diff --git a/README.md b/README.md index f2a4a2c..02c6034 100644 --- a/README.md +++ b/README.md @@ -30,9 +30,9 @@ Tasks in this module should only be executed by PE support customers in accompan Support customers should follow the instructions in the corresponding knowledge base articles linked below. -## Deprecation Notice +## Removal Notice -The following tasks are no longer being developed and will be deprecated in a future version: +The following tasks are no longer being developed and where removed: | Task Name | Alternative | |-----------|-------------| diff --git a/docs/kb0337_REFERENCE.md b/docs/kb0337_REFERENCE.md deleted file mode 100644 index 17fe460..0000000 --- a/docs/kb0337_REFERENCE.md +++ /dev/null @@ -1,285 +0,0 @@ -# Reference - -## Configuration - -### ssh - -By default, Bolt will assume the `ssh` transport and use `~/.ssh.config` for configuration options. Below is a sample `config` file and command. - -``` -Host pe-* - User centos - Port 22 - PasswordAuthentication no - IdentityFile /home/adrian/.ssh/id_rsa-acceptance - IdentitiesOnly yes - LogLevel ERROR -``` - -``` -$ bolt plan run kb0337b_upload_ca_cert cert=/tmp/tmp.CuWtz3dmfx --run-as root --nodes pe-201815-agent -{ - "success": { - "pe-201815-agent": { - "_output": "Uploaded '/tmp/tmp.CuWtz3dmfx' to 'pe-201815-agent:/etc/puppetlabs/puppet/ssl/certs/ca.pem'" - } - } -} -``` - -### Inventory - -See the [Bolt inventory](https://puppet.com/docs/bolt/latest/inventory_file.html) documentation for a full reference on how to use the inventory. Below is a sample inventory created using [bolt-inventory-pdb](https://puppet.com/docs/bolt/latest/inventory_file_generating.html) and example commands. - -``` -$ cat pdb.yaml ---- -query: "inventory[certname] {}" -groups: -- name: windows - query: "inventory[certname] { facts.osfamily = 'windows' }" - config: - transport: winrm - winrm: - user: Administrator - password: foo - ssl: false -- name: linux - query: "inventory[certname] { facts.kernel = 'Linux' }" - config: - transport: ssh - ssh: - user: centos - private-key: ~/.ssh/id_rsa-acceptance - host-key-check: false -``` - -``` -$ /opt/puppetlabs/bolt/bin/bolt-inventory-pdb pdb.yaml -o ~/.puppetlabs/bolt/inventory.yaml -``` - -``` -$ cat ~/.puppetlabs/bolt/inventory.yaml ---- -query: inventory[certname] {} -groups: -- name: windows - query: inventory[certname] { facts.osfamily = 'windows' } - config: - transport: winrm - winrm: - user: Administrator - password: foo - ssl: false - nodes: - - ljbkgu9t2x3ohqd.delivery.puppetlabs.net -- name: linux - query: inventory[certname] { facts.kernel = 'Linux' } - config: - transport: ssh - ssh: - user: centos - private-key: "~/.ssh/id_rsa-acceptance" - host-key-check: false - nodes: - - pe-201815-master.puppetdebug.vlan - - pe-201815-agent.platform9.puppet.net - - pe-201815-compile.platform9.puppet.net -nodes: -- ljbkgu9t2x3ohqd.delivery.puppetlabs.net -- pe-201815-master.puppetdebug.vlan -- pe-201815-agent.platform9.puppet.net -- pe-201815-compile.platform9.puppet.net -``` - -``` -$ bolt command run hostname --nodes linux -Started on pe-201815-compile.platform9.puppet.net... -Started on pe-201815-master.puppetdebug.vlan... -Started on pe-201815-agent.platform9.puppet.net... -Finished on pe-201815-master.puppetdebug.vlan: - STDOUT: - pe-201815-master.puppetdebug.vlan -Finished on pe-201815-compile.platform9.puppet.net: - STDOUT: - pe-201815-compile -Finished on pe-201815-agent.platform9.puppet.net: - STDOUT: - pe-201815-agent -Successful on 3 nodes: pe-201815-master.puppetdebug.vlan,pe-201815-agent.platform9.puppet.net,pe-201815-compile.platform9.puppet.net -Ran on 3 nodes in 0.62 seconds -``` - -``` -$ bolt command run hostname --nodes windows -Started on ljbkgu9t2x3ohqd.delivery.puppetlabs.net... -Finished on ljbkgu9t2x3ohqd.delivery.puppetlabs.net: - STDOUT: - ljbkgu9t2x3ohqd -Successful on 1 node: ljbkgu9t2x3ohqd.delivery.puppetlabs.net -Ran on 1 node in 0.70 seconds -``` - -## Plans - -### `kb0337a_extend_ca_cert` - -#### Arguments - -* master - Fully qualified domain name of the master containing the certificate authority -* compile_masters - Comma separated list of fully qualified domain names of compile masters - -#### Steps - -* Runs the `service` task to stop the `puppet` and `pe-puppetserver` services on the master -* Runs the `kb0337a_extend_ca_cert` task to dump the new cert to a file and return the path to the file and a base64 encoded string of its contents -* Runs the `kb0337d_configure_master` task to backup the `ssl` directory to `/var/puppetlabs/backups`, copy the new cert into place, and configure the master to use the new cert -* Decodes the cert's contents and dump it to a temp file -* Uploads the new cert to any compile masters and configures them to use the new cert - -#### Output - -All steps in this plan are critical to extending the certificate, so the plan will fail if any step fails. The output consists of Bolt logging messages and any failures of the steps involved. - -### Example - -``` -$ bolt plan run kb0337a_extend_ca_cert master=pe-201815-master compile_masters=pe-201815-compile --run-as root -Starting: plan kb0337a_extend_ca_cert -Starting: command 'echo "test" | base64 -w 0 - &>/dev/null' on localhost -Finished: command 'echo "test" | base64 -w 0 - &>/dev/null' with 0 failures in 0.0 sec -INFO: Stopping puppet and pe-puppetserver services on pe-201815-master -Starting: task service on pe-201815-master -Finished: task service with 0 failures in 0.85 sec -Starting: task service on pe-201815-master -Finished: task service with 0 failures in 1.95 sec -INFO: Extending certificate on master pe-201815-master -Starting: task kb0337a_extend_ca_cert on pe-201815-master -Finished: task kb0337a_extend_ca_cert with 0 failures in 2.92 sec -INFO: Configuring master pe-201815-master to use new certificate -Starting: task kb0337d_configure_master on pe-201815-master -Finished: task kb0337d_configure_master with 0 failures in 95.72 sec -Starting: task service on pe-201815-master -Finished: task service with 0 failures in 1.64 sec -INFO: Configuring compile master(s) pe-201815-compile to use new certificate -Starting: file upload from /tmp/tmp.CuWtz3dmfx to /etc/puppetlabs/puppet/ssl/certs/ca.pem on pe-201815-compile -Finished: file upload from /tmp/tmp.CuWtz3dmfx