External Lookup - incorrect results for hostgroups

I've started leveraging Foreman to do Extlookups within my Puppet modules,
which was somewhat of a life changing discovery. I've been using Foreman
for over a year now and couldn't believe I didn't know about the foreman
parser function. This was my
reference, http://blog.theforeman.org/2012/01/getting-foreman-search-results-into.html.

I've modified the foreman.rb extlookup script to run as a command line tool
to test the output, https://gist.github.com/3409173, when I run this test

foreman("hostgroups", "host = host1.tamu.edu")

Using script…

ruby foreman_extlookup.rb https://mforeman_host.tamu.edu -i hostgroups -s

"host = host1.tamu.edu" -u lookup -p <omit>
warning: peer certificate won't be verified in this SSL session
Results:
— []

the results are an empty array. The same search in the web interface of
Foreman results in the host's hostgroup. URL used in web
interface, https://myforeman_host.tamu.edu/hostgroups?search=host%20=%20host1.tamu.edu

From rails console…

irb(main):003:0> @host = Host.find_by_name("host1.tamu.edu")
irb(main):004:0> @hostgroup = Hostgroup.search_for("host = #{@host.name}")

··· +----+-------+---------------+----------------+---------------+---------------+---------------+-----------+-----------+----------------+---------------+-----------+------------+----------+----------------+-----------+-----------+---------------+ > id | name | created_at | updated_at | environmen... | operatings... | architectu... | medium_id | ptable_id | root_pass | puppet_ca_... | use_image | image_file | ancestry | vm_defaults | subnet_id | domain_id | puppet_pro... | +----+-------+---------------+----------------+---------------+---------------+---------------+-----------+-----------+----------------+---------------+-----------+------------+----------+----------------+-----------+-----------+---------------+ > 24 | mysql | 2012-08-20... | 2012-08-20 ... | 5 | > 1 | | | $1$foreman$... | 3 > > > 11/23 | {"hyperviso... | | 1 > 3 | +----+-------+---------------+----------------+---------------+---------------+---------------+-----------+-----------+----------------+---------------+-----------+------------+----------+----------------+-----------+-----------+---------------+ 1 row in set irb(main):005:0> @hostgroup.inspect => "[#]" irb(main):006:0>

There are no errors in the production.log. This is with foreman-1.0.1-1.el6

The script from Foreman and my modification both have worked great when
querying facts and host values, but this is the first time I’ve done a
search on hostgroups.

Thanks

  • Trey

production.log - some items omitted as these are somewhat
security sensitive, publicly routable, servers.

Started GET “/hostgroups?search=host%20=%20host1.tamu.edu” for at
Mon Aug 20 18:53:26 -0500 2012
Processing by HostgroupsController#index as JSON
Parameters: {“search”=>“host = host1.tamu.edu”}
User Load (0.4ms) SELECT users.* FROM users WHERE users.login =
‘lookup’ LIMIT 1
AuthSource Load (0.1ms) SELECT auth_sources.* FROM auth_sources
WHERE auth_sources.id = 1 LIMIT 1
User Load (0.2ms) SELECT users.* FROM users WHERE (login=‘lookup’)
LIMIT 1
Authenticated user External Lookup against INTERNAL authentication source
User Load (0.1ms) SELECT users.* FROM users WHERE users.login =
‘admin’ LIMIT 1
Setting current user thread-local variable to admin
SQL (0.0ms) BEGIN
AREL (0.2ms) UPDATE users SET last_login_on = ‘2012-08-20 23:53:26’,
updated_at = ‘2012-08-20 23:53:26’ WHERE users.id = 3
SQL (139.8ms) COMMIT
Role Load (0.1ms) SELECT roles.* FROM roles WHERE roles.name =
‘Anonymous’ LIMIT 1
SQL (0.1ms) SELECT 1 FROM roles INNER JOIN user_roles ON roles.id
= user_roles.role_id WHERE roles.id = 8 AND ((user_roles.user_id =
3)) LIMIT 1
Setting current user thread-local variable to lookup
Setting current user thread-local variable to admin
Authorized user lookup(External Lookup)
Setting current user thread-local variable to lookup
Role Load (0.1ms) SELECT roles.* FROM roles INNER JOIN user_roles
ON roles.id = user_roles.role_id WHERE ((user_roles.user_id = 3))
Hostgroup Load (0.1ms) SELECT * FROM hostgroups INNER JOIN
user_hostgroups ON hostgroups.id = user_hostgroups.hostgroup_id WHERE
(user_hostgroups.user_id = 3 )
Hostgroup Load (0.5ms) SELECT hostgroups.id AS t0_r0,
hostgroups.name AS t0_r1, hostgroups.created_at AS t0_r2,
hostgroups.updated_at AS t0_r3, hostgroups.environment_id AS t0_r4,
hostgroups.operatingsystem_id AS t0_r5, hostgroups.architecture_id
AS t0_r6, hostgroups.medium_id AS t0_r7, hostgroups.ptable_id AS
t0_r8, hostgroups.root_pass AS t0_r9, hostgroups.puppet_ca_proxy_id
AS t0_r10, hostgroups.use_image AS t0_r11, hostgroups.image_file AS
t0_r12, hostgroups.ancestry AS t0_r13, hostgroups.vm_defaults AS
t0_r14, hostgroups.subnet_id AS t0_r15, hostgroups.domain_id AS
t0_r16, hostgroups.puppet_proxy_id AS t0_r17, hosts.id AS t1_r0,
hosts.name AS t1_r1, hosts.ip AS t1_r2, hosts.environment AS
t1_r3, hosts.last_compile AS t1_r4, hosts.last_freshcheck AS t1_r5,
hosts.last_report AS t1_r6, hosts.updated_at AS t1_r7,
hosts.source_file_id AS t1_r8, hosts.created_at AS t1_r9,
hosts.mac AS t1_r10, hosts.sp_mac AS t1_r11, hosts.sp_ip AS
t1_r12, hosts.sp_name AS t1_r13, hosts.root_pass AS t1_r14,
hosts.serial AS t1_r15, hosts.puppet_status AS t1_r16,
hosts.domain_id AS t1_r17, hosts.architecture_id AS t1_r18,
hosts.operatingsystem_id AS t1_r19, hosts.environment_id AS t1_r20,
hosts.subnet_id AS t1_r21, hosts.sp_subnet_id AS t1_r22,
hosts.ptable_id AS t1_r23, hosts.medium_id AS t1_r24,
hosts.build AS t1_r25, hosts.comment AS t1_r26, hosts.disk AS
t1_r27, hosts.installed_at AS t1_r28, hosts.model_id AS t1_r29,
hosts.hostgroup_id AS t1_r30, hosts.owner_id AS t1_r31,
hosts.owner_type AS t1_r32, hosts.enabled AS t1_r33,
hosts.puppet_ca_proxy_id AS t1_r34, hosts.managed AS t1_r35,
hosts.use_image AS t1_r36, hosts.image_file AS t1_r37,
hosts.uuid AS t1_r38, hosts.compute_resource_id AS t1_r39,
hosts.puppet_proxy_id AS t1_r40, hosts.certname AS t1_r41,
hosts.image_id AS t1_r42 FROM hostgroups LEFT OUTER JOIN hosts ON
hosts.hostgroup_id = hostgroups.id WHERE ( (hostgroups.id in
(NULL))) AND ((hosts.name = BINARY ‘host1.tamu.edu’))
Completed 200 OK in 178ms (Views: 9.2ms | ActiveRecord: 141.7ms)host1

