voxpupuli / puppetboard

Web frontend for PuppetDB
https://pypi.org/project/puppetboard/
Apache License 2.0
708 stars 239 forks source link
dashboard hacktoberfest puppetdb reporting

Puppetboard

PyPI Version PyPI Downloads Tests Status codecov By Voxpupuli

Puppetboard is a web interface to PuppetDB aiming to replace the reporting functionality of Puppet Enterprise console (previously: Puppet Dashboard) for the open source Puppet.

Overview

See more screenshots here.

Table of Contents

Requirements

Installation

Puppetboard is packaged and available on PyPI.

With Puppet module

There is a Puppet module originally written by Spencer Krum and currently maintained by Voxpupuli that takes care of installing the Puppetboard for you.

To see how to get it working with RedHat/Centos 7 check out these docs.

Using Docker

We provide an official Docker image in:

You can run the app on your PuppetDB host with this command:

docker run -it \
  -e PUPPETDB_HOST=localhost \
  -e PUPPETDB_PORT=8080 \
  -e SECRET_KEY=XXXXXXXX \
  --net=host \
  ghcr.io/voxpupuli/puppetboard

Note: you must provide a secret key! Generate one for example by running ruby -e "require 'securerandom'; puts SecureRandom.hex(32)".

Optionally you can set PUPPETBOARD_URL_PREFIX env variable to a value like /puppetboard to run the app under a URL prefix.

You can use the following Puppet Code to have Puppetboard managed by Puppet:

include docker

docker::image { 'ghcr.io/voxpupuli/puppetboard': }

docker::run { 'puppetboard':
  image => 'ghcr.io/voxpupuli/puppetboard',
  env   => [
    'PUPPETDB_HOST=127.0.0.1',
    'PUPPETDB_PORT=8080',
    'PUPPETBOARD_PORT=8088',
    'SECRET_KEY=XXXXXXXX',
  ],
  net   => 'host',
}

If you want to have all features enabled, you must use SSL talking to PuppetDB:

file { '/etc/puppetboard':
  ensure => directory,
}
file { '/etc/puppetboard/key.pem':
  ensure => file,
  mode   => '0644',
  source => "/etc/puppetlabs/puppet/ssl/private_keys/${facts['networking']['fqdn']}.pem",
}
file { '/etc/puppetboard/cert.pem':
  ensure => file,
  mode   => '0644',
  source => "/etc/puppetlabs/puppet/ssl/certs/${facts['networking']['fqdn']}.pem",
}

include docker

docker::image { 'ghcr.io/voxpupuli/puppetboard': }

docker::run { 'puppetboard':
  image   => 'ghcr.io/voxpupuli/puppetboard',
  volumes => ['/etc/puppetboard:/etc/puppetboard:ro'],
  env     => [
    'PUPPETDB_HOST=puppet', # this must be the certname or DNS_ALT_NAME of the PuppetDB host
    'PUPPETDB_PORT=8081',
    'PUPPETBOARD_PORT=8080',
    'ENABLE_CATALOG=true',
    'PUPPETDB_SSL_VERIFY=false',
    'PUPPETDB_KEY=/etc/puppetboard/key.pem',
    'PUPPETDB_CERT=/etc/puppetboard/cert.pem',
    'SECRET_KEY=XXXXXXXX',
    'DEFAULT_ENVIRONMENT=*',
  ],
  net     => 'host',
}

Within an air gapped environment you want to load all content from your local puppetboard web service. Add: 'OFFLINE_MODE=true', to the env parameter list of the docker::run Puppet type.

We also provide the Dockerfile, so you can build the image yourself:

docker build -t puppetboard .

From a package

Actively maintained packages:

Manually

You can also install the package from PyPI and configure a WSGI-capable application server to serve it.

We recommend using virtualenv to provide a separate environment for the app.

virtualenv -p python3 venv
. venv/bin/activate
pip install puppetboard

Please see an article about more deployment setups here.

Configuration

Puppet agents

The default value of usecacheonfailure = true configuration setting for Puppet agents causes Puppet runs to always succeed, event if there are catalog compilation failures f.e. because of a syntax error in your code. This is because in such cases with this setting Puppet will just use a cached working catalog and report the run to PuppetDB as successful. (Although with an error visible in the Puppet run log.)

