WIP/RFC: Add run_agent task

alexjfisher · alexjfisher · commit 442424ceb1d1 · 2019-10-17T12:09:39.000+01:00
diff --git a/tasks/run_agent.json b/tasks/run_agent.json
@@ -0,0 +1,16 @@
+{
+  "description": "Runs the puppet agent",
+  "supports_noop": true,
+  "files": ["ruby_task_helper/files/task_helper.rb"],
+  "input_method": "stdin",
+  "parameters": {
+    "puppet_bin": {
+      "description": "The full path to the puppet binary.  Defaults to `'/opt/puppetlabs/bin/puppet'`.",
+      "type": "Optional[Stdlib::Absolutepath]"
+    },
+    "wait_time": {
+      "description": "How many seconds should the task wait for an existing puppet run to finish.  Defaults to `300` (5 minutes).",
+      "type": "Optional[Integer[0]]"
+    }
+  }
+}
diff --git a/tasks/run_agent.rb b/tasks/run_agent.rb
@@ -0,0 +1,160 @@
+#!/opt/puppetlabs/puppet/bin/ruby
+
+require 'open3'
+require 'etc'
+require 'json'
+require 'yaml'
+require_relative '../../ruby_task_helper/files/task_helper.rb'
+
+class RunAgentTask < TaskHelper
+  def task(puppet_bin: '/opt/puppetlabs/bin/puppet', wait_time: 300, _noop: false, **_kwargs)
+    @puppet_bin = puppet_bin
+    @wait_time = wait_time
+    @noop = _noop
+
+    check_running_as_root
+    check_agent_not_disabled
+    wait_for_puppet_lockfile
+    run_puppet
+  end
+
+  def wait_for_puppet_lockfile
+    waited = 0
+    while agent_locked? && waited < @wait_time
+      sleep 1
+      waited += 1
+    end
+
+    if agent_locked?
+      raise TaskHelper::Error.new(
+        'Lockfile still exists after waiting',
+        'theforeman-puppet/lockfile_timeout_expired'
+      )
+    end
+
+    waited
+  end
+
+  def check_agent_not_disabled
+    if agent_disabled?
+      raise TaskHelper::Error.new(
+        'Agent is disabled on this node',
+        'theforeman-puppet/agent_disabled',
+        disabled_reason
+      )
+    end
+  end
+
+  def agent_locked?
+    File.exist?(agent_catalog_run_lockfile)
+  end
+
+  def agent_disabled?
+    File.exist?(agent_disabled_lockfile)
+  end
+
+  def disabled_reason
+    file = File.open agent_disabled_lockfile
+    data = JSON.load file
+    file.close
+    data
+  end
+
+  def agent_disabled_lockfile
+    return @agent_disabled_lockfile unless @agent_disabled_lockfile.nil?
+
+    @agent_disabled_lockfile = agent_config('agent_disabled_lockfile')
+    @agent_disabled_lockfile
+  end
+
+  def agent_catalog_run_lockfile
+    return @lockfile unless @lockfile.nil?
+
+    @lockfile = agent_config('agent_catalog_run_lockfile')
+    @lockfile
+  end
+
+  def lastrunfile
+    return @lastrunfile unless @lastrunfile.nil?
+
+    @lastrunfile = agent_config('lastrunfile')
+    @lastrunfile
+  end
+
+  def agent_config(setting)
+    cmd = [@puppet_bin, 'config', 'print', setting]
+    stdout, stderr, status = Open3.capture3(*cmd)
+
+    unless status.exitstatus.zero?
+      raise TaskHelper::Error.new(
+        "Couldn't determine #{setting} configuration",
+        'theforeman-puppet/config_unknown',
+        stderr: stderr
+      )
+    end
+    stdout.strip
+  end
+
+  def check_running_as_root
+    unless Process.euid.zero?
+      raise TaskHelper::Error.new(
+        'Puppet agent needs to run as root',
+        'theforeman-puppet/bad_euid',
+        euid: Process.euid
+      )
+    end
+  end
+
+  def run_puppet
+    cmd = [@puppet_bin, 'agent', '-t', '--detailed-exitcodes']
+    cmd << if @noop
+             '--noop'
+           else
+             '--no-noop'
+           end
+
+    stdout, stderr, status = Open3.capture3(*cmd)
+
+    case status.exitstatus
+    when 0
+      {
+        result: 'The run succeeded with no changes or failures; the system was already in the desired state (or --noop was used).',
+        stdout: stdout,
+        stderr: stderr,
+        detailed_exitcode: 0,
+        last_run_summary: last_run_summary
+      }
+    when 1
+      raise TaskHelper::Error.new(
+        'Puppet run failed',
+        'theforeman-puppet/run_failed',
+        stderr: stderr,
+        stdout: stdout,
+        detailed_exitcode: status.exitstatus
+      )
+    when 2
+      {
+        result: 'The run succeeded, and some resources were changed.',
+        stdout: stdout,
+        stderr: stderr,
+        detailed_exitcode: 2,
+        last_run_summary: last_run_summary
+      }
+    when 4, 6
+      raise TaskHelper::Error.new(
+        'Puppet run succeeded, but some resources failed',
+        'theforeman-puppet/failed_resources',
+        stderr: stderr,
+        stdout: stdout,
+        detailed_exitcode: status.exitstatus,
+        last_run_summary: last_run_summary
+      )
+    end
+  end
+
+  def last_run_summary
+    YAML.load_file(lastrunfile)
+  end
+end
+
+RunAgentTask.run if $PROGRAM_NAME == __FILE__