Solved my own problem. Turns out that my 'lookup' user needed to be a full
administrator. After looking more closely at the default roles it seems at
minimum to query Foreman the user needs "Viewer" which it had. Only by
giving the user "Administrator" did the query work.

If this is not a known bug I'd be happy to investigate unless it's expected
behavior.

Thanks

  • Trey
··· On Monday, August 20, 2012 7:04:40 PM UTC-5, treydock wrote: > > I've started leveraging Foreman to do Extlookups within my Puppet modules, > which was somewhat of a life changing discovery. I've been using Foreman > for over a year now and couldn't believe I didn't know about the foreman > parser function. This was my reference, > http://blog.theforeman.org/2012/01/getting-foreman-search-results-into.html > . > > I've modified the foreman.rb extlookup script to run as a command line > tool to test the output, https://gist.github.com/3409173, when I run this > test > > foreman("hostgroups", "host = host1.tamu.edu") > > Using script... > > # ruby foreman_extlookup.rb https://mforeman_host.tamu.edu -i hostgroups > -s "host = host1.tamu.edu" -u lookup -p > warning: peer certificate won't be verified in this SSL session > Results: > --- [] > > > the results are an empty array. The same search in the web interface of > Foreman results in the host's hostgroup. URL used in web interface, > https://myforeman_host.tamu.edu/hostgroups?search=host%20=%20host1.tamu.edu > > From rails console... > > irb(main):003:0> @host = Host.find_by_name("host1.tamu.edu") > irb(main):004:0> @hostgroup = Hostgroup.search_for("host = #{@host.name}") > > +----+-------+---------------+----------------+---------------+---------------+---------------+-----------+-----------+----------------+---------------+-----------+------------+----------+----------------+-----------+-----------+---------------+ > > id | name | created_at | updated_at | environmen... | > operatings... | architectu... | medium_id | ptable_id | root_pass | > puppet_ca_... | use_image | image_file | ancestry | vm_defaults | > subnet_id | domain_id | puppet_pro... | > > +----+-------+---------------+----------------+---------------+---------------+---------------+-----------+-----------+----------------+---------------+-----------+------------+----------+----------------+-----------+-----------+---------------+ > > 24 | mysql | 2012-08-20... | 2012-08-20 ... | 5 | > > 1 | | | $1$foreman$... | 3 > > > > 11/23 | {"hyperviso... | | 1 > > 3 | > > +----+-------+---------------+----------------+---------------+---------------+---------------+-----------+-----------+----------------+---------------+-----------+------------+----------+----------------+-----------+-----------+---------------+ > 1 row in set > irb(main):005:0> @hostgroup.inspect > => "[# 22:42:46\", updated_at: \"2012-08-20 22:42:46\", environment_id: 5, > operatingsystem_id: nil, architecture_id: 1, medium_id: nil, ptable_id: > nil, root_pass: nil, puppet_ca_proxy_id: 3, use_image: nil, image_file: > nil, ancestry: \"11/23\", vm_defaults: \"--- \\n hypervisor_id: > \\\"\\\"\", subnet_id: nil, domain_id: 1, puppet_proxy_id: 3>]" > irb(main):006:0> > > There are no errors in the production.log. This is with > foreman-1.0.1-1.el6 > > The script from Foreman and my modification both have worked great when > querying facts and host values, but this is the first time I've done a > search on hostgroups. > > Thanks > - Trey > > --- > production.log - some items omitted as these are somewhat > security sensitive, publicly routable, servers. > > Started GET "/hostgroups?search=host%20=%20host1.tamu.edu" for at > Mon Aug 20 18:53:26 -0500 2012 > Processing by HostgroupsController#index as JSON > Parameters: {"search"=>"host = host1.tamu.edu"} > User Load (0.4ms) SELECT `users`.* FROM `users` WHERE `users`.`login` = > 'lookup' LIMIT 1 > AuthSource Load (0.1ms) SELECT `auth_sources`.* FROM `auth_sources` > WHERE `auth_sources`.`id` = 1 LIMIT 1 > User Load (0.2ms) SELECT `users`.* FROM `users` WHERE (login='lookup') > LIMIT 1 > Authenticated user External Lookup against INTERNAL authentication source > User Load (0.1ms) SELECT `users`.* FROM `users` WHERE `users`.`login` = > 'admin' LIMIT 1 > Setting current user thread-local variable to admin > SQL (0.0ms) BEGIN > AREL (0.2ms) UPDATE `users` SET `last_login_on` = '2012-08-20 > 23:53:26', `updated_at` = '2012-08-20 23:53:26' WHERE `users`.`id` = 3 > SQL (139.8ms) COMMIT > Role Load (0.1ms) SELECT `roles`.* FROM `roles` WHERE `roles`.`name` = > 'Anonymous' LIMIT 1 > SQL (0.1ms) SELECT 1 FROM `roles` INNER JOIN `user_roles` ON `roles`.id > = `user_roles`.role_id WHERE `roles`.`id` = 8 AND ((`user_roles`.user_id = > 3)) LIMIT 1 > Setting current user thread-local variable to lookup > Setting current user thread-local variable to admin > Authorized user lookup(External Lookup) > Setting current user thread-local variable to lookup > Role Load (0.1ms) SELECT `roles`.* FROM `roles` INNER JOIN `user_roles` > ON `roles`.id = `user_roles`.role_id WHERE ((`user_roles`.user_id = 3)) > Hostgroup Load (0.1ms) SELECT * FROM `hostgroups` INNER JOIN > `user_hostgroups` ON `hostgroups`.id = `user_hostgroups`.hostgroup_id WHERE > (`user_hostgroups`.user_id = 3 ) > Hostgroup Load (0.5ms) SELECT `hostgroups`.`id` AS t0_r0, > `hostgroups`.`name` AS t0_r1, `hostgroups`.`created_at` AS t0_r2, > `hostgroups`.`updated_at` AS t0_r3, `hostgroups`.`environment_id` AS t0_r4, > `hostgroups`.`operatingsystem_id` AS t0_r5, `hostgroups`.`architecture_id` > AS t0_r6, `hostgroups`.`medium_id` AS t0_r7, `hostgroups`.`ptable_id` AS > t0_r8, `hostgroups`.`root_pass` AS t0_r9, `hostgroups`.`puppet_ca_proxy_id` > AS t0_r10, `hostgroups`.`use_image` AS t0_r11, `hostgroups`.`image_file` AS > t0_r12, `hostgroups`.`ancestry` AS t0_r13, `hostgroups`.`vm_defaults` AS > t0_r14, `hostgroups`.`subnet_id` AS t0_r15, `hostgroups`.`domain_id` AS > t0_r16, `hostgroups`.`puppet_proxy_id` AS t0_r17, `hosts`.`id` AS t1_r0, > `hosts`.`name` AS t1_r1, `hosts`.`ip` AS t1_r2, `hosts`.`environment` AS > t1_r3, `hosts`.`last_compile` AS t1_r4, `hosts`.`last_freshcheck` AS t1_r5, > `hosts`.`last_report` AS t1_r6, `hosts`.`updated_at` AS t1_r7, > `hosts`.`source_file_id` AS t1_r8, `hosts`.`created_at` AS t1_r9, > `hosts`.`mac` AS t1_r10, `hosts`.`sp_mac` AS t1_r11, `hosts`.`sp_ip` AS > t1_r12, `hosts`.`sp_name` AS t1_r13, `hosts`.`root_pass` AS t1_r14, > `hosts`.`serial` AS t1_r15, `hosts`.`puppet_status` AS t1_r16, > `hosts`.`domain_id` AS t1_r17, `hosts`.`architecture_id` AS t1_r18, > `hosts`.`operatingsystem_id` AS t1_r19, `hosts`.`environment_id` AS t1_r20, > `hosts`.`subnet_id` AS t1_r21, `hosts`.`sp_subnet_id` AS t1_r22, > `hosts`.`ptable_id` AS t1_r23, `hosts`.`medium_id` AS t1_r24, > `hosts`.`build` AS t1_r25, `hosts`.`comment` AS t1_r26, `hosts`.`disk` AS > t1_r27, `hosts`.`installed_at` AS t1_r28, `hosts`.`model_id` AS t1_r29, > `hosts`.`hostgroup_id` AS t1_r30, `hosts`.`owner_id` AS t1_r31, > `hosts`.`owner_type` AS t1_r32, `hosts`.`enabled` AS t1_r33, > `hosts`.`puppet_ca_proxy_id` AS t1_r34, `hosts`.`managed` AS t1_r35, > `hosts`.`use_image` AS t1_r36, `hosts`.`image_file` AS t1_r37, > `hosts`.`uuid` AS t1_r38, `hosts`.`compute_resource_id` AS t1_r39, > `hosts`.`puppet_proxy_id` AS t1_r40, `hosts`.`certname` AS t1_r41, > `hosts`.`image_id` AS t1_r42 FROM `hostgroups` LEFT OUTER JOIN `hosts` ON > `hosts`.`hostgroup_id` = `hostgroups`.`id` WHERE ( (hostgroups.id in > (NULL))) AND ((`hosts`.`name` = BINARY 'host1.tamu.edu')) > Completed 200 OK in 178ms (Views: 9.2ms | ActiveRecord: 141.7ms)host1 >

> Solved my own problem. Turns out that my 'lookup' user needed to be a
> full administrator. After looking more closely at the default roles it
> seems at minimum to query Foreman the user needs "Viewer" which it had.
> Only by giving the user "Administrator" did the query work.
>
> If this is not a known bug I'd be happy to investigate unless it's
> expected behavior.
>

If you set the correct user filters, its a bug :slight_smile:

··· On Tue, Aug 21, 2012 at 5:34 AM, treydock wrote:

Thanks

  • Trey

On Monday, August 20, 2012 7:04:40 PM UTC-5, treydock wrote:

I’ve started leveraging Foreman to do Extlookups within my Puppet
modules, which was somewhat of a life changing discovery. I’ve been using
Foreman for over a year now and couldn’t believe I didn’t know about the
foreman parser function. This was my reference, http://blog.**
theforeman.org/2012/01/**getting-foreman-search-**results-into.htmlhttp://blog.theforeman.org/2012/01/getting-foreman-search-results-into.html
.