to /etc/puppetlabs/puppet/ssl/certs/ca.pem with 0 failures in 0.59 sec -Starting: task run_agent on pe-201815-compile -Finished: task run_agent with 0 failures in 44.34 sec -INFO: CA cert decoded and stored at /tmp/tmp.CuWtz3dmfx -INFO: Run plan 'kb0337b_upload_ca_cert' to distribute to agents -Finished: plan kb0337a_extend_ca_cert in 148.06 sec -``` - -### `kb0337b_upload_ca_cert` - -#### Arguments - -* cert - Location of the new certificate on disk. - -This plan accepts any valid TargetSpec(s) specified by the `--nodes` option. - -#### Steps - -* Collects facts from agents and separates them into groups of \*nix and Windows -* Runs `upload_file` on each list of agents to distribute the cert -* Constructs a JSON formatted object of the results of the uploads and returns it - -#### Output - -The output of this plan is a JSON object with two keys: `success` and `failure`. Each key contains any number of objects consisting of the agent certname and the output of the `upload_file` command. - -``` -$ bolt plan run kb0337b_upload_ca_cert cert=/tmp/tmp.CuWtz3dmfx --run-as root --query 'inventory { }' -Starting: plan kb0337b_upload_ca_cert -Starting: plan kb0337c_get_agent_facts -Starting: install puppet and gather facts on pe-201815-agent.platform9.puppet.net, ljbkgu9t2x3ohqd.delivery.puppetlabs.net, pe-201815-master.puppetdebug.vlan, pe-201815-compile.platform9.puppet.net -Finished: install puppet and gather facts with 0 failures in 9.33 sec -Finished: plan kb0337c_get_agent_facts in 9.33 sec -Starting: plan facts -Starting: task facts on pe-201815-agent.platform9.puppet.net, ljbkgu9t2x3ohqd.delivery.puppetlabs.net, pe-201815-master.puppetdebug.vlan, pe-201815-compile.platform9.puppet.net -Finished: task facts with 0 failures in 6.27 sec -Finished: plan facts in 6.31 sec -Starting: file upload from /tmp/tmp.CuWtz3dmfx to C:\ProgramData\PuppetLabs\puppet\etc\ssl\certs\ca.pem on ljbkgu9t2x3ohqd.delivery.puppetlabs.net -Finished: file upload from /tmp/tmp.CuWtz3dmfx to C:\ProgramData\PuppetLabs\puppet\etc\ssl\certs\ca.pem with 0 failures in 1.07 sec -Starting: file upload from /tmp/tmp.CuWtz3dmfx to /etc/puppetlabs/puppet/ssl/certs/ca.pem on pe-201815-agent.platform9.puppet.net, pe-201815-master.puppetdebug.vlan, pe-201815-compile.platform9.puppet.net -Finished: file upload from /tmp/tmp.CuWtz3dmfx to /etc/puppetlabs/puppet/ssl/certs/ca.pem with 0 failures in 0.66 sec -Finished: plan kb0337b_upload_ca_cert in 17.41 sec -{ - "success": { - "pe-201815-agent.platform9.puppet.net": { - "_output": "Uploaded '/tmp/tmp.CuWtz3dmfx' to 'pe-201815-agent.platform9.puppet.net:/etc/puppetlabs/puppet/ssl/certs/ca.pem'" - }, - "pe-201815-master.puppetdebug.vlan": { - "_output": "Uploaded '/tmp/tmp.CuWtz3dmfx' to 'pe-201815-master.puppetdebug.vlan:/etc/puppetlabs/puppet/ssl/certs/ca.pem'" - }, - "pe-201815-compile.platform9.puppet.net": { - "_output": "Uploaded '/tmp/tmp.CuWtz3dmfx' to 'pe-201815-compile.platform9.puppet.net:/etc/puppetlabs/puppet/ssl/certs/ca.pem'" - }, - "ljbkgu9t2x3ohqd.delivery.puppetlabs.net": { - "_output": "Uploaded '/tmp/tmp.CuWtz3dmfx' to 'ljbkgu9t2x3ohqd.delivery.puppetlabs.net:C:\\ProgramData\\PuppetLabs\\puppet\\etc\\ssl\\certs\\ca.pem'" - } - } -} -``` - -## Tasks - -### `kb0337g_check_ca_expiry` - -#### Arguments - -* cert - Optional location of certificate on disk to check. Defaults to /etc/puppetlabs/puppet/ssl/certs/ca.pem. -* date - Optional YYYY-MM-DD format date against which to check for expiration. Defaults to 3 months in the future. - -This task accepts any valid TargetSpec(s) specified by the `--nodes` option. Can be run on any \*nix agent node or the master. - -#### Steps - -* Uses `openssl` and Unix `date` to determine if the certificate will expire. - -#### Output - -A JSON object with the status and expiration date, e.g. - -``` -{ - "status": "valid", - "expiry date": "Feb 16 01:00:09 2034 GMT" -} -``` - -### `kb0337f_check_agent_expiry` - -#### Arguments - -* date - Optional YYYY-MM-DD format date against which to check for expiration - -This task accepts any valid TargetSpec(s) specified by the `--nodes` option. Should be run on the master. - -#### Steps - -* Uses `openssl` and Unix `date` to determine if the signed agent certificates under `/etc/puppetlabs/puppet/ssl/ca/signed/` will expire. - -#### Output - -A JSON object with keys for valid and expiring certificates, e.g. - -``` - { - "valid": [ - "/etc/puppetlabs/puppet/ssl/ca/signed/c4lscpmafhaxjr8.delivery.puppetlabs.net.pem", - "/etc/puppetlabs/puppet/ssl/ca/signed/cd4pe-containers.platform9.puppet.net.pem", - "/etc/puppetlabs/puppet/ssl/ca/signed/iwj6668y4s3vq40.delivery.puppetlabs.net.pem", - "/etc/puppetlabs/puppet/ssl/ca/signed/koo1nzsozj2xeqh.delivery.puppetlabs.net.pem", - "/etc/puppetlabs/puppet/ssl/ca/signed/mafy3pgo98v2vne.delivery.puppetlabs.net.pem", - "/etc/puppetlabs/puppet/ssl/ca/signed/pe-201901-agent.platform9.puppet.net.pem", - "/etc/puppetlabs/puppet/ssl/ca/signed/pe-201901-compile.puppetdebug.vlan.pem", - "/etc/puppetlabs/puppet/ssl/ca/signed/pe-201901-master.puppetdebug.vlan.pem", - "/etc/puppetlabs/puppet/ssl/ca/signed/qgocotu07r3rdpa.delivery.puppetlabs.net.pem" - ], - "expiring": [ - - ] - } -``` diff --git a/spec/acceptance/st0236_set_cache_paths_to_default_spec.rb b/spec/acceptance/st0236_set_cache_paths_to_default_spec.rb deleted file mode 100644 index ebb7959..0000000 --- a/spec/acceptance/st0236_set_cache_paths_to_default_spec.rb +++ /dev/null @@ -1,22 +0,0 @@ -require 'spec_helper_acceptance' -describe 'tasks' do - it 'when all dirs are already default or is PE node' do - result = run_bolt_task('support_tasks::st0236_set_cache_paths_to_default') - expect(result.stdout).to contain(%r{success}) - end - it 'when vardir is not default or is pe node ' do - run_shell('if [ -z "$(facter -p pe_build)" ]; then /opt/puppetlabs/bin/puppet config set vardir /opt/puppetlabs/testingdirs; fi') - result = run_bolt_task('support_tasks::st0236_set_cache_paths_to_default') - expect(result.stdout).to contain(%r{success}) - end - it 'when statedir is not default or is pe node ' do - run_shell('if [ -z "$(facter -p pe_build)" ]; then /opt/puppetlabs/bin/puppet config set statedir /opt/puppetlabs/testingdirs; fi') - result = run_bolt_task('support_tasks::st0236_set_cache_paths_to_default') - expect(result.stdout).to