Skip to content

Commit 03de2bd

Browse files
reidmvreidmv
authored
Merge pull request #76 from puppetlabs/peadm-oids
Use custom OIDs for peadm role and avil. group
2 parents 320b60e + 7583420 commit 03de2bd

16 files changed

+427
-83
lines changed

README.md

+1
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ Plans:
1616

1717
* [Provision](documentation/provision.md)
1818
* [Upgrade](documentation/upgrade.md)
19+
* [Convert](documentation/convert.md)
1920

2021
Reference:
2122

documentation/convert.md

+26
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
# Convert infrastructure for use with the peadm module
2+
3+
The peadm::convert plan can be used to adopt manually deployed infrastructure for use with peadm, or to adopt infrastructure deployed with a version of peadm older than 1.0.0.
4+
5+
## Convert an Existing Deployment
6+
7+
Prepare to run the plan against all servers in the PE infrastructure, using a params.json file such as this one:
8+
9+
```json
10+
{
11+
"master_host": "pe-xl-core-0.lab1.puppet.vm",
12+
"master_replica_host": "pe-xl-core-1.lab1.puppet.vm",
13+
"compiler_hosts": [
14+
"pe-xl-compiler-0.lab1.puppet.vm",
15+
"pe-xl-compiler-1.lab1.puppet.vm"
16+
],
17+
18+
"compiler_pool_address": "puppet.lab1.puppet.vm",
19+
}
20+
```
21+
22+
See the [provision](provision.md#reference-architectures) documentation for a list of supported architectures. Note that for convert, *all infrastructure being converted must already be functional*; you cannot use convert to add new systems to the infrastructure, nor can you use it to change your architecture.
23+
24+
```
25+
bolt plan run peadm::convert --params @params.json
26+
```

functions/oid.pp

+11
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
function peadm::oid (
2+
String $short_name,
3+
) {
4+
case $short_name {
5+
'peadm_role': { '1.3.6.1.4.1.34380.1.1.9812' }
6+
'peadm_availability_group': { '1.3.6.1.4.1.34380.1.1.9813' }
7+
'pp_application': { '1.3.6.1.4.1.34380.1.1.8' }
8+
'pp_cluster': { '1.3.6.1.4.1.34380.1.1.16' }
9+
default: { fail("No peadm OID for ${short_name}") }
10+
}
11+
}

manifests/setup/node_manager.pp

+11-13
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,6 @@
11
# This profile is not intended to be continously enforced on PE masters.
22
# Rather, it describes state to enforce as a boostrap action, preparing the
33
# Puppet Enterprise console with a sane default environment configuration.
4-
# Importantly, this includes assigning nodes to an environment matching thier
5-
# trusted.extensions.pp_environment value by default.
64
#
75
# This class will be applied during master bootstrap using e.g.
86
#
@@ -49,7 +47,7 @@
4947
# We modify this group's rule such that all PE infrastructure nodes will be
5048
# members.
5149
node_group { 'PE Infrastructure Agent':
52-
rule => ['and', ['~', ['trusted', 'extensions', 'pp_application'], '^puppet/']],
50+
rule => ['and', ['~', ['trusted', 'extensions', peadm::oid('peadm_role')], '^puppet/']],
5351
}
5452

