RFC: Getting foreman_hooks to work with katello

Today I tried to get foreman_hooks to work with katello. I can still not
get a hook to run, but I think this is due to either selinux or
permissions. Below are some patches I needed to apply in order to get it
to work. If folks are ok with this, I will put in the proper tickets to
get it to work.

The issue that found was that foreman_hooks only used the views
directory from the main engine. It did not use any directories from any
loaded plugins. So, this uses the Gem location from the plugin to pass
along this information.

Patch 1: Enhance the plugin to carry a path, and to load it from the
Gemspec.
https://github.com/bkearney/foreman/tree/bkearney/katello_hooks

Patch 2:
Use the path from (1) to enhance the Rabl path.
https://github.com/bkearney/foreman_hooks/tree/bkearney/katello_hooks

Patch 3:
Some loading Voodoo, I dont know why I had to do this
https://github.com/bkearney/katello/tree/bkearney/katello_hooks

– bk

I'm all for getting hooks working with Katello (and plugins generally)!

I can see where users may want do things after creating a content view,
content host, etc.

For Katello specifically, we might want to define some additional
callbacks, like to do something after a content view is published, or a
repo synced. Maybe after_update would work there, but it'd be easier to
hook on to specific things.

And/or: I don't know if it makes sense to do this, but provide a way to
hook onto foreman-tasks actions themselves.

··· On Fri, Oct 17, 2014 at 01:47:15PM -0400, Bryan Kearney wrote: > Today I tried to get foreman_hooks to work with katello. I can still not get > a hook to run, but I think this is due to either selinux or permissions. > Below are some patches I needed to apply in order to get it to work. If > folks are ok with this, I will put in the proper tickets to get it to work. > > The issue that found was that foreman_hooks only used the views directory > from the main engine. It did not use any directories from any loaded > plugins. So, this uses the Gem location from the plugin to pass along this > information. > > Patch 1: Enhance the plugin to carry a path, and to load it from the > Gemspec. > https://github.com/bkearney/foreman/tree/bkearney/katello_hooks > > Patch 2: > Use the path from (1) to enhance the Rabl path. > https://github.com/bkearney/foreman_hooks/tree/bkearney/katello_hooks > > Patch 3: > Some loading Voodoo, I dont know why I had to do this > https://github.com/bkearney/katello/tree/bkearney/katello_hooks


Stephen Benjamin


Red Hat GmbH | http://de.redhat.com/ | Sitz: Grasbrunn
Handelsregister: Amtsgericht München, HRB 153243
Geschäftsführer: Charles Cachera, Michael Cunningham,
Michael O’Neill, Charles Peters

> Today I tried to get foreman_hooks to work with katello. I can still not
> get a hook to run, but I think this is due to either selinux or
> permissions. Below are some patches I needed to apply in order to get it
> to work. If folks are ok with this, I will put in the proper tickets to
> get it to work.
>
> The issue that found was that foreman_hooks only used the views
> directory from the main engine. It did not use any directories from any
> loaded plugins.

Does this affect isolated engines only?

> So, this uses the Gem location from the plugin to pass
> along this information.
>
> Patch 1: Enhance the plugin to carry a path, and to load it from the
> Gemspec.
> https://github.com/bkearney/foreman/tree/bkearney/katello_hooks
>
> Patch 2:
> Use the path from (1) to enhance the Rabl path.
> https://github.com/bkearney/foreman_hooks/tree/bkearney/katello_hooks

Isn't it possible for the view paths to be retrieved instead of needing
to extend the plugin description?

I also don't think model namespaces should be removed.

··· On 17/10/14 18:47, Bryan Kearney wrote:


Dominic Cleal
Red Hat Engineering

These patches get the basic callbacks for all plugin objects. You can create a hook in katello/object/actuon

– bk

··· Sent with thumbs

On Oct 17, 2014, at 4:18 PM, Stephen Benjamin stephen@redhat.com wrote:

On Fri, Oct 17, 2014 at 01:47:15PM -0400, Bryan Kearney wrote:
Today I tried to get foreman_hooks to work with katello. I can still not get
a hook to run, but I think this is due to either selinux or permissions.
Below are some patches I needed to apply in order to get it to work. If
folks are ok with this, I will put in the proper tickets to get it to work.