contain(%r{success}) - end - it 'when rundir is not default or is pe node ' do - run_shell('if [ -z "$(facter -p pe_build)" ]; then /opt/puppetlabs/bin/puppet config set rundir /opt/puppetlabs/testingdirs; fi') - result = run_bolt_task('support_tasks::st0236_set_cache_paths_to_default') - expect(result.stdout).to contain(%r{success}) - end -end diff --git a/spec/acceptance/st0267_clear_file_sync_locks_spec.rb b/spec/acceptance/st0267_clear_file_sync_locks_spec.rb deleted file mode 100644 index ba195bd..0000000 --- a/spec/acceptance/st0267_clear_file_sync_locks_spec.rb +++ /dev/null @@ -1,8 +0,0 @@ -require 'spec_helper_acceptance' -describe 'tasks' do - it 'when lockfile removal possible, or not a valid node ' do - run_shell('if [ -n "$(facter -p pe_build)" ]; then mkdir -p /opt/puppetlabs/server/data/puppetserver/filesync && touch /opt/puppetlabs/server/data/puppetserver/filesync/index.lock; fi') - result = run_bolt_task('support_tasks::st0267_clear_file_sync_locks') - expect(result.stdout).to contain(%r{success}) - end -end diff --git a/spec/acceptance/st0286_change_puppet_daemon_runmode_spec.rb b/spec/acceptance/st0286_change_puppet_daemon_runmode_spec.rb deleted file mode 100644 index 2251252..0000000 --- a/spec/acceptance/st0286_change_puppet_daemon_runmode_spec.rb +++ /dev/null @@ -1,25 +0,0 @@ -require 'spec_helper_acceptance' -describe 'tasks' do - it 'when agent is disabled and action is enable' do - run_shell('/opt/puppetlabs/bin/puppet agent --disable shelldisable') - result = run_bolt_task('support_tasks::st0286_change_puppet_daemon_runmode', 'puppet_mode' => 'enable') - expect(result['result']['_output']).to contain('enabled puppet on') - end - it 'when agent is enabled and action is disable ' do - run_shell('/opt/puppetlabs/bin/puppet agent --enable') - result = run_bolt_task('support_tasks::st0286_change_puppet_daemon_runmode', 'puppet_mode' => 'disable', 'reason' => 'taskdisabled') - expect(result['result']['_output']).to contain('disabled puppet on') - expect(result['result']['_output']).to contain('taskdisabled') - end - it 'when agent is disabled and action is disable' do - run_shell('/opt/puppetlabs/bin/puppet agent --disable') - result = run_bolt_task('support_tasks::st0286_change_puppet_daemon_runmode', 'puppet_mode' => 'disable', 'reason' => 'taskdisabled') - expect(result['result']['_output']).to contain('puppet daemon already disabled on') - expect(result['result']['_output']).to contain('taskdisabled') - end - it 'when agent is enable and action is enable' do - run_shell('/opt/puppetlabs/bin/puppet agent --enable') - result = run_bolt_task('support_tasks::st0286_change_puppet_daemon_runmode', 'puppet_mode' => 'enable') - expect(result['result']['_output']).to contain('puppet already enabled on') - end -end diff --git a/tasks/st0236_set_cache_paths_to_default.json b/tasks/st0236_set_cache_paths_to_default.json deleted file mode 100644 index a618a1a..0000000 --- a/tasks/st0236_set_cache_paths_to_default.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "puppet_task_version": 1, - "supports_noop": false, - "description": "ST0236 Set Cache Paths To Default - This Task to be used in conjunction with Puppet Enterprise Knowledge Base Article KB0236 - https://support.puppet.com/hc/en-us/articles/360001060434", - "parameters": { - }, - "implementations": [ - {"name": "st0236_set_cache_paths_to_default.sh", "requirements": ["shell"], "files": ["bash_task_helper/files/task_helper.sh"], "input_method": "environment"} - ] -} diff --git a/tasks/st0236_set_cache_paths_to_default.sh b/tasks/st0236_set_cache_paths_to_default.sh deleted file mode 100644 index e56a141..0000000 --- a/tasks/st0236_set_cache_paths_to_default.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# shellcheck disable=SC2230 -# DEPRECATION: -# This script is now Deprecated and will be removed in a further update -declare PT__installdir -source "$PT__installdir/bash_task_helper/files/task_helper.sh" -task-output "deprecation" "This task is deprecated and will be removed in a future release. Please see this module's README for more information" - -if [ -n "$(facter -p pe_build)" ] -then - task-suceed "Not an agent node" -fi - -manifest="" -vardir=$(puppet config print vardir) || task-fail "unable to determine vardir" -statedir=$(puppet config print statedir) || task-fail "unable to determine statedir" -rundir=$(puppet config print rundir) || task-fail "unable to determine rundir" - -if [ "$vardir" != "/opt/puppetlabs/puppet/cache" ] -then - echo "{ \"vardir\": \"needs reset from $vardir\" }" - manifest+=" augeas {'Remove vardir': changes => 'rm etc/puppetlabs/puppet/puppet.conf/main/vardir' } " -fi -if [ "$statedir" != "/opt/puppetlabs/puppet/cache/state" ] -then - echo "{ \"statedir\": \"needs reset from $statedir\" }" - manifest+=" augeas {'Remove statedir': changes => 'rm etc/puppetlabs/puppet/puppet.conf/main/statedir' } " -fi -if [ "$rundir" != "/var/run/puppetlabs" ] -then - echo "{ \"rundir\": \"needs reset from $statedir\" }" - manifest+=" augeas {'Remove rundir': changes => 'rm etc/puppetlabs/puppet/puppet.conf/main/rundir' } " -fi - -if [ "$manifest" != "" ] -then - puppet apply -e "$manifest" || task-fail "unable to reset parameters" - task-succeed "success - parameters reset to default" -else - task-succeed "success - No changes necessary" -fi - diff --git a/tasks/st0267_clear_file_sync_locks.json b/tasks/st0267_clear_file_sync_locks.json deleted file mode 100644 index 4673604..0000000 --- a/tasks/st0267_clear_file_sync_locks.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "puppet_task_version": 1, - "supports_noop": false, - "description": "ST0267 Clear File Sync Locks - This Task to be used in conjunction with Puppet Enterprise Knowledge Base Article KB0267 - https://support.puppet.com/hc/en-us/articles/360003883933", - "parameters": { - }, - "implementations": [ - {"name": "st0267_clear_file_sync_locks.sh", "requirements": ["shell"], "files": ["bash_task_helper/files/task_helper.sh"], "input_method": "environment"} - ] -} diff --git a/tasks/st0267_clear_file_sync_locks.sh b/tasks/st0267_clear_file_sync_locks.sh deleted file mode 100644 index a35351a..0000000 --- a/tasks/st0267_clear_file_sync_locks.