mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 08:55:24 +00:00
improve logging and error reporting in the puppet module (#12369)
For #12355
This commit is contained in:
parent
eefd81233f
commit
6d789d6e19
@ -54,7 +54,7 @@ define profiles using the custom resource type `fleetdm::profile`:
|
||||
```pp
|
||||
node default {
|
||||
fleetdm::profile { 'com.apple.universalaccess':
|
||||
template => 'xml template',
|
||||
template => template('fleetdm/profile-template.mobileconfig.erb'),
|
||||
group => 'workstations',
|
||||
}
|
||||
}
|
||||
@ -66,7 +66,12 @@ If your DEP profile had `await_device_configured` set to `true`, you can use the
|
||||
|
||||
```
|
||||
$host_uuid = $facts['system_profiler']['hardware_uuid']
|
||||
fleetdm::release_device($host_uuid)
|
||||
$response = fleetdm::release_device($host_uuid)
|
||||
$err = $response['error']
|
||||
|
||||
if $err != '' {
|
||||
notify { "error releasing device: ${err}": }
|
||||
}
|
||||
```
|
||||
|
||||
## Limitations
|
||||
|
@ -1,10 +1,11 @@
|
||||
node default {
|
||||
fleetdm::profile { 'com.apple.universalaccess':
|
||||
template => 'xml template',
|
||||
group => 'workstations',
|
||||
fleetdm::profile { 'cis.macOSBenchmark.section2.BluetoothSharing':
|
||||
template => template('fleetdm/automatic_updates.mobileconfig.erb'),
|
||||
group => 'base',
|
||||
}
|
||||
|
||||
fleetdm::profile { 'com.apple.homescreenlayout':
|
||||
template => 'xml template',
|
||||
fleetdm::profile { 'com.apple.SoftwareUpdate':
|
||||
template => template('fleetdm/disable_bluetooth_file_sharing.mobileconfig.erb'),
|
||||
group => 'workstations',
|
||||
}
|
||||
}
|
||||
|
@ -4,15 +4,24 @@ require 'puppet/util/fleet_client'
|
||||
|
||||
Puppet::Functions.create_function(:"fleetdm::preassign_profile") do
|
||||
dispatch :preassign_profile do
|
||||
param 'String', :uuid
|
||||
param 'String', :profile_identifier
|
||||
param 'String', :host_uuid
|
||||
param 'String', :template
|
||||
optional_param 'String', :group
|
||||
end
|
||||
|
||||
def preassign_profile(uuid, template, group = 'default')
|
||||
def preassign_profile(profile_identifier, host_uuid, template, group = 'default')
|
||||
host = call_function('lookup', 'fleetdm::host')
|
||||
token = call_function('lookup', 'fleetdm::token')
|
||||
client = Puppet::Util::FleetClient.new(host, token)
|
||||
client.preassign_profile(uuid, template, group)
|
||||
response = client.preassign_profile(host_uuid, template, group)
|
||||
|
||||
if response['error'].empty?
|
||||
Puppet.info("successfully pre-assigned profile #{profile_identifier}")
|
||||
else
|
||||
Puppet.err("error pre-assigning profile #{profile_identifier}: #{response['error']} \n\n #{template}")
|
||||
end
|
||||
|
||||
response
|
||||
end
|
||||
end
|
||||
|
@ -32,6 +32,14 @@ Puppet::Functions.create_function(:"fleetdm::release_device") do
|
||||
host = call_function('lookup', 'fleetdm::host')
|
||||
token = call_function('lookup', 'fleetdm::token')
|
||||
client = Puppet::Util::FleetClient.new(host, token)
|
||||
client.send_mdm_command(uuid, command_xml)
|
||||
response = client.send_mdm_command(uuid, command_xml)
|
||||
|
||||
if response['error'].empty?
|
||||
Puppet.info('successfully released device')
|
||||
else
|
||||
Puppet.err("error releasing device: #{response['error']}")
|
||||
end
|
||||
|
||||
response
|
||||
end
|
||||
end
|
||||
|
@ -8,7 +8,8 @@ Puppet::Reports.register_report(:fleetdm) do
|
||||
|
||||
def process
|
||||
return if noop
|
||||
node = Puppet::Node.new(Puppet[:node_name_value])
|
||||
node_name = Puppet[:node_name_value]
|
||||
node = Puppet::Node.new(node_name)
|
||||
compiler = Puppet::Parser::Compiler.new(node)
|
||||
scope = Puppet::Parser::Scope.new(compiler)
|
||||
lookup_invocation = Puppet::Pops::Lookup::Invocation.new(scope, {}, {}, nil)
|
||||
@ -18,7 +19,10 @@ Puppet::Reports.register_report(:fleetdm) do
|
||||
client = Puppet::Util::FleetClient.new(host, token)
|
||||
response = client.match_profiles
|
||||
|
||||
return unless response[:status] >= 400 && response[:status] < 600
|
||||
Puppet.err _('Unable to match profiles to Fleet [%{code}] %{message}') % { code: response[:status], message: response[:body] }
|
||||
if response['error'].empty?
