improve logging and error reporting in the puppet module (#12369)

For #12355
This commit is contained in:
Roberto Dip 2023-06-16 12:40:50 -03:00 committed by GitHub
parent eefd81233f
commit 6d789d6e19
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 202 additions and 26 deletions

View File

@ -54,7 +54,7 @@ define profiles using the custom resource type `fleetdm::profile`:
```pp
node default {
fleetdm::profile { 'com.apple.universalaccess':
template => 'xml template',
template => template('fleetdm/profile-template.mobileconfig.erb'),
group => 'workstations',
}
}
@ -66,7 +66,12 @@ If your DEP profile had `await_device_configured` set to `true`, you can use the
```
$host_uuid = $facts['system_profiler']['hardware_uuid']
fleetdm::release_device($host_uuid)
$response = fleetdm::release_device($host_uuid)
$err = $response['error']
if $err != '' {
notify { "error releasing device: ${err}": }
}
```
## Limitations

View File

@ -1,10 +1,11 @@
node default {
fleetdm::profile { 'com.apple.universalaccess':
template => 'xml template',
group => 'workstations',
fleetdm::profile { 'cis.macOSBenchmark.section2.BluetoothSharing':
template => template('fleetdm/automatic_updates.mobileconfig.erb'),
group => 'base',
}
fleetdm::profile { 'com.apple.homescreenlayout':
template => 'xml template',
fleetdm::profile { 'com.apple.SoftwareUpdate':
template => template('fleetdm/disable_bluetooth_file_sharing.mobileconfig.erb'),
group => 'workstations',
}
}

View File

@ -4,15 +4,24 @@ require 'puppet/util/fleet_client'
Puppet::Functions.create_function(:"fleetdm::preassign_profile") do
dispatch :preassign_profile do
param 'String', :uuid
param 'String', :profile_identifier
param 'String', :host_uuid
param 'String', :template
optional_param 'String', :group
end
def preassign_profile(uuid, template, group = 'default')
def preassign_profile(profile_identifier, host_uuid, template, group = 'default')
host = call_function('lookup', 'fleetdm::host')
token = call_function('lookup', 'fleetdm::token')
client = Puppet::Util::FleetClient.new(host, token)
client.preassign_profile(uuid, template, group)
response = client.preassign_profile(host_uuid, template, group)
if response['error'].empty?
Puppet.info("successfully pre-assigned profile #{profile_identifier}")
else
Puppet.err("error pre-assigning profile #{profile_identifier}: #{response['error']} \n\n #{template}")
end
response
end
end

View File

@ -32,6 +32,14 @@ Puppet::Functions.create_function(:"fleetdm::release_device") do
host = call_function('lookup', 'fleetdm::host')
token = call_function('lookup', 'fleetdm::token')
client = Puppet::Util::FleetClient.new(host, token)
client.send_mdm_command(uuid, command_xml)
response = client.send_mdm_command(uuid, command_xml)
if response['error'].empty?
Puppet.info('successfully released device')
else
Puppet.err("error releasing device: #{response['error']}")
end
response
end
end

View File

@ -8,7 +8,8 @@ Puppet::Reports.register_report(:fleetdm) do
def process
return if noop
node = Puppet::Node.new(Puppet[:node_name_value])
node_name = Puppet[:node_name_value]
node = Puppet::Node.new(node_name)
compiler = Puppet::Parser::Compiler.new(node)
scope = Puppet::Parser::Scope.new(compiler)
lookup_invocation = Puppet::Pops::Lookup::Invocation.new(scope, {}, {}, nil)
@ -18,7 +19,10 @@ Puppet::Reports.register_report(:fleetdm) do
client = Puppet::Util::FleetClient.new(host, token)
response = client.match_profiles
return unless response[:status] >= 400 && response[:status] < 600
Puppet.err _('Unable to match profiles to Fleet [%{code}] %{message}') % { code: response[:status], message: response[:body] }
if response['error'].empty?
Puppet.info("successfully matched #{node_name} with a team containing configuration profiles")
else
Puppet.err("error matching node #{node_name} with a team containing configuration profiles: #{response['error']}")
end
end
end

View File

@ -59,7 +59,7 @@ module Puppet::Util
#
# I couldn't find a built-in Ruby function to do raw encoding, so we're
# removing the padding manually instead.
'command' => Base64.strict_encode64(command_xml).gsub(/[\n=]/, ""),
'command' => Base64.strict_encode64(command_xml).gsub(%r{[\n=]}, ''),
'device_ids' => [uuid],
})
end
@ -71,6 +71,7 @@ module Puppet::Util
# @param headers [Hash] (optional) Additional headers to include in the request.
# @return [Hash] The response status code, headers, and body.
def post(path, body = nil, headers = {})