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# shellcheck disable=SC2230 - -# DEPRECATION: -# This script is now Deprecated and will be removed in a further update - -declare PT__installdir -source "$PT__installdir/bash_task_helper/files/task_helper.sh" -task-output "deprecation" "This task is deprecated and will be removed in a future release. Please see this module's README for more information" - -if [ -z "$(facter -p pe_build)" ] -then - task-succeed "success - Agent Node Not Proceeding" -fi - -if [ -e "/etc/sysconfig/pe-puppetserver" ] || [ -e "/etc/default/pe-puppetserver" ] # Test to confirm this is a Puppetserver -then - - puppet resource service pe-puppetserver ensure=stopped || task-fail "Could not stop pe-puppetserver" - $(/usr/bin/which find) /opt/puppetlabs/server/data/puppetserver/filesync/ -type f -name 'index.lock' -delete -print || task-fail "Could not remove lockfile" - puppet resource service pe-puppetserver ensure=running || task-fail "Could not start pe-puppetserver" -else - task-succeed "success - pe-puppetserver not installed" -fi - -task-succeed "success - filesync lock removed or not present" diff --git a/tasks/st0285_find_disabled_agents.json b/tasks/st0285_find_disabled_agents.json deleted file mode 100644 index ff01405..0000000 --- a/tasks/st0285_find_disabled_agents.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "puppet_task_version": 1, - "description": "ST0285 Find Disabled Agents - This Task to be used in conjunction with Puppet Enterprise Knowledge Base Article KB0285 - https://support.puppet.com/hc/en-us/articles/360006717334", - "supports_noop": false, - "implementations": [ - {"name": "st0285a_bash_find_disabled_agents.sh", "requirements": ["shell"]}, - {"name": "st0285b_powershell_find_disabled_agents.ps1", "requirements": ["powershell"]} - ] -} - diff --git a/tasks/st0285a_bash_find_disabled_agents.json b/tasks/st0285a_bash_find_disabled_agents.json deleted file mode 100644 index ba4d8ce..0000000 --- a/tasks/st0285a_bash_find_disabled_agents.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "puppet_task_version": 1, - "description": "ST0285 Find Disabled Agents - This Task to be used in conjunction with Puppet Enterprise Knowledge Base Article KB0285 - https://support.puppet.com/hc/en-us/articles/360006717334", - "supports_noop": false -} - diff --git a/tasks/st0285a_bash_find_disabled_agents.sh b/tasks/st0285a_bash_find_disabled_agents.sh deleted file mode 100644 index 8bc2d4c..0000000 --- a/tasks/st0285a_bash_find_disabled_agents.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -LOCKFILE="$(puppet config print statedir)/agent_disabled.lock" - -echo "This task is deprecated and will be removed in a future release. Please see this module's README for more information" -if [ -e "$LOCKFILE" ] -then - echo "Puppet agent is disabled" - cat "$(puppet config print statedir)/agent_disabled.lock" -else - echo "Puppet agent is enabled" - exit 1 -fi diff --git a/tasks/st0285b_powershell_find_disabled_agents.json b/tasks/st0285b_powershell_find_disabled_agents.json deleted file mode 100644 index ba4d8ce..0000000 --- a/tasks/st0285b_powershell_find_disabled_agents.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "puppet_task_version": 1, - "description": "ST0285 Find Disabled Agents - This Task to be used in conjunction with Puppet Enterprise Knowledge Base Article KB0285 - https://support.puppet.com/hc/en-us/articles/360006717334", - "supports_noop": false -} - diff --git a/tasks/st0285b_powershell_find_disabled_agents.ps1 b/tasks/st0285b_powershell_find_disabled_agents.ps1 deleted file mode 100644 index 26528d2..0000000 --- a/tasks/st0285b_powershell_find_disabled_agents.ps1 +++ /dev/null @@ -1,11 +0,0 @@ -$LOCKFILE="$(cmd.exe /c puppet config print statedir)/agent_disabled.lock" - -Write-Output "This task is deprecated and will be removed in a future release. Please see this module's README for more information" -if(Test-Path $LOCKFILE) { - Write-Output "Puppet agent is disabled" - cat $LOCKFILE -} -else { - Write-Output "Puppet agent is enabled" - EXIT 1 -} diff --git a/tasks/st0286_change_puppet_daemon_runmode.json b/tasks/st0286_change_puppet_daemon_runmode.json deleted file mode 100644 index 447f5a4..0000000 --- a/tasks/st0286_change_puppet_daemon_runmode.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "puppet_task_version": 1, - "description": "ST0286 Change Puppet Daemon Runmode - This Task to be used in conjunction with Puppet Enterprise Knowledge Base Article KB0286 - https://support.puppet.com/hc/en-us/articles/360006721014", - "supports_noop": false, - "parameters": { - "puppet_mode": { - "description": "Can be either `enable` or `disable`, the mode to put the daemon in", - "type": "Enum['enable','disable']" - }, - "reason": { - "description": "An optional message string to pass that will be added to disabled agents. Shows up in syslog.", - "type": "Optional[String[1]]" - } - } -} - diff --git a/tasks/st0286_change_puppet_daemon_runmode.sh b/tasks/st0286_change_puppet_daemon_runmode.sh deleted file mode 100644 index c564f7b..0000000 --- a/tasks/st0286_change_puppet_daemon_runmode.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash - -# shellcheck disable=SC2230 - -declare PT_reason -declare PT_puppet_mode - -LOCKFILE="$(puppet config print statedir)/agent_disabled.lock" -echo "This task is deprecated and will be removed in a future release. Please see this module's README for more information" - -if [[ $PT_puppet_mode == "enable" ]] -then - if [ -e "$LOCKFILE" ] - then - puppet agent --enable - echo "enabled puppet on $(puppet config print certname)" - else - echo "puppet already enabled on $(puppet config print certname)" - fi -elif [[ $PT_puppet_mode == "disable" ]] -then - if [ -e "$LOCKFILE" ] - then - echo "puppet daemon already disabled on $(puppet config print certname)" - cat "$(puppet config print statedir)/agent_disabled.lock" - else - puppet agent --disable "$PT_reason" - echo "disabled puppet on $(puppet config print certname)" - cat "$(puppet config print statedir)/agent_disabled.lock" - fi -else - echo "parameter puppet_mode must be either enable or disable" - exit 1 -fi diff --git a/tasks/st0298_run_code_deploy.json b/tasks/st0298_run_code_deploy.json deleted file mode 100644 index 2eeec9b..0000000 --- a/tasks/st0298_run_code_deploy.