Add service to publish facts to foreman

.fixtures.yml

@@ -1,3 +1,4 @@
 fixtures:
   repositories:
     stdlib: 'https://github.com/puppetlabs/puppetlabs-stdlib'
+    systemd: 'https://github.com/voxpupuli/puppet-systemd'

manifests/init.pp

@@ -40,6 +40,10 @@
 #   The directory used to install the report processor to
 # @param use_client_tls_certs
 #   Enable client TLS authentication to foreman
+# @param fact_watcher_service
+#   Sets up a simple systemd unit that watches for new fact files and publishes them to foreman. Not required when foreman is the ENC
+# @param manage_fact_watcher_dependencies
+#   Install the missing dependencies for fact_watchter
 class puppetserver_foreman (
   Stdlib::HTTPUrl $foreman_url = $puppetserver_foreman::params::foreman_url,
   Boolean $enc = true,
@@ -58,6 +62,8 @@
   Variant[Enum[''], Stdlib::Absolutepath] $ssl_cert = $puppetserver_foreman::params::client_ssl_cert,
   Variant[Enum[''], Stdlib::Absolutepath] $ssl_key = $puppetserver_foreman::params::client_ssl_key,
   Boolean $use_client_tls_certs = true,
+  Boolean $fact_watcher_service = $puppetserver_foreman::params::fact_watcher_service,
+  Boolean $manage_fact_watcher_dependencies = true,
 ) inherits puppetserver_foreman::params {
   case $facts['os']['family'] {
     'Debian': { $json_package = 'ruby-json' }
@@ -126,5 +132,33 @@
       group  => $puppet_group,
       mode   => '0750',
     }
+    if $manage_fact_watcher_dependencies {
+      $ensure = if $fact_watcher_service {
+        'installed'
+      } else {
+        'absent'
+      }
+      package { 'ruby-inotify':
+        ensure   => 'installed',
+        provider => 'puppet_gem',
+        before   => Systemd::Unit_file['fact_watcher.service'],
+      }
+    }
+    systemd::manage_unit { 'fact_watcher.service':
+      enable        => $fact_watcher_service,
+      active        => $fact_watcher_service,
+      unit_entry    => {
+        'Description' => 'Publish facts to Foreman',
+      },
+      service_entry => {
+        'Type'        => 'simple',
+        'Environment' => "PATH=/opt/puppetlabs/puppet/bin:${facts['path']}",
+        'User'        => $puppet_user,
+        'ExecStart'   => "${puppet_etcdir}/node.rb --watch-facts --push-facts-parallel",
+      },
+      install_entry => {
+        'WantedBy' => 'multi-user.target',
+      },
+    }
   }
 }

manifests/params.pp

@@ -55,8 +55,11 @@
 
   # PE uses a different user/group compared to open source puppet
   # the is_pe fact exists in PE and in stdlib. It can be true/false/undef (undef means open source)
-  $puppet_user = $facts['is_pe'] ? {
-    true => 'pe-puppet',
-    default => 'puppet'
+  if $facts['is_pe'] {
+    $puppet_user = 'pe-puppet'
+    $fact_watcher_service = true
+  } else {
+    $puppet_user = 'puppet'
+    $fact_watcher_service = false
   }
 }

metadata.json

@@ -1,4 +1,4 @@
 {
   "name": "theforeman-puppetserver_foreman",
   "version": "4.0.0",
   "author": "theforeman",
@@ -18,6 +18,10 @@
     {
       "name": "puppetlabs/stdlib",
       "version_requirement": ">= 9.0.0 < 10.0.0"
+    },
+    {
+      "name": "puppet/systemd",
+      "version_requirement": ">= 7.1.0 < 8.0.0"
     }
   ],
   "requirements": [

spec/classes/init_spec.rb

@@ -75,12 +75,14 @@
             .with_require('Exec[Create Puppet Reports dir]')
         end
 
         it 'should set up enc' do
           should contain_file("#{etc_dir}/node.rb")
             .with_mode('0550')
             .with_owner('puppet')
             .with_group('puppet')
             .with_content(%r{foreman\.yaml})
+
+          should_not contain_systemd__unit_file('fact_watcher.service')
         end
 
         it 'should set up directories for the ENC' do
@@ -168,6 +170,12 @@
 
         it { should contain_class('puppetserver_foreman').with_foreman_url('https://hiera-foreman.example.com') }
       end
+      describe 'setup service to pubish facts' do
+        let :params do
+          {fact_watcher_service: true}
+        end
+        it { is_expected.to contain_systemd__unit_file('fact_watcher.service') }
+      end
     end
   end
 end