Ask Your Question

foreman : Find host by report

asked 2016-08-18 03:03:09 -0600

Imagin0s gravatar image

updated 2016-08-19 04:42:50 -0600


I have a little technical question about foreman. I have an issue in some hosts managed by foreman. Several of them have a package called "nagios-nrpe-server" which is badly installed. So after each puppet_interval, puppet try to install it again and again creating this notice in the foreman report :

notice /Stage[main]/Nrpe::Install/Package[nagios-nrpe-server]/ensure ensure changed 'held' to 'present'

The problem is that as a result, the node stay in configuration "active" instead of "no change".

I have created a script which can iterate a manual installation of the package "nagios-nrpe-server" on all servers on which the package is badly installed, but I need to find first which of them have the package badly installed.

I am thinking a way of filtering all the hosts in foreman which have the message : "notice /Stage[main]/Nrpe::Install/Package[nagios-nrpe-server]/ensure ensure changed 'held' to 'present'" in their last report.

The foreman manuel say that :

In search queries, white spaces are used as a delimiter. Here are some examples of the way a query will be interpreted: description ~ "created successfully": list all notifications that contain “created successfully” description ~ created successfully: list all notifications that contain “created” and at least one of its text fields contains “successfully” description !~ created successfully: list all notifications that doesn’t contain “created” and at least one of its text fields contains “successfully”

I tested on the foreman web interface but it didn't work... Have you got an idea of how I could filter the hosts by their last report notice message using the web interface or an API ?

Thanks. Regards,

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted

answered 2016-08-19 03:10:36 -0600

domcleal gravatar image

You can search for the contents of log messages from the Configuration Management reports page (/config_reports). Always try the search box autocomplete, it can help you find which fields and values are available to filter on. This page will search for a list of reports containing the phrases you want, and will return the hostnames for where the reports came from.

The log messages are split into the resource , which will be /Stage[main]/Nrpe::Install/Package[nagios-nrpe-server]/ensure), and the message (log), which will be ensure changed 'held' to 'present'. You could filter by either, but I don't think you can search for a single report line containing both (only a single report with both).

  1. reported > "35 minutes ago" and resource ~ nagios-nrpe-server should return any recent reports for changes in nagios-nrpe-server.
  2. reported > "35 minutes ago" and log ~ "changed 'held' to 'present'" should return any recent reports for the held/present phrase

If you also use the Hammer CLI, you can get a list of hostnames back trivially.

hammer --csv report list --search 'reported > "35 minutes ago" and resource ~ nagios-nrpe-server' | tail -n +2 | cut -d, -f2 | uniq
edit flag offensive delete link more


Hello, Thanks. Your solution "reported > "35 minutes ago" and resource ~ nagios-nrpe-server" for search in the web interface works well. Regards,

Imagin0s gravatar imageImagin0s ( 2016-08-19 04:41:36 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2016-08-18 03:03:09 -0600

Seen: 516 times

Last updated: Aug 19 '16