9 changes: 3 additions & 6 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,12 @@ jobs:
id: gv
run: |
echo "ver=$(jq --raw-output .version metadata.json)" >> $GITHUB_OUTPUT
- name: Create Release
uses: actions/create-release@v1
- name: Create release
id: create_release
run: |
gh release create v${{ steps.gv.outputs.ver }} --title v${{ steps.gv.outputs.ver }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: "v${{ steps.gv.outputs.ver }}"
draft: false
prerelease: false

deploy-forge:
name: Deploy to Forge
Expand Down
6 changes: 0 additions & 6 deletions .rubocop.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -373,8 +373,6 @@ RSpec/VoidExpect:
Enabled: false
RSpec/Yield:
Enabled: false
Security/Open:
Enabled: false
Style/AccessModifierDeclarations:
Enabled: false
Style/AccessorGrouping:
Expand Down Expand Up @@ -629,10 +627,6 @@ RSpec/SubjectDeclaration:
Enabled: false
RSpec/VerifiedDoubleReference:
Enabled: false
Security/CompoundHash:
Enabled: false
Security/IoMethods:
Enabled: false
Style/ArgumentsForwarding:
Enabled: false
Style/ArrayIntersect:
Expand Down
17 changes: 17 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,23 @@

All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).

## [v4.0.0](https://github.com/puppetlabs/puppetlabs-pe_status_check/tree/v4.0.0) (2023-10-18)

[Full Changelog](https://github.com/puppetlabs/puppetlabs-pe_status_check/compare/v3.0.0...v4.0.0)

### Changed

- \(SUP-4433\) Refactor hieradata into single hash [\#199](https://github.com/puppetlabs/puppetlabs-pe_status_check/pull/199) ([m0dular](https://github.com/m0dular))

### Added

- \(SUP-3709\) - Indicator Exclusion using code manager and Hiera lookup [\#205](https://github.com/puppetlabs/puppetlabs-pe_status_check/pull/205) ([Aaronoftheages](https://github.com/Aaronoftheages))
- SUP-4458 addition of test S0020 to test console-service endpoint [\#204](https://github.com/puppetlabs/puppetlabs-pe_status_check/pull/204) ([Aaronoftheages](https://github.com/Aaronoftheages))

### Fixed

- \(SUP-4402\) pe\_status\_check fails if hiera.yaml is empty [\#200](https://github.com/puppetlabs/puppetlabs-pe_status_check/pull/200) ([MartyEwings](https://github.com/MartyEwings))

