-
Notifications
You must be signed in to change notification settings - Fork 54
/
Copy pathconfigure.pp
182 lines (160 loc) · 6.9 KB
/
configure.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
# @api private
#
# @summary Configure first-time classification and DR setup
#
# @param compiler_pool_address
# The service address used by agents to connect to compilers, or the Puppet
# service. Typically this is a load balancer.
# @param internal_compiler_a_pool_address
# A load balancer address directing traffic to any of the "A" pool
# compilers. This is used for DR configuration in large and extra large
# architectures.
# @param internal_compiler_b_pool_address
# A load balancer address directing traffic to any of the "B" pool
# compilers. This is used for DR configuration in large and extra large
# architectures.
# @param ldap_config
# This hash contains the options necessary for configuring the LDAP
# connection on the main server.
# @param final_agent_state
# Configures the state the puppet agent should be in on infrastructure nodes
# after PE is configured successfully.
#
plan peadm::subplans::configure (
# Standard
Peadm::SingleTargetSpec $primary_host,
Optional[Peadm::SingleTargetSpec] $replica_host = undef,
# Large
Optional[TargetSpec] $compiler_hosts = undef,
Optional[TargetSpec] $legacy_compilers = undef,
# Extra Large
Optional[Peadm::SingleTargetSpec] $primary_postgresql_host = undef,
Optional[Peadm::SingleTargetSpec] $replica_postgresql_host = undef,
# Common Configuration
String $compiler_pool_address = $primary_host.peadm::certname(),
Optional[String] $internal_compiler_a_pool_address = undef,
Optional[String] $internal_compiler_b_pool_address = undef,
Optional[String] $token_file = undef,
Optional[String] $deploy_environment = undef,
Optional[Peadm::Ldap_config] $ldap_config = undef,
# Other
String $stagingdir = '/tmp',
Enum['running', 'stopped'] $final_agent_state = 'running'
) {
# TODO: get and validate PE version
# Convert inputs into targets.
$primary_target = peadm::get_targets($primary_host, 1)
$replica_target = peadm::get_targets($replica_host, 1)
$replica_postgresql_target = peadm::get_targets($replica_postgresql_host, 1)
$compiler_targets = peadm::get_targets($compiler_hosts)
$legacy_compiler_targets = peadm::get_targets($legacy_compilers)
$primary_postgresql_target = peadm::get_targets($primary_postgresql_host, 1)
# Ensure input valid for a supported architecture
$arch = peadm::assert_supported_architecture(
$primary_host,
$replica_host,
$primary_postgresql_host,
$replica_postgresql_host,
$compiler_hosts,
$legacy_compilers,
)
# Source list of files on Primary and synchronize to new Replica
$common_content_source = '/etc/puppetlabs/puppet/hiera.yaml'
$replica_content_sources = [
'/opt/puppetlabs/server/data/console-services/certs/ad_ca_chain.pem',
'/etc/puppetlabs/orchestration-services/conf.d/secrets/keys.json',
'/etc/puppetlabs/orchestration-services/conf.d/secrets/orchestrator-encryption-keys.json',
'/etc/puppetlabs/console-services/conf.d/secrets/keys.json',
]
run_plan('peadm::util::copy_file', peadm::flatten_compact([
$replica_target,
$compiler_targets,
$legacy_compiler_targets,
]),
source_host => $primary_target,
path => $common_content_source
)
parallelize($replica_content_sources) |$path| {
run_plan('peadm::util::copy_file', $replica_target,
source_host => $primary_target,
path => $path
)
}
# Set up the console node groups to configure the various hosts in their roles
apply($primary_target) {
class { 'peadm::setup::node_manager_yaml':
primary_host => $primary_target.peadm::certname(),
}
class { 'peadm::setup::node_manager':
primary_host => $primary_target.peadm::certname(),
server_a_host => $primary_target.peadm::certname(),
server_b_host => $replica_target.peadm::certname(),
postgresql_a_host => $primary_postgresql_target.peadm::certname(),
postgresql_b_host => $replica_postgresql_target.peadm::certname(),
compiler_pool_address => $compiler_pool_address,
internal_compiler_a_pool_address => $internal_compiler_a_pool_address,
internal_compiler_b_pool_address => $internal_compiler_b_pool_address,
require => Class['peadm::setup::node_manager_yaml'],
}
}
if $arch['disaster-recovery'] {
# Run the PE Replica Provision
run_task('peadm::provision_replica', $primary_target,
replica => $replica_target.peadm::certname(),
token_file => $token_file,
# Race condition, where the provision command checks PuppetDB status and
# probably gets "starting", but fails out because that's not "running".
# Can remove flag when that issue is fixed.
legacy => true,
)
}
if $ldap_config {
$pe_version = run_task('peadm::read_file', $primary_target,
path => '/opt/puppetlabs/server/pe_version',
)[0][content].chomp
# Run the task to configure ldap
$ldap_result = run_task('peadm::pe_ldap_config', $primary_target,
pe_main => $primary_target.peadm::certname(),
ldap_config => $ldap_config,
pe_version => $pe_version,
'_catch_errors' => true,
)
# If there was an LDAP failure, note it and continue.
if $ldap_result[0].error {
out::message('There was a problem with the LDAP configuration, configuration must be completed manually.')
out::message($ldap_result.to_data)
}
}
# Run Puppet everywhere to pick up last remaining config tweaks
run_task('peadm::puppet_runonce', peadm::flatten_compact([
$primary_target,
$primary_postgresql_target,
$compiler_targets,
$legacy_compiler_targets,
$replica_target,
$replica_postgresql_target,
]))
# Deploy an environment if a deploy environment is specified
if $deploy_environment {
run_task('peadm::code_manager', $primary_target,
action => "deploy ${deploy_environment}",
)
}
# Configure Puppet agent service status now that configuration is complete
$systemctl_state = $final_agent_state ? {
'running' => 'start',
'stopped' => 'stop'
}
run_command("systemctl ${systemctl_state} puppet", peadm::flatten_compact([
$primary_target,
$replica_target,
$primary_postgresql_target,
$replica_postgresql_target,
$compiler_targets,
$legacy_compiler_targets,
]))
# Update PE Master rules to support legacy compilers
run_task('peadm::update_pe_master_rules', $primary_host)
run_task('peadm::puppet_runonce', $legacy_compiler_targets)
return("Configuration of Puppet Enterprise ${arch['architecture']} succeeded.")
}