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "puppet_task_version": 1, - "supports_noop": false, - "description": "ST0298 Run Code Deploy - This Task to be used in conjunction with Puppet Enterprise Knowledge Base Article https://support.puppet.com/hc/en-us/articles/360008192734", - "parameters": { - "environment": { - "description": "The name of the environment to deploy, use all to deploy every environment", - "type": "String[1]" - } - }, - "implementations": [ - {"name": "st0298_run_code_deploy.sh", "requirements": ["shell"], "files": ["bash_task_helper/files/task_helper.sh"], "input_method": "environment"} - ] -} diff --git a/tasks/st0298_run_code_deploy.sh b/tasks/st0298_run_code_deploy.sh deleted file mode 100644 index d27365e..0000000 --- a/tasks/st0298_run_code_deploy.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -# Puppet Task Name: st0298_run_code_deploy - -# DEPRECATION: -# This script is now Deprecated and will be removed in a further update -declare PT__installdir -source "$PT__installdir/bash_task_helper/files/task_helper.sh" -task-output "deprecation" "This task is deprecated and will be removed in a future release. Please see this module's README for more information" -declare PT_environment -environment=$PT_environment -[ "$environment" == 'all' ] && environment='--all' -failpat='"status": "failed"' -code=/opt/puppetlabs/bin/puppet-code -if [ -f "/etc/puppetlabs/puppetserver/conf.d/code-manager.conf" ] -then - if [ -f "/root/.puppetlabs/token" ] - then - output="$("$code" deploy "$environment" --wait -l debug 2>&1)" || \ - task-fail "code deploy failed with exit code $?" - [[ "${output}" =~ $failpat ]] && task-fail 'code deploy failed' - else - task-fail "Token not available in default location /root/.puppetlabs/token: https://puppet.com/docs/pe/latest/rbac_token_auth_intro.html#generate-a-token-using-puppet-access" - fi -else - task-fail "Node is not a Primary or does not have Code Manager configured. To enable Code Manager please follow the documentation here: https://puppet.com/docs/pe/latest/code_mgr_config.html" -fi - - task-succeed "success - Code Deploy completed" \ No newline at end of file diff --git a/tasks/st0305_support_script_and_upload.json b/tasks/st0305_support_script_and_upload.json deleted file mode 100644 index 4051398..0000000 --- a/tasks/st0305_support_script_and_upload.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "description": "Execute the PE Support Script and upload it via SFTP", - "input_method": "environment", - "supports_noop": false, - "parameters": { - "logage": { - "description": "Log age (in days) to collect. Defaults to '3'", - "type": "Optional[Pattern[/^[0-9]$/]]" - }, - "scope": { - "description": "Scope (comma-delimited) of diagnostics to collect. Defaults to 'enterprise,etc,log,networking,resources,system'", - "type": "Optional[Pattern[/^[a-z,]+$/]]" - }, - "ticket": { - "description": "Support ticket number. Required", - "type": "Integer" - } - } -} diff --git a/tasks/st0305_support_script_and_upload.rb b/tasks/st0305_support_script_and_upload.rb deleted file mode 100755 index 4542887..0000000 --- a/tasks/st0305_support_script_and_upload.rb +++ /dev/null @@ -1,44 +0,0 @@ -#!/opt/puppetlabs/puppet/bin/ruby - -# Puppet Task to execute the Puppet Enterprise Support Script and upload the result via SFTP. -# This should only be run against the PE Infrastructure Nodes. - -# DEPRECATION: -# This script is now Deprecated and will be removed in a further update - -require 'json' -require 'open3' - -logage = ENV['PT_logage'] || 3 -scope = ENV['PT_scope'] || 'base-status,system,puppet-agent,puppetserver,puppetdb,pe' -ticket = ENV['PT_ticket'] - -def puppet_enterprise_support(logage, scope, ticket) - command = '/opt/puppetlabs/puppet/bin/puppet' - command_line = [command, 'enterprise', 'support', '--log-age', logage, '--only', scope, '--ticket', ticket, '--upload'].join(' ') - stdout, stderr, status = Open3.capture3(command_line) - { - stdout: stdout.strip, - stderr: stderr.strip, - exit_code: status.exitstatus, - } -end - -deprecation_msg = "This task is deprecated with support script uploading to be handled according to documentation, and will be removed in a future release. - Please see this module's README for more information" -results = { - deprecation: deprecation_msg -} -output = puppet_enterprise_support(logage, scope, ticket) - -# rubocop:disable Style/ConditionalAssignment -if output[:exit_code].zero? && !output[:stdout].include?('Unable to upload') - results[:result] = 'PE Support Script Data Uploaded for Puppet via SFTP' -else - results[:result] = output[:stdout].lines.reject { |line| - line == "\n" || line.start_with?(' ** Append') || line.start_with?(' ** Saving') - }.uniq.join("\n") -end - -puts results.to_json -exit(output[:exit_code]) diff --git a/tasks/st0317a_clean_cert.json b/tasks/st0317a_clean_cert.json deleted file mode 100644 index 2a304b5..0000000 --- a/tasks/st0317a_clean_cert.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "description": "Clean (remove) a Puppet agent's certificate from your Primary Server", - "input_method": "environment", - "supports_noop": false, - "parameters": { - "agent_certnames": { - "description": "A comma-separated list of agent certificate to clean", - "type": "Pattern[/^([A-Za-z0-9._-]+,?)+$/]" - } - } -} diff --git a/tasks/st0317a_clean_cert.rb b/tasks/st0317a_clean_cert.rb deleted file mode 100755 index babaa1f..0000000 --- a/tasks/st0317a_clean_cert.rb +++ /dev/null @@ -1,73 +0,0 @@ -#!/opt/puppetlabs/puppet/bin/ruby - -# Puppet Task to clean a node's certificate -# This can only be run against the Puppet Primary Server. - -# Parameters: -# * agent_certnames - A comma-separated list of agent certificates to clean/remove. - -# DEPRECATION: -# This script is now Deprecated and will be removed in a further update -# For cert removal using API https://www.puppet.com/docs/puppet/8/server/http_certificate_clean - -# Original code by Nate McCurdy -# https://github.com/natemccurdy/puppet-purge_node - -require 'puppet' -require 'open3' -require 'facter' - -Puppet.initialize_settings - -def pe_primary? - !Facter.value('pe_build').nil? -end - -# This task only works when running against your Puppet CA server, so let's check for that. -# In Puppetserver, that means the configs contain 'certificate-authority-service', uncommented. -# The puppetserver config file differs between PE and open-source puppetserver. -ca_cfg = pe_primary? ? '/etc/puppetlabs/puppetserver/bootstrap.cfg' : '/etc/puppetlabs/puppetserver/services.d/ca.cfg' - -if !File.exist?