The issue that found was that foreman_hooks only used the views directory
from the main engine. It did not use any directories from any loaded
plugins. So, this uses the Gem location from the plugin to pass along this
information.

Patch 1: Enhance the plugin to carry a path, and to load it from the
Gemspec.
https://github.com/bkearney/foreman/tree/bkearney/katello_hooks

Patch 2:
Use the path from (1) to enhance the Rabl path.
https://github.com/bkearney/foreman_hooks/tree/bkearney/katello_hooks

Patch 3:
Some loading Voodoo, I dont know why I had to do this
https://github.com/bkearney/katello/tree/bkearney/katello_hooks

I’m all for getting hooks working with Katello (and plugins generally)!

I can see where users may want do things after creating a content view,
content host, etc.

For Katello specifically, we might want to define some additional
callbacks, like to do something after a content view is published, or a
repo synced. Maybe after_update would work there, but it’d be easier to
hook on to specific things.

And/or: I don’t know if it makes sense to do this, but provide a way to
hook onto foreman-tasks actions themselves.


Stephen Benjamin


Red Hat GmbH | http://de.redhat.com/ | Sitz: Grasbrunn
Handelsregister: Amtsgericht München, HRB 153243
Geschäftsführer: Charles Cachera, Michael Cunningham,
Michael O’Neill, Charles Peters

>> Today I tried to get foreman_hooks to work with katello. I can still not
>> get a hook to run, but I think this is due to either selinux or
>> permissions. Below are some patches I needed to apply in order to get it
>> to work. If folks are ok with this, I will put in the proper tickets to
>> get it to work.
>>
>> The issue that found was that foreman_hooks only used the views
>> directory from the main engine. It did not use any directories from any
>> loaded plugins.
>
> Does this affect isolated engines only?

I have not tested… are any of the plugins not isolated?

>
>> So, this uses the Gem location from the plugin to pass
>> along this information.
>>
>> Patch 1: Enhance the plugin to carry a path, and to load it from the
>> Gemspec.
>> https://github.com/bkearney/foreman/tree/bkearney/katello_hooks
>>
>> Patch 2:
>> Use the path from (1) to enhance the Rabl path.
>> https://github.com/bkearney/foreman_hooks/tree/bkearney/katello_hooks
>
> Isn't it possible for the view paths to be retrieved instead of needing
> to extend the plugin description?

Since hooks is a plugin, I could not see any other places where that
data is stored. I assume I could try and get the rabl configuration from
rails… but I dont know if that would be messier.

>
> I also don't think model namespaces should be removed.

Since this is user facing, It seems like it should. The user sees Tasks,
Products, etc. They do not see foreman_tasks/tasks, katello/products. I
think exposing the plugin name will make it harder for folks to figure
out where to put their hooks.

– bk

··· On 10/20/2014 03:32 AM, Dominic Cleal wrote: > On 17/10/14 18:47, Bryan Kearney wrote:

>> Today I tried to get foreman_hooks to work with katello. I can still not get
>> a hook to run, but I think this is due to either selinux or permissions.
>> Below are some patches I needed to apply in order to get it to work. If
>> folks are ok with this, I will put in the proper tickets to get it to work.
>>
>> The issue that found was that foreman_hooks only used the views directory
>> from the main engine. It did not use any directories from any loaded
>> plugins. So, this uses the Gem location from the plugin to pass along this
>> information.
>>
>> Patch 1: Enhance the plugin to carry a path, and to load it from the
>> Gemspec.
>> https://github.com/bkearney/foreman/tree/bkearney/katello_hooks
>>
>> Patch 2:
>> Use the path from (1) to enhance the Rabl path.
>> https://github.com/bkearney/foreman_hooks/tree/bkearney/katello_hooks
>>
>> Patch 3:
>> Some loading Voodoo, I dont know why I had to do this
>> https://github.com/bkearney/katello/tree/bkearney/katello_hooks
>
> I'm all for getting hooks working with Katello (and plugins generally)!
>
> I can see where users may want do things after creating a content view,
> content host, etc.