## [v3.0.0](https://github.com/puppetlabs/puppetlabs-pe_status_check/tree/v3.0.0) (2023-06-12)

[Full Changelog](https://github.com/puppetlabs/puppetlabs-pe_status_check/compare/v2.6.0...v3.0.0)
Expand Down
15 changes: 14 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,8 +166,21 @@ plan_hierarchy:
data_hash: yaml_data
```


See the following [documentation](https://puppet.com/docs/bolt/latest/hiera.html#outside-apply-blocks) for further explanation.

#### Using Static Hiera data to populate indicator_exclusions when executing plans

Place the plan_hierarchy listed in the step above, in the environment layer (https://www.puppet.com/docs/pe/latest/writing_plans_in_puppet_language_pe.html#using_hiera_with_plans)

Create a [static.yaml] file in the environment layer hiera data directory```
```yaml
pe_status_check::indicator_exclusions:
- '<TEST ID>'
```

Indicator ID's within array will be excluded when `running pe_status_check::infra_summary` and `pe_status_check::agent_summary` p

#### Running the plans

The `pe_status_check::infra_summary` and `pe_status_check::agent_summary` plans can be run from the [PE console](https://puppet.com/docs/pe/latest/running_plans_from_the_console_.html) or from [the command line](https://puppet.com/docs/pe/latest/running_plans_from_the_command_line.html). Below are some examples of running the plans from the command line. More information on the parameters in the plan can be seen in the [REFERENCE.md](REFERENCE.md).
Expand Down Expand Up @@ -271,7 +284,7 @@ Refer below for next steps when any indicator reports a `false`.

### Fact: agent_status_check

This fact is confined to run on only agent nodes that a NOT infrastructure nodes.
This fact is confined to run on only agent nodes that are NOT infrastructure nodes.

Refer below for next steps when any indicator reports a `false`.

Expand Down
13 changes: 11 additions & 2 deletions REFERENCE.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ include pe_status_check
The following parameters are available in the `pe_status_check` class:

* [`indicator_exclusions`](#-pe_status_check--indicator_exclusions)
* [`checks`](#-pe_status_check--checks)

##### <a name="-pe_status_check--indicator_exclusions"></a>`indicator_exclusions`

Expand All @@ -47,6 +48,12 @@ List of disabled indicators, place any indicator ids you do not wish to report o

Default value: `[]`

##### <a name="-pe_status_check--checks"></a>`checks`

Data type: `Hash`

Hash containing a descriptiong for each key indicator

### <a name="pe_status_check--agent_status_enable"></a>`pe_status_check::agent_status_enable`

Adding this class will enable the execution of the agent_status_check fact,
Expand Down Expand Up @@ -103,8 +110,9 @@ Default value: `undef`
Data type: `Array[String[1]]`

List of disabled indicators, place any indicator ids you do not wish to report on in this list
Static Hiera Data can be used to set indicator_exclusions in a plan - for more information see https://www.puppet.com/docs/pe/latest/writing_plans_in_puppet_language_pe.html#using_hiera_with_plans

Default value: `[]`
Default value: `lookup('pe_status_check::indicator_exclusions', undef, undef, [])`

### <a name="pe_status_check--infra_summary"></a>`pe_status_check::infra_summary`

Expand Down Expand Up @@ -133,6 +141,7 @@ Default value: `undef`
Data type: `Array[String[1]]`

List of disabled indicators, place any indicator ids you do not wish to report on in this list
Static Hiera Data can be used to set indicator_exclusions in a plan - for more information see https://www.puppet.com/docs/pe/latest/writing_plans_in_puppet_language_pe.html#using_hiera_with_plans

Default value: `[]`
Default value: `lookup('pe_status_check::indicator_exclusions', undef, undef, [])`

96 changes: 48 additions & 48 deletions data/static.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,49 +1,49 @@
---
pe_status_check::checks:
S0001: "Determines if Puppet agent Service is running"
S0002: "Determines if pxp-agent Service is running"
S0003: "Determines if Infrastructure components are running in NOOP"
S0004: "Determines if the status endpoint for puppet server returns all is well"
S0005: "Determines if CA expires within 90 days"
S0006: "Determines if Puppet Metrics Collector is Enabled and collecting Metrics"
S0007: "Determines if there is at least 20% disk free on postgres Data partition"