(ca_cfg) || File.readlines(ca_cfg).grep(%r{^[^#].+certificate-authority-service$}).empty? - puts 'This task can only be run on your certificate authority Puppetserver' - exit 1 -end - -# Version 6 and higher use the 'puppetserver' command for cleaning certs -cmd = if Puppet::Util::Package.versioncmp(Puppet.version, '6.0.0') >= 0 - ['/opt/puppetlabs/bin/puppetserver', 'ca', 'clean', '--certname'] - else - ['/opt/puppetlabs/puppet/bin/puppet', 'cert', 'clean'] - end - -def clean_cert(agent, cmd) - stdout, stderr, status = Open3.capture3(*[cmd, agent].flatten) - { - stdout: stdout.strip, - stderr: stderr.strip, - exit_code: status.exitstatus, - } -end - -deprecation_msg = "This task is deprecated and has been replaced by the certificate clean api, which provides the same functionality. - This task will be removed in a future release. Please see this module's README for more information" -results = { - deprecation: deprecation_msg -} -agents = ENV['PT_agent_certnames'].split(',') - -agents.each do |agent| - results[agent] = {} - - if agent == Puppet[:certname] - results[agent][:result] = 'Refusing to remove the Puppet Primary Server certificate' - next - end - - output = clean_cert(agent, cmd) - results[agent][:result] = output[:exit_code].zero? ? 'Certificate removed' : output -end - -puts results.to_json - -exit(results.values.reject { |v| v == deprecation_msg }.all? { |v| v[:result] == 'Certificate removed' }) ? 0 : 1 diff --git a/tasks/st0317b_purge_node.json b/tasks/st0317b_purge_node.json deleted file mode 100644 index c97ffb1..0000000 --- a/tasks/st0317b_purge_node.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "description": "Purge Puppet agent nodes", - "input_method": "environment", - "supports_noop": false, - "parameters": { - "agent_certnames": { - "description": "A comma-separated list of agent certificate names", - "type": "Pattern[/^([A-Za-z0-9._-]+,?)+$/]" - } - } -} diff --git a/tasks/st0317b_purge_node.rb b/tasks/st0317b_purge_node.rb deleted file mode 100755 index ec34e85..0000000 --- a/tasks/st0317b_purge_node.rb +++ /dev/null @@ -1,60 +0,0 @@ -#!/opt/puppetlabs/puppet/bin/ruby - -# Puppet Task to purge nodes -# This can only be run against the Puppet Primary Server. - -# Parameters: -# * agent_certnames - A comma-separated list of agent certificate names. - -# DEPRECATION: -# This script is now Deprecated and will be removed in a further update -# For node purge using API https://www.puppet.com/docs/puppet/8/server/http_certificate_clean - -# Original code by Nate McCurdy -# https://github.com/natemccurdy/puppet-purge_node - -require 'puppet' -require 'open3' - -Puppet.initialize_settings - -# This task only works when running against your Puppet CA server, so let's check for that. -# In Puppetserver, that means that the bootstrap.cfg file contains 'certificate-authority-service'. -bootstrap_cfg = '/etc/puppetlabs/puppetserver/bootstrap.cfg' -if !File.exist?(bootstrap_cfg) || File.readlines(bootstrap_cfg).grep(%r{^[^#].+certificate-authority-service$}).empty? - puts 'This task can only be run on your certificate authority Puppet Primary Server' - exit 1 -end - -def purge_node(agent) - stdout, stderr, status = Open3.capture3('/opt/puppetlabs/puppet/bin/puppet', 'node', 'purge', agent) - { - stdout: stdout.strip, - stderr: stderr.strip, - exit_code: status.exitstatus, - } -end - -deprecation_msg = "This task is deprecated and has been replaced by the certificate clean api, which provides the same functionality. - This task will be removed in a future release. Please see this module's README for more information" - -results = { - deprecation: deprecation_msg -} -agents = ENV['PT_agent_certnames'].split(',') - -agents.each do |agent| - results[agent] = {} - - if agent == Puppet[:certname] - results[agent][:result] = 'Refusing to purge the Puppet Primary Server' - next - end - - output = purge_node(agent) - results[agent][:result] = output[:exit_code].zero? ? 'Node purged' : output -end - -puts results.to_json - -exit(results.values.reject { |v| v == deprecation_msg }.all? { |v| v[:result] == 'Node purged' }) ? 0 : 1 diff --git a/tasks/st0362_download_latest_pe_in_stream.json b/tasks/st0362_download_latest_pe_in_stream.json deleted file mode 100644 index 9edf3e2..0000000 --- a/tasks/st0362_download_latest_pe_in_stream.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "puppet_task_version": 1, - "supports_noop": false, - "description": "ST0362 Download Latest PE Z release in the currently installed stream - This task to be used in conjunction with Puppet Enterprise Knowledge Base Article KB00362 - https://support.puppet.com/hc/en-us/articles/360036141593", - "parameters": { - "dlpath": { - "description": "The Path to Download PE too", - "type": "String" - } - } -} diff --git a/tasks/st0362_download_latest_pe_in_stream.sh b/tasks/st0362_download_latest_pe_in_stream.sh deleted file mode 100644 index 7a27a83..0000000 --- a/tasks/st0362_download_latest_pe_in_stream.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash -# shellcheck disable=1117 - -# Check and Download Latest Z release - -declare PT_dlpath -dllocation=$PT_dlpath -family=$(facter -p os.family) -pe=$(facter -p pe_server_version) -majorversion=${pe%.*} -latest=$(curl https://forge.puppet.com/private/versions/pe | sed -E -e 's/(release")/\n\1/g' | grep "${majorversion}.x" |grep -o -P '.{0,0}latest.{0,13}' | awk '{split($0,a,":"); print a[2]}' | grep -o '".