lib/puppet/application/inspect.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

require 'puppet/application'

class Puppet::Application::Inspect < Puppet::Application

  should_parse_config
  run_mode :agent

  option("--debug","-d")
  option("--verbose","-v")

  option("--logdest LOGDEST", "-l") do |arg|
    begin
      Puppet::Util::Log.newdestination(arg)
      options[:logset] = true
    rescue => detail
      $stderr.puts detail.to_s
    end
  end

  def setup
    exit(Puppet.settings.print_configs ? 0 : 1) if Puppet.settings.print_configs?

    raise "Inspect requires reporting to be enabled. Set report=true in puppet.conf to enable reporting." unless Puppet[:report]

    @report = Puppet::Transaction::Report.new("inspect")

    Puppet::Util::Log.newdestination(@report)
    Puppet::Util::Log.newdestination(:console) unless options[:logset]

    trap(:INT) do
      $stderr.puts "Exiting"
      exit(1)
    end

    if options[:debug]
      Puppet::Util::Log.level = :debug
    elsif options[:verbose]
      Puppet::Util::Log.level = :info
    end

    Puppet::Transaction::Report.indirection.terminus_class = :rest
    Puppet::Resource::Catalog.indirection.terminus_class = :yaml
  end

  def run_command
    retrieval_starttime = Time.now

    unless catalog = Puppet::Resource::Catalog.indirection.find(Puppet[:certname])
      raise "Could not find catalog for #{Puppet[:certname]}"
    end

    @report.configuration_version = catalog.version

    inspect_starttime = Time.now
    @report.add_times("config_retrieval", inspect_starttime - retrieval_starttime)

    catalog.to_ral.resources.each do |ral_resource|
      audited_attributes = ral_resource[:audit]
      next unless audited_attributes

      audited_resource = ral_resource.to_resource

      status = Puppet::Resource::Status.new(ral_resource)
      audited_attributes.each do |name|
        next if audited_resource[name].nil?
        # Skip :absent properties of :absent resources. Really, it would be nicer if the RAL returned nil for those, but it doesn't. ~JW
        if name == :ensure or audited_resource[:ensure] != :absent or audited_resource[name] != :absent
          event = ral_resource.event(:previous_value => audited_resource[name], :property => name, :status => "audit", :message => "inspected value is #{audited_resource[name].inspect}")
          status.add_event(event)
        end
      end
      @report.add_resource_status(status)
    end

    finishtime = Time.now
    @report.add_times("inspect", finishtime - inspect_starttime)
    @report.finalize_report

    begin
      Puppet::Transaction::Report.indirection.save(@report)
    rescue => detail
      puts detail.backtrace if Puppet[:trace]
      Puppet.err "Could not send report: #{detail}"
    end
  end
end