Therefore, to show the nodes with a catalog compilation as failed in Puppetboard you need to set usecacheonfailure = false in your nodes' puppet.conf.

PuppetDB

Of course you need to configure your Puppet Server to store the Puppet run reports in PuppetDB. If you haven't done that already please follow the PuppetDB documentation about this.

If you run Puppetboard on a different host than PuppetDB then you may want to configure the certificate allow-list for which certificates are allowed to access data from PuppetDB. Please read more about this feature in the PuppetDB documentation here.

App settings

Puppetboard will look for a file pointed at by the PUPPETBOARD_SETTINGS environment variable. The file has to be identical to default_settings.py but should only override the settings you need changed.

If you run PuppetDB and Puppetboard on the same machine the default settings provided will be enough to get you started and you won't need a custom settings file.

Assuming your webserver and PuppetDB machine are not identical you will at least have to change the following settings:

By default PuppetDB requires SSL to be used when a non-local client wants to connect. Therefore you'll also have to supply the following settings:

When using the Puppetboard Docker image, you may also pass Puppetboard it's certificate contents via these environment variables, either as a multiline string or pre-base64 encoded. This can be useful where the certificate is stored in a secrets store i.e. AWS SSM Parameter Store.

PUPPETDB_CERT="-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----"
PUPPETDB_CERT=LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQouLi4KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==

For information about how to generate the correct keys please refer to the pypuppetdb documentation. Alternatively it is possible to explicitly specify the protocol to be used setting the PUPPETDB_PROTO variable.

Other settings that might be interesting, in no particular order:

Getting Help

For questions or bug reports you can file an issue.

Contributing

Development

Puppetboard relies on the pypuppetdb library to fetch data from PuppetDB and is built with the help of the Flask microframework.

If you wish to hack on Puppetboard you should fork/clone the Github repository and then install the requirements through:

pip install --upgrade wheel setuptools
python setup.py develop
pip install --upgrade -r requirements-test.txt
mypy --install-types --non-interactive puppetboard/ test/

You're advised to do this inside a virtualenv specifically created to work on Puppetboard as to not pollute your global Python installation.

You can run the tests with:

pytest --cov=. --cov-report=xml --strict-markers --mypy puppetboard test
pylint --errors-only puppetboard test

You can run the app it in development mode by simply executing:

flask run

You can specify listening host and port with environment variables or command line otions:

export FLASK_RUN_HOST=0.0.0.0
export FLASK_RUN_PORT=8000

flask run

or

flask run --host '0.0.0.0' --port '8000'

Use PUPPETBOARD_SETTINGS to change the different settings or patch default_settings.py directly. Take care not to include your local changes on that file when submitting patches for Puppetboard. Place a settings.py file inside the base directory of the git repository that will be used, if the environment variable is not set.

We welcome contributions to this project. However, there are a few ground rules contributors should be aware of.

License

This project is licensed under the Apache v2.0 License. As such, your contributions, once accepted, are automatically covered by this license.

Commit messages

Write decent commit messages. Don't use swear words and refrain from uninformative commit messages as 'fixed typo'.

The preferred format of a commit message:

docs/quickstart: Fixed a typo in the Nodes section.

If needed, elaborate further on this commit. Feel free to write a
complete blog post here if that helps us understand what this is
all about.

Fixes #4 and resolves #2.

If you'd like a more elaborate guide on how to write and format your commit messages have a look at this post by Tim Pope.

Build a release

please see: RELEASE.md

More Screenshots

Overview / Index / Homepage

Nodes view, all active nodes

Single node page / overview

Report view

Facts view

Single fact, with graphs

All nodes that have this fact with that value

Query view

Query view

Metrics view

Single metric

Inventory view

Classes view

Class view

Legal

The app code is licensed under the Apache License, Version 2.0.

The favicon has been created based on the icon created by Jonathan Coutiño under the Attribution 3.0 Unported (CC BY 3.0) license, downloaded from the Noun Project.