out = { 'error' => '' }
uri = URI.parse("#{@host}#{path}")
http = Net::HTTP.new(uri.host, uri.port)
@ -82,23 +83,45 @@ module Puppet::Util
headers.each { |key, value| request[key] = value }
request.body = body.to_json if body
begin
response = http.request(request)
parse_response(response)
out = parse_response(response)
rescue => e
out['error'] = e
end
out
end
private
def parse_response(response)
{
status: response.code.to_i,
headers: response.to_hash,
body: response.body ? JSON.parse(response.body) : nil,
out = {
'status' => response.code.to_i,
'error' => ''
}
if (400...600).cover?(response.code.to_i)
message = 'server returned a non-ok status code without an error'
if response.body
body = JSON.parse(response.body)
message = body['message']
unless body['errors'].nil?
error_messages = body['errors'].map { |e| "#{e['name']} #{e['reason']}" }
message = [message, *error_messages].join(': ')
end
end
out['error'] = message
end
out
rescue JSON::ParserError => e
{
status: response.code.to_i,
headers: response.to_hash,
error: "Failed to parse response body: #{e.message}"
'status' => response.code.to_i,
'error' => "Failed to parse response body: #{e.message}"
}
end
end

View File

@ -36,6 +36,15 @@ define fleetdm::profile (
}
$host_uuid = $facts['system_profiler']['hardware_uuid']
fleetdm::preassign_profile($host_uuid, $template, $group)
$response = fleetdm::preassign_profile($name, $host_uuid, $template, $group)
$err = $response['error']
if $err != '' {
notify { "error pre-assigning profile ${$name}: ${$err}":
loglevel => 'err',
}
} else {
notify { "successfully pre-assigned profile ${$name}": }
}
}
}

View File

@ -1,6 +1,6 @@
{
"name": "root-fleetdm",
"version": "0.1.0",
"version": "0.1.1",
"author": "Fleet Device Management Inc",
"summary": "",
"license": "proprietary",

View File

@ -0,0 +1,57 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>AllowPreReleaseInstallation</key>
<true/>
<key>AutomaticCheckEnabled</key>
<true/>
<key>AutomaticDownload</key>
<true/>
<key>AutomaticallyInstallAppUpdates</key>
<true/>
<key>AutomaticallyInstallMacOSUpdates</key>
<true/>
<key>ConfigDataInstall</key>
<true/>
<key>CriticalUpdateInstall</key>
<true/>
<key>PayloadDescription</key>
<string>Configures Software Update settings</string>
<key>PayloadDisplayName</key>
<string>Software Update</string>
<key>PayloadIdentifier</key>
<string>com.github.erikberglund.ProfileCreator.BEBA0740-4DDB-4AC4-85DC-BA48B96C0DC8.com.apple.SoftwareUpdate.A8B97032-7645-4068-B457-01DE5C6B33F7</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadType</key>
<string>com.apple.SoftwareUpdate</string>
<key>PayloadUUID</key>
<string>A8B97032-7645-4068-B457-01DE5C6B33F7</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>Enables automatic updates</string>
<key>PayloadDisplayName</key>
<string>Turn on automatic updates</string>
<key>PayloadIdentifier</key>
<string>com.github.erikberglund.ProfileCreator.BEBA0740-4DDB-4AC4-85DC-BA48B96C0DC8</string>
<key>PayloadOrganization</key>
<string>FleetDM</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>BEBA0740-4DDB-4AC4-85DC-BA48B96C0DC8</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

View File

@ -0,0 +1,60 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadDescription</key>
<string>This profile configuration is designed to apply the CIS Benchmark for macOS 10.14 (v2.0.0), 10.15 (v2.0.0), 11.0 (v2.0.0), and 12.0 (v1.0.0)</string>
<key>PayloadDisplayName</key>
<string>Disable Bluetooth sharing</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>cis.macOSBenchmark.section2.BluetoothSharing</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>5CEBD712-28EB-432B-84C7-AA28A5A383D8</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>com.apple.Bluetooth</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>PrefKeyServicesEnabled</key>
<false/>
</dict>
</dict>
</array>
</dict>
</dict>
<key>PayloadDescription</key>
<string>Disables Bluetooth Sharing</string>
<key>PayloadDisplayName</key>
<string>Custom</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>0240DD1C-70DC-4766-9018-04322BFEEAD1</string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadUUID</key>
<string>0240DD1C-70DC-4766-9018-04322BFEEAD1</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
</dict>
</plist>