/PuppetLabs/pxp-agent/var/log/pxp-agent.log` (on Windows) — Contains the for connection issues, first ensuring the agent is connecting to the proper endpoint, for example, a compiler and not the primary. This fact can also be used as a target filter for running tasks, ensuring time is not wasted sending instructions to agents not connected to a broker| If unable to make a connection to a broker, raise a ticket with the support team quoting AS002 and attaching the file `/var/log/puppetlabs/pxp-agent/pxp-agent.log` (on *nix) or `C:/ProgramData/PuppetLabs/pxp-agent/var/log/pxp-agent.log` (on Windows) along with the conclusions of your investigation so far |
| AS003 | Determines the certname configuration parameter is incorrectly set outside of the [main] section of the puppet.conf file. | The Puppet documentation states clearly certname should always be placed solely in the [main] section to prevent unforseen issues with the operation of the puppet agent https://puppet.com/docs/puppet/7/configuration.html#certname | If unable to determine why the indicator is being raised. Open a ticket with the support team quoting AS003 and attaching the file `puppet.conf` along with the conclusions of your investigation so far . |
## How to report an issue or contribute to the module
Expand Down
1 change: 1 addition & 0 deletions data/static.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,3 +44,4 @@ pe_status_check::S0041: "S0041 Determines if the pxp broker has an established
pe_status_check::S0042: "S0042 Determines if the pxp-agent has an established connection to a pxp broker"
pe_status_check::AS001: "AS001 Determines if the agent host certificate is expiring within 90 days"
pe_status_check::AS002: "AS002 Determines if the pxp-agent has an established connection to a pxp broker"
pe_status_check::AS003: "AS003 Determines the certname configuration parameter is incorrectly set outside of the [main] section of the puppet.conf file"
5 changes: 5 additions & 0 deletions lib/facter/agent_status_check.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,9 @@
Facter.debug(e.backtrace)
{ AS002: false }
end
chunk(:AS003) do
# certname is configured in section other than [main]
#
{ AS003: !Puppet.settings.set_in_section?(:certname, :agent) && !Puppet.settings.set_in_section?(:certname, :server) && !Puppet.settings.set_in_section?(:certname, :user) }
end
end
2 changes: 1 addition & 1 deletion metadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "puppetlabs-pe_status_check",
"version": "2.1.1",
"version": "2.2.0",
"author": "Marty Ewings",
"summary": "A Puppet Enterprise Module to Promote Preventative Maintenance and Self Service",
"license": "Apache-2.0",
Expand Down
2 changes: 1 addition & 1 deletion plans/agent_summary.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@
'failed_tests_count' => $failing.length,
'failed_tests_details' => $failing.keys.map |$items| {
unless $hiera_result_or_error =~ Error {
lookup("agent_status_check::${items}", String)
lookup("pe_status_check::${items}", String)
}
},
},
Expand Down