S0008: "Determines if there is at least 20% disk free on the Codedir Data Partition"
S0009: "Determines if Pe-puppetsever Service is Running and Enabled on relevant components"
S0010: "Determines if Pe-puppetdb Service is Running and Enabled on relevant components"
S0011: "Determines if Pe-postgres Service is Running and Enabled on relevant components"
S0012: "Determines if Puppet produced a report within the last run interval"
S0013: "Determines if a catalog successfully applied on Puppet Agent Last run"
S0014: "Determines if anything in the command queue is older than a Puppet Run Interval"
S0015: "Determines if the infrastructure agent host certificate is expiring within 90 days"
S0016: "Determines if there are any OutOfMemory errors in the Puppetserver JVM"
S0017: "Determines if there are any OutOfMemory errors in the Puppetdb JVM"
S0018: "Determines if there are any OutOfMemory errors in the Orchestrator JVM"
S0019: "Determines if there are sufficient jrubies available to serve agents"
S0020: "Determines if the Console status api reports all services as running"
S0021: "Determines if free memory is less than 10%"
S0022: "Determines if there is a valid Puppet Enterprise license in place at /etc/puppetlabs/license.key on your primary which is not going to expire in the next 90 days"
S0023: "Determines if the CA CRL expires within 90 days"
S0024: "Determines if there are files in the puppetdb discard directory newer than 1 week old"
S0025: "Determines if the host copy of the CRL expires within 90 days"
S0026: "Determines if the Puppet Server JVM Heap-Max is set to an inefficient volume"
S0027: "Determines if the Puppetdb JVM Heap-Max is set to an inefficient volume"
S0028: "Determines"
S0029: "Determines if the number of current connections to Postgresql DB is approaching 90% of the max_connections defined"
S0030: "Determines when infrastructure components that run with the setting use_cached_catalog are set to true"
S0031: "Determines if old PE agent packages still exist on the Primary server"
S0032: "Determines"
S0033: "Determines if modern Hiera 5 is in use"
S0034: "Determines if PE installation has not been upgraded within a year"
S0035: "Determines if puppet module list is returning any warnings"
S0036: "Determines if max-queued-requests is set above 150"
S0037: "Determines"
S0038: "Determines whether the number of environments within $codedir/environments is less than 100"
S0039: "Determines if Puppetserver has a non zero queue-limit-hit-rate"
S0040: "Determines if the deployment is collecting system metrics"
S0041: "Determines if the pxp broker has an established connection to another pxp broker"
S0042: "Determines if the pxp-agent has an established connection to a pxp broker"
S0044: "Determines if Puppet Servers are using the the PE classifier for the node data plugin"
AS001: "Determines if the agent host certificate is expiring within 90 days"
AS002: "Determines if the pxp-agent has an established connection to a pxp broker"
AS003: "Determines the certname configuration parameter is incorrectly set outside of the [main] section of the puppet.conf file"
AS004: "Determines if the host copy of the CRL expires within 90 days"

pe_status_check::S0001: "S0001 Determines if Puppet agent Service is running"
pe_status_check::S0002: "S0002 Determines if pxp-agent Service is running"
pe_status_check::S0003: "S0003 Determines if Infrastructure components are running in NOOP"
pe_status_check::S0004: "S0004 Determines if the status endpoint for puppet server returns all is well"
pe_status_check::S0005: "S0005 Determines if CA expires within 90 days"
pe_status_check::S0006: "S0006 Determines if Puppet Metrics Collector is Enabled and collecting Metrics"
pe_status_check::S0007: "S0007 Determines if there is at least 20% disk free on postgres Data partition"
pe_status_check::S0008: "S0008 Determines if there is at least 20% disk free on the Codedir Data Partition"
pe_status_check::S0009: "S0009 Determines if Pe-puppetsever Service is Running and Enabled on relevant components"
pe_status_check::S0010: "S0010 Determines if Pe-puppetdb Service is Running and Enabled on relevant components"
pe_status_check::S0011: "S0011 Determines if Pe-postgres Service is Running and Enabled on relevant components"
pe_status_check::S0012: "S0012 Determines if Puppet produced a report within the last run interval"