*"' | sed 's/"//g') -echo "This task is deprecated and will be removed in a future release. Please see this module's README for more information" -if [ -e "/etc/sysconfig/pe-puppetserver" ] || [ -e "/etc/default/pe-puppetserver" ];then - echo "Puppet primary server node detected" #Log Line to StdOut for the Console - else - echo "Not a Puppet primary server node, exiting" - exit 0 - fi - - - if [ "$pe" = "$latest" ]; then - echo "Currently installed Version of Puppet Enterprise $pe , is the Latest Release in the $majorversion stream" - exit 0 - fi - - - -case $family in - Debian) - curlfam="ubuntu" - ;; - RedHat) - curlfam="el" - ;; - Suse) - curlfam="sles" - ;; - *) - echo "Not a Supported primary server OS." - exit 0 - ;; -esac - - - - - -tarball_name="puppet-enterprise-$latest-$curlfam-$(facter -p os.release.major)-$(facter -p os.architecture).tar.gz" - -echo "Downloading PE $latest $curlfam $(facter -p os.release.major) $(facter -p os.architecture) to: $dllocation/${tarball_name}" -echo - -curl \ - -L \ - -o "$dllocation/${tarball_name}" \ - "https://pm.puppetlabs.com/puppet-enterprise/$latest/puppet-enterprise-$latest-$curlfam-$(facter -p os.release.major)-$(facter -p os.architecture).tar.gz" - diff --git a/tasks/st0370_generate_token.json b/tasks/st0370_generate_token.json deleted file mode 100644 index 338b388..0000000 --- a/tasks/st0370_generate_token.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "puppet_task_version": 1, - "supports_noop": false, - "description": "ST0370_Generate_Token This task to be used in conjunction with Puppet Enterprise Knowledge Base Article KB0370 - https://support.puppet.com/hc/en-us/articles", - "parameters": { - "user": { - "description": "PE RBAC User", - "type": "String" - }, - "password": { - "description": "PE RBAC User Password", - "type": "String", - "sensitive": true - } - } -} diff --git a/tasks/st0370_generate_token.sh b/tasks/st0370_generate_token.sh deleted file mode 100644 index c32a644..0000000 --- a/tasks/st0370_generate_token.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -# Generate Token for requested user, for consumption in other tasks -# shellcheck disable=SC2086 - -# DEPRECATION: -# This script is now Deprecated and will be removed in a further update -declare PT_user -declare PT_password - -echo "This task is deprecated and will be removed in a future release. Please see this module's README for more information" -password=$PT_password -user=$PT_user - - -printf "%s" "$password" | puppet access login $user --lifetime 1d diff --git a/tasks/st0371_puppet_commands.json b/tasks/st0371_puppet_commands.json deleted file mode 100644 index 22a0751..0000000 --- a/tasks/st0371_puppet_commands.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "puppet_task_version": 1, - "supports_noop": false, - "description": "ST0371 Puppet Commands - This Task to be used in conjunction with Puppet Enterprise Knowledge Base Article KB0371 - https://support.puppet.com/hc/en-us/articles/", - "parameters": { - "command": { - "description": "The Puppet Primary Server Command Line action to perform", - "type": "Enum[config_print, module_list, infrastructure_status, tune]" - } - } -} diff --git a/tasks/st0371_puppet_commands.sh b/tasks/st0371_puppet_commands.sh deleted file mode 100644 index b25d61a..0000000 --- a/tasks/st0371_puppet_commands.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash - -# - - -declare PT_command -command=$PT_command - - -echo "This task is deprecated and will be removed in a future release. Please see this module's README for more information" - -if [ -e "/etc/sysconfig/pe-puppetserver" ] || [ -e "/etc/default/pe-puppetserver" ] || [ -e "/etc/sysconfig/puppetserver" ] || [ -e "/etc/default/puppetserver" ] # Test to confirm this is a Puppetserver -then - echo "Puppetserver node detected" #Log Line to StdOut for the Console - - -case $command in - config_print) - puppet config print - ;; - module_list) - puppet module list --all - ;; - infrastructure_status) - if [ -e "/etc/sysconfig/puppetserver" ] || [ -e "/etc/default/puppetserver" ] - then - echo "Open Source Puppet detected, this command cannot be run" - else - puppet infrastructure status - fi - ;; - tune) - if [ -e "/etc/sysconfig/puppetserver" ] || [ -e "/etc/default/puppetserver" ] - then - echo "Open Source Puppet detected, this command cannot be run" - else - puppet infrastructure tune - fi - ;; -esac -else - echo "Not a Puppetserver node, exiting" - -fi diff --git a/tasks/st0372_os_commands.json b/tasks/st0372_os_commands.json deleted file mode 100644 index 17fb6a6..0000000 --- a/tasks/st0372_os_commands.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "puppet_task_version": 1, - "supports_noop": false, - "description": "ST0372 OS Commands - This Task to be used in conjunction with Puppet Enterprise Knowledge Base Article KB0372 - https://support.puppet.com/hc/en-us/articles/", - "parameters": { - "command": { - "description": "The Puppet Primary Server Command Line action to perform", - "type": "Enum[puppet_port_status, puppetserver_log, puppetdb_log, console_log, orchestrator_log, syslog_log, ssldir_permissions ]" - } - } -} diff --git a/tasks/st0372_os_commands.sh b/tasks/st0372_os_commands.sh deleted file mode 100644 index 49aa902..0000000 --- a/tasks/st0372_os_commands.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash - -# - -# DEPRECATION: -# This script is now Deprecated and will be removed in a further update - -declare PT_command -command=$PT_command - - -echo "This task is deprecated and will be removed in a future release. Please see this module's README for more information" - -if [ -e "/etc/sysconfig/pe-puppetserver" ] || [ -e "/etc/default/pe-puppetserver" ] || [ -e "/etc/default/puppetserver" ] || [ -e "/etc/sysconfig/puppetserver" ] # Test to confirm this is a Puppetserver -then - echo "Puppetserver node detected" #Log Line to StdOut for the Console - - -case $command in - puppet_port_status) - netstat -ln | grep '8140\|5432\|8170\|8143\|443 \|4433\|8081\|8150\|8151\|8142' - ;; - puppetserver_log) - tail -100 /var/log/puppetlabs/puppetserver/puppetserver.log - ;; - puppetdb_log) - tail -100 /var/log/puppetlabs/puppetdb/puppetdb.log - ;; - console_log) - tail -100 /var/log/puppetlabs/console-services/console-services.log - ;; - orchestrator_log) - tail -100 /var/log/puppetlabs/orchestration-services/orchestration-services.log - ;; - syslog_log) - if [ -e "/var/log/messages" ] - then - tail -100 /var/log/messages - elif [ -e "/var/log/syslog" ] - then - tail -100 /var/log/syslog - else - echo "No default syslog found" - fi - ;; - ssldir_permissions) - find "$(puppet config print ssldir)" -maxdepth 10 -type d -exec ls -ld "{}" \; - ;; -esac -else - echo "Not a Puppetserver node, exiting" - -fi - - - diff --git a/tasks/st0373_api_calls.json b/tasks/st0373_api_calls.json deleted file mode 100644 index 928623a..0000000 --- a/tasks/st0373_api_calls.