Use custom OIDs for peadm role and avil. group

Previously, peadm used pp_application and pp_cluster for this purpose.
This conflicted with some existing customer's usage of those attributes.
In order to avoid collision with customer OID usage, this commit
modifies peadm to use custom OIDs.

Author: reidmv

functions/oid.pp

@@ -0,0 +1,9 @@
+function peadm::oid (
+  String $short_name,
+) {
+  case $short_name {
+    'peadm_role':  { '1.3.6.1.4.1.34380.1.1.9812' }
+    'peadm_availability_group': { '1.3.6.1.4.1.34380.1.1.9813' }
+    default: { fail("No peadm OID for ${short_name}") }
+  }
+}

manifests/setup/node_manager.pp

@@ -1,8 +1,6 @@
 # This profile is not intended to be continously enforced on PE masters.
 # Rather, it describes state to enforce as a boostrap action, preparing the
 # Puppet Enterprise console with a sane default environment configuration.
-# Importantly, this includes assigning nodes to an environment matching thier
-# trusted.extensions.pp_environment value by default.
 #
 # This class will be applied during master bootstrap using e.g.
 #
@@ -49,7 +47,7 @@
   # We modify this group's rule such that all PE infrastructure nodes will be
   # members.
   node_group { 'PE Infrastructure Agent':
-    rule => ['and', ['~', ['trusted', 'extensions', 'pp_application'], '^puppet/']],
+    rule => ['and', ['~', ['trusted', 'extensions', peadm::oid('peadm_role')], '^puppet/']],
   }
 
   # We modify this group to add, as data, the compiler_pool_address only.
@@ -58,7 +56,7 @@
   node_group { 'PE Master':
     parent    => 'PE Infrastructure',
     rule      => ['or',
-      ['and', ['=', ['trusted', 'extensions', 'pp_application'], 'puppet/compiler']],
+      ['and', ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/compiler']],
       ['=', 'name', $master_host],
     ],
     data      => {
@@ -77,7 +75,7 @@
       parent               => 'PE Infrastructure',
       environment          => 'production',
       override_environment => false,
-      rule                 => ['and', ['=', ['trusted', 'extensions', 'pp_application'], 'puppet/puppetdb-database']],
+      rule                 => ['and', ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/puppetdb-database']],
       classes              => {
         'puppet_enterprise::profile::database' => { },
       },
@@ -90,8 +88,8 @@
     ensure => present,
     parent => 'PE Infrastructure',
     rule   => ['and',
-      ['=', ['trusted', 'extensions', 'pp_application'], 'puppet/master'],
-      ['=', ['trusted', 'extensions', 'pp_cluster'], 'A'],
+      ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/master'],
+      ['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'A'],
     ],
     data   => {
       'puppet_enterprise::profile::primary_master_replica' => {
@@ -109,8 +107,8 @@
     ensure  => 'present',
     parent  => 'PE Master',
     rule    => ['and',
-      ['=', ['trusted', 'extensions', 'pp_application'], 'puppet/compiler'],
-      ['=', ['trusted', 'extensions', 'pp_cluster'], 'A'],
+      ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/compiler'],
+      ['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'A'],
     ],
     classes => {
       'puppet_enterprise::profile::puppetdb' => {
@@ -144,8 +142,8 @@
       ensure => present,
       parent => 'PE Infrastructure',
       rule   => ['and',
-        ['=', ['trusted', 'extensions', 'pp_application'], 'puppet/master'],
-        ['=', ['trusted', 'extensions', 'pp_cluster'], 'B'],
+        ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/master'],
+        ['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'B'],
       ],
       data   => {
         'puppet_enterprise::profile::primary_master_replica' => {
@@ -161,8 +159,8 @@
       ensure  => 'present',
       parent  => 'PE Master',
       rule    => ['and',
-        ['=', ['trusted', 'extensions', 'pp_application'], 'puppet/compiler'],
-        ['=', ['trusted', 'extensions', 'pp_cluster'], 'B'],
+        ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/compiler'],
+        ['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'B'],
       ],
       classes => {
         'puppet_enterprise::profile::puppetdb' => {