pe_status_check::S0013: "S0013 Determines if a catalog successfully applied on Puppet Agent Last run"
pe_status_check::S0014: "S0014 Determines if anything in the command queue is older than a Puppet Run Interval"
pe_status_check::S0015: "S0015 Determines if the infrastructure agent host certificate is expiring within 90 days"
pe_status_check::S0016: "S0016 Determines if there are any OutOfMemory errors in the Puppetserver JVM"
pe_status_check::S0017: "S0017 Determines if there are any OutOfMemory errors in the Puppetdb JVM"
pe_status_check::S0018: "S0018 Determines if there are any OutOfMemory errors in the Orchestrator JVM"
pe_status_check::S0019: "S0019 Determines if there are sufficent jrubies available to serve agents"
pe_status_check::S0020: "S0020 Determines"
pe_status_check::S0021: "S0021 Determines if free memory is less than 10%."
pe_status_check::S0022: "S0022 Determines if there is a valid Puppet Enterprise license in place at /etc/puppetlabs/license.key on your primary which is not going to expire in the next 90 days"
pe_status_check::S0023: "S0023 Determines if the CA CRL expires within 90 days"
pe_status_check::S0024: "S0024 Determines if there are files in the puppetdb discard directory newer than 1 week old"
pe_status_check::S0025: "S0025 Determines if the host copy of the CRL expires within 90 days"
pe_status_check::S0026: "S0026 Determines if the Puppet Server JVM Heap-Max is set to an inefficient volume"
pe_status_check::S0027: "S0027 Determines if the Puppetdb JVM Heap-Max is set to an inefficient volume"
pe_status_check::S0028: "S0028 Determines"
pe_status_check::S0029: "S0029 Determines if number of current connections to Postgresql DB is approaching 90% of the max_connections defined."
pe_status_check::S0030: "S0030 Determines when infrastructure components that run with the setting use_cached_catalog are set to true"
pe_status_check::S0031: "S0031 Determines if old PE agent packages still exist on the Primary server"
pe_status_check::S0032: "S0032 Determines "
pe_status_check::S0033: "S0033 Determines if modern Hiera 5 is in use"
pe_status_check::S0034: "S0034 Determines if PE installation has not been upgraded within a year"
pe_status_check::S0035: "S0035 Determines if puppet module list is returning any warnings"
pe_status_check::S0036: "S0036 Determines if max-queued-requests is set above 150"
pe_status_check::S0037: "S0037 Determines"
pe_status_check::S0038: "S0038 Determines whether the number of environments within $codedir/environments is less than 100"
pe_status_check::S0039: "S0039 Determines if Puppetserver has a non zero queue-limit-hit-rate"
pe_status_check::S0040: "S0040 Determines if the deployment is collecting system metrics"
pe_status_check::S0041: "S0041 Determines if the pxp broker has an established connection to another pxp broker"
pe_status_check::S0042: "S0042 Determines if the pxp-agent has an established connection to a pxp broker"
pe_status_check::S0044: "S0044 Determines if Puppet Servers are using the the PE classifier for the node data plugin"
pe_status_check::AS001: "AS001 Determines if the agent host certificate is expiring within 90 days"
pe_status_check::AS002: "AS002 Determines if the pxp-agent has an established connection to a pxp broker"
pe_status_check::AS003: "AS003 Determines the certname configuration parameter is incorrectly set outside of the [main] section of the puppet.conf file"
pe_status_check::AS004: "AS004 Determines if the host copy of the CRL expires within 90 days"
1 change: 1 addition & 0 deletions hiera.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,4 @@ hierarchy:
plan_hierarchy:
- name: "Static data"
path: "static.yaml"
data_hash: yaml_data
36 changes: 28 additions & 8 deletions lib/facter/pe_status_check.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,6 +213,20 @@
end
end

chunk(:S0020) do
# Are All Services running
next unless ['primary'].include?(Facter.value('pe_status_check_role'))
response = PEStatusCheck.http_get('/status/v1/services', 4433)
if response
all_running = response.values.all? do |service|
service['state'] == 'running'
end
{ S0020: all_running }
else
{ S0020: false }
end
end

chunk(:S0021) do
# Is there at least 9% memory available
{ S0021: Facter.value(:memory)['system']['capacity'].to_f <= 90 }
