diff --git a/README.md b/README.md index a166986..f68c779 100644 --- a/README.md +++ b/README.md @@ -1,65 +1,160 @@ -# Puppet Alert Actions +# Puppet Alert Orchestrator ##### Table of Contents 1. [Description](#description) 2. [Configuration](#configuration) -3. [Usage](#usage) -4. [Troubleshooting and Verification](#troubleshooting-and-verification) -5. [Breaking Changes](#breaking-changes) +3. [Orchestrator Actions](#orchestrator-actions) +4. [Usage](#usage) +5. [Examples](#example-searches) +6. [Troubleshooting](#troubleshooting-and-verification) ## Description -This Splunk add-on can be used to trigger actions in Puppet Enterprise such as task execution or report generation based on data received from Puppet Enterprise. +This Splunk add-on can be used to trigger Puppet Enterprise Orchestration actions such as plan or task execution; as well as generating detailed Puppet report data. This add-on is intended to be used alongside the [Puppet Report Viewer](https://splunkbase.splunk.com/app/4413/), with data provided by the [splunk_hec](https://forge.puppet.com/puppetlabs/splunk_hec) report processor available on the Puppet Forge. ## Configuration -After installing and configuring both the `splunk_hec` Puppet module and the Puppet Report Viewer app for Splunk; follow the steps below to configure the [Puppet Alert Actions](https://splunkbase.splunk.com/app/4928/) add-on: +After installing and configuring both the `splunk_hec` Puppet module and the Puppet Report Viewer app for Splunk; follow the steps below to configure the [Puppet Alert Orchestrator add-on for Splunk](https://splunkbase.splunk.com/app/4928/): -* **Account**: - * Descriptive Account Name - * PE RBAC User - * Password +### Configuration Tabs - ![Account](TA-puppet-alert-actions/README/img/account.png) +#### Account -* **Configuration**: - * PE Console URL - * Account Name - * Splunk HEC URL - * HEC Token +Add account details for multiple PE RBAC users. + + * **Account name**: Descriptive Account Name + * **Username**: PE RBAC Username + * **Password**: Password _or_ PE RBAC Token + * Check the `pe_token` checkbox if you provide a PE RBAC Token instead of a password. + +![Account](TA-puppet-alert-orchestrator/readme/img/account_config.png) + +#### Logging + +Default log level is `INFO`. + +![Logging](TA-puppet-alert-orchestrator/readme/img/logging_config.png) + +#### Add-on settings + +The following are required fields. + + * **Puppet Enterprise Console**: URL for the default PE Console. + * **Splunk HEC Token**: The HEC Token generated for the Puppet Report Viewer. + * **Splunk HEC URL**: (e.g. `https://http-inputs-<$host>.splunkcloud.com:443/services/collector`) + * **User**: Username for the default account to be used to trigger actions in PE. + +**Note**: See the [Splunk HEC Documentation](https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector) for details on determining the correct URL for your HEC endpoint. - ![Configuration](TA-puppet-alert-actions/README/img/configuration.png) +![Settings](TA-puppet-alert-orchestrator/readme/img/settings_config.png) + +**Note**: Once the add-on has been configured, Splunk will need to be restarted. + +## Orchestrator Actions + +The Orchestrator Actions dashboard is powered by a custom input script which utilizes the configured account credentials to query Puppet Enterprise for Tasks and Plans available to that particular RBAC user. + +![Actions](TA-puppet-alert-orchestrator/readme/img/orchestrator_actions.png) + +#### Splunk Cloud + +The Puppet Enteprise Console URL and Orchestration Services port (**default**: `8143`) need to be added to the [outbound port configuration](https://docs.splunk.com/Documentation/SplunkCloud/latest/Config/ConfigureOutboundPorts). If this is not completed, you will see the following error in the `splunkd` log: + +``` +ERROR ExecProcessor [28983 ExecProcessor] - message from “/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-puppet-alert-orchestrator/bin/inputs/orchestrator_actions.py” TA-puppet-alert-orchestrator: Failed to build event message - HTTPSConnectionPool(host=‘PE_CONSOLE_URL’, port=8143): Max retries exceeded with url: /orchestrator/v1/tasks (Caused by NewConnectionError(‘: Failed to establish a new connection: [Errno 110] Connection timed out’)) +``` + +**Notes**: + +> * By default the custom input script only checks the `production` environment. As a user can override the default environment when configuring the action, they can also input a custom Plan or Task name that may not be listed in the default environment. + +> * This add-on has **only** been tested on the [Victoria Experience](https://docs.splunk.com/Documentation/SplunkCloud/latest/Admin/Experience) of Splunk Cloud. To utilize this add-on with the Classic Experience, your installation will need to include an [Inputs Data Manager (IDM)](https://docs.splunk.com/Documentation/SplunkCloud/latest/Admin/Intro#Splunk_Cloud_Platform_features). +#### Splunk Enterprise + +The interval (**default**: `60m`) at which the input script runs is configurable **only** within Splunk Enterprise by adding the following to a local `inputs.conf` file for the add-on: + +``` +[script://./bin/inputs/orchestrator_actions.py] +# 12h interval +interval = 43200 +# To specify a cron schedule, use the following format: +# " " +``` ## Usage -Once the add-on has been properly configured you can begin creating new Alerts to trigger specified actions (e.g. Run a Task, Generate a Detailed Report) when a new event matching the Alert is received by Splunk. +Once the add-on has been properly configured you can begin creating new Alerts to trigger specified actions (e.g. Run a Puppet Plan, Run a Puppet Task, Generate a detailed Puppet report) when a new event matching the Alert is received by Splunk. 1. Create a Splunk search: - ![Splunk Search](TA-puppet-alert-actions/README/pics/splunk_search.png) + ![Splunk Search](TA-puppet-alert-orchestrator/readme/img/splunk_search.png) 2. Save the search as an Alert: - ![Save Splunk Search](TA-puppet-alert-actions/README/pics/save_as_alert.png) + ![Save Splunk Search](TA-puppet-alert-orchestrator/readme/img/save_as_alert.png) 3. Configure the Alert Actions: - ![Alert Action Configuration](TA-puppet-alert-actions/README/pics/alert_options.png) + ![Alert Action Configuration](TA-puppet-alert-orchestrator/readme/img/alert_options.png) + +## Example Searches + +Examples assume you are also utilizing the Puppet Report Viewer app in conjunction with the `splunk_hec`, `pe_event_forwarding`, and `puppet_metrics_collector` Puppet modules. + +**Action**: Generate a detailed report when the report status has changed. + +**Search**: + +``` +index=main sourcetype=puppet:summary status=changed +``` + +--- + +**Action**: Run Puppet plan `enterprise_tasks::provision_compiler` when the JRuby pool drops below **2**. + +**Search**: + +``` +index=main sourcetype=puppet:metrics pe_service=puppetserver +| rename jruby-metrics.status.experimental.metrics.average-free-jrubies as jrb +| bin _time AS "TIME" span=5m | convert ctime(TIME) +| stats sum(jrb) as JRuby_Pool by TIME +| where ceil(JRuby_Pool) < 2 +``` + +--- + +**Action**: Run a custom Puppet task to revoke an RBAC users status when a specific node group is edited. + +**Search**: + +``` +index=main sourcetype="puppet:activities_classifier" +| search "objects{}.name"="PE Master" +``` ## Troubleshooting and Verification +#### Splunk Cloud + To check the logs of the individual Alerts you can search the internal log index in Splunk with the following search: - * `index=_internal sourcetype=splunkd component=sendmodalert` - - **Note**: Error message verbosity depends on the log level of your installation. +``` +index=_internal sourcetype=splunkd component=sendmodalert action=puppet_* +``` + +#### Splunk Enterprise -Individual Alert Actions are logged to the the Splunk folder (`/opt/splunk/var/log/splunk`) on the system running the actions. +The following logs can be reviewed from the Splunk server: -## Breaking Changes + * `$SPLUNK_HOME/var/log/splunk/puppet_generate_detailed_report_modalert.log` + * `$SPLUNK_HOME/var/log/splunk/puppet_run_plan_modalert.log` + * `$SPLUNK_HOME/var/log/splunk/puppet_run_task_modalert.log` + * `$SPLUNK_HOME/var/log/splunk/splunkd.log` -**Note**: This release of the Puppet Alert Actions add-on no longer utilizes Splunk's Python2 SDK. As such this version will only work on Splunk Enterprise 8.x and Splunk Cloud. +**Note**: Error message verbosity depends on the log level of your installation. \ No newline at end of file diff --git a/TA-puppet-alert-orchestrator/README.md b/TA-puppet-alert-orchestrator/README.md index b083c5c..7bc939d 100644 --- a/TA-puppet-alert-orchestrator/README.md +++ b/TA-puppet-alert-orchestrator/README.md @@ -1,36 +1,163 @@ -Puppet Alert Actions -============== +# Puppet Alert Orchestrator -Description ------------ -This is a Splunk Addon that can trigger actions in Puppet Enterprise such as a task execution or report generation based on data received from Puppet Enterprise. To use this addon it must be installed alongside the (splunk_hec)[https://forge.puppet.com/puppetlabs/splunk_hec] report processor provided in the [Puppet Forge](https://forge.puppet.com/puppetlabs/splunk_hec). The report processor sends data from Puppet to Splunk via the [HTTP Event Collector](https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector). +##### Table of Contents -This is an excellent companion to the (Puppet Report Viewer)[https://splunkbase.splunk.com/app/4413/] because it can trigger actions based on data sent to Splunk via the report viewer. +1. [Description](#description) +2. [Configuration](#configuration) +3. [Orchestrator Actions](#orchestrator-actions) +4. [Usage](#usage) +5. [Examples](#example-searches) +6. [Troubleshooting](#troubleshooting-and-verification) -The steps to get this addon working are: +## Description -1. Install the (Puppet Alert Actions)[https://splunkbase.splunk.com/app/4928/] addon (Note: If you were previously using actions with the