I’ve modified the foreman.rb extlookup script to run as a command line
tool to test the output, https://gist.github.**com/3409173https://gist.github.com/3409173,
when I run this test

foreman(“hostgroups”, “host = host1.tamu.edu”)

Using script…

ruby foreman_extlookup.rb https://mforeman_host.tamu.edu -i hostgroups

-s “host = host1.tamu.edu” -u lookup -p
warning: peer certificate won’t be verified in this SSL session
Results:
— []

the results are an empty array. The same search in the web interface of
Foreman results in the host’s hostgroup. URL used in web interface,
https://myforeman_host.tamu.edu/hostgroups?
search=host%20=%20host1.tamu.**eduhttps://myforeman_host.tamu.edu/hostgroups?search=host%20=%20host1.tamu.edu

From rails console…

irb(main):003:0> @host = Host.find_by_name("host1.tamu.eduhttp://host1.tamu.edu
")
irb(main):004:0> @hostgroup = Hostgroup.search_for(“host = #{@host.name
}”)
±—±------±--------------+
----------------±------------**
–±--------------±--------------±----------±----------±
---------------±--------------±----------±-----------±–
-------±---------------±----------±----------±--------------+

id | name | created_at | updated_at | environmen… |
operatings… | architectu… | medium_id | ptable_id | root_pass |
puppet_ca_… | use_image | image_file | ancestry | vm_defaults |
subnet_id | domain_id | puppet_pro… |
±—±------±--------------+----------------±------------
–±--------------±--------------±----------±----------±
---------------±--------------±----------±-----------±–
-------±---------------±----------±----------±--------------+
24 | mysql | 2012-08-20… | 2012-08-20 … | 5 |
1 | | | $1$foreman$… | 3
> > 11/23 | {“hyperviso… | | 1
3 |
±—±------±--------------+----------------±------------
–±--------------±--------------±----------±----------±
---------------±--------------±----------±-----------±–
-------±---------------±----------±----------±--------------+
1 row in set
irb(main):005:0> @hostgroup.inspect
=> “[#<Hostgroup id: 24, name: “mysql”, created_at: “2012-08-20
22:42:46”, updated_at: “2012-08-20 22:42:46”, environment_id: 5,
operatingsystem_id: nil, architecture_id: 1, medium_id: nil, ptable_id:
nil, root_pass: nil, puppet_ca_proxy_id: 3, use_image: nil, image_file:
nil, ancestry: “11/23”, vm_defaults: “— \n hypervisor_id:
\”\””, subnet_id: nil, domain_id: 1, puppet_proxy_id: 3>]"
irb(main):006:0>

There are no errors in the production.log. This is with
foreman-1.0.1-1.el6

The script from Foreman and my modification both have worked great when
querying facts and host values, but this is the first time I’ve done a
search on hostgroups.

Thanks

  • Trey

production.log - some items omitted as these are somewhat
security sensitive, publicly **routable, servers.

