From d17f30124e8fa41d1c9194a8d4059d46742a7df7 Mon Sep 17 00:00:00 2001
From: Tim Meusel <tim@bastelfreak.de>
Date: Fri, 25 Oct 2024 19:21:18 +0200
Subject: [PATCH] Add service to publish facts to foreman

---
 .fixtures.yml             |  1 +
 manifests/init.pp         | 34 ++++++++++++++++++++++++++++++++++
 manifests/params.pp       |  9 ++++++---
 metadata.json             |  4 ++++
 spec/classes/init_spec.rb |  8 ++++++++
 5 files changed, 53 insertions(+), 3 deletions(-)

diff --git a/.fixtures.yml b/.fixtures.yml
index 4f2c1f9..6f7d482 100644
--- a/.fixtures.yml
+++ b/.fixtures.yml
@@ -1,3 +1,4 @@
 fixtures:
   repositories:
     stdlib: 'https://github.com/puppetlabs/puppetlabs-stdlib'
+    systemd: 'https://github.com/voxpupuli/puppet-systemd'
diff --git a/manifests/init.pp b/manifests/init.pp
index baf1eea..eb65adb 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -40,6 +40,10 @@
 #   The directory used to install the report processor to
 # @param use_client_tls_certs
 #   Enable client TLS authentication to foreman
+# @param fact_watcher_service
+#   Sets up a simple systemd unit that watches for new fact files and publishes them to foreman. Not required when foreman is the ENC
+# @param manage_fact_watcher_dependencies
+#   Install the missing dependencies for fact_watchter
 class puppetserver_foreman (
   Stdlib::HTTPUrl $foreman_url = $puppetserver_foreman::params::foreman_url,
   Boolean $enc = true,
@@ -58,6 +62,8 @@
   Variant[Enum[''], Stdlib::Absolutepath] $ssl_cert = $puppetserver_foreman::params::client_ssl_cert,
   Variant[Enum[''], Stdlib::Absolutepath] $ssl_key = $puppetserver_foreman::params::client_ssl_key,
   Boolean $use_client_tls_certs = true,
+  Boolean $fact_watcher_service = $puppetserver_foreman::params::fact_watcher_service,
+  Boolean $manage_fact_watcher_dependencies = true,
 ) inherits puppetserver_foreman::params {
   case $facts['os']['family'] {
     'Debian': { $json_package = 'ruby-json' }
@@ -126,5 +132,33 @@
       group  => $puppet_group,
       mode   => '0750',
     }
+    if $manage_fact_watcher_dependencies {
+      $ensure = if $fact_watcher_service {
+        'installed'
+      } else {
+        'absent'
+      }
+      package { 'ruby-inotify':
+        ensure   => 'installed',
+        provider => 'puppet_gem',
+        before   => Systemd::Unit_file['fact_watcher.service'],
+      }
+    }
+    systemd::manage_unit { 'fact_watcher.service':
+      enable  => $fact_watcher_service,
+      active  => $fact_watcher_service,
+      unit_entry => {
+        'Description' => 'Publish facts to Foreman',
+      },
+      service_entry => {
+        'Type' => 'simple',
+        'Environment' => "PATH=/opt/puppetlabs/puppet/bin:${facts['path']}",
+        'User' => $user,
+        'ExecStart' => "${puppet_etcdir}/node.rb --watch-facts --push-facts-parallel",
+      },
+      install_entry => {
+        'WantedBy' => 'multi-user.target',
+      },
+    }
   }
 }
diff --git a/manifests/params.pp b/manifests/params.pp
index 1d21de3..86b60d6 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -55,8 +55,11 @@
 
   # PE uses a different user/group compared to open source puppet
   # the is_pe fact exists in PE and in stdlib. It can be true/false/undef (undef means open source)
-  $puppet_user = $facts['is_pe'] ? {
-    true => 'pe-puppet',
-    default => 'puppet'
+  if $facts['is_pe'] {
+    $puppet_user = 'pe-puppet'
+    $fact_watcher_service = true
+  } else {
+    $puppet_user = 'puppet'
+    $fact_watcher_service = false
   }
 }
diff --git a/metadata.json b/metadata.json
index 93221c0..a774af3 100644
--- a/metadata.json
+++ b/metadata.json
@@ -18,6 +18,10 @@
     {
       "name": "puppetlabs/stdlib",
       "version_requirement": ">= 9.0.0 < 10.0.0"
+    },
+    {
+      "name": "puppet/systemd",
+      "version_requirement": ">= 7.1.0 < 8.0.0"
     }
   ],
   "requirements": [
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index 2b1c25f..8b3ad96 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -81,6 +81,8 @@
             .with_owner('puppet')
             .with_group('puppet')
             .with_content(%r{foreman\.yaml})
+
+          should_not contain_systemd__unit_file('fact_watcher.service')
         end
 
         it 'should set up directories for the ENC' do
@@ -168,6 +170,12 @@
 
         it { should contain_class('puppetserver_foreman').with_foreman_url('https://hiera-foreman.example.com') }
       end
+      describe 'setup service to pubish facts' do
+        let :params do
+          {fact_watcher_service: true}
+        end
+        it { is_expected.to contain_systemd__unit_file('fact_watcher.service') }
+      end
     end
   end
 end