When designing Dynflow this was one of our goals to make it plug-able.
So any plugin ours or customers can create Dynflow actions and subscribe
them to any action already present in foreman/katello which extends
original processes with additional custom actions.

It may be dangerous saying to users to subscribe to any action though,
so we should document a list of suitable actions to subscribe like the
repository synchronization and similar.

··· On 17.10.14 22:18, Stephen Benjamin wrote: > On Fri, Oct 17, 2014 at 01:47:15PM -0400, Bryan Kearney wrote:

For Katello specifically, we might want to define some additional
callbacks, like to do something after a content view is published, or a
repo synced. Maybe after_update would work there, but it’d be easier to
hook on to specific things.

And/or: I don’t know if it makes sense to do this, but provide a way to
hook onto foreman-tasks actions themselves.


Stephen Benjamin


Red Hat GmbH | http://de.redhat.com/ | Sitz: Grasbrunn
Handelsregister: Amtsgericht München, HRB 153243
Geschäftsführer: Charles Cachera, Michael Cunningham,
Michael O’Neill, Charles Peters

Plenty, I'd say it's the norm. Discovery's not isolated, bootdisk is as
of 3.x, Katello is I think. I don't think any CR plugins are isolated.

··· On 29/10/14 20:40, Bryan Kearney wrote: > > > On 10/20/2014 03:32 AM, Dominic Cleal wrote: >> On 17/10/14 18:47, Bryan Kearney wrote: >>> Today I tried to get foreman_hooks to work with katello. I can still not >>> get a hook to run, but I think this is due to either selinux or >>> permissions. Below are some patches I needed to apply in order to get it >>> to work. If folks are ok with this, I will put in the proper tickets to >>> get it to work. >>> >>> The issue that found was that foreman_hooks only used the views >>> directory from the main engine. It did not use any directories from any >>> loaded plugins. >> >> Does this affect isolated engines only? > > I have not tested.. are any of the plugins not isolated?


Dominic Cleal
Red Hat Engineering

I tested this foreman_tasks which is not an isolated engine. The model
seems to work.

In full clarity, foreman_tasks did not work because (1) there is no
api_v2 views and (2) I think there is an issued with hooks and
inheirtance. However, I think these two issues are out of scope of this
particular enhancement.

With this, I can add in a hook at

/usr/share/foreman/config/hooks/katello/product/after_create/foo.sh

and the plugin will successfully call it.

Is the approach ok? If so, I will put in the issues and the prs. I would
really like to get the prs in for 1.7.

  • bk
··· On 10/30/2014 04:29 AM, Dominic Cleal wrote: > On 29/10/14 20:40, Bryan Kearney wrote: >> >> >> On 10/20/2014 03:32 AM, Dominic Cleal wrote: >>> On 17/10/14 18:47, Bryan Kearney wrote: >>>> Today I tried to get foreman_hooks to work with katello. I can still not >>>> get a hook to run, but I think this is due to either selinux or >>>> permissions. Below are some patches I needed to apply in order to get it >>>> to work. If folks are ok with this, I will put in the proper tickets to >>>> get it to work. >>>> >>>> The issue that found was that foreman_hooks only used the views >>>> directory from the main engine. It did not use any directories from any >>>> loaded plugins. >>> >>> Does this affect isolated engines only? >> >> I have not tested.. are any of the plugins not isolated? > > Plenty, I'd say it's the norm. Discovery's not isolated, bootdisk is as > of 3.x, Katello is I think. I don't think any CR plugins are isolated. >

I added a PR [1] for the engine part. If that could get into 1.7 it
would help. I want to re-work the hooks plugin to optinally use this
feature. that way, the hooks plugin does not require foreman 1.7.