Started GET "/hostgroups?search=host%20=%2**0host1.tamu.eduhttp://20host1.tamu.edu"
for at Mon Aug 20 18:53:26 -0500 2012
Processing by HostgroupsController#index as JSON
Parameters: {“search”=>“host = host1.tamu.edu”}
User Load (0.4ms) SELECT users.* FROM users WHERE users.login
= ‘lookup’ LIMIT 1
AuthSource Load (0.1ms) SELECT auth_sources.* FROM auth_sources
WHERE auth_sources.id = 1 LIMIT 1
User Load (0.2ms) SELECT users.* FROM users WHERE (login=‘lookup’)
LIMIT 1
Authenticated user External Lookup against INTERNAL authentication source
User Load (0.1ms) SELECT users.* FROM users WHERE users.login
= ‘admin’ LIMIT 1
Setting current user thread-local variable to admin
SQL (0.0ms) BEGIN
AREL (0.2ms) UPDATE users SET last_login_on = ‘2012-08-20
23:53:26’, updated_at = ‘2012-08-20 23:53:26’ WHERE users.id = 3
SQL (139.8ms) COMMIT
Role Load (0.1ms) SELECT roles.* FROM roles WHERE roles.name =
‘Anonymous’ LIMIT 1
SQL (0.1ms) SELECT 1 FROM roles INNER JOIN user_roles ON
roles.id = user_roles.role_id WHERE roles.id = 8 AND
((user_roles.user_id = 3)) LIMIT 1
Setting current user thread-local variable to lookup
Setting current user thread-local variable to admin
Authorized user lookup(External Lookup)
Setting current user thread-local variable to lookup
Role Load (0.1ms) SELECT roles.* FROM roles INNER JOIN
user_roles ON roles.id = user_roles.role_id WHERE
((user_roles.user_id = 3))
Hostgroup Load (0.1ms) SELECT * FROM hostgroups INNER JOIN
user_hostgroups ON hostgroups.id = user_hostgroups.hostgroup_id WHERE
(user_hostgroups.user_id = 3 )
Hostgroup Load (0.5ms) SELECT hostgroups.id AS t0_r0,
hostgroups.name AS t0_r1, hostgroups.created_at AS t0_r2,
hostgroups.updated_at AS t0_r3, hostgroups.environment_id AS t0_r4,
hostgroups.operatingsystem_**id AS t0_r5,
hostgroups.architecture_id AS t0_r6, hostgroups.medium_id AS t0_r7,
hostgroups.ptable_id AS t0_r8, hostgroups.root_pass AS t0_r9,
hostgroups.puppet_ca_proxy_**id AS t0_r10, hostgroups.use_image
AS t0_r11, hostgroups.image_file AS t0_r12, hostgroups.ancestry AS
t0_r13, hostgroups.vm_defaults AS t0_r14, hostgroups.subnet_id AS
t0_r15, hostgroups.domain_id AS t0_r16, hostgroups.puppet_proxy_id
AS t0_r17, hosts.id AS t1_r0, hosts.name AS t1_r1, hosts.ip AS
t1_r2, hosts.environment AS t1_r3, hosts.last_compile AS t1_r4,
hosts.last_freshcheck AS t1_r5, hosts.last_report AS t1_r6,
hosts.updated_at AS t1_r7, hosts.source_file_id AS t1_r8,
hosts.created_at AS t1_r9, hosts.mac AS t1_r10, hosts.sp_mac AS
t1_r11, hosts.sp_ip AS t1_r12, hosts.sp_name AS t1_r13,
hosts.root_pass AS t1_r14, hosts.serial AS t1_r15,
hosts.puppet_status AS t1_r16, hosts.domain_id AS t1_r17,
hosts.architecture_id AS t1_r18, hosts.operatingsystem_id AS
t1_r19, hosts.environment_id AS t1_r20, hosts.subnet_id AS t1_r21,
hosts.sp_subnet_id AS t1_r22, hosts.ptable_id AS t1_r23,
hosts.medium_id AS t1_r24, hosts.build AS t1_r25, hosts.comment
AS t1_r26, hosts.disk AS t1_r27, hosts.installed_at AS t1_r28,
hosts.model_id AS t1_r29, hosts.hostgroup_id AS t1_r30,
hosts.owner_id AS t1_r31, hosts.owner_type AS t1_r32,
hosts.enabled AS t1_r33, hosts.puppet_ca_proxy_id AS t1_r34,
hosts.managed AS t1_r35, hosts.use_image AS t1_r36,
hosts.image_file AS t1_r37, hosts.uuid AS t1_r38,
hosts.compute_resource_id AS t1_r39, hosts.puppet_proxy_id AS
t1_r40, hosts.certname AS t1_r41, hosts.image_id AS t1_r42 FROM
hostgroups LEFT OUTER JOIN hosts ON hosts.hostgroup_id =
hostgroups.id WHERE ( (hostgroups.id in (NULL))) AND
((hosts.name = BINARY ‘host1.tamu.edu’))
Completed 200 OK in 178ms (Views: 9.2ms | ActiveRecord: 141.7ms)host1


You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/foreman-users/-/KRzfOYdydUgJ.

To post to this group, send email to foreman-users@googlegroups.com.
To unsubscribe from this group, send email to
foreman-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/foreman-users?hl=en.

What exactly are you referring to when you say "user filters" ?

Trying to see if this is a bug, this is what I set for a role, "View
API Resources".

  • view_puppetclasses
  • view_hosts
  • view_hostgroups
  • view_facts
  • view_environments

My query is now

item: "hostgroups"
search: "host = hostA.fqdn"

What I'm trying to do is base module "includes" on a host's hostgroup
assignment.

Based on those 5 "view" assignments to that role, a hostgroup query
should work, correct?

