The ./modules/puppet/files/make_puppet_reports.py script uses func, we need to port it over to using ansbile now.
using ansible/script/list-vms-per-host as a template 0001-first-version-of-make-puppet-reports-using-ansible-i.patch
ok, good first cut. ;)
Some issues / further background here.
So, the func version of this script uses func to get the inventory of hosts and then checks the reports vs that and mails out. func uses the same certs/inventory as puppet does so that works out. Ansible has it's own inventory that also contains hosts only in ansible/not in puppet, so thats not going to work out as well.
So, perhaps we need to redesign this some:
Pull inventory from puppet somehow? We just need the list of puppet hosts, possibly we could use the output from 'puppet cert list --all' ? Or perhaps there's a way to get this from puppet otherwise?
As long as we can get the inventory we don't really need to call ansible at all here. The current script above you have it calling ansible for the email, but it doesn't seem to work and it doesn't need to call ansible. Just a regular python mail call should work like was in the old script.
Thoughts?
Thanks for working on this...
Pulling inventory from the puppet - Do we use puppetdb? If so, then this looks good - http://docs.puppetlabs.com/puppetdb/latest/api/query/v2/nodes.html#get-v2nodes For puppet 2.7.0 onwards we have an API for getting the nodes.. GET /{environment}/certificate_statuses/no_key though looks like we are on 2.6.18
I am poking around to see what other options are there, if nothing else then would just grab the output of list --all.
OR
Create an ansible inventory group containing just the puppet nodes?
The mail was just to make it look prettier :) Will revert back to the older code.
Is there any test node where I can check the list --all (as it requires sudo). I don't have any working puppet installs to test it with.
Alas, we are using: puppet-2.6.18-3.el6.1.noarch so no puppetdb. ;(
I can get you sample output of the list --all?
replacing func with subprocess.popen of puppet cert list -all 0001-ticket-4000-remove-func.patch
That looks good. ;)
There's no need to call sudo on it if we are running it from root's cron, but otherwise I don't see any problems.
We are in freeze right now, so we probibly want to wait on this until thats over (Hopefully next wed)
Thanks a bunch for working on this.
Pushed live. Thanks!
Login to comment on this ticket.