|
||||
Puppet.info("successfully matched #{node_name} with a team containing configuration profiles")
|
||||
else
|
||||
Puppet.err("error matching node #{node_name} with a team containing configuration profiles: #{response['error']}")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -59,7 +59,7 @@ module Puppet::Util
|
||||
#
|
||||
# I couldn't find a built-in Ruby function to do raw encoding, so we're
|
||||
# removing the padding manually instead.
|
||||
'command' => Base64.strict_encode64(command_xml).gsub(/[\n=]/, ""),
|
||||
'command' => Base64.strict_encode64(command_xml).gsub(%r{[\n=]}, ''),
|
||||
'device_ids' => [uuid],
|
||||
})
|
||||
end
|
||||
@ -71,6 +71,7 @@ module Puppet::Util
|
||||
# @param headers [Hash] (optional) Additional headers to include in the request.
|
||||
# @return [Hash] The response status code, headers, and body.
|
||||
def post(path, body = nil, headers = {})
|
||||
out = { 'error' => '' }
|
||||
uri = URI.parse("#{@host}#{path}")
|
||||
|
||||
http = Net::HTTP.new(uri.host, uri.port)
|
||||
@ -82,23 +83,45 @@ module Puppet::Util
|
||||
headers.each { |key, value| request[key] = value }
|
||||
request.body = body.to_json if body
|
||||
|
||||
begin
|
||||
response = http.request(request)
|
||||
parse_response(response)
|
||||
out = parse_response(response)
|
||||
rescue => e
|
||||
out['error'] = e
|
||||
end
|
||||
|
||||
out
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def parse_response(response)
|
||||
{
|
||||
status: response.code.to_i,
|
||||
headers: response.to_hash,
|
||||
body: response.body ? JSON.parse(response.body) : nil,
|
||||
out = {
|
||||
'status' => response.code.to_i,
|
||||
'error' => ''
|
||||
}
|
||||
|
||||
if (400...600).cover?(response.code.to_i)
|
||||
message = 'server returned a non-ok status code without an error'
|
||||
|
||||
if response.body
|
||||
body = JSON.parse(response.body)
|
||||
message = body['message']
|
||||
|
||||
unless body['errors'].nil?
|
||||
error_messages = body['errors'].map { |e| "#{e['name']} #{e['reason']}" }
|
||||
message = [message, *error_messages].join(': ')
|
||||
end
|
||||
end
|
||||
|
||||
out['error'] = message
|
||||
end
|
||||
|
||||
out
|
||||
rescue JSON::ParserError => e
|
||||
{
|
||||
status: response.code.to_i,
|
||||
headers: response.to_hash,
|
||||
error: "Failed to parse response body: #{e.message}"
|
||||
'status' => response.code.to_i,
|
||||
'error' => "Failed to parse response body: #{e.message}"
|
||||
}
|
||||
end
|
||||
end
|
||||
|
@ -36,6 +36,15 @@ define fleetdm::profile (
|
||||
}
|
||||
|
||||
$host_uuid = $facts['system_profiler']['hardware_uuid']
|
||||
fleetdm::preassign_profile($host_uuid, $template, $group)
|
||||
$response = fleetdm::preassign_profile($name, $host_uuid, $template, $group)
|
||||
$err = $response['error']
|
||||
|
||||
if $err != '' {
|
||||
notify { "error pre-assigning profile ${$name}: ${$err}":
|
||||
loglevel => 'err',
|
||||
}
|
||||
} else {
|
||||
notify { "successfully pre-assigned profile ${$name}": }
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "root-fleetdm",
|
||||
"version": "0.1.0",
|
||||
"version": "0.1.1",
|
||||
"author": "Fleet Device Management Inc",
|
||||
"summary": "",
|
||||
"license": "proprietary",
|
||||
|
@ -0,0 +1,57 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>PayloadContent</key>
|
||||
<array>
|
||||
<dict>
|
||||
<key>AllowPreReleaseInstallation</key>
|
||||
<true/>
|
||||
<key>AutomaticCheckEnabled</key>
|
||||
<true/>
|
||||
<key>AutomaticDownload</key>
|
||||
<true/>
|
||||