Thanks

  • Trey
··· On Sat, Aug 25, 2012 at 2:47 PM, Ohad Levy wrote: > > > On Tue, Aug 21, 2012 at 5:34 AM, treydock wrote: >> >> Solved my own problem. Turns out that my 'lookup' user needed to be a >> full administrator. After looking more closely at the default roles it >> seems at minimum to query Foreman the user needs "Viewer" which it had. >> Only by giving the user "Administrator" did the query work. >> >> If this is not a known bug I'd be happy to investigate unless it's >> expected behavior. > > > If you set the correct user filters, its a bug :) >> >> >> Thanks >> - Trey >> >> >> On Monday, August 20, 2012 7:04:40 PM UTC-5, treydock wrote: >>> >>> I've started leveraging Foreman to do Extlookups within my Puppet >>> modules, which was somewhat of a life changing discovery. I've been using >>> Foreman for over a year now and couldn't believe I didn't know about the >>> foreman parser function. This was my reference, >>> http://blog.theforeman.org/2012/01/getting-foreman-search-results-into.html. >>> >>> I've modified the foreman.rb extlookup script to run as a command line >>> tool to test the output, https://gist.github.com/3409173, when I run this >>> test >>> >>> foreman("hostgroups", "host = host1.tamu.edu") >>> >>> Using script... >>> >>> # ruby foreman_extlookup.rb https://mforeman_host.tamu.edu -i hostgroups >>> -s "host = host1.tamu.edu" -u lookup -p >>> warning: peer certificate won't be verified in this SSL session >>> Results: >>> --- [] >>> >>> >>> the results are an empty array. The same search in the web interface of >>> Foreman results in the host's hostgroup. URL used in web interface, >>> https://myforeman_host.tamu.edu/hostgroups?search=host%20=%20host1.tamu.edu >>> >>> From rails console... >>> >>> irb(main):003:0> @host = Host.find_by_name("host1.tamu.edu") >>> irb(main):004:0> @hostgroup = Hostgroup.search_for("host = >>> #{@host.name}") >>> >>> +----+-------+---------------+----------------+---------------+---------------+---------------+-----------+-----------+----------------+---------------+-----------+------------+----------+----------------+-----------+-----------+---------------+ >>> > id | name | created_at | updated_at | environmen... | >>> operatings... | architectu... | medium_id | ptable_id | root_pass | >>> puppet_ca_... | use_image | image_file | ancestry | vm_defaults | >>> subnet_id | domain_id | puppet_pro... | >>> >>> +----+-------+---------------+----------------+---------------+---------------+---------------+-----------+-----------+----------------+---------------+-----------+------------+----------+----------------+-----------+-----------+---------------+ >>> > 24 | mysql | 2012-08-20... | 2012-08-20 ... | 5 | >>> > 1 | | | $1$foreman$... | 3 | >>> > > 11/23 | {"hyperviso... | | 1 | 3 >>> > >>> >>> +----+-------+---------------+----------------+---------------+---------------+---------------+-----------+-----------+----------------+---------------+-----------+------------+----------+----------------+-----------+-----------+---------------+ >>> 1 row in set >>> irb(main):005:0> @hostgroup.inspect >>> => "[#>> 22:42:46\", updated_at: \"2012-08-20 22:42:46\", environment_id: 5, >>> operatingsystem_id: nil, architecture_id: 1, medium_id: nil, ptable_id: nil, >>> root_pass: nil, puppet_ca_proxy_id: 3, use_image: nil, image_file: nil, >>> ancestry: \"11/23\", vm_defaults: \"--- \\n hypervisor_id: \\\"\\\"\", >>> subnet_id: nil, domain_id: 1, puppet_proxy_id: 3>]" >>> irb(main):006:0> >>> >>> There are no errors in the production.log. This is with >>> foreman-1.0.1-1.el6 >>> >>> The script from Foreman and my modification both have worked great when >>> querying facts and host values, but this is the first time I've done a >>> search on hostgroups. >>> >>> Thanks >>> - Trey >>> >>> --- >>> production.log - some items omitted as these are somewhat security >>> sensitive, publicly routable, servers. >>> >>> Started GET "/hostgroups?search=host%20=%20host1.tamu.edu" for at >>> Mon Aug 20 18:53:26 -0500 2012 >>> Processing by HostgroupsController#index as JSON >>> Parameters: {"search"=>"host = host1.tamu.edu"} >>> User Load (0.4ms) SELECT `users`.* FROM `users` WHERE `users`.`login` >>> = 'lookup' LIMIT 1 >>> AuthSource Load (0.1ms) SELECT `auth_sources`.* FROM `auth_sources` >>> WHERE `auth_sources`.`id` = 1 LIMIT 1 >>> User Load (0.2ms) SELECT `users`.