Puppet Report Viewer you may need to delete `/opt/splunk/etc/apps/TA-puppet-report-viewer/default/alert_actions.conf` on your splunk server and then restart splunk.) -2. Create at least one HEC input in Splunk. -3. Configure the new Puppet Alert Actions app: add an account, set puppet URIs and HEC token. (Note: Account refers your Puppet Enterprise username) -4. Install the (splunk_hec)[https://forge.puppet.com/puppetlabs/splunk_hec] module in your Puppet environment and configure with the HEC token and Splunk Server +This Splunk add-on can be used to trigger Puppet Enterprise Orchestration actions such as plan or task execution; as well as generating detailed Puppet report data. -Once configured, you should be able to save Splunk Searches as alerts which will trigger the specified action (bolt task, report generation, etc.) whenever a new piece of information that matches the search is sent to Splunk. +This add-on is intended to be used alongside the [Puppet Report Viewer](https://splunkbase.splunk.com/app/4413/), with data provided by the [splunk_hec](https://forge.puppet.com/puppetlabs/splunk_hec) report processor available on the Puppet Forge. -Using the addon: +## Configuration -1. Create a valid Splunk search\ -![Splunk Search](README/pics/splunk_search.png) -2. Save your search as an alert\ -![Save Splunk Search](README/pics/save_as_alert.png) -3. Configure your alert action\ -![Alert Action Configuration](README/pics/alert_options.png) +After installing and configuring both the `splunk_hec` Puppet module and the Puppet Report Viewer app for Splunk; follow the steps below to configure the [Puppet Alert Orchestrator add-on for Splunk](https://splunkbase.splunk.com/app/4928/): +### Configuration Tabs -### Troubleshooting and verification +#### Account -To check the logs of the individual alerts being run you can search the internal log index in splunk: `index=_internal sourcetype=splunkd component=sendmodalert` however not all error messages will show depending on the debug level of your installation. +Add account details for multiple PE RBAC users. -Individual alert actions log to the the Splunk folder on the system running the actions also, so one can see more verbose logs in `/opt/splunk/var/log/splunk` + * **Account name**: Descriptive Account Name + * **Username**: PE RBAC Username + * **Password**: Password _or_ PE RBAC Token + * Check the `pe_token` checkbox if you provide a PE RBAC Token instead of a password. + +![Account](readme/img/account_config.png) + +#### Logging + +Default log level is `INFO`. + +![Logging](readme/img/logging_config.png) + +#### Add-on settings + +The following are required fields. + + * **Puppet Enterprise Console**: URL for the default PE Console. + * **Splunk HEC Token**: The HEC Token generated for the Puppet Report Viewer. + * **Splunk HEC URL**: (e.g. `https://http-inputs-<$host>.splunkcloud.com:443/services/collector`) + * **User**: Username for the default account to be used to trigger actions in PE. + +**Note**: See the [Splunk HEC Documentation](https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector) for details on determining the correct URL for your HEC endpoint. + +![Settings](readme/img/settings_config.png) + +**Note**: Once the add-on has been configured, Splunk will need to be restarted. + +## Orchestrator Actions + +The Orchestrator Actions dashboard is powered by a custom input script which utilizes the configured account credentials to query Puppet Enterprise for Tasks and Plans available to that particular RBAC user. + +![Actions](readme/img/orchestrator_actions.png) + +#### Splunk Cloud + +The Puppet Enteprise Console URL and Orchestration Services port (**default**: `8143`) need to be added to the [outbound port configuration](https://docs.splunk.com/Documentation/SplunkCloud/latest/Config/ConfigureOutboundPorts). If this is not completed, you will see the following error in the `splunkd` log: + +``` +ERROR ExecProcessor [28983 ExecProcessor] - message from “/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-puppet-alert-orchestrator/bin/inputs/orchestrator_actions.py” TA-puppet-alert-orchestrator: Failed to build event message - HTTPSConnectionPool(host=‘PE_CONSOLE_URL’, port=8143): Max retries exceeded with url: /orchestrator/v1/tasks (Caused by NewConnectionError(‘: Failed to establish a new connection: [Errno 110] Connection timed out’)) +``` + +**Notes**: + +> * By default the custom input script only checks the `production` environment. As a user can override the default environment when configuring the action, they can also input a custom Plan or Task name that may not be listed in the default environment. + +> * This add-on has **only** been tested on the [Victoria Experience](https://docs.splunk.com/Documentation/SplunkCloud/latest/Admin/Experience) of Splunk Cloud. To utilize this add-on with the Classic Experience, your installation will need to include an [Inputs Data Manager (IDM)](https://docs.splunk.com/Documentation/SplunkCloud/latest/Admin/Intro#Splunk_Cloud_Platform_features). + +#### Splunk Enterprise + +The interval (**default**: `60m`) at which the input script runs is configurable **only** within Splunk Enterprise by adding the following to a local `inputs.conf` file for the add-on: + +``` +[script://./bin/inputs/orchestrator_actions.py] +# 12h interval +interval = 43200 +# To specify a cron schedule, use the following format: +# " " +``` + +## Usage + +Once the add-on has been properly configured you can begin creating new Alerts to trigger specified actions (e.g. Run a Puppet Plan, Run a Puppet Task, Generate a detailed Puppet report) when a new event matching the Alert is received by Splunk. + +1. Create a Splunk search: + + ![Splunk Search](readme/img/splunk_search.png) + +2. Save the search as an Alert: + + ![Save Splunk Search](readme/img/save_as_alert.png) + +3. Configure the Alert Actions: + + ![Alert Action Configuration](readme/img/alert_options.png) + +## Example Searches + +Examples assume you are also utilizing the Puppet Report Viewer app in conjunction with the `splunk_hec`, `pe_event_forwarding`, and `puppet_metrics_collector` Puppet modules. + +**Action**: Generate a detailed report when the report status has changed. + +**Search**: + +``` +index=main sourcetype=puppet:summary status=changed +``` + +--- + +**Action**: Run Puppet plan `enterprise_tasks::provision_compiler` when the JRuby pool drops below **2**. + +**Search**: + +``` +index=main sourcetype=puppet:metrics pe_service=puppetserver +| rename jruby-metrics.status.experimental.metrics.average-free-jrubies as jrb +| bin _time AS "TIME" span=5m | convert ctime(TIME) +| stats sum(jrb) as JRuby_Pool by TIME +| where ceil(JRuby_Pool) < 2 +``` + +--- + +**Action**: Run a custom Puppet task to revoke an RBAC users status when a specific node group is edited. + +**Search**: + +``` +index=main sourcetype="puppet:activities_classifier" +| search "objects{}.name"="PE Master" +``` + +## Troubleshooting and Verification + +#### Splunk Cloud + +To check the logs of the individual Alerts you can search the internal log index in Splunk with the following search: + +``` +index=_internal sourcetype=splunkd component=sendmodalert action=puppet_* +``` + +#### Splunk Enterprise + +The following logs can be reviewed from the Splunk server: + + * `$SPLUNK_HOME/var/log/splunk/puppet_generate_detailed_report_modalert.log` + * `$SPLUNK_HOME/var/log/splunk/puppet_run_plan_modalert.log` + * `$SPLUNK_HOME/var/log/splunk/puppet_run_task_modalert.log` + * `$SPLUNK_HOME/var/log/splunk/splunkd.log` + +**Note**: Error message verbosity depends on the log level of your installation. ##### Binary File Declaration @@ -42,4 +169,4 @@ bin/ta_puppet_alert_actions/aob_py3/setuptools/cli-64.exe: this file does not re bin/ta_puppet_alert_actions/aob_py3/setuptools/gui.exe: this file does not require any source code bin/ta_puppet_alert_actions/aob_py3/setuptools/gui-32.exe: this file does not require any source code bin/ta_puppet_alert_actions/aob_py3/setuptools/gui-64.exe: this file does not require any source code -``` +``` \ No newline at end of file diff --git a/TA-puppet-alert-orchestrator/README/CHANGELOG.md b/TA-puppet-alert-orchestrator/README/CHANGELOG.md deleted file mode 100644 index 868cb26..0000000 --- a/TA-puppet-alert-orchestrator/README/CHANGELOG.md +++ /dev/null @@ -1,34 +0,0 @@ -Release Notes -============== - -2.0.0: -**Breaking Changes**: -- The alert action named `Generate detailed report` has been renamed `Generate a detailed Puppet report` to make it more specific. The internal name of the action has been renamed to `puppet_generate_detailed_report` from `generate_detailed_report` to prevent confusion with out alert actions and to ensure consistency with other. You will need to update existing searches using this action to use the new name, but no other changes to the searches is required. -- *alert actions will fail until Puppet Username is provided instead of PE auth token* -- *full URIs are now required instead of just hostnames* adds more flexibility the authorization methods (http support and custom ports) but you will need to redo your app configuration before alert actions resume functioning -- Searches defaulting to main and not using the index macros will stop updating if you move the corressponding puppet data to an index but don't change the search - -New Features: -- Built in support for running Bolt Tasks in Puppet Enterprise from Splunk -- Metrics tab to show PE metric data if metrics are configured -- Actions Tab in dashboard added to show logs and status of any of this applications alert actions for debugging or auditing -- Support for Puppet Username/Password instead of auth token -- All searches support per sourcetype indexes - -Fixes: -- Alert actions work with custom parameters -- Before there was no way to see if your alerts were working easily, now they publish information to the puppet:action sourcetype - -1.5.1: -New Features: -- Full dashboard updates -- Support for Facts sourcetype (puppet:facts), and dashboards to use it -- Introduces "Report Builder" page to help a user build reports and then craft custom search from the iterface to use for alerts or their own uses -- Introduces Advanced Search macros to allow for customized indexs without requiring to modify the app. See Advanced Configuration section of the readme -- Add's sourcetypes of puppet:action, puppet:metrics, for future use -- Example Alert added, the search to generate a detailed report for any summary report that isn't "unchanged" has been added to the app, but set as disabled - -Fixes: -- Duplicate item entry fixed, sourcetype's are now configured to extract KV from json only once -- [Updated documentation](https://github.com/puppetlabs/ta-puppet-report-viewer) - diff --git a/TA-puppet-alert-orchestrator/README/DEVELOPING.md b/TA-puppet-alert-orchestrator/README/DEVELOPING.md deleted file mode 100644 index ad79411..0000000 --- a/TA-puppet-alert-orchestrator/README/DEVELOPING.md +++ /dev/null @@ -1,53 +0,0 @@ -## Developing addon builders - -In order to load this module properly into the Splunk Add-On builder for development, the following needs to happen: - -- Checkout the branch you want to work on -- tar.gz the directory -- Go to the splunk addon builder -- Delete a previous version of the add-on if it exists -- Import this version - -``` -$ git checkout -b 'my working branch' -$ COPYFILE_DISABLE=1 tar -C .. --exclude=".git" --exclude="local/" --exclude="metadata/local.meta" --exclude="tmpdir" -czvf tmpdir/TA-puppet-report-viewer.tar.gz TA-puppet-report-viewer -``` - -To add your finished work back to the repo: -- Export the build from the Splunk Add-On tool -- Move the downloaded tar.gz to tmpdir -- Expand the export the export in tmpdir -- sync the local repo with the tmpdir contents -- proceed with git commits as needed, etc - -``` -$ cd tmpdir -$ tar xzvf TA-puppet-report-viewer_2_0_1_export.tgz -$ cd .. -$ rsync -vr tmpdir/TA-puppet-report-viewer_2_0_1_export/* ./ -``` - -## Debuging python alerts - -The only modifiable by us python code in this application is the following files INSIDE the `bin/ta_puppet_report_viewer` directory: -``` -pie/* -modalert_generate_detailed_report_helper.py -modalert_puppet_run_task_act_helper.py -modalert_puppet_run_task_helper.py -modalert_puppet_run_task_investigate_helper.py -puppet_bolt_action.py -puppet_report_generation.py -``` - -Alerts are now stand alone functions that can be run via commandline if they are passed the correct alert content. This works because we've changed the modalert provided by the app builder to be a simple "take the values automagically provided by the builder, create a dictionary, and pass that to our own library." - -Those files (`bin/ta_puppet_report_viewer/puppet_report_generation.py` & `puppet_bolt_action.py`) have an `if __main__` block that will instead parse json from stdin and convert that to an alert dictionary and pass that to the same function invoked by the alert action. This lets us mock up a complete alert action outside of Splunk. These are stored in README/helperjson/ along with a simple python script that lets you end the dictionary and save it to a file. - -Testing should look like: -``` -cd bin/ta_puppet_report_vewier` -cat ../../README/helperjson/debugalert.json | python puppet_report_generation.py -``` - -This gives you interactive python prompt to debug and work with, add print statements, and make sure our interactions with splunk hec and puppet apis are working outside of the Splunk environment, before trying to debug this in the context of the Splunk ecosystem. diff --git a/TA-puppet-alert-orchestrator/README/debugalert.json b/TA-puppet-alert-orchestrator/README/debugalert.json deleted file mode 100644 index 18728c7..0000000 --- a/TA-puppet-alert-orchestrator/README/debugalert.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "global": { - "bolt_user": "splunkrunner", - "bolt_user_pass": "puppetlabs", - "puppet_action_hec_token": "7b2802a3-d11d-4a75-8ded-fa1acd1fbed6", - "puppet_bolt_server": "https://puppet.angrydome.org:8143/orchestrator/v1", - "puppet_db_url": "https://puppet.angrydome.org:8081/pdb/query/v4", - "puppet_enterprise_console": "https://puppet.angrydome.org", - "puppet_read_user": "splunk", - "puppet_read_user_pass": "puppetlabs", - "splunk_hec_token": "fdc081b8-feb7-4e1b-97cc-6a8d141b7cd0", - "splunk_hec_url": "https://splunk.angrydome.org:8088/services/collector" - }, - "param": { - "transaction_uuid": "6b6ae8ad-fe34-4b34-9f64-9bd00eeb5d4b" - }, - "result": { - "_confstr": "source::http:puppet:summary|host::web-front-ends-4nh1.c.splunk-217321.internal|puppet:summary", - "_eventtype_color": "", - "_indextime": "1557290677", - "_raw": "{\"cached_catalog_status\":\"not_used\",\"catalog_uuid\":\"764c768b-daeb-4977-9fb8-32dc1be9ba14\",\"certname\":\"web-front-ends-4nh1.c.splunk-217321.internal\",\"code_id\":\"urn:puppet:code-id:1:5466eb66f5aca3d01c101fabf2a2bd846830473a;production\",\"configuration_version\":\"puppet-production-6bc675d64a4\",\"corrective_change\":false,\"environment\":\"production\",\"job_id\":null,\"metrics\":{\"time\":{\"config_retrieval\":1.3928804732859135,\"fact_generation\":1.5210940204560757,\"catalog_application\":1.0140889920294285,\"total\":7.349034128},\"resources\":{\"total\":136},\"changes\":{\"total\":0}},\"noop\":false,\"noop_pending\":false,\"pe_console\":\"puppet.angrydome.org\",\"producer\":\"puppet.c.splunk-217321.internal\",\"puppet_version\":\"6.4.1\",\"report_format\":10,\"status\":\"unchanged\",\"time\":\"2019-05-08T04:44:30.348Z\",\"transaction_uuid\":\"2bd49f85-7811-4a2d-9ed5-0d3591966da7\"}", - "_serial": "3", - "_si": [ - "splunk-dev.c.splunk-217321.internal", - "main" - ], - "_sourcetype": "puppet:summary", - "_subsecond": ".348", - "_time": "1557290670.348", - "cached_catalog_status": "not_used", - "catalog_uuid": "764c768b-daeb-4977-9fb8-32dc1be9ba14", - "certname": "web-front-ends-4nh1.c.splunk-217321.internal", - "code_id": "urn:puppet:code-id:1:5466eb66f5aca3d01c101fabf2a2bd846830473a;production", - "configuration_version": "puppet-production-6bc675d64a4", - "corrective_change": "false", - "environment": "production", - "eventtype": "", - "host": "web-front-ends-4nh1.c.splunk-217321.internal", - "index": "main", - "job_id": "null", - "linecount": "", - "metrics.changes.total": "0", - "metrics.resources.total": "136", - "metrics.time.catalog_application": "1.0140889920294285", - "metrics.time.config_retrieval": "1.3928804732859135", - "metrics.time.fact_generation": "1.5210940204560757", - "metrics.time.total": "7.349034128", - "noop": "false", - "noop_pending": "false", - "pe_console": "puppet.angrydome.org", - "producer": "puppet.c.splunk-217321.internal", - "punct": "{\"\":\"\",\"\":\"----\",\"\":\"---..-.\",\"\":\"::-::;\",\"\":\"--\",", - "puppet_version": "6.4.1", - "report_format": "10", - "source": "http:puppet:summary", - "sourcetype": "puppet:summary", - "splunk_server": "splunk-dev.c.splunk-217321.internal", - "status": "unchanged", - "time": "2019-05-08T04:44:30.348Z", - "transaction_uuid": "2bd49f85-7811-4a2d-9ed5-0d3591966da7" - } -} \ No newline at end of file diff --git a/TA-puppet-alert-orchestrator/README/img/account.png b/TA-puppet-alert-orchestrator/README/img/account.png deleted file mode 100644 index 649a7c5..0000000 Binary files a/TA-puppet-alert-orchestrator/README/img/account.png and /dev/null differ diff --git a/TA-puppet-alert-orchestrator/README/img/configuration.png b/TA-puppet-alert-orchestrator/README/img/configuration.png deleted file mode 100644 index 5330ff4..0000000 Binary files a/TA-puppet-alert-orchestrator/README/img/configuration.png and /dev/null differ diff --git a/TA-puppet-alert-orchestrator/README/pics/alert_options.png b/TA-puppet-alert-orchestrator/README/pics/alert_options.png deleted file mode 100644 index 874b5e5..0000000 Binary files a/TA-puppet-alert-orchestrator/README/pics/alert_options.png and /dev/null differ diff --git a/TA-puppet-alert-orchestrator/README/pics/save_as_alert.png b/TA-puppet-alert-orchestrator/README/pics/save_as_alert.png deleted file mode 100644 index a128cc2..0000000 Binary files a/TA-puppet-alert-orchestrator/README/pics/save_as_alert.png and /dev/null differ diff --git a/TA-puppet-alert-orchestrator/README/pics/splunk_search.png b/TA-puppet-alert-orchestrator/README/pics/splunk_search.png deleted file mode 100644 index 2353125..0000000 Binary files a/TA-puppet-alert-orchestrator/README/pics/splunk_search.png and /dev/null differ diff --git a/TA-puppet-alert-orchestrator/README/publishing.md b/TA-puppet-alert-orchestrator/README/publishing.md deleted file mode 100644 index 3129320..0000000 --- a/TA-puppet-alert-orchestrator/README/publishing.md +++ /dev/null @@ -1,32 +0,0 @@ -Puppet Report Viewer Publishing Guide -============== - -This documents how this plugin is published. This contains both steps for validating the app, uploading the app to Splunkbase, then tagging and releasing on the forge. - -Build and validate: -An initial validation for building and sanity checks on the app. -- Create a clean installation of Splunk Enterprise -- Build and upload the TA-puppet-report-viewer from the master branch using this command: - - 'COPYFILE_DISABLE=1 tar -C .. --exclude=".git" --exclude="local/" --exclude="metadata/local.meta" --exclude="tmpdir" -czvf tmpdir/TA-puppet-report-viewer.tar.gz TA-puppet-report-viewer` -- Rename file name to be .spl instead of .tar.gz (can be found inside the tmpdir/ dir) -- Download and install the app builder from Splunk - https://splunkbase.splunk.com/app/2962/ -- Install the build '/tmpdir/TA-puppet-report-viewer.spl' on your Splunk installation using the 'manage app' section at the top left dropdown -- In the Splunk Add on Builder page choose the 'Other apps and add-ons', there you should see the Puppet Report Viewer you uploaded listed. -- Run the 'Validate & Package' option under the add-on. Choose the options that are in the bar by default. You may have to confirm your Splunk credentials before this will