5553
# We modify this group to add, as data, the compiler_pool_address only.
@@ -58,7 +56,7 @@
5856
node_group { 'PE Master':
5957
parent => 'PE Infrastructure',
6058
rule => ['or',
61-
['and', ['=', ['trusted', 'extensions', 'pp_application'], 'puppet/compiler']],
59+
['and', ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/compiler']],
6260
['=', 'name', $master_host],
6361
],
6462
data => {
@@ -77,7 +75,7 @@
7775
parent => 'PE Infrastructure',
7876
environment => 'production',
7977
override_environment => false,
80-
rule => ['and', ['=', ['trusted', 'extensions', 'pp_application'], 'puppet/puppetdb-database']],
78+
rule => ['and', ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/puppetdb-database']],
8179
classes => {
8280
'puppet_enterprise::profile::database' => { },
8381
},
@@ -90,8 +88,8 @@
9088
ensure => present,
9189
parent => 'PE Infrastructure',
9290
rule => ['and',
93-
['=', ['trusted', 'extensions', 'pp_application'], 'puppet/master'],
94-
['=', ['trusted', 'extensions', 'pp_cluster'], 'A'],
91+
['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/master'],
92+
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'A'],
9593
],
9694
data => {
9795
'puppet_enterprise::profile::primary_master_replica' => {
@@ -109,8 +107,8 @@
109107
ensure => 'present',
110108
parent => 'PE Master',
111109
rule => ['and',
112-
['=', ['trusted', 'extensions', 'pp_application'], 'puppet/compiler'],
113-
['=', ['trusted', 'extensions', 'pp_cluster'], 'A'],
110+
['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/compiler'],
111+
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'A'],
114112
],
115113
classes => {
116114
'puppet_enterprise::profile::puppetdb' => {
@@ -144,8 +142,8 @@
144142
ensure => present,
145143
parent => 'PE Infrastructure',
146144
rule => ['and',
147-
['=', ['trusted', 'extensions', 'pp_application'], 'puppet/master'],
148-
['=', ['trusted', 'extensions', 'pp_cluster'], 'B'],
145+
['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/master'],
146+
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'B'],
149147
],
150148
data => {
151149
'puppet_enterprise::profile::primary_master_replica' => {
@@ -161,8 +159,8 @@
161159
ensure => 'present',
162160
parent => 'PE Master',
163161
rule => ['and',
164-
['=', ['trusted', 'extensions', 'pp_application'], 'puppet/compiler'],
165-
['=', ['trusted', 'extensions', 'pp_cluster'], 'B'],
162+
['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/compiler'],
163+
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'B'],
166164
],
167165
classes => {
168166
'puppet_enterprise::profile::puppetdb' => {

manifests/setup/node_manager_yaml.pp

+16
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
class peadm::setup::node_manager_yaml (
2+
String $master_host,
3+
) {
4+
5+
# Necessary to give the sandboxed Puppet executor the configuration
6+
# necessary to connect to the classifier`
7+
file { 'node_manager.yaml':
8+
ensure => file,
9+
mode => '0644',
10+
path => Deferred('peadm::node_manager_yaml_location'),
11+
content => epp('peadm/node_manager.yaml.epp', {
12+
server => $master_host,
13+
}),
14+
}
15+
16+
}

metadata.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "puppetlabs-peadm",
3-
"version": "0.5.2",
3+
"version": "1.0.0",
44
"author": "Puppet Labs Solutions Architecture",
55
"summary": "Bolt plans used to deploy an at-scale Puppet Enterprise architecture",
66
"license": "Apache-2.0",

plans/action/configure.pp

+7-25
Original file line numberDiff line numberDiff line change
@@ -56,37 +56,19 @@
5656

5757
# Set up the console node groups to configure the various hosts in their roles
5858

59-
# Pending resolution of Bolt GH-1244, Target objects and their methods are
60-
# not accessible inside apply() blocks. Work around the limitation for now
61-
# by using string variables calculated outside the apply block. The
62-
# commented-out values should be used once GH-1244 is resolved.
63-
64-
# WORKAROUND: GH-1244
65-
$master_host_string = $master_target.peadm::target_name()
66-
$master_replica_host_string = $master_replica_target.peadm::target_name()
67-
$puppetdb_database_host_string = $puppetdb_database_target.peadm::target_name()
68-
$puppetdb_database_replica_host_string = $puppetdb_database_replica_target.peadm::target_name()
69-
7059
apply($master_target) {
71-
# Necessary to give the sandboxed Puppet executor the configuration
72-
# necessary to connect to the classifier`
73-
file { 'node_manager.yaml':
74-
ensure => file,
75-
mode => '0644',
76-
path => Deferred('peadm::node_manager_yaml_location'),
77-
content => epp('peadm/node_manager.yaml.epp', {
78-
server => $master_host_string,
79-
}),
60+
class { 'peadm::setup::node_manager_yaml':
61+
master_host => $master_target.peadm::target_name(),
8062
}
8163