* FROM `users` WHERE (login='lookup') >>> LIMIT 1 >>> Authenticated user External Lookup against INTERNAL authentication source >>> User Load (0.1ms) SELECT `users`.* FROM `users` WHERE `users`.`login` >>> = 'admin' LIMIT 1 >>> Setting current user thread-local variable to admin >>> SQL (0.0ms) BEGIN >>> AREL (0.2ms) UPDATE `users` SET `last_login_on` = '2012-08-20 >>> 23:53:26', `updated_at` = '2012-08-20 23:53:26' WHERE `users`.`id` = 3 >>> SQL (139.8ms) COMMIT >>> Role Load (0.1ms) SELECT `roles`.* FROM `roles` WHERE `roles`.`name` = >>> 'Anonymous' LIMIT 1 >>> SQL (0.1ms) SELECT 1 FROM `roles` INNER JOIN `user_roles` ON >>> `roles`.id = `user_roles`.role_id WHERE `roles`.`id` = 8 AND >>> ((`user_roles`.user_id = 3)) LIMIT 1 >>> Setting current user thread-local variable to lookup >>> Setting current user thread-local variable to admin >>> Authorized user lookup(External Lookup) >>> Setting current user thread-local variable to lookup >>> Role Load (0.1ms) SELECT `roles`.* FROM `roles` INNER JOIN >>> `user_roles` ON `roles`.id = `user_roles`.role_id WHERE >>> ((`user_roles`.user_id = 3)) >>> Hostgroup Load (0.1ms) SELECT * FROM `hostgroups` INNER JOIN >>> `user_hostgroups` ON `hostgroups`.id = `user_hostgroups`.hostgroup_id WHERE >>> (`user_hostgroups`.user_id = 3 ) >>> Hostgroup Load (0.5ms) SELECT `hostgroups`.`id` AS t0_r0, >>> `hostgroups`.`name` AS t0_r1, `hostgroups`.`created_at` AS t0_r2, >>> `hostgroups`.`updated_at` AS t0_r3, `hostgroups`.`environment_id` AS t0_r4, >>> `hostgroups`.`operatingsystem_id` AS t0_r5, `hostgroups`.`architecture_id` >>> AS t0_r6, `hostgroups`.`medium_id` AS t0_r7, `hostgroups`.`ptable_id` AS >>> t0_r8, `hostgroups`.`root_pass` AS t0_r9, `hostgroups`.`puppet_ca_proxy_id` >>> AS t0_r10, `hostgroups`.`use_image` AS t0_r11, `hostgroups`.`image_file` AS >>> t0_r12, `hostgroups`.`ancestry` AS t0_r13, `hostgroups`.`vm_defaults` AS >>> t0_r14, `hostgroups`.`subnet_id` AS t0_r15, `hostgroups`.`domain_id` AS >>> t0_r16, `hostgroups`.`puppet_proxy_id` AS t0_r17, `hosts`.`id` AS t1_r0, >>> `hosts`.`name` AS t1_r1, `hosts`.`ip` AS t1_r2, `hosts`.`environment` AS >>> t1_r3, `hosts`.`last_compile` AS t1_r4, `hosts`.`last_freshcheck` AS t1_r5, >>> `hosts`.`last_report` AS t1_r6, `hosts`.`updated_at` AS t1_r7, >>> `hosts`.`source_file_id` AS t1_r8, `hosts`.`created_at` AS t1_r9, >>> `hosts`.`mac` AS t1_r10, `hosts`.`sp_mac` AS t1_r11, `hosts`.`sp_ip` AS >>> t1_r12, `hosts`.`sp_name` AS t1_r13, `hosts`.`root_pass` AS t1_r14, >>> `hosts`.`serial` AS t1_r15, `hosts`.`puppet_status` AS t1_r16, >>> `hosts`.`domain_id` AS t1_r17, `hosts`.`architecture_id` AS t1_r18, >>> `hosts`.`operatingsystem_id` AS t1_r19, `hosts`.`environment_id` AS t1_r20, >>> `hosts`.`subnet_id` AS t1_r21, `hosts`.`sp_subnet_id` AS t1_r22, >>> `hosts`.`ptable_id` AS t1_r23, `hosts`.`medium_id` AS t1_r24, >>> `hosts`.`build` AS t1_r25, `hosts`.`comment` AS t1_r26, `hosts`.`disk` AS >>> t1_r27, `hosts`.`installed_at` AS t1_r28, `hosts`.`model_id` AS t1_r29, >>> `hosts`.`hostgroup_id` AS t1_r30, `hosts`.`owner_id` AS t1_r31, >>> `hosts`.`owner_type` AS t1_r32, `hosts`.`enabled` AS t1_r33, >>> `hosts`.`puppet_ca_proxy_id` AS t1_r34, `hosts`.`managed` AS t1_r35, >>> `hosts`.`use_image` AS t1_r36, `hosts`.`image_file` AS t1_r37, >>> `hosts`.`uuid` AS t1_r38, `hosts`.`compute_resource_id` AS t1_r39, >>> `hosts`.`puppet_proxy_id` AS t1_r40, `hosts`.`certname` AS t1_r41, >>> `hosts`.`image_id` AS t1_r42 FROM `hostgroups` LEFT OUTER JOIN `hosts` ON >>> `hosts`.`hostgroup_id` = `hostgroups`.`id` WHERE ( (hostgroups.id in >>> (NULL))) AND ((`hosts`.`name` = BINARY 'host1.tamu.edu')) >>> Completed 200 OK in 178ms (Views: 9.2ms | ActiveRecord: 141.7ms)host1 >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Foreman users" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/foreman-users/-/KRzfOYdydUgJ. >> >> To post to this group, send email to foreman-users@googlegroups.com. >> To unsubscribe from this group, send email to >> foreman-users+unsubscribe@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/foreman-users?hl=en. > > > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To post to this group, send email to foreman-users@googlegroups.com. > To unsubscribe from this group, send email to > foreman-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/foreman-users?hl=en.