run. -- Hopefully with all being well the app should pass validation. If not work on the app until you are satisfied with the results from validation. - -Upload the app to SplunkBase: -With the build you created and validated in the first section we will now aim to upload it to the SplunkBase. -- Navigate to the SplunkBase at https://splunkbase.splunk.com/apps/ -- Navigate to 'My Account' - 'My Profile' -- Under your profile you should be able to see the Report Viewer. Click 'manage'. If the app isn't present contact one of the PIE team to get your Splunk user added as an Administrator of the app. -- Click 'New Release', upload the .spl file. This will validate the app before it uploads. -- You can set the visibility of the app in setup. If you want a straightforward release ensure you have set visible to true in the options on this page. Also ensure that you set the default to the new version if applicable. -- That should be you up and running live now you've uploded to splunkbase successfully! - -The Modules Forge Release: -The last step we require is tagging the release in github. -- Do a release prep PR if required to update the CHANGELOG. -- Tag the build with the decided release number (according to semver) and push the tag up to git like the following example: - - git tag -a (version) -m "(version)" Example: git tag -a v2.2.0 -m "v2.2.0" 92488a003a6620555a499e15315c89849b0f150b - - git push upstream --tags \ No newline at end of file diff --git a/TA-puppet-alert-orchestrator/README/ta_puppet_report_viewer_settings.conf.spec b/TA-puppet-alert-orchestrator/README/ta_puppet_report_viewer_settings.conf.spec deleted file mode 100644 index feb5e6c..0000000 --- a/TA-puppet-alert-orchestrator/README/ta_puppet_report_viewer_settings.conf.spec +++ /dev/null @@ -1,11 +0,0 @@ -[additional_parameters] -puppet_enterprise_console = -puppet_read_user = -puppet_read_user_pass = -splunk_hec_url = -splunk_hec_token = -bolt_user = -bolt_user_pass = -puppet_bolt_server = -puppet_action_hec_token = -puppet_db_url = \ No newline at end of file diff --git a/TA-puppet-alert-orchestrator/TA-puppet-alert-actions.aob_meta b/TA-puppet-alert-orchestrator/TA-puppet-alert-actions.aob_meta deleted file mode 100644 index 8b3eb65..0000000 --- a/TA-puppet-alert-orchestrator/TA-puppet-alert-actions.aob_meta +++ /dev/null @@ -1 +0,0 @@ -{"alert_action_builder": {"modular_alerts": [{"description": "Generates a puppet:detailed event from a puppet:summary event", "largeIcon": "iVBORw0KGgoAAAANSUhEUgAAAEgAAABICAYAAABV7bNHAAAFhUlEQVR4Xu2baUhcVxTH/2+cmURTnamxqVOFUMctLqGgxqqtIm7F9oNUTFpssHSDiEOpGFrQDwG10FLBFkstLhjaICiBYpGi2FaE+qFudYEuxkpCrPuWOGbcMuWO0Tp9y7xFW33e+1HPve+en/9z3jn3XRn7TZMdCsY7XyyjpmNVwQqHeypDAQn/gSggFwKmgCggZTmOU0G9YxsYur3htLKGYfB6sjvraccySX/w1X189M2KEwydG7DeZKKACAEK6B8dcIYYBUQBic7cVEFyXvN357cwtfTQaSrDAFEBOpqkRWvvkeGxfM1LgbS6ZsfLHy+i7Zc1KdOOjK3iVmPH0wvvz6HnlnNxeWQoCGx03wABDM6/N4vhO+qCxPxR9YSk86ATWgZPebtB68aFnUGoZQa//7WpBvE4fGAASAJk9tWi5ooB8aE6EFjswSDq6iz6/1SHkiQDIkAiz+pQ9qonEsP0MJ5iQ1qyPsRLHy7ip9/Wj7ySZAEiXgebtLjyggdeSXCH7+MaFojbs1sovnFfEqBfJzYPnfJkAyKe+xo1uJzkjndfPAW/05xJSRKgT1qsuHr9nqQ5B22sCBDZ3GMnGbyW5I5rFz3xpJGtJCkOqBIQAXBCx+BSwkl89qYBBg+uxC0Ok2oBEfc1GuDOl2fg5y0/1FQNiEC6W0MBCcYKBeQilVBAFJC4tw2fFVUQVRBV0L8JKK6k9y5IQ0xAYNGBOnxX7A0fL/nthmoLxYRQPa5bjDD7yq+iCXtVAnr+nB5Vbxtw/qxWWQJTI6DnzulRkeeFC0Hs72VyaB2EgsLDw5GUlARPT0/WlmZnZ1FfXy+4VdlJ+tlgnQNOfKie9YAVmx1lzc63Q8QA+/nWOn4cEXcKmZGRgeTkZM5lJyYm0NHRgby8PERERCAxMZET0NzcHOrq6tDf34+mpibOtWQBeuZpHare8gLJPVzj8qdL+LrrgRgmsm3KyspQXFzMOZ843tfXBwJRzBgdHUVnZ6cDEgG7d0gGFGTSosFiQHwIN5yLFYto7raJ2ZciGyFAchceHBxEfn4+uru7d5dgvr92WtJXDS8PBtFm7pxz6REcSQvK9OYgAJGtjIyMIDc3F0NDQ46d7duHw9zKJTR3P8DGlkyPJU47KEBkGySpd3V17R+gNz5fwo0uG9Y3/wvtbJM8SEDT09OIi4vD+Pi4cgVZau+hus2KTefbMhL1IN1cDKCGhgZYLBbW4gsLC9DphEuT4OBgkOStOMT+r+svQoDsdjtaWlqQlZXFS97HxweTk5PQavkLXFI7cQIidYzV5hwu5ALVGQO7zzqMgHp7exETEyMoS4ZhEBUVhZ6eHl47XkBH4RKnkILEACJUwsLCMDAwAL2eu2SJjo7mVtBxAeTn5+doNdLT0zlVREL1yF7i3A8FESppaWlob2/nDTMKSA6gb3vX8MOw851DjYZBRR67Iz6qSXpHMrIUJKUqoYBc0KKAVAzI398fpNpOSUnh9JJU3KqspMXWQeQwbXh4mFcCmZmZ6gRktVpRXV2NoqIiXueNRqOjY4+MjBSupINMWkUt+MzyFpZXFS0h5Z2wa+uqWSWQKisrUVJSwrn+2NgYAgICBJ/taDWkXgOW5c0BTHIFiDzSZrNhZWUFMzMzaGtrQ2pqKkym7f+aJM2q0IiNjXX0aaoGtBeAo20gHbeIQWxDQkK2jzvUrCARLFgmJDRJb7ZzLk0B7UE0Pz/v+FTU2tq6+1NVAiIqIIdhgYGBokU0NTWFwsJCNDY2Os1RJSBSBxUUFKC0tNTxpjKbzbygiGp2PhzW1tay7FQLaOdEMTs7Gzk5ObyASKFYXl7O+3vVAxIdYzyGFJALghQQBaQsyKiCqIKoglgExJ4HiUFHQ4yGmBid8Nv8DQU6b+fFZyyIAAAAAElFTkSuQmCC", "smallIcon": "iVBORw0KGgoAAAANSUhEUgAAACQAAAAkCAYAAADhAJiYAAACS0lEQVRYR2P8v1byPwMewBj8HJ801eUYRx1EIExRQggWPROT+RjyvLjBWgc0ygadg1wb34FDJduDiyHAnGPgQwhb9Eb0fWBYefQ71XMTLgMJ5jKQxugJHxiWHaaPoxiDzDmwlkO53twMDtpscI8EdL5n2HjqB81DipGBgQFnwTg3S4AhyZkT7gjLyjcMJ279pqmj8DoIZLO/KTvDhgohgo6gVvFA0EEgl8Q6cDIsyhXA6yi6OijShpNhWeGog3DHyGgIEcpCd6eJMSiJMw+ORP1hsQQDPxcoM+IHdMllX5dJMHCxQxzz7ed/Bu6oF4TchSL//z9qmXvnzh0GFRUVDDOEhYUZ3r2DVOyMpiqsWEvq2Zn8DPoKrGBF7778YxCOf0mSY0CK0R2EzwBtbW2Ga9euMRCsXD99/8/AH0NayMAsJsVB9+7dY1BWVibsIErSBrqDpk+fzpCVlQV2r4WFBcPMmTMZ9PT04AHn7e2N6qDEKR/AktF2nAwueuyQOKWg14HuIEZG1MzBzMzM8OfPH7iDQA6kaZuakINALrl16xaDqqoq3FED7qCLFy+iRBvBRE3LKAMFy6BzEHK0PnnyhIFxbZkg3q50cNd7kssfXNk+NzeXYcqUKXDz9u3bx+Do6IiaqPE1Ycl2CVQjtnIIJHb69GkGMzMzDONBuZCoFiO5DiOlYAwKCmJYv349fR30+PFjBllZWQz/ubi4MOzduxdS7tEzykBRoqCggOKgZ8+eMfz69QtRDtHbQYSin+4hNOog5BAgpi5DDzEADvEYHk3zgtIAAAAASUVORK5CYII=", "label": "Generate detailed Puppet report", "short_name": "puppet_generate_detailed_report", "parameters": [{"format_type": "text", "required": false, "name": "puppet_enterprise_console", "label": "Puppet Enterprise Console", "default_value": "", "help_string": "Override which PE Console to use", "type": "", "value": "https://puppet-pdx.c.splunk-217321.internal"}, {"format_type": "text", "required": false, "name": "puppet_default_user", "label": "User", "default_value": "", "help_string": "Override which User account to use", "type": "", "value": "splunk-pdx"}, {"format_type": "text", "required": false, "name": "splunk_hec_url", "label": "Splunk HEC URL", "default_value": "", "help_string": "Override which Splunk HEC URL to use", "type": "", "value": ""}, {"format_type": "text", "required": false, "name": "splunk_hec_token", "label": "Splunk HEC Token", "default_value": "", "help_string": "Override which Splunk HEC Token to use", "type": "", "value": ""}, {"format_type": "text", "required": false, "name": "puppet_action_hec_token", "label": "Action HEC Token", "default_value": "", "help_string": "Override which Action HEC token to use", "type": "", "value": ""}, {"format_type": "text", "required": false, "name": "puppet_db_url", "label": "PuppetDB URL", "default_value": "", "help_string": "Override which PuppetDB URL to use", "type": "", "value": ""}, {"format_type": "text", "required": false, "name": "timeout", "label": "Timeout", "default_value": "", "help_string": "Override timeout settings for this alert", "type": "", "value": ""}, {"format_type": "text", "required": false, "name": "pe_console", "label": "PE Installation", "default_value": "", "help_string": "Override default PE Installation (pe_console value used in splunk_hec module)", "type": "", "value": ""}], "code": "\n# encoding = utf-8\nimport json\nfrom puppet_report_generation import run_report_generation\n\n# given a setting, check to see if the alert is configured with default override\ndef override(setting_name, helper):\n alert_setting = helper.get_param(setting_name)\n global_setting = helper.get_global_setting(setting_name)\n\n if alert_setting is not None and alert_setting is not '':\n final_value = alert_setting\n helper.log_debug(\"Alert value present for '{}' it is '{}'\".format(setting_name, final_value))\n elif global_setting is not None and global_setting is not '':\n final_value = global_setting\n helper.log_debug(\"Alert value NOT present for '{}', using Global value '{}'\".format(setting_name,final_value))\n else:\n helper.log_debug(\"There is no value, None returned\")\n final_value = None\n \n return final_value\n\n# function to make sure we only set values we know aren't None\ndef notnone(default_value, possible_none, helper):\n if possible_none is not None and possible_none is not '':\n helper.log_debug(\"notnone: True\")\n return possible_none\n else:\n helper.log_debug(\"notnone: False\")\n return default_value\n\n\n\ndef process_event(helper, *args, **kwargs):\n \"\"\"\n # IMPORTANT\n # Do not remove the anchor macro:start and macro:end lines.\n # These lines are used to generate sample code. If they are\n # removed, the sample code will not be updated when configurations\n # are updated.