Forge Home

foreman_inventory

A task to generate Bolt inventory from foreman

3,894 downloads

1,745 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 1.1.2 (latest)
  • 1.1.1
  • 1.1.0
  • 1.0.0
released Oct 7th 2020
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
  • Puppet >= 4.10.0 < 7.0.0
  • , , , , , ,
Tasks:
  • resolve_reference

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'andeman-foreman_inventory', '1.1.2'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add andeman-foreman_inventory
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install andeman-foreman_inventory --version 1.1.2

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

andeman/foreman_inventory — version 1.1.2 Oct 7th 2020

foreman_inventory

Table of Contents

  1. Description
  2. Requirements
  3. Usage

Description

This module includes a Bolt plugin to generate Bolt targets from foreman.

More information about foreman: https://theforeman.org/

Requirements

Install requirements

You can skip this steps if you already have the requirements installed. Just make sure you specify the path to hammer in the parameter hammer_cli_bin.

Make sure you have the following packages installed:

git curl libssl-dev libreadline-dev zlib1g-dev autoconf bison build-essential libyaml-dev libreadline-dev libncurses5-dev libffi-dev libgdbm-dev

Install the needed requirements into bolt:

/opt/puppetlabs/bolt/bin/gem install --user-install hammer_cli_foreman

Find the installation diretory of the hammer cli bin (referenced as $INSTALL_DIR):

/opt/puppetlabs/bolt/bin/gem list -d hammer_cli_foreman | grep "Installed at"

 Installed at: ~/.gem/ruby/2.5.0

Make sure you can execute hammer under $INSTALL_DIR/bin/hammer:

~/.gem/ruby/2.5.0/bin/hammer

Use the above path for the parameter: hammer_cli_bin

Configure hammer-cli-foreman

To enable and configure the foreman plugin execute the following steps:

mkdir -p ~/.hammer/cli.modules.d
for i in `gem contents hammer_cli|grep cli_config.template.yml`; do cp $i  ~/.hammer/.; done
mv ~/.hammer/cli_config.template.yml ~/.hammer/cli_config.yml
echo ":foreman:\n  :enable_module: true" > ~/.hammer/cli.modules.d/foreman.yml
chmod 600 ~/.hammer/cli.modules.d/foreman.yml

Usage

The plugin supports looking up hosts managed via foreman through the command `hammer host lists.

Required fields:

  • query: Foreman Filter query for hosts. (Example: "managed=true")

Optional fields:

  • server_url: URL to access foreman (defaults to '')
  • username: Username to access foreman (defaults to '')
  • password: Password for foreman. Overrides pw_prompt. (defaults to '')
  • per_page: Limit results for the foreman search query (default to 1000)
  • page: Show filter page (default to 1)
  • hammer_cli_bin: The binary path of the hammer (default to ~/.gem/ruby/2.5.0/bin/hammer)

Examples

Common usage:

Query foreman server and use a bolt pkcs7 secret as foreman password.

Create a bolt secret with the following command:

bolt secret encrypt YOUR_FOREMAN_PASSWORD

Make sure you fetch the CA certificate for the foreman server:

~/.gem/ruby/2.5.0/bin/hammer --fetch-ca-cert https://foreman.example.de/

More information about bolt secrets: https://puppet.com/docs/bolt/latest/using_plugins.html#secret-plugins

inventory.yaml

groups:
  - name: foreman_hosts
    targets:
      - _plugin: foreman_inventory
        query: "os = CentOS and managed=true"
        server_url: "https://foreman.example.de/"
        username: 'username'
        password:
          _plugin: pkcs7
          encrypted_value: |
            <FOREMAN_PASSWORD_SECRET>        

Another example:

Hammer is installed under /usr/local/bin/hammer. The file ~/.hammer/cli.modules.d/foreman.yml contains the forman server_url, username and passord. We also want to show the second half of 100 servers.

inventory.yaml

groups:
  - name: foreman_hosts
    targets:
      - _plugin: foreman_inventory
        query: "os = CentOS and managed=true"
        hammer_cli_bin: '/usr/local/bin/hammer'
        per_page: 50
        page: 2

Know Issues

CA Certificate for foreman server specified in server_url is missing:

Error executing plugin foreman_inventory from resolve_reference in foreman_inventory: SSL certificate verification failed
Make sure you configured the correct URL and have the server's CA certificate installed on your system.

You can use hammer to fetch the CA certificate from the server. Be aware that hammer cannot verify whether the certificate is correct and you should verify its authenticity after downloading it.

Download the certificate as follows:

  $ hammer --fetch-ca-cert https://foreman.example.de/

Solution:

Fetch the certificate with the hammer binary specified in hammer_cli_bin

~/.gem/ruby/2.5.0/bin/hammer --fetch-ca-cert https://foreman.example.de