בתאריך יום שבת, 25 באוגוסט 2012, Trey Dockendorf כתב:

> What exactly are you referring to when you say "user filters" ?
>
> Trying to see if this is a bug, this is what I set for a role, "View
> API Resources".
>
> - view_puppetclasses
> - view_hosts
> - view_hostgroups
> - view_facts
> - view_environments
>
> My query is now
>
> item: "hostgroups"
> search: "host = hostA.fqdn"
>
> What I'm trying to do is base module "includes" on a host's hostgroup
> assignment.
>
> Based on those 5 "view" assignments to that role, a hostgroup query
> should work, correct?

When you edit the user used for API query, does it have any filters
applied? You should grant which hosts / groups that user can apply the
above roles.

Ohad

··· > > Thanks > - Trey > > On Sat, Aug 25, 2012 at 2:47 PM, Ohad Levy wrote: > > > > > > On Tue, Aug 21, 2012 at 5:34 AM, treydock wrote: > >> > >> Solved my own problem. Turns out that my 'lookup' user needed to be a > >> full administrator. After looking more closely at the default roles it > >> seems at minimum to query Foreman the user needs "Viewer" which it had. > >> Only by giving the user "Administrator" did the query work. > >> > >> If this is not a known bug I'd be happy to investigate unless it's > >> expected behavior. > > > > > > If you set the correct user filters, its a bug :) > >> > >> > >> Thanks > >> - Trey > >> > >> > >> On Monday, August 20, 2012 7:04:40 PM UTC-5, treydock wrote: > >>> > >>> I've started leveraging Foreman to do Extlookups within my Puppet > >>> modules, which was somewhat of a life changing discovery. I've been > using > >>> Foreman for over a year now and couldn't believe I didn't know about > the > >>> foreman parser function. This was my reference, > >>> > http://blog.theforeman.org/2012/01/getting-foreman-search-results-into.html > . > >>> > >>> I've modified the foreman.rb extlookup script to run as a command line > >>> tool to test the output, https://gist.github.com/3409173, when I run > this > >>> test > >>> > >>> foreman("hostgroups", "host = host1.tamu.edu") > >>> > >>> Using script... > >>> > >>> # ruby foreman_extlookup.rb https://mforeman_host.tamu.edu -i > hostgroups > >>> -s "host = host1.tamu.edu" -u lookup -p > >>> warning: peer certificate won't be verified in this SSL session > >>> Results: > >>> --- [] > >>> > >>> > >>> the results are an empty array. The same search in the web interface > of > >>> Foreman results in the host's hostgroup. URL used in web interface, > >>> > https://myforeman_host.tamu.edu/hostgroups?search=host%20=%20host1.tamu.edu > >>> > >>> From rails console... > >>> > >>> irb(main):003:0> @host = Host.find_by_name("host1.tamu.edu") > >>> irb(main):004:0> @hostgroup = Hostgroup.search_for("host = > >>> #{@host.name}") > >>> > >>> > +----+-------+---------------+----------------+---------------+---------------+---------------+-----------+-----------+----------------+---------------+-----------+------------+----------+----------------+-----------+-----------+---------------+ > >>> > id | name | created_at | updated_at | environmen... | > >>> operatings... | architectu... | medium_id | ptable_id | root_pass > > > >>> puppet_ca_... | use_image | image_file | ancestry | vm_defaults | > >>> subnet_id | domain_id | puppet_pro... | > >>> > >>> > +----+-------+---------------+----------------+---------------+---------------+---------------+-----------+-----------+----------------+---------------+-----------+------------+----------+----------------+-----------+-----------+---------------+ > >>> > 24 | mysql | 2012-08-20... | 2012-08-20 ... | 5 | > >>> > 1 | | | $1$foreman$... | 3 > > > >>> > > 11/23 | {"hyperviso... | | 1 | 3 > >>> > > >>> > >>> +----+-------