– bk

[1] https://github.com/theforeman/foreman/pull/1908

··· On 10/30/2014 01:56 PM, Bryan Kearney wrote: > On 10/30/2014 04:29 AM, Dominic Cleal wrote: >> On 29/10/14 20:40, Bryan Kearney wrote: >>> >>> >>> On 10/20/2014 03:32 AM, Dominic Cleal wrote: >>>> On 17/10/14 18:47, Bryan Kearney wrote: >>>>> Today I tried to get foreman_hooks to work with katello. I can >>>>> still not >>>>> get a hook to run, but I think this is due to either selinux or >>>>> permissions. Below are some patches I needed to apply in order to >>>>> get it >>>>> to work. If folks are ok with this, I will put in the proper >>>>> tickets to >>>>> get it to work. >>>>> >>>>> The issue that found was that foreman_hooks only used the views >>>>> directory from the main engine. It did not use any directories from >>>>> any >>>>> loaded plugins. >>>> >>>> Does this affect isolated engines only? >>> >>> I have not tested.. are any of the plugins not isolated? >> >> Plenty, I'd say it's the norm. Discovery's not isolated, bootdisk is as >> of 3.x, Katello is I think. I don't think any CR plugins are isolated. >> > > I tested this foreman_tasks which is not an isolated engine. The model > seems to work. > > In full clarity, foreman_tasks did not work because (1) there is no > api_v2 views and (2) I think there is an issued with hooks and > inheirtance. However, I think these two issues are out of scope of this > particular enhancement. > > With this, I can add in a hook at > > > /usr/share/foreman/config/hooks/katello/product/after_create/foo.sh > > and the plugin will successfully call it. > > Is the approach ok? If so, I will put in the issues and the prs. I would > really like to get the prs in for 1.7. > > - bk >

>
>
<SNIP>
>> - bk
>>
> I added a PR [1] for the engine part. If that could get into 1.7 it
> would help. I want to re-work the hooks plugin to optinally use this
> feature. that way, the hooks plugin does not require foreman 1.7.
>
> – bk
>
> [1] https://github.com/theforeman/foreman/pull/1908
>
I added a second PR for the hooks part

https://github.com/theforeman/foreman_hooks/pull/17

It uses the path functtionality if there, so as not to tie hooks to only
foreman 1.7+. One thing which bothers me is that during testing, I put a
hook into

/usr/share/foreman/config/hooks/katello/product/after_create

The contents of this hook are dirt simple

<SNIP>
#!/bin/bash

Example of using hook_data to query the JSON representation of the object

passed by foreman_hooks. cat $HOOK_OBJECT_FILE to see the contents.

#echo "$(date): received ${event} on ${object}" >> /tmp/hook.log
echo "katello/product/after" >> /tmp/hook.log

exit code is important on orchestration tasks

exit 0

··· On 11/10/2014 01:30 PM, Bryan Kearney wrote: ~

When I look in the logs, I see

Observed after_create hook on fds21435hghfhfghfg
Running 1 hooks for Katello::Product#after_create
Running hook:
/usr/share/foreman/config/hooks/katello/product/after_create/bk-after-nested.sh
after_create fds21435hghfhfghfg

but I see no output in /tmp.

Am I missing something stupid here?