\n\n [sample_code_macro:start]\n\n # The following example gets and sets the log level\n helper.set_log_level(helper.log_level)\n\n # The following example gets account information\n user_account = helper.get_user_credential(\"\")\n\n # The following example gets the setup parameters and prints them to the log\n puppet_enterprise_console = helper.get_global_setting(\"puppet_enterprise_console\")\n helper.log_info(\"puppet_enterprise_console={}\".format(puppet_enterprise_console))\n puppet_default_user = helper.get_global_setting(\"puppet_default_user\")\n helper.log_info(\"puppet_default_user={}\".format(puppet_default_user))\n splunk_hec_url = helper.get_global_setting(\"splunk_hec_url\")\n helper.log_info(\"splunk_hec_url={}\".format(splunk_hec_url))\n splunk_hec_token = helper.get_global_setting(\"splunk_hec_token\")\n helper.log_info(\"splunk_hec_token={}\".format(splunk_hec_token))\n bolt_user = helper.get_global_setting(\"bolt_user\")\n helper.log_info(\"bolt_user={}\".format(bolt_user))\n puppet_action_hec_token = helper.get_global_setting(\"puppet_action_hec_token\")\n helper.log_info(\"puppet_action_hec_token={}\".format(puppet_action_hec_token))\n puppet_bolt_server = helper.get_global_setting(\"puppet_bolt_server\")\n helper.log_info(\"puppet_bolt_server={}\".format(puppet_bolt_server))\n puppet_db_url = helper.get_global_setting(\"puppet_db_url\")\n helper.log_info(\"puppet_db_url={}\".format(puppet_db_url))\n timeout = helper.get_global_setting(\"timeout\")\n helper.log_info(\"timeout={}\".format(timeout))\n pe_console = helper.get_global_setting(\"pe_console\")\n helper.log_info(\"pe_console={}\".format(pe_console))\n\n # The following example gets the alert action parameters and prints them to the log\n puppet_enterprise_console = helper.get_param(\"puppet_enterprise_console\")\n helper.log_info(\"puppet_enterprise_console={}\".format(puppet_enterprise_console))\n\n puppet_default_user = helper.get_param(\"puppet_default_user\")\n helper.log_info(\"puppet_default_user={}\".format(puppet_default_user))\n\n splunk_hec_url = helper.get_param(\"splunk_hec_url\")\n helper.log_info(\"splunk_hec_url={}\".format(splunk_hec_url))\n\n splunk_hec_token = helper.get_param(\"splunk_hec_token\")\n helper.log_info(\"splunk_hec_token={}\".format(splunk_hec_token))\n\n puppet_action_hec_token = helper.get_param(\"puppet_action_hec_token\")\n helper.log_info(\"puppet_action_hec_token={}\".format(puppet_action_hec_token))\n\n puppet_db_url = helper.get_param(\"puppet_db_url\")\n helper.log_info(\"puppet_db_url={}\".format(puppet_db_url))\n\n timeout = helper.get_param(\"timeout\")\n helper.log_info(\"timeout={}\".format(timeout))\n\n pe_console = helper.get_param(\"pe_console\")\n helper.log_info(\"pe_console={}\".format(pe_console))\n\n\n # The following example adds two sample events (\"hello\", \"world\")\n # and writes them to Splunk\n # NOTE: Call helper.writeevents() only once after all events\n # have been added\n helper.addevent(\"hello\", sourcetype=\"sample_sourcetype\")\n helper.addevent(\"world\", sourcetype=\"sample_sourcetype\")\n helper.writeevents(index=\"summary\", host=\"localhost\", source=\"localhost\")\n\n # The following example gets the events that trigger the alert\n events = helper.get_events()\n for event in events:\n helper.log_info(\"event={}\".format(event))\n\n # helper.settings is a dict that includes environment configuration\n # Example usage: helper.settings[\"server_uri\"]\n helper.log_info(\"server_uri={}\".format(helper.settings[\"server_uri\"]))\n [sample_code_macro:end]\n \"\"\"\n \n helper.set_log_level(helper.log_level)\n\n helper.log_info(\"Alert action puppet_generate_detailed_report started.\")\n \n helper.log_info(\"Log_level: {}\".format(helper.log_level))\n \n # we use the override function to ensure we always use the alert value over the global if one exists\n helper.log_info(\"Credential lookup\")\n user_name = override('puppet_default_user', helper)\n\n # get_user_credential gives us the user_name, unfortunately we can't search by ID even though inputs can\n puppet_read_account = helper.get_user_credential(user_name)\n puppet_read_user = puppet_read_account[\"username\"]\n puppet_read_user_pass = puppet_read_account[\"password\"]\n\n helper.log_debug(\"username={}\".format(puppet_read_user))\n \n # load the rest of the settings\n helper.log_info(\"Retrieving settings\")\n # Get PE Console, this doesn't set pe_console value, that is from the alert itself\n puppet_enterprise_console = override(\"puppet_enterprise_console\", helper)\n helper.log_debug(\"puppet_enterprise_console={}\".format(puppet_enterprise_console))\n \n # get the URL that we are sending the new event to\n splunk_hec_url = override(\"splunk_hec_url\", helper)\n helper.log_debug(\"splunk_hec_url={}\".format(splunk_hec_url))\n \n # get the token we are using for the event\n splunk_hec_token = override(\"splunk_hec_token\", helper)\n helper.log_debug(\"splunk_hec_token={}\".format(splunk_hec_token))\n\n # we like to be chatty about it\n puppet_action_hec_token = override(\"puppet_action_hec_token\", helper)\n helper.log_debug(\"puppet_action_hec_token={}\".format(puppet_action_hec_token))\n \n # if we have standalone pdb server, this is who we talk to\n puppet_db_url = override(\"puppet_db_url\", helper)\n helper.log_debug(\"puppet_db_url={}\".format(puppet_db_url))\n\n # this is the timeout we use, rarely an issue for pdb lookup\n timeout = override(\"timeout\", helper)\n helper.log_debug(\"timeout={}\".format(timeout))\n\n # create our alert object to build the actual report\n helper.log_info(\"Assembling alert data\")\n alert = {}\n alert['global'] = {}\n alert['param'] = {}\n \n alert['global']['puppet_enterprise_console'] = puppet_enterprise_console\n alert['global']['puppet_read_user'] = puppet_read_user\n alert['global']['puppet_read_user_pass'] = puppet_read_user_pass\n alert['global']['splunk_hec_url'] = splunk_hec_url\n alert['global']['splunk_hec_token'] = splunk_hec_token\n alert['global']['timeout'] = timeout\n \n # we're using the notnone function to ensure we always have a value, even if it's duplicate\n # we call it with notnone(default_value, possible_none, helper) - default_value is returned if possible_none is None\n alert['global']['puppet_action_hec_token'] = notnone(splunk_hec_token, puppet_action_hec_token, helper)\n alert['global']['puppet_db_url'] = notnone(puppet_enterprise_console, puppet_db_url, helper)\n\n\n helper.log_debug(\"Getting event data\")\n # we're going to strip out the three things we need from every event\n # we're also not going to assume we are sent one event\n events = helper.get_events()\n\n # these are the reports we need to retrieve\n transaction_uuids = []\n\n for event_raw in events:\n event = json.loads(event_raw[\"_raw\"])\n helper.log_debug(\"Event Data Raw: {}\".format(event))\n # copy the needed data to a new dictionary\n temp_dict = {\n 'pe_console': event['pe_console'],\n 'transaction_uuid': event['transaction_uuid'],\n 'host': event['certname'],\n }\n transaction_uuids.append(temp_dict.copy())\n\n helper.log_debug(\"Events: {}\".format(transaction_uuids))\n run_report_generation(alert, transaction_uuids, helper)\n\n helper.log_info(\"Alert action puppet_generate_detailed_report completed.\")\n\n return 0\n", "uuid": "851f0d3fc36f4c27b1e6dcd3f4a2f31a"}, {"description": "Run a Bolt Task on the events host with Puppet Enterprise", "largeIcon": "iVBORw0KGgoAAAANSUhEUgAAAEgAAABICAYAAABV7bNHAAAFyUlEQVR4Xu2bXUgcVxTH/+N+RNNi7FqV9EUjFKSiEUyRRqsoKulrEmOCQaVikKINLSimtqXSBx80obSVYjUIChaNwTYqaEi1ItramiJVEItIqKSCmsZY1/3I6pYzbdLo3tmZ2VGzjve+LOyeO3Pvb/7nnHvPnRXcN4+6oaGdv7aC9hGbhiv4d1eBA/L+gDggGQFzQByQthjHVNDdORfGZ50eVy7OOowAYevXBzJIV3es4ZP2vz0AOTuOwmTggMAB/S8CpotxQByQ4sjNFeRLmne43LA/9ux5JGhbCgNwILOYYv0BeKdxFV/1WdV02Ve2mlfSdhfw1qd/4Ycpx76auNLBagZENyJ3zKx+gJFpz8Wl0oH4q92OAHoCKfXDB/iFsQL318krGZfQW2VRVQ96xWLA8UgjBM94LSopqXIZv91jRHglo/FDG5qmKkA0h5sVoTidZGZOx+EC4t9bwu9/uvxwuuqH5BMgUk9nuQWnkw4x77juBGIvL+He4v6H5BMgomIIAL5534KcN9iQ1uxu9PyqLrN1/2xH27B/lW99BkSQTAYBrZdfQm4yG5JaQdd+a0VF66rabrtqrwkQjcxsFNDy7s5A0iUggnTI9C+kcye1KUm3gAhSoEnA9BfhiAoL8FnyugZEVCauheN45LaSowpcHJAMLA6IA+Iu5lUDPAbJuAgHxAGpyMkMU64gL/zSYs3o/9iCQ0ZGoUghd92m+dRYM7qvWBDMOPVQyEY00yWgN18z49YVC0IO+66cJxB1B+hkjBndH1hgeUE7nN1SkCAISEhIQFpaGqKiomAwGLC6uorp6WkMDg7i/v37XkXuc7nj9VdN6PsoVBJO4x0bKlXWduyP3Vh3KKsA9/X1ITU1lTm55uZmlJWV4ezZs6iqqkJ8fLwkBIJUW1uL/v5+bG5uetj5BCjhmBHfV78sCad50Ia3v1xRE35U2w4MDCA9PZ3Zr62tDaScCxcuKL5ue3s7SkpKsLKyddzCsXCjskf2361CXhQwUB0qGXNahuwo+Pyh4oH5augNkNvtFgGpbbOzs0hOTsbi4uLTrqrPxdwCIEggbRu2I++z3YdDo/cGSC2YZ+2npqaQlJSE9fV18WvVgKRu3j5ix/lrewNnNwGJyaK2FhUVFTsH6MaPdpyr2zs4agCRuzmdTjEABwQEwGQyiZ9yjQL75OSkdgV1/mRHbt1DbKqKZHLDk/9diYvRBLOzs7G8vPwUUFBQEK5fv46cnByvN2lpaUFBQYE2QG7KFFcfPpe/IsgBamhoQGlpKVwuz8NLCuCnTp1Cb2+vZDCnfhEREWxAPXcd6Bm3exCuLz4iHhg+257XC1TeAE1MTIiBllzLW2tqakJRUZGkCS0T9u0reN4ANTY24tKlS7J+SqvqtbU1BAYGMm3r6+sPNiCiQmk9NjaWCWh4eJgDqqysRE1NDRPQ/Pw8B5SVlYXbt28zAZH7MWPQ1VtW1H235tFp/usIGP3krwg7EYNogikpKSBXYjWbzaYtzdNF/TGLKQ3SNP6LFy+itbWVCYjWT5q3GvsdUGdnJ86cOcMEtCMr6f0O6NGjRwgODmYCIni6VBDVg/Ly8mTXQYmJiRgfH5e0Ky8v1ycg2qBmZmaKJRGpZjQaYbVaYTazX0alfgRQqD4frGmbeWPUhqk/9v61X7m9GGWgwsJCdHR0eDCKjIwEbUdCQkIkAdICknb0PpVcZbW7BwZygGgIVOKYm5vD0NAQZmZmQGCoTBsTEyNb8sjPzxezm64B+fqcSD0nTpyAw+HggLZD3NjYEOGQC1LjCtpGKDc3d0vc0iWgsbExREdHIywsTLGXUZGeVtVdXV1b+ugSEG01aIdOnxkZGV6PgGhJQIeQxcXFzFNW3QJ6UjCjY2da8MXFxcFisYhHz7T+WVpawujoKOrq6rCwsCCpNN0DUuxjEoYckAxBDogD0uZkXEFcQVxBHgTUlFzl8HEX4y4mpxHvv/8DB5mY/BLDqvAAAAAASUVORK5CYII=", "smallIcon": "iVBORw0KGgoAAAANSUhEUgAAACQAAAAkCAYAAADhAJiYAAACZUlEQVRYR+2WvYsTQRjGnzl2dS9HEm65eBErCVdZH9wljWiRzuZE00RQhCBYiCiIhGiRwsbK/AVHBEEtxC6FZWIvCBYBweJwb+8CC/nc9VZm1+zm9jtxk70iUyXM7Mxvnud933mJ+vGiCo9B9g68pkOfI2cWiMo0lHWxzjEEK0S/fGQKHUonuHD3twbRerWBnS12CaQ5Mo6h3lDF689dTZV719Zwidc9i8wyt3S5/vIYX74NQ88mtw19s4x+uPv8CF9/jBYCRX1xrEMfnvLY2zlvQFx5JOL7L3nuUK5A9OT3T3jc3DWhLj84xE9BmSuUJxA9+d1jHrdzJpSr9yFVdF8gCmC1zwkqrGwMBHRjm8OnZ+ueVi2Blgp5BYj0No049+/5d1m4sBg63t/E+tqKb+2ZBogQApZlMRrZq79nlh3tb4KfgJnmUHoDeiA9eDyq1SrK5fKpy8myjEQigcFgoD/mb+4nHZ+OO1dXkVg1bZoWxgnIS2ae59HpdMz2w2vxLDDTAmnqEOIPxN46gPLHN4QcF1gtq9frKBaL2lqGYUDtmhyFQsEEEqUTbD0UtPnGiw1sZxjd0/94o6xAVAHrUFUzYvr9vgk0j546CBCF4DjO4DQatKiABEFAKpWyA82jrQiikCRJiMfjZwdoMobob9+eOsygzmazaLVahhrdbhexWMz4X6lUEKgfmi3p7ZWa7qMoCkRRRDqdtm2r1SG3Jn9WiMnvrDHktWc+n0ej0VgsULvdRiaTsXHlcjk0m0297i1SoXFhLJVKSCaTqNVq6PV6pwAjAfJ8N6NQaAk0ViBIpbaq9RcI/CtfVnW5BwAAAABJRU5ErkJggg==", "label": "Run a Bolt Task", "short_name": "puppet_run_task", "parameters": [{"format_type": "text", "required": true, "name": "bolt_target", "label": "Host", "default_value": "$result.host$", "help_string": "", "type": "", "value": "$result.host$"}, {"format_type": "text", "required": true, "name": "task_name", "label": "Task", "default_value": "", "help_string": "Name of task to be run, such as: service::linux", "type": "", "value": ""}, {"format_type": "text", "required": false, "name": "task_parameters", "label": "Task Parameters", "default_value": "", "help_string": "Provide parameters as unescaped json: {\"name\" : \"puppet\", \"action\": \"status\"}", "type": "", "value": ""}, {"format_type": "text", "required": true, "name": "puppet_environment", "label": "Puppet Environment", "default_value": "production", "help_string": "Puppet environment that task is located in", "type": "", "value": "production"}, {"format_type": "text", "required": false, "name": "puppet_enterprise_console", "label": "Puppet Enterprise Console", "default_value": "", "help_string": "Override default PE