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "puppet_task_version": 1, - "supports_noop": false, - "description": "ST0373 API Calls - This Task to be used in conjunction with Puppet Enterprise Knowledge Base Article KB0373 - https://support.puppet.com/hc/en-us/articles/", - "parameters": { - "command": { - "description": "The Puppet Primary Server API Commands to Run", - "type": "Enum[ get_all_services_status, manual_gitlab_webhook_hit, create_role_cd4pe, list_tokens ]" - } - } -} diff --git a/tasks/st0373_api_calls.sh b/tasks/st0373_api_calls.sh deleted file mode 100644 index 0cafdb0..0000000 --- a/tasks/st0373_api_calls.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -# -# shellcheck disable=SC2046 - -declare PT_command -command=$PT_command - - -echo "This task is deprecated and will be removed in a future release. Please see this module's README for more information" - -if [ -e "/etc/sysconfig/pe-puppetserver" ] || [ -e "/etc/default/pe-puppetserver" ] # Test to confirm this is a Puppetserver -then - echo "Puppet primary server node detected" #Log Line to StdOut for the Console - - -case $command in - create_role_cd4pe) - curl -X POST -H 'Content-Type: application/json' --cert $(puppet config print hostcert) --key $(puppet config print hostprivkey) --cacert $(puppet config print localcacert) https://$(hostname -f):4433/rbac-api/v1/roles -d '{"description":"CD4PE user role","display_name":"CD4PE Role","user_ids":[],"group_ids":[],"permissions":[{"object_type":"node_groups","action":"modify_children","instance":"*"},{"object_type":"node_groups","action":"set_environment","instance":"*"},{"object_type":"node_groups","action":"view","instance":"*"},{"object_type":"puppet_agent","action":"run","instance":"*"},{"object_type":"environment","action":"deploy_code","instance":"*"},{"object_type":"nodes","action":"view_data","instance":"*"},{"object_type":"node_groups","action":"edit_config_data","instance":"*"},{"object_type":"orchestrator","action":"view","instance":"*"}]}' - ;; - list_tokens) - su - pe-postgres -s /bin/bash -c "/opt/puppetlabs/server/bin/psql -d pe-rbac -c \"select subjects.login,tokens.expiration FROM subjects LEFT JOIN tokens ON subjects.id = tokens.user_id\"" - ;; - manual_gitlab_webhook_hit) - #needs detection of token - curl -k -v -X POST -H "Content-Type: application/json" "https://$(hostname -f):8170/code-manager/v1/webhook?type=gitlab&token=$(cat ~/.puppetlabs/token)" -d '{ "ref": "refs/heads/production" }' - ;; - get_all_services_status) - SET_SERVER=$(puppet config print server) - CONSOLE="${CONSOLE:-$SET_SERVER}" - - curl -X GET \ - --tlsv1 \ - --cert $(puppet config print hostcert) \ - --key $(puppet config print hostprivkey) \ - --cacert $(puppet config print localcacert) \ - https://"${CONSOLE}":4433/status/v1/services | python -m json.tool - ;; -esac -else - echo "Not a Puppet primary server node, exiting" - -fi - - diff --git a/tasks/st1105_primary_server_port_check.json b/tasks/st1105_primary_server_port_check.json deleted file mode 100644 index dde76b1..0000000 --- a/tasks/st1105_primary_server_port_check.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "puppet_task_version": 1, - "description": "Task to test TCP port connectivity of the Puppet Primary Server", - "supports_noop": false -} diff --git a/tasks/st1105_primary_server_port_check.rb b/tasks/st1105_primary_server_port_check.rb deleted file mode 100755 index 0212d89..0000000 --- a/tasks/st1105_primary_server_port_check.rb +++ /dev/null @@ -1,60 +0,0 @@ -#!/opt/puppetlabs/puppet/bin/ruby - -# st1105_primary_server_port_check -# Checks the port requirements for a puppet primary server and prints a short description of the port and it's status. -# PE only and this is to be run against the Puppet primary server. - -require 'socket' -require 'json' - -destination = Addrinfo.getaddrinfo(Socket.gethostname, nil).first.getnameinfo.first -portdesc = { - '8140' => "The primary server uses this port to accept inbound traffic/requests from agents. - The console sends requests to the primary server on this port. Certificate requests are passed over this port unless ca_port is set differently. - Puppet Server status checks are sent over this port.", - '443' => 'This port provides host access to the console. The console accepts HTTPS traffic from end users on this port.', - '4433' => 'This port is used as a classifier/console services API endpoint. The primary server communicates with the console over this port.', - '8081' => 'PuppetDB accepts traffic/requests on this port. The primary server and console send traffic to PuppetDB on this port. PuppetDB status checks are sent over this port.', - '8142' => 'Orchestrator and the Run Puppet button use this port on the primary server to accept inbound traffic/responses from agents via the Puppet Execution Protocol agent.', - '8143' => 'Orchestrator uses this port to accept connections from Puppet Communications Protocol brokers to relay communications. - The orchestrator client also uses this port to communicate with the orchestration services running on the primary server. - If you install the client on a workstation, this port must be available on the workstation.', - '5432' => 'This port is used in a High Availability configuration to replicate data between the primary server and replica.', - '8170' => 'Code Manager uses this port to deploy environments, run webhooks, and make API calls.', -} - -def port_test(dest, port) - begin - Socket.tcp(dest, port, connect_timeout: 5) - rescue Errno::ECONNREFUSED, Errno::EHOSTUNREACH, Errno::ETIMEDOUT - return false - end - true -end - -results_json = [{ - 'message' => 'This task is deprecated and will be removed in a future release. Please see this module’s README for more information.', -}] - -portdesc.each_key do |port_no| - # If port is open - result = if port_test(destination, port_no) - { - 'destination' => destination.to_s, - 'port' => port_no, - 'result' => 'pass', - 'description' => portdesc[port_no], - } - # If port is closed - else - { - 'destination' => destination.to_s, - 'port' => port_no, - 'result' => 'fail', - 'description' => portdesc[port_no], - } - end - results_json << result -end - -puts JSON.pretty_generate(results_json)