– bk

>
>>
>>
>>
> <SNIP>
>
>>> - bk
>>>
>> I added a PR [1] for the engine part. If that could get into 1.7 it
>> would help. I want to re-work the hooks plugin to optinally use this
>> feature. that way, the hooks plugin does not require foreman 1.7.
>>
>> – bk
>>
>> [1] https://github.com/theforeman/foreman/pull/1908
>>
> I added a second PR for the hooks part
>
> https://github.com/theforeman/foreman_hooks/pull/17
>
> It uses the path functtionality if there, so as not to tie hooks to only
foreman 1.7+. One thing which bothers me is that during testing, I put a
hook into
>
> /usr/share/foreman/config/hooks/katello/product/after_create
>
> The contents of this hook are dirt simple
>
> <SNIP>
> #!/bin/bash
>
> # Example of using hook_data to query the JSON representation of the
object
> # passed by foreman_hooks. cat $HOOK_OBJECT_FILE to see the contents.
> #echo "$(date): received ${event} on ${object}" >> /tmp/hook.log
> echo "katello/product/after" >> /tmp/hook.log
>
> # exit code is important on orchestration tasks
> exit 0
> ~
> </SNIP>
>
> When I look in the logs, I see
>
> Observed after_create hook on fds21435hghfhfghfg
> Running 1 hooks for Katello::Product#after_create
> Running hook:
/usr/share/foreman/config/hooks/katello/product/after_create/bk-after-nested.sh
after_create fds21435hghfhfghfg
>
>
> but I see no output in /tmp.
>
> Am I missing something stupid here?
I assume the script is executable and the log file is writable by the
foreman user?

Ohad
>
> – bk
>
>
> –
> You received this message because you are subscribed to the Google Groups
"foreman-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-dev+unsubscribe@googlegroups.com.

··· On Nov 12, 2014 8:56 PM, "Bryan Kearney" wrote: > On 11/10/2014 01:30 PM, Bryan Kearney wrote: > For more options, visit https://groups.google.com/d/optout.

The script is owned by root, and is chmodded to 777. I am writing to
/tmp which I assume should work.

– bk

··· On 11/12/2014 02:01 PM, Ohad Levy wrote: > > On Nov 12, 2014 8:56 PM, "Bryan Kearney" > wrote: > > > > On 11/10/2014 01:30 PM, Bryan Kearney wrote: > >> > >> > >> > > > > > >>> - bk > >>> > >> I added a PR [1] for the engine part. If that could get into 1.7 it > >> would help. I want to re-work the hooks plugin to optinally use this > >> feature. that way, the hooks plugin does not require foreman 1.7. > >> > >> -- bk > >> > >> [1] https://github.com/theforeman/foreman/pull/1908 > >> > > I added a second PR for the hooks part > > > > https://github.com/theforeman/foreman_hooks/pull/17 > > > > It uses the path functtionality if there, so as not to tie hooks to > only foreman 1.7+. One thing which bothers me is that during testing, I > put a hook into > > > > /usr/share/foreman/config/hooks/katello/product/after_create > > > > The contents of this hook are dirt simple > > > > > > #!/bin/bash > > > > # Example of using hook_data to query the JSON representation of the > object > > # passed by foreman_hooks. `cat $HOOK_OBJECT_FILE` to see the contents. > > #echo "$(date): received ${event} on ${object}" >> /tmp/hook.log > > echo "katello/product/after" >> /tmp/hook.log > > > > # exit code is important on orchestration tasks > > exit 0 > > ~ > > > > > > When I look in the logs, I see > > > > Observed after_create hook on fds21435hghfhfghfg > > Running 1 hooks for Katello::Product#after_create > > Running hook: > /usr/share/foreman/config/hooks/katello/product/after_create/bk-after-nested.sh > after_create fds21435hghfhfghfg > > > > > > but I see no output in /tmp. > > > > Am I missing something stupid here? > I assume the script is executable and the log file is writable by the > foreman user?

SELinux denial?