Console", "type": "", "value": ""}, {"format_type": "text", "required": false, "name": "bolt_user", "label": "Bolt User", "default_value": "", "help_string": "Override default Bolt User", "type": "", "value": ""}, {"format_type": "text", "required": false, "name": "pe_console", "label": "PE Installation", "default_value": "", "help_string": "Override default PE Installation (pe_console value used in splunk_hec module)", "type": "", "value": ""}, {"format_type": "text", "required": false, "name": "puppet_bolt_server", "label": "Orch. Services URL", "default_value": "", "help_string": "Override default PE Orch URL", "type": "", "value": ""}, {"format_type": "text", "required": false, "name": "puppet_db_url", "label": "PuppetDB URL", "default_value": "", "help_string": "Override default PuppetDB URL", "type": "", "value": ""}, {"format_type": "text", "required": false, "name": "timeout", "label": "Timeout", "default_value": "", "help_string": "Override default Timeout", "type": "", "value": ""}, {"format_type": "text", "required": false, "name": "splunk_hec_url", "label": "Splunk HEC URL", "default_value": "", "help_string": "Override default Splunk HEC URL", "type": "", "value": ""}, {"format_type": "text", "required": false, "name": "puppet_action_hec_token", "label": "Action HEC Token", "default_value": "", "help_string": "Override default Action HEC Token", "type": "", "value": ""}], "code": "\n# encoding = utf-8\n\nimport json\nfrom puppet_bolt_action import run_bolt_task\n\n# given a setting, check to see if the alert is configured with default override\ndef override(setting_name, helper):\n alert_setting = helper.get_param(setting_name)\n global_setting = helper.get_global_setting(setting_name)\n\n if alert_setting is not None and alert_setting is not '':\n final_value = alert_setting\n helper.log_debug(\"Alert value present for '{}' it is '{}'\".format(setting_name, final_value))\n elif global_setting is not None and global_setting is not '':\n final_value = global_setting\n helper.log_debug(\"Alert value NOT present for '{}', using Global value '{}'\".format(setting_name,final_value))\n else:\n helper.log_debug(\"There is no value, None returned\")\n final_value = None\n \n return final_value\n\n# function to make sure we only set values we know aren't None\ndef notnone(default_value, possible_none, helper):\n if possible_none is not None and possible_none is not '':\n helper.log_debug(\"notnone: True\")\n return possible_none\n else:\n helper.log_debug(\"notnone: False\")\n return default_value\n\n\ndef process_event(helper, *args, **kwargs):\n \"\"\"\n # IMPORTANT\n # Do not remove the anchor macro:start and macro:end lines.\n # These lines are used to generate sample code. If they are\n # removed, the sample code will not be updated when configurations\n # are updated.\n\n [sample_code_macro:start]\n\n # The following example gets and sets the log level\n helper.set_log_level(helper.log_level)\n\n # The following example gets account information\n user_account = helper.get_user_credential(\"\")\n\n # The following example gets the setup parameters and prints them to the log\n puppet_enterprise_console = helper.get_global_setting(\"puppet_enterprise_console\")\n helper.log_info(\"puppet_enterprise_console={}\".format(puppet_enterprise_console))\n puppet_default_user = helper.get_global_setting(\"puppet_default_user\")\n helper.log_info(\"puppet_default_user={}\".format(puppet_default_user))\n splunk_hec_url = helper.get_global_setting(\"splunk_hec_url\")\n helper.log_info(\"splunk_hec_url={}\".format(splunk_hec_url))\n splunk_hec_token = helper.get_global_setting(\"splunk_hec_token\")\n helper.log_info(\"splunk_hec_token={}\".format(splunk_hec_token))\n bolt_user = helper.get_global_setting(\"bolt_user\")\n helper.log_info(\"bolt_user={}\".format(bolt_user))\n puppet_action_hec_token = helper.get_global_setting(\"puppet_action_hec_token\")\n helper.log_info(\"puppet_action_hec_token={}\".format(puppet_action_hec_token))\n puppet_bolt_server = helper.get_global_setting(\"puppet_bolt_server\")\n helper.log_info(\"puppet_bolt_server={}\".format(puppet_bolt_server))\n puppet_db_url = helper.get_global_setting(\"puppet_db_url\")\n helper.log_info(\"puppet_db_url={}\".format(puppet_db_url))\n timeout = helper.get_global_setting(\"timeout\")\n helper.log_info(\"timeout={}\".format(timeout))\n pe_console = helper.get_global_setting(\"pe_console\")\n helper.log_info(\"pe_console={}\".format(pe_console))\n\n # The following example gets the alert action parameters and prints them to the log\n bolt_target = helper.get_param(\"bolt_target\")\n helper.log_info(\"bolt_target={}\".format(bolt_target))\n\n task_name = helper.get_param(\"task_name\")\n helper.log_info(\"task_name={}\".format(task_name))\n\n task_parameters = helper.get_param(\"task_parameters\")\n helper.log_info(\"task_parameters={}\".format(task_parameters))\n\n puppet_environment = helper.get_param(\"puppet_environment\")\n helper.log_info(\"puppet_environment={}\".format(puppet_environment))\n\n puppet_enterprise_console = helper.get_param(\"puppet_enterprise_console\")\n helper.log_info(\"puppet_enterprise_console={}\".format(puppet_enterprise_console))\n\n bolt_user = helper.get_param(\"bolt_user\")\n helper.log_info(\"bolt_user={}\".format(bolt_user))\n\n pe_console = helper.get_param(\"pe_console\")\n helper.log_info(\"pe_console={}\".format(pe_console))\n\n puppet_bolt_server = helper.get_param(\"puppet_bolt_server\")\n helper.log_info(\"puppet_bolt_server={}\".format(puppet_bolt_server))\n\n puppet_db_url = helper.get_param(\"puppet_db_url\")\n helper.log_info(\"puppet_db_url={}\".format(puppet_db_url))\n\n timeout = helper.get_param(\"timeout\")\n helper.log_info(\"timeout={}\".format(timeout))\n\n splunk_hec_url = helper.get_param(\"splunk_hec_url\")\n helper.log_info(\"splunk_hec_url={}\".format(splunk_hec_url))\n\n puppet_action_hec_token = helper.get_param(\"puppet_action_hec_token\")\n helper.log_info(\"puppet_action_hec_token={}\".format(puppet_action_hec_token))\n\n\n # The following example adds two sample events (\"hello\", \"world\")\n # and writes them to Splunk\n # NOTE: Call helper.writeevents() only once after all events\n # have been added\n helper.addevent(\"hello\", sourcetype=\"sample_sourcetype\")\n helper.addevent(\"world\", sourcetype=\"sample_sourcetype\")\n helper.writeevents(index=\"summary\", host=\"localhost\", source=\"localhost\")\n\n # The following example gets the events that trigger the alert\n events = helper.get_events()\n for event in events:\n helper.log_info(\"event={}\".format(event))\n\n # helper.settings is a dict that includes environment configuration\n # Example usage: helper.settings[\"server_uri\"]\n helper.log_info(\"server_uri={}\".format(helper.settings[\"server_uri\"]))\n [sample_code_macro:end]\n \"\"\"\n helper.set_log_level(helper.log_level)\n\n helper.log_info(\"Alert action puppet_run_task started.\")\n\n helper.log_info(\"Log_level: {}\".format(helper.log_level))\n\n # users can provide 3 different usernames:\n # puppet_default_user in the top level config\n # bolt_user in the top level config\n # bolt_user in the alert setup itself\n helper.log_info(\"Credential lookup\")\n puppet_default_user = helper.get_global_setting(\"puppet_default_user\")\n bolt_user_name = override('bolt_user', helper)\n\n # ok at this point we can get the account\n puppet_bolt_user_name = notnone(puppet_default_user, bolt_user_name, helper)\n\n puppet_bolt_account = helper.get_user_credential(puppet_bolt_user_name)\n\n puppet_bolt_user = puppet_bolt_account[\"username\"]\n puppet_bolt_user_pass = puppet_bolt_account[\"password\"]\n\n helper.log_debug(\"username={}\".format(puppet_bolt_user))\n\n # load the rest of the settings\n helper.log_info(\"Retrieving settings\")\n # Get PE Console, this doesn't set pe_console value, that is from the alert itself\n puppet_enterprise_console = override(\"puppet_enterprise_console\", helper)\n helper.log_debug(\"puppet_enterprise_console={}\".format(puppet_enterprise_console))\n \n # get the URL that we are sending the new event to\n splunk_hec_url = override(\"splunk_hec_url\", helper)\n helper.log_debug(\"splunk_hec_url={}\".format(splunk_hec_url))\n\n # get the token we are using for the event\n splunk_hec_token = override(\"splunk_hec_token\", helper)\n helper.log_debug(\"splunk_hec_token={}\".format(splunk_hec_token))\n\n # we like to be chatty about it so we might have a dedicated token\n puppet_action_hec_token = override(\"puppet_action_hec_token\", helper)\n helper.log_debug(\"puppet_action_hec_token={}\".format(puppet_action_hec_token))\n\n # this is the timeout we use, rarely an issue for pdb lookup\n timeout = override(\"timeout\", helper)\n helper.log_debug(\"timeout={}\".format(timeout))\n\n # only need the bolt server\n puppet_bolt_server = override(\"puppet_bolt_server\", helper)\n helper.log_debug(\"puppet_bolt_server={}\".format(puppet_bolt_server))\n\n # we need a pe_console server hostname to indicate which pe install this is for\n pe_console = override(\"pe_console\", helper)\n helper.log_debug(\"pe_console={}\".format(pe_console))\n\n # things that inform our actual bolt task\n\n bolt_target = helper.get_param(\"bolt_target\")\n helper.log_debug(\"bolt_target={}\".format(bolt_target))\n\n task_name = helper.get_param(\"task_name\")\n helper.log_debug(\"task_name={}\".format(task_name))\n\n puppet_environment = helper.get_param(\"puppet_environment\")\n helper.log_debug(\"puppet_environment={}\".format(puppet_environment))\n\n raw_task_parameters = helper.get_param(\"task_parameters\")\n helper.log_debug(\"raw_task_parameters={}\".format(raw_task_parameters))\n\n helper.log_debug(\"Validating if user provided Task Parameters are valid json\")\n if raw_task_parameters is not None and raw_task_parameters is not '':\n try:\n json_task_parameters = json.loads(raw_task_parameters)\n task_parameters = json.dumps(json_task_parameters)\n helper.log_debug(\"Task Parameters are valid json\")\n except:\n error_string = 'Task {} for host {} uninstigated - Task Parameters must be in a correct JSON format, please check this and try again'.format(task_name,bolt_target)\n helper.log_error(error_string)\n else:\n empty_dict = {}\n task_parameters = json.dumps(empty_dict)\n helper.log_debug(\"Task Parameters were empty so forcing valid blank json\")\n \n helper.log_debug(\"task_parameters={}\".format(task_parameters))\n\n # create our alert object to build the actual report\n helper.log_info(\"Assembling alert data\")\n alert = {}\n alert['global'] = {}\n alert['param'] = {}\n alert['global']['puppet_enterprise_console'] = puppet_enterprise_console\n alert['global']['splunk_hec_url'] = splunk_hec_url\n alert['global']['bolt_user'] = puppet_bolt_user\n alert['global']['bolt_user_pass'] = puppet_bolt_user_pass\n alert['global']['puppet_bolt_server'] = notnone(puppet_enterprise_console, puppet_bolt_server, helper)\n alert['global']['puppet_action_hec_token'] = notnone(splunk_hec_token, puppet_action_hec_token, helper)\n alert['global']['timeout'] = timeout\n\n # Load the alert specific settings that are really the task we're running\n alert['param']['action_target'] = bolt_target\n alert['param']['task_name'] = task_name\n alert['param']['task_parameters'] = task_parameters\n alert['param']['puppet_environment'] = puppet_environment\n\n\n # we don't need to log the event data, but we could do something here to extract if it's a puppet sourcetyep\n # if so, we extract the transaction_uuid to link it back in the action?