plans/action/install.pp

@@ -182,16 +182,14 @@
   # Create csr_attributes.yaml files for the nodes that need them
   # There is a problem with OID names in csr_attributes.yaml for some
   # installs, e.g. PE 2019.0.1, PUP-9746. Use the raw OIDs for now.
-  $pp_application = '1.3.6.1.4.1.34380.1.1.8'
-  $pp_cluster     = '1.3.6.1.4.1.34380.1.1.16'
 
   run_task('peadm::mkdir_p_file', $master_target,
     path    => '/etc/puppetlabs/puppet/csr_attributes.yaml',
     content => @("HEREDOC"),
       ---
       extension_requests:
-        ${pp_application}: "puppet/master"
-        ${pp_cluster}: "A"
+        ${peadm::oid('peadm_role')}: "puppet/master"
+        ${peadm::oid('peadm_availability_group')}: "A"
       | HEREDOC
   )
 
@@ -200,8 +198,8 @@
     content => @("HEREDOC"),
       ---
       extension_requests:
-        ${pp_application}: "puppet/puppetdb-database"
-        ${pp_cluster}: "A"
+        ${peadm::oid('peadm_role')}: "puppet/puppetdb-database"
+        ${peadm::oid('peadm_availability_group')}: "A"
       | HEREDOC
   )
 
@@ -210,8 +208,8 @@
     content => @("HEREDOC"),
       ---
       extension_requests:
-        ${pp_application}: "puppet/puppetdb-database"
-        ${pp_cluster}: "B"
+        ${peadm::oid('peadm_role')}: "puppet/puppetdb-database"
+        ${peadm::oid('peadm_availability_group')}: "B"
       | HEREDOC
   )
 
@@ -307,8 +305,8 @@
       '--puppet-service-ensure', 'stopped',
       "main:certname=${master_replica_target.peadm::target_name()}",
       "main:dns_alt_names=${dns_alt_names_csv}",
-      "extension_requests:${pp_application}=puppet/master",
-      "extension_requests:${pp_cluster}=B",
+      "extension_requests:${peadm::oid('peadm_role')}=puppet/master",
+      "extension_requests:${peadm::oid('peadm_availability_group')}=B",
     ],
   )
 
@@ -320,8 +318,8 @@
           '--puppet-service-ensure', 'stopped',
           "main:certname=${target.peadm::target_name()}",
           "main:dns_alt_names=${dns_alt_names_csv}",
-          "extension_requests:${pp_application}=puppet/compiler",
-          "extension_requests:${pp_cluster}=${group}",
+          "extension_requests:${peadm::oid('peadm_role')}=puppet/compiler",
+          "extension_requests:${peadm::oid('peadm_availability_group')}=${group}",
         ],
       )
     }

plans/upgrade.pp

@@ -55,11 +55,13 @@
 
   # Determine which compilers are associated with which HA group
   $compiler_m1_targets = $compiler_targets.filter |$target| {
-    $trusted_facts[$target]['pp_cluster'] == $trusted_facts[$master_target[0]]['pp_cluster']
+    ($trusted_facts[$target][peadm::oid('peadm_availability_group')]
+      == $trusted_facts[$master_target[0]][peadm::oid('peadm_availability_group'])
   }
 
   $compiler_m2_targets = $compiler_targets.filter |$target| {
-    $trusted_facts[$target]['pp_cluster'] == $trusted_facts[$master_replica_target[0]]['pp_cluster']
+    ($trusted_facts[$target][peadm::oid('peadm_availability_group')]
+      == $trusted_facts[$master_replica_target[0]][peadm::oid('peadm_availability_group'])
   }
 
   ###########################################################################