Every item is unchecked with "plus all" selected in each dropdown. My
assumption is those settings basically mean "All".

Thanks

  • Trey
··· On Sat, Aug 25, 2012 at 3:35 PM, Ohad Levy wrote: > > > בתאריך יום שבת, 25 באוגוסט 2012, Trey Dockendorf כתב: > >> What exactly are you referring to when you say "user filters" ? >> >> Trying to see if this is a bug, this is what I set for a role, "View >> API Resources". >> >> - view_puppetclasses >> - view_hosts >> - view_hostgroups >> - view_facts >> - view_environments >> >> My query is now >> >> item: "hostgroups" >> search: "host = hostA.fqdn" >> >> What I'm trying to do is base module "includes" on a host's hostgroup >> assignment. >> >> Based on those 5 "view" assignments to that role, a hostgroup query >> should work, correct? > > > When you edit the user used for API query, does it have any filters applied? > You should grant which hosts / groups that user can apply the above roles. > > Ohad >> >> >> Thanks >> - Trey >> >> On Sat, Aug 25, 2012 at 2:47 PM, Ohad Levy wrote: >> > >> > >> > On Tue, Aug 21, 2012 at 5:34 AM, treydock wrote: >> >> >> >> Solved my own problem. Turns out that my 'lookup' user needed to be a >> >> full administrator. After looking more closely at the default roles it >> >> seems at minimum to query Foreman the user needs "Viewer" which it had. >> >> Only by giving the user "Administrator" did the query work. >> >> >> >> If this is not a known bug I'd be happy to investigate unless it's >> >> expected behavior. >> > >> > >> > If you set the correct user filters, its a bug :) >> >> >> >> >> >> Thanks >> >> - Trey >> >> >> >> >> >> On Monday, August 20, 2012 7:04:40 PM UTC-5, treydock wrote: >> >>> >> >>> I've started leveraging Foreman to do Extlookups within my Puppet >> >>> modules, which was somewhat of a life changing discovery. I've been >> >>> using >> >>> Foreman for over a year now and couldn't believe I didn't know about >> >>> the >> >>> foreman parser function. This was my reference, >> >>> >> >>> http://blog.theforeman.org/2012/01/getting-foreman-search-results-into.html. >> >>> >> >>> I've modified the foreman.rb extlookup script to run as a command line >> >>> tool to test the output, https://gist.github.com/3409173, when I run >> >>> this >> >>> test >> >>> >> >>> foreman("hostgroups", "host = host1.tamu.edu") >> >>> >> >>> Using script... >> >>> >> >>> # ruby foreman_extlookup.rb https://mforeman_host.tamu.edu -i >> >>> hostgroups >> >>> -s "host = host1.tamu.edu" -u lookup -p >> >>> warning: peer certificate won't be verified in this SSL session >> >>> Results: >> >>> --- [] >> >>> >> >>> >> >>> the results are an empty array. The same search in the web interface >> >>> of >> >>> Foreman results in the host's hostgroup. URL used in web interface, >> >>> >> >>> https://myforeman_host.tamu.edu/hostgroups?search=host%20=%20host1.tamu.edu >> >>> >> >>> From rails console... >> >>> >> >>> irb(main):003:0> @host = Host.find_by_name("host1.tamu.edu") >> >>> irb(main):004:0> @hostgroup = Hostgroup.search_for("host = >> >>> #{@host.name}") >> >>> >> >>> >> >>> +----+-------+---------------+----------------+---------------+---------------+---------------+-----------+-----------+----------------+---------------+-----------+------------+----------+----------------+-----------+-----------+---------------+ >> >>> > id | name | created_at | updated_at | environmen... | >> >>> operatings... | architectu... | medium_id | ptable_id | root_pass >> >>> > >> >>> puppet_ca_... | use_image | image_file | ancestry | vm_defaults | >> >>> subnet_id | domain_id | puppet_pro... | >> >>> >> >>> >> >>> +----+-------+---------------+----------------+---------------+---------------+---------------+-----------+-----------+----------------+---------------+-----------+------------+----------+----------------+-----------+-----------+---------------+ >> >>> > 24 | mysql | 2012-08-20... | 2012-08-20 ... | 5 | >> >>> > 1 | | | $1$foreman$... | 3 >> >>> > >> >>> > > 11/23 | {"hyperviso... | | 1 | 3 >> >>> > >> >>> >> >>> +----+------- > > -- > You received this message because you are subscribed to the Google Groups > "Foreman users" group. > To post to this group, send email to foreman-users@googlegroups.com. > To unsubscribe from this group, send email to > foreman-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/foreman-users?hl=en.