\n # events = helper.get_events()\n\n helper.log_info(\"Alert action data extracted and passed to run_bolt_task\")\n\n run_bolt_task(alert, helper)\n\n helper.log_info(\"Bolt task has completed successfully\")\n\n # TODO: Implement your alert action logic here\n return 0\n", "uuid": "bd4950b6ec674a28adfb0346cb4775ee"}]}, "basic_builder": {"appname": "TA-puppet-alert-orchestrator", "friendly_name": "Puppet Alert Orchestrator", "version": "1.0.0", "author": "Puppet, Inc.", "description": "Collection of alert actions specifically for Puppet Enterprise.", "theme": "#000000", "large_icon": "iVBORw0KGgoAAAANSUhEUgAAAEgAAABICAYAAABV7bNHAAAFyUlEQVR4Xu2bXUgcVxTH/+N+RNNi7FqV9EUjFKSiEUyRRqsoKulrEmOCQaVikKINLSimtqXSBx80obSVYjUIChaNwTYqaEi1ItramiJVEItIqKSCmsZY1/3I6pYzbdLo3tmZ2VGzjve+LOyeO3Pvb/7nnHvPnRXcN4+6oaGdv7aC9hGbhiv4d1eBA/L+gDggGQFzQByQthjHVNDdORfGZ50eVy7OOowAYevXBzJIV3es4ZP2vz0AOTuOwmTggMAB/S8CpotxQByQ4sjNFeRLmne43LA/9ux5JGhbCgNwILOYYv0BeKdxFV/1WdV02Ve2mlfSdhfw1qd/4Ycpx76auNLBagZENyJ3zKx+gJFpz8Wl0oH4q92OAHoCKfXDB/iFsQL318krGZfQW2VRVQ96xWLA8UgjBM94LSopqXIZv91jRHglo/FDG5qmKkA0h5sVoTidZGZOx+EC4t9bwu9/uvxwuuqH5BMgUk9nuQWnkw4x77juBGIvL+He4v6H5BMgomIIAL5534KcN9iQ1uxu9PyqLrN1/2xH27B/lW99BkSQTAYBrZdfQm4yG5JaQdd+a0VF66rabrtqrwkQjcxsFNDy7s5A0iUggnTI9C+kcye1KUm3gAhSoEnA9BfhiAoL8FnyugZEVCauheN45LaSowpcHJAMLA6IA+Iu5lUDPAbJuAgHxAGpyMkMU64gL/zSYs3o/9iCQ0ZGoUghd92m+dRYM7qvWBDMOPVQyEY00yWgN18z49YVC0IO+66cJxB1B+hkjBndH1hgeUE7nN1SkCAISEhIQFpaGqKiomAwGLC6uorp6WkMDg7i/v37XkXuc7nj9VdN6PsoVBJO4x0bKlXWduyP3Vh3KKsA9/X1ITU1lTm55uZmlJWV4ezZs6iqqkJ8fLwkBIJUW1uL/v5+bG5uetj5BCjhmBHfV78sCad50Ia3v1xRE35U2w4MDCA9PZ3Zr62tDaScCxcuKL5ue3s7SkpKsLKyddzCsXCjskf2361CXhQwUB0qGXNahuwo+Pyh4oH5augNkNvtFgGpbbOzs0hOTsbi4uLTrqrPxdwCIEggbRu2I++z3YdDo/cGSC2YZ+2npqaQlJSE9fV18WvVgKRu3j5ix/lrewNnNwGJyaK2FhUVFTsH6MaPdpyr2zs4agCRuzmdTjEABwQEwGQyiZ9yjQL75OSkdgV1/mRHbt1DbKqKZHLDk/9diYvRBLOzs7G8vPwUUFBQEK5fv46cnByvN2lpaUFBQYE2QG7KFFcfPpe/IsgBamhoQGlpKVwuz8NLCuCnTp1Cb2+vZDCnfhEREWxAPXcd6Bm3exCuLz4iHhg+257XC1TeAE1MTIiBllzLW2tqakJRUZGkCS0T9u0reN4ANTY24tKlS7J+SqvqtbU1BAYGMm3r6+sPNiCiQmk9NjaWCWh4eJgDqqysRE1NDRPQ/Pw8B5SVlYXbt28zAZH7MWPQ1VtW1H235tFp/usIGP3krwg7EYNogikpKSBXYjWbzaYtzdNF/TGLKQ3SNP6LFy+itbWVCYjWT5q3GvsdUGdnJ86cOcMEtCMr6f0O6NGjRwgODmYCIni6VBDVg/Ly8mTXQYmJiRgfH5e0Ky8v1ycg2qBmZmaKJRGpZjQaYbVaYTazX0alfgRQqD4frGmbeWPUhqk/9v61X7m9GGWgwsJCdHR0eDCKjIwEbUdCQkIkAdICknb0PpVcZbW7BwZygGgIVOKYm5vD0NAQZmZmQGCoTBsTEyNb8sjPzxezm64B+fqcSD0nTpyAw+HggLZD3NjYEOGQC1LjCtpGKDc3d0vc0iWgsbExREdHIywsTLGXUZGeVtVdXV1b+ugSEG01aIdOnxkZGV6PgGhJQIeQxcXFzFNW3QJ6UjCjY2da8MXFxcFisYhHz7T+WVpawujoKOrq6rCwsCCpNN0DUuxjEoYckAxBDogD0uZkXEFcQVxBHgTUlFzl8HEX4y4mpxHvv/8DB5mY/BLDqvAAAAAASUVORK5CYII=", "small_icon": "iVBORw0KGgoAAAANSUhEUgAAACQAAAAkCAYAAADhAJiYAAACZUlEQVRYR+2WvYsTQRjGnzl2dS9HEm65eBErCVdZH9wljWiRzuZE00RQhCBYiCiIhGiRwsbK/AVHBEEtxC6FZWIvCBYBweJwb+8CC/nc9VZm1+zm9jtxk70iUyXM7Mxvnud933mJ+vGiCo9B9g68pkOfI2cWiMo0lHWxzjEEK0S/fGQKHUonuHD3twbRerWBnS12CaQ5Mo6h3lDF689dTZV719Zwidc9i8wyt3S5/vIYX74NQ88mtw19s4x+uPv8CF9/jBYCRX1xrEMfnvLY2zlvQFx5JOL7L3nuUK5A9OT3T3jc3DWhLj84xE9BmSuUJxA9+d1jHrdzJpSr9yFVdF8gCmC1zwkqrGwMBHRjm8OnZ+ueVi2Blgp5BYj0No049+/5d1m4sBg63t/E+tqKb+2ZBogQApZlMRrZq79nlh3tb4KfgJnmUHoDeiA9eDyq1SrK5fKpy8myjEQigcFgoD/mb+4nHZ+OO1dXkVg1bZoWxgnIS2ae59HpdMz2w2vxLDDTAmnqEOIPxN46gPLHN4QcF1gtq9frKBaL2lqGYUDtmhyFQsEEEqUTbD0UtPnGiw1sZxjd0/94o6xAVAHrUFUzYvr9vgk0j546CBCF4DjO4DQatKiABEFAKpWyA82jrQiikCRJiMfjZwdoMobob9+eOsygzmazaLVahhrdbhexWMz4X6lUEKgfmi3p7ZWa7qMoCkRRRDqdtm2r1SG3Jn9WiMnvrDHktWc+n0ej0VgsULvdRiaTsXHlcjk0m0297i1SoXFhLJVKSCaTqNVq6PV6pwAjAfJ8N6NQaAk0ViBIpbaq9RcI/CtfVnW5BwAAAABJRU5ErkJggg==", "visible": true, "tab_version": "3.0.1", "tab_build_no": "2", "build_no": 3}, "data_input_builder": {"datainputs": []}, "global_settings_builder": {"global_settings": {"log_settings": {"log_level": "INFO"}, "credential_settings": [], "customized_settings": [{"format_type": "text", "required": true, "name": "puppet_enterprise_console", "label": "Puppet Enterprise Console", "default_value": "https://puppet.company.lan", "help_string": "URL to access the Puppet Enterprise console", "internal_name": "", "type": "text", "value": "https://puppet-lhr.c.splunk-217321.internal"}, {"format_type": "text", "required": true, "name": "puppet_default_user", "label": "User", "default_value": "", "help_string": "Account name from Global Accounts to use by default", "internal_name": "", "type": "text", "value": "splunk-lhr"}, {"format_type": "text", "required": true, "name": "splunk_hec_url", "label": "Splunk HEC URL", "default_value": "https://splunk.company.lan:8088/services/collector", "help_string": "", "internal_name": "", "type": "text", "value": "https://splunk.c.splunk-217321.internal:8088/services/collector"}, {"format_type": "text", "required": true, "name": "splunk_hec_token", "label": "Splunk HEC Token", "default_value": "", "help_string": "Token from HEC configured with puppet:summary or puppet:detailed sourcetype", "internal_name": "", "type": "text", "value": "aa2d7aa6-e1a7-42b5-94f6-4d08b458605c"}, {"format_type": "text", "required": false, "name": "bolt_user", "label": "Bolt User", "default_value": "", "help_string": "Account name from Global Accounts to use by default for Bolt Actions", "internal_name": "", "type": "text", "value": ""}, {"format_type": "text", "required": false, "name": "puppet_action_hec_token", "label": "Action HEC Token", "default_value": "", "help_string": "Provide token if using dedicated HEC to track the actions of this add-on", "internal_name": "", "type": "text", "value": ""}, {"format_type": "text", "required": false, "name": "puppet_bolt_server", "label": "Orch. Services URL", "default_value": "", "help_string": "Puppet Enterprise Orchestrator URL (derived from PE Console by default)", "internal_name": "", "type": "text", "value": ""}, {"format_type": "text", "required": false, "name": "puppet_db_url", "label": "PuppetDB URL", "default_value": "", "help_string": "URL to access PuppetDB (derived from PE Console by default)", "internal_name": "", "type": "text", "value": ""}, {"format_type": "text", "required": false, "name": "timeout", "label": "Timeout", "default_value": "", "help_string": "Maximum time any action should take in seconds", "internal_name": "", "type": "text", "value": ""}, {"format_type": "text", "required": false, "name": "pe_console", "label": "PE Installation", "default_value": "", "help_string": "Hostname of PE Installation - puppet.company.lan or pe_console value from splunk_hec module", "internal_name": "", "type": "text", "value": ""}]}}, "sourcetype_builder": {}} \ No newline at end of file diff --git a/TA-puppet-alert-orchestrator/default/addon_builder.conf b/TA-puppet-alert-orchestrator/default/addon_builder.conf index dead041..5962b1c 100644 --- a/TA-puppet-alert-orchestrator/default/addon_builder.conf +++ b/TA-puppet-alert-orchestrator/default/addon_builder.conf @@ -1,7 +1,7 @@ # this file is generated by add-on builder automatically # please do not edit it [base] -builder_version = 3.0.1 -builder_build = 2 +builder_version = 4.1.1 +builder_build = 0 is_edited = 1 diff --git a/TA-puppet-alert-orchestrator/metadata/default.meta b/TA-puppet-alert-orchestrator/metadata/default.meta index 6b6b298..21dca43 100644 --- a/TA-puppet-alert-orchestrator/metadata/default.meta +++ b/TA-puppet-alert-orchestrator/metadata/default.meta @@ -1,8 +1,8 @@ [] -access = read : [ * ], write : [ admin ] +access = read : [ * ], write : [ admin, sc_admin ] export = system [views] -access = read : [ * ], write : [ admin ] +access = read : [ * ], write : [ admin, sc_admin ] export = none diff --git a/TA-puppet-alert-orchestrator/readme/CHANGELOG.md b/TA-puppet-alert-orchestrator/readme/CHANGELOG.md new file mode 100644 index 0000000..86668ef --- /dev/null +++ b/TA-puppet-alert-orchestrator/readme/CHANGELOG.md @@ -0,0 +1,31 @@ +# Release Notes + +## Version 1.0.0 + +**Breaking Changes**: + + * This release of the Puppet Alert Orchestrator add-on for Splunk no longer utilizes Splunk's Python2 SDK. As such this version will only work on Splunk Enterprise 8.x+ and Splunk Cloud. + * Removed a number of "Add-on settings" that were already configurable within the actions. + * "Run a Bolt Task" is now "Run a Puppet Task". + +**New Features**: + + * **Orchestrator Actions**: + * All new dashboard powered by a custom input which uses the configured account credentials to query PE for Plans and Tasks available to that particular RBAC user. + * By default the custom input script only checks for actions available in the `production` environment. + * Added "Run a Puppet