8264
class { 'peadm::setup::node_manager':
8365
# WORKAROUND: GH-1244
84-
master_host => $master_host_string, # $master_target.peadm::target_name(),
85-
master_replica_host => $master_replica_host_string, # $master_replica_target.peadm::target_name(),
86-
puppetdb_database_host => $puppetdb_database_host_string, # $puppetdb_database_target.peadm::target_name(),
87-
puppetdb_database_replica_host => $puppetdb_database_replica_host_string, # $puppetdb_database_replica_target.peadm::target_name(),
66+
master_host => $master_target.peadm::target_name(),
67+
master_replica_host => $master_replica_target.peadm::target_name(),
68+
puppetdb_database_host => $puppetdb_database_target.peadm::target_name(),
69+
puppetdb_database_replica_host => $puppetdb_database_replica_target.peadm::target_name(),
8870
compiler_pool_address => $compiler_pool_address,
89-
require => File['node_manager.yaml'],
71+
require => Class['peadm::setup::node_manager_yaml'],
9072
}
9173
}
9274

plans/action/install.pp

+23-34
Original file line numberDiff line numberDiff line change
@@ -179,40 +179,29 @@
179179
upload_path => $upload_tarball_path,
180180
)
181181

182-
# Create csr_attributes.yaml files for the nodes that need them
183-
# There is a problem with OID names in csr_attributes.yaml for some
184-
# installs, e.g. PE 2019.0.1, PUP-9746. Use the raw OIDs for now.
185-
$pp_application = '1.3.6.1.4.1.34380.1.1.8'
186-
$pp_cluster = '1.3.6.1.4.1.34380.1.1.16'
187-
188-
run_task('peadm::mkdir_p_file', $master_target,
189-
path => '/etc/puppetlabs/puppet/csr_attributes.yaml',
190-
content => @("HEREDOC"),
191-
---
192-
extension_requests:
193-
${pp_application}: "puppet/master"
194-
${pp_cluster}: "A"
195-
| HEREDOC
182+
# Create csr_attributes.yaml files for the nodes that need them. Ensure that
183+
# if a csr_attributes.yaml file is already present, the values we need are
184+
# merged with the existing values.
185+
186+
run_plan('peadm::util::insert_csr_extensions', $master_target,
187+
extensions => {
188+
peadm::oid('peadm_role') => 'puppet/master',
189+
peadm::oid('peadm_availability_group') => 'A',
190+
},
196191
)
197192

198-
run_task('peadm::mkdir_p_file', $puppetdb_database_target,
199-
path => '/etc/puppetlabs/puppet/csr_attributes.yaml',
200-
content => @("HEREDOC"),
201-
---
202-
extension_requests:
203-
${pp_application}: "puppet/puppetdb-database"
204-
${pp_cluster}: "A"
205-
| HEREDOC
193+
run_plan('peadm::util::insert_csr_extensions', $puppetdb_database_target,
194+
extensions => {
195+
peadm::oid('peadm_role') => 'puppet/puppetdb-database',
196+
peadm::oid('peadm_availability_group') => 'A',
197+
},
206198
)
207199

208-
run_task('peadm::mkdir_p_file', $puppetdb_database_replica_target,
209-
path => '/etc/puppetlabs/puppet/csr_attributes.yaml',
210-
content => @("HEREDOC"),
211-
---
212-
extension_requests:
213-
${pp_application}: "puppet/puppetdb-database"
214-
${pp_cluster}: "B"
215-
| HEREDOC
200+
run_plan('peadm::util::insert_csr_extensions', $puppetdb_database_replica_target,
201+
extensions => {
202+
peadm::oid('peadm_role') => 'puppet/puppetdb-database',
203+
peadm::oid('peadm_availability_group') => 'B',
204+
},
216205
)
217206

218207
# Get the master installation up and running. The installer will
@@ -307,8 +296,8 @@
307296
'--puppet-service-ensure', 'stopped',
308297
"main:certname=${master_replica_target.peadm::target_name()}",
309298
"main:dns_alt_names=${dns_alt_names_csv}",
310-
"extension_requests:${pp_application}=puppet/master",
311-
"extension_requests:${pp_cluster}=B",
299+
"extension_requests:${peadm::oid('peadm_role')}=puppet/master",
300+
"extension_requests:${peadm::oid('peadm_availability_group')}=B",
312301
],
313302
)
314303

@@ -320,8 +309,8 @@
320309
'--puppet-service-ensure', 'stopped',
321310
"main:certname=${target.peadm::target_name()}",
322311
"main:dns_alt_names=${dns_alt_names_csv}",
323-
"extension_requests:${pp_application}=puppet/compiler",
324-
"extension_requests:${pp_cluster}=${group}",
312+
"extension_requests:${peadm::oid('peadm_role')}=puppet/compiler",
313+
"extension_requests:${peadm::oid('peadm_availability_group')}=${group}",
325314
],
326315
)
327316
}

0 commit comments

Comments
 (0)