Expand Down Expand Up @@ -387,16 +401,22 @@

chunk(:S0033) do
next unless ['primary', 'legacy_primary', 'replica', 'pe_compiler', 'legacy_compiler'].include?(Facter.value('pe_status_check_role'))

hiera_config_path = Puppet.settings['hiera_config']
next unless File.exist?(hiera_config_path)
hiera_config_file = YAML.load_file(hiera_config_path)
hiera_version = hiera_config_file.dig('version')
if hiera_version.nil?
if File.exist?(hiera_config_path)
hiera_config_file = YAML.load_file(hiera_config_path)
else
{ S0033: false }
# Is Hiera 5 in use?
end

if hiera_config_file.is_a?(Hash) && !hiera_config_file.empty?
hiera_version = hiera_config_file.dig('version')
if hiera_version.nil?
{ S0033: false }
else
{ S0033: hiera_version.to_i == 5 }
end
else
{ S0033: hiera_version.to_i == 5 }
{ S0033: false }
end
end

Expand Down Expand Up @@ -425,7 +445,7 @@

chunk(:S0036) do
next unless ['primary', 'legacy_primary', 'replica', 'pe_compiler', 'legacy_compiler'].include?(Facter.value('pe_status_check_role'))
str = IO.read('/etc/puppetlabs/puppetserver/conf.d/pe-puppet-server.conf')
str = File.read('/etc/puppetlabs/puppetserver/conf.d/pe-puppet-server.conf')
max_queued_requests = str.match(%r{max-queued-requests: (\d+)})
if max_queued_requests.nil?
{ S0036: true }
Expand Down
8 changes: 6 additions & 2 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,19 @@
# include pe_status_check
# @param [[Array][String]] indicator_exclusions
# List of disabled indicators, place any indicator ids you do not wish to report on in this list
# @param [Hash] checks
# Hash containing a descriptiong for each key indicator
class pe_status_check (
# Provided by module data
Hash $checks,
Array[String[1]] $indicator_exclusions = [],
) {
$negatives = getvar('facts.pe_status_check', []).filter | $k, $v | { $v == false and ! ($k in $indicator_exclusions) }

$negatives.each |$indicator, $_v| {
$in_message = lookup("pe_status_check::${indicator}", { default_value => 'Determines there is a fault' })
$msg = $checks[$indicator]
notify { "pe_status_check ${indicator}":
message => "${indicator} is at fault. The indicator ${in_message}, refer to documentation for required action",
message => "${indicator} is at fault. The indicator ${indicator} ${msg}, refer to documentation for required action",
}
}
}
2 changes: 1 addition & 1 deletion metadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "puppetlabs-pe_status_check",
"version": "3.0.0",
"version": "4.0.0",
"author": "Marty Ewings",
"summary": "A Puppet Enterprise Module to Promote Preventative Maintenance and Self Service",
"license": "Apache-2.0",
Expand Down
18 changes: 5 additions & 13 deletions plans/agent_summary.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,9 @@
# Defaults to using a PuppetDB query to identify nodes
# @param indicator_exclusions
# List of disabled indicators, place any indicator ids you do not wish to report on in this list
# Static Hiera Data can be used to set indicator_exclusions in a plan - for more information see https://www.puppet.com/docs/pe/latest/writing_plans_in_puppet_language_pe.html#using_hiera_with_plans
plan pe_status_check::agent_summary(
Array[String[1]] $indicator_exclusions = [],
Array[String[1]] $indicator_exclusions = lookup('pe_status_check::indicator_exclusions', undef, undef, []),
Optional[TargetSpec] $targets = undef,
) {
# Query PuppetDB if $targets is not unspecified
Expand All @@ -24,13 +25,8 @@
} else {
get_targets($targets)
}
# Validate that hiera lookups are functional
$hiera_result_or_error = catch_errors() || {
lookup('pe_status_check::AS001', String)
}
if $hiera_result_or_error =~ Error {
log::warn('Hiera lookups are not functional with plans. See the "Setup Requirements" section of the README')
}
# Trapping errors doesn't work here since the lookup will fail regardless
$checks = lookup('pe_status_check::checks', Hash)

# Get the facts from the Targets to use for processing
$results = without_default_logging() || {
Expand Down Expand Up @@ -76,11 +72,7 @@
$res.target.name => {
'passing_tests_count' => $passing.length,
'failed_tests_count' => $failing.length,
'failed_tests_details' => $failing.keys.map |$items| {
unless $hiera_result_or_error =~ Error {
lookup("pe_status_check::${items}", String)
}
},
'failed_tests_details' => $failing.keys.map |$key| { $checks[$key] },
},
}
$memo + {
Expand Down
Loading