··· On Wed, Nov 12, 2014 at 02:03:55PM -0500, Bryan Kearney wrote: > > > On 11/12/2014 02:01 PM, Ohad Levy wrote: > > > >On Nov 12, 2014 8:56 PM, "Bryan Kearney" >> wrote: > > > > > > On 11/10/2014 01:30 PM, Bryan Kearney wrote: > > >> > > >> > > >> > > > > > > > > >>> - bk > > >>> > > >> I added a PR [1] for the engine part. If that could get into 1.7 it > > >> would help. I want to re-work the hooks plugin to optinally use this > > >> feature. that way, the hooks plugin does not require foreman 1.7. > > >> > > >> -- bk > > >> > > >> [1] https://github.com/theforeman/foreman/pull/1908 > > >> > > > I added a second PR for the hooks part > > > > > > https://github.com/theforeman/foreman_hooks/pull/17 > > > > > > It uses the path functtionality if there, so as not to tie hooks to > >only foreman 1.7+. One thing which bothers me is that during testing, I > >put a hook into > > > > > > /usr/share/foreman/config/hooks/katello/product/after_create > > > > > > The contents of this hook are dirt simple > > > > > > > > > #!/bin/bash > > > > > > # Example of using hook_data to query the JSON representation of the > >object > > > # passed by foreman_hooks. `cat $HOOK_OBJECT_FILE` to see the contents. > > > #echo "$(date): received ${event} on ${object}" >> /tmp/hook.log > > > echo "katello/product/after" >> /tmp/hook.log > > > > > > # exit code is important on orchestration tasks > > > exit 0 > > > ~ > > > > > > > > > When I look in the logs, I see > > > > > > Observed after_create hook on fds21435hghfhfghfg > > > Running 1 hooks for Katello::Product#after_create > > > Running hook: > >/usr/share/foreman/config/hooks/katello/product/after_create/bk-after-nested.sh > >after_create fds21435hghfhfghfg > > > > > > > > > but I see no output in /tmp. > > > > > > Am I missing something stupid here? > >I assume the script is executable and the log file is writable by the > >foreman user? > > The script is owned by root, and is chmodded to 777. I am writing to /tmp > which I assume should work.


Stephen Benjamin


Red Hat GmbH | http://de.redhat.com/ | Sitz: Grasbrunn
Handelsregister: Amtsgericht München, HRB 153243
Geschäftsführer: Charles Cachera, Michael Cunningham,
Michael O’Neill, Charles Peters

I did not see anything in audit.log

– bk

··· Sent with thumbs

On Nov 12, 2014, at 8:37 PM, Stephen Benjamin stephen@redhat.com wrote:

On Wed, Nov 12, 2014 at 02:03:55PM -0500, Bryan Kearney wrote:

On 11/12/2014 02:01 PM, Ohad Levy wrote:

On Nov 12, 2014 8:56 PM, “Bryan Kearney” <bryan.kearney@gmail.com >>> mailto:bryan.kearney@gmail.com> wrote:

On 11/10/2014 01:30 PM, Bryan Kearney wrote:

  • bk
    I added a PR [1] for the engine part. If that could get into 1.7 it
    would help. I want to re-work the hooks plugin to optinally use this
    feature. that way, the hooks plugin does not require foreman 1.7.

– bk

[1] https://github.com/theforeman/foreman/pull/1908
I added a second PR for the hooks part

https://github.com/theforeman/foreman_hooks/pull/17

It uses the path functtionality if there, so as not to tie hooks to
only foreman 1.7+. One thing which bothers me is that during testing, I
put a hook into

/usr/share/foreman/config/hooks/katello/product/after_create

The contents of this hook are dirt simple

#!/bin/bash

Example of using hook_data to query the JSON representation of the

object

passed by foreman_hooks. cat $HOOK_OBJECT_FILE to see the contents.

#echo “$(date): received ${event} on ${object}” >> /tmp/hook.log
echo “katello/product/after” >> /tmp/hook.log

exit code is important on orchestration tasks

exit 0
~

When I look in the logs, I see

Observed after_create hook on fds21435hghfhfghfg
Running 1 hooks for Katello::Product#after_create
Running hook:
/usr/share/foreman/config/hooks/katello/product/after_create/bk-after-nested.sh
after_create fds21435hghfhfghfg

but I see no output in /tmp.

Am I missing something stupid here?
I assume the script is executable and the log file is writable by the
foreman user?

The script is owned by root, and is chmodded to 777. I am writing to /tmp
which I assume should work.

SELinux denial?


Stephen Benjamin


Red Hat GmbH | http://de.redhat.com/ | Sitz: Grasbrunn
Handelsregister: Amtsgericht München, HRB 153243
Geschäftsführer: Charles Cachera, Michael Cunningham,
Michael O’Neill, Charles Peters