Plan" **Action**. + * New action added that allows user to trigger Puppet Plans. When configuring the action, the Plan name is populated with the same data as the Orchestrator Actions dashboard. + * "Run a Puppet Task" **Action**. + * When configuring the action, the Task name is populated with the same data as the Orchestrator Actions dashboard. + +## Version 0.6.0 + +**Fixes**: + + * In a distributed Splunk installation, settings specific to this add-on were not properly replicated across the cluster. This release adds a default `server.conf` file with an `[shclustering]` stanza to ensure the proper settings are replicated. + +## Version 0.5.0 + +**Notes**: + + * This is an initial release of the Puppet Alert Actions App. This contains just the alert actions needed to retrieve detailed reports or run tasks in Puppet Enterprise. This App is only for Puppet Enterprise users. diff --git a/TA-puppet-alert-orchestrator/readme/DEVELOPING.md b/TA-puppet-alert-orchestrator/readme/DEVELOPING.md new file mode 100644 index 0000000..9e61393 --- /dev/null +++ b/TA-puppet-alert-orchestrator/readme/DEVELOPING.md @@ -0,0 +1,43 @@ +# Puppet Alert Orchestrator Development Guide + +This add-on was originally created using the [Splunk Add-on Builder](https://splunkbase.splunk.com/app/2962) tool within the Splunk UI; while it still utilizes the [`aob_py3` library](https://docs.splunk.com/Documentation/AddonBuilder/latest/UserGuide/PythonHelperFunctions), this add-on can no longer be imported and exported into the Add-on Builder app due to a number of custom changes made to **v1.0.0**. + +## Input Scripts + +Custom input scripts can be found in `bin/inputs` with configuration located in `default/inputs.conf`. + +For detailed information on creating custom inputs, see the Splunk documentation [here](https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/custominputs/scriptedinputsexample/). + +## Alert Actions + +### Python Code + +The following files in `bin/ta_puppet_alert_actions` are modifiable for this add-on: + +``` +pie/* +modalert_generate_detailed_report_helper.py +modalert_puppet_run_plan_helper.py +modalert_puppet_run_task_helper.py +puppet_plan_action.py +puppet_report_generation.py +puppet_task_action.py +``` + +The following files are Splunk generated files that should be used as an example when adding new Alert Actions to this add-on: + +``` +bin/puppet_generate_detailed_report.py +bin/puppet_run_plan.py +bin/puppet_run_task.py +``` + +### Developing Alert Actions + +A single alert action (`puppet_run_plan`) consists of the following files: + + * `bin/puppet_run_plan.py` + * `bin/ta_puppet_alert_actions/modalert_puppet_run_plan_helper.py` + * `bin/ta_puppet_alert_actions/puppet_plan_action.py` + +While the manual steps are not the exact same, additional information on creating custom alert actions can be found in the Splunk documentation [here](https://docs.splunk.com/Documentation/AddonBuilder/latest/UserGuide/CreateAlertActions). diff --git a/TA-puppet-alert-orchestrator/README/LICENSE b/TA-puppet-alert-orchestrator/readme/LICENSE similarity index 100% rename from TA-puppet-alert-orchestrator/README/LICENSE rename to TA-puppet-alert-orchestrator/readme/LICENSE diff --git a/TA-puppet-alert-orchestrator/readme/PUBLISHING.md b/TA-puppet-alert-orchestrator/readme/PUBLISHING.md new file mode 100644 index 0000000..aa65472 --- /dev/null +++ b/TA-puppet-alert-orchestrator/readme/PUBLISHING.md @@ -0,0 +1,41 @@ +# Puppet Alert Orchestrator Publishing Guide + +This document contains steps to publish the Puppet Report Viewer app for Splunk to Splunkbase. + +## Build app package + +First open a release prep PR to update the following files: + + * `app.manifest` + * `default/app.conf` + * `README.md` + * `readme/CHANGELOG.md` + +Tagging the release in GitHub will trigger the [release workflow](https://github.com/puppetlabs/TA-puppet-alert-actions/workflows/release.yml) to build the app package. + +Tag the release with the appropriate version ID and push the tag upstream: + + * `git tag ` (**e.g.** `git tag v4.0.0 92488a003a6620555a499e15315c89849b0f150b`) + * `git push upstream --tags` + +**Note**: The package is uploaded to GitHub as a `.zip` file. As such, you will first need to run the `unzip` command to expose the `.tar.gz` file. + +## Manually upload the app to Splunkbase + +After unzipping the file to a `.tar.gz` perform the following steps: + + * Navigate to [Splunkbase](https://splunkbase.splunk.com) and log in. + * Navigate to **My Account** -> **My Profile**. + * Under your profile you will see our Splunk applications. + * Select **Manage App** next to the application name. + * On the right, select **New Version**. + * Upload the `.tar.gz` file. + +The new release should appear in the list of available versions. Select the release to finalize the upload: + + * Copy the latest release notes from the `CHANGELOG`. + * If needed, modify the **Splunk Version Compatibility** matrix. + * Select **Make my release visible** and click **save**. + * Next to the version number, select **DEFAULT** to ensure the latest version is being served. + +Lastly, if there were any changes to the `README` you will want to add those to the application **Details** in the left navigation pane. diff --git a/TA-puppet-alert-orchestrator/README/addon_builder.conf.spec b/TA-puppet-alert-orchestrator/readme/addon_builder.conf.spec similarity index 100% rename from TA-puppet-alert-orchestrator/README/addon_builder.conf.spec rename to TA-puppet-alert-orchestrator/readme/addon_builder.conf.spec diff --git a/TA-puppet-alert-orchestrator/README/alert_actions.conf.spec b/TA-puppet-alert-orchestrator/readme/alert_actions.conf.spec similarity index 100% rename from TA-puppet-alert-orchestrator/README/alert_actions.conf.spec rename to TA-puppet-alert-orchestrator/readme/alert_actions.conf.spec diff --git a/TA-puppet-alert-orchestrator/README/helperjson/debugalert.json b/TA-puppet-alert-orchestrator/readme/helperjson/debugalert.json similarity index 100% rename from TA-puppet-alert-orchestrator/README/helperjson/debugalert.json rename to TA-puppet-alert-orchestrator/readme/helperjson/debugalert.json diff --git a/TA-puppet-alert-orchestrator/README/helperjson/generatejson.python b/TA-puppet-alert-orchestrator/readme/helperjson/generatejson.python similarity index 100% rename from TA-puppet-alert-orchestrator/README/helperjson/generatejson.python rename to TA-puppet-alert-orchestrator/readme/helperjson/generatejson.python diff --git a/TA-puppet-alert-orchestrator/README/lastlogin.json b/TA-puppet-alert-orchestrator/readme/helperjson/lastlogin.json similarity index 100% rename from TA-puppet-alert-orchestrator/README/lastlogin.json rename to TA-puppet-alert-orchestrator/readme/helperjson/lastlogin.json diff --git a/TA-puppet-alert-orchestrator/README/helperjson/result.json b/TA-puppet-alert-orchestrator/readme/helperjson/result.json similarity index 100% rename from TA-puppet-alert-orchestrator/README/helperjson/result.json rename to TA-puppet-alert-orchestrator/readme/helperjson/result.json diff --git a/TA-puppet-alert-orchestrator/README/servicelinuxtask.json b/TA-puppet-alert-orchestrator/readme/helperjson/servicelinuxtask.json similarity index 100% rename from TA-puppet-alert-orchestrator/README/servicelinuxtask.json rename to TA-puppet-alert-orchestrator/readme/helperjson/servicelinuxtask.json diff --git a/TA-puppet-alert-orchestrator/readme/img/account_config.png b/TA-puppet-alert-orchestrator/readme/img/account_config.png new file mode 100644 index 0000000..262ac76 Binary files /dev/null and b/TA-puppet-alert-orchestrator/readme/img/account_config.png differ diff --git a/TA-puppet-alert-orchestrator/readme/img/alert_options.png b/TA-puppet-alert-orchestrator/readme/img/alert_options.png new file mode 100644 index 0000000..7a46c90 Binary files /dev/null and b/TA-puppet-alert-orchestrator/readme/img/alert_options.png differ diff --git a/TA-puppet-alert-orchestrator/readme/img/logging_config.png b/TA-puppet-alert-orchestrator/readme/img/logging_config.png new file mode 100644 index 0000000..3c863a0 Binary files /dev/null and b/TA-puppet-alert-orchestrator/readme/img/logging_config.png differ diff --git a/TA-puppet-alert-orchestrator/readme/img/orchestrator_actions.png b/TA-puppet-alert-orchestrator/readme/img/orchestrator_actions.png new file mode 100644 index 0000000..34d1166 Binary files /dev/null and b/TA-puppet-alert-orchestrator/readme/img/orchestrator_actions.png differ diff --git a/TA-puppet-alert-orchestrator/readme/img/save_as_alert.png b/TA-puppet-alert-orchestrator/readme/img/save_as_alert.png new file mode 100644 index 0000000..5fc710c Binary files /dev/null and b/TA-puppet-alert-orchestrator/readme/img/save_as_alert.png differ diff --git a/TA-puppet-alert-orchestrator/readme/img/settings_config.png b/TA-puppet-alert-orchestrator/readme/img/settings_config.png new file mode 100644 index 0000000..61cb0fc Binary files /dev/null and b/TA-puppet-alert-orchestrator/readme/img/settings_config.png differ diff --git a/TA-puppet-alert-orchestrator/readme/img/splunk_search.png b/TA-puppet-alert-orchestrator/readme/img/splunk_search.png new file mode 100644 index 0000000..1df8caf Binary files /dev/null and b/TA-puppet-alert-orchestrator/readme/img/splunk_search.png differ diff --git a/TA-puppet-alert-orchestrator/README/ta_puppet_alert_actions_account.conf.spec b/TA-puppet-alert-orchestrator/readme/ta_puppet_alert_actions_account.conf.spec similarity index 100% rename from TA-puppet-alert-orchestrator/README/ta_puppet_alert_actions_account.conf.spec rename to TA-puppet-alert-orchestrator/readme/ta_puppet_alert_actions_account.conf.spec diff --git a/TA-puppet-alert-orchestrator/README/ta_puppet_alert_actions_settings.conf.spec b/TA-puppet-alert-orchestrator/readme/ta_puppet_alert_actions_settings.conf.spec similarity index 100% rename from TA-puppet-alert-orchestrator/README/ta_puppet_alert_actions_settings.conf.spec rename to TA-puppet-alert-orchestrator/readme/ta_puppet_alert_actions_settings.conf.spec