<key>AutomaticallyInstallAppUpdates</key>
|
||||
<true/>
|
||||
<key>AutomaticallyInstallMacOSUpdates</key>
|
||||
<true/>
|
||||
<key>ConfigDataInstall</key>
|
||||
<true/>
|
||||
<key>CriticalUpdateInstall</key>
|
||||
<true/>
|
||||
<key>PayloadDescription</key>
|
||||
<string>Configures Software Update settings</string>
|
||||
<key>PayloadDisplayName</key>
|
||||
<string>Software Update</string>
|
||||
<key>PayloadIdentifier</key>
|
||||
<string>com.github.erikberglund.ProfileCreator.BEBA0740-4DDB-4AC4-85DC-BA48B96C0DC8.com.apple.SoftwareUpdate.A8B97032-7645-4068-B457-01DE5C6B33F7</string>
|
||||
<key>PayloadOrganization</key>
|
||||
<string></string>
|
||||
<key>PayloadType</key>
|
||||
<string>com.apple.SoftwareUpdate</string>
|
||||
<key>PayloadUUID</key>
|
||||
<string>A8B97032-7645-4068-B457-01DE5C6B33F7</string>
|
||||
<key>PayloadVersion</key>
|
||||
<integer>1</integer>
|
||||
</dict>
|
||||
</array>
|
||||
<key>PayloadDescription</key>
|
||||
<string>Enables automatic updates</string>
|
||||
<key>PayloadDisplayName</key>
|
||||
<string>Turn on automatic updates</string>
|
||||
<key>PayloadIdentifier</key>
|
||||
<string>com.github.erikberglund.ProfileCreator.BEBA0740-4DDB-4AC4-85DC-BA48B96C0DC8</string>
|
||||
<key>PayloadOrganization</key>
|
||||
<string>FleetDM</string>
|
||||
<key>PayloadRemovalDisallowed</key>
|
||||
<true/>
|
||||
<key>PayloadScope</key>
|
||||
<string>System</string>
|
||||
<key>PayloadType</key>
|
||||
<string>Configuration</string>
|
||||
<key>PayloadUUID</key>
|
||||
<string>BEBA0740-4DDB-4AC4-85DC-BA48B96C0DC8</string>
|
||||
<key>PayloadVersion</key>
|
||||
<integer>1</integer>
|
||||
</dict>
|
||||
</plist>
|
@ -0,0 +1,60 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
|
||||
<key>PayloadDescription</key>
|
||||
<string>This profile configuration is designed to apply the CIS Benchmark for macOS 10.14 (v2.0.0), 10.15 (v2.0.0), 11.0 (v2.0.0), and 12.0 (v1.0.0)</string>
|
||||
<key>PayloadDisplayName</key>
|
||||
<string>Disable Bluetooth sharing</string>
|
||||
<key>PayloadEnabled</key>
|
||||
<true/>
|
||||
<key>PayloadIdentifier</key>
|
||||
<string>cis.macOSBenchmark.section2.BluetoothSharing</string>
|
||||
<key>PayloadScope</key>
|
||||
<string>System</string>
|
||||
<key>PayloadType</key>
|
||||
<string>Configuration</string>
|
||||
<key>PayloadUUID</key>
|
||||
<string>5CEBD712-28EB-432B-84C7-AA28A5A383D8</string>
|
||||
<key>PayloadVersion</key>
|
||||
<integer>1</integer>
|
||||
<key>PayloadRemovalDisallowed</key>
|
||||
<true/>
|
||||
<key>PayloadContent</key>
|
||||
<array>
|
||||
<dict>
|
||||
<key>PayloadContent</key>
|
||||
<dict>
|
||||
<key>com.apple.Bluetooth</key>
|
||||
<dict>
|
||||
<key>Forced</key>
|
||||
<array>
|
||||
<dict>
|
||||
<key>mcx_preference_settings</key>
|
||||
<dict>
|
||||
<key>PrefKeyServicesEnabled</key>
|
||||
<false/>
|
||||
</dict>
|
||||
</dict>
|
||||
</array>
|
||||
</dict>
|
||||
</dict>
|
||||
<key>PayloadDescription</key>
|
||||
<string>Disables Bluetooth Sharing</string>
|
||||
<key>PayloadDisplayName</key>
|
||||
<string>Custom</string>
|
||||
<key>PayloadEnabled</key>
|
||||
<true/>
|
||||
<key>PayloadIdentifier</key>
|
||||
<string>0240DD1C-70DC-4766-9018-04322BFEEAD1</string>
|
||||
<key>PayloadType</key>
|
||||
<string>com.apple.ManagedClient.preferences</string>
|
||||
<key>PayloadUUID</key>
|
||||
<string>0240DD1C-70DC-4766-9018-04322BFEEAD1</string>
|
||||
<key>PayloadVersion</key>
|
||||
<integer>1</integer>
|
||||
</dict>
|
||||
</array>
|
||||
</dict>
|
||||
</plist>
|
Loading…
Reference in New Issue
Block a user