Revert "Use Bolt's "apply" functionality for node_manager"

reidmv · reidmv · commit 8b72662b67e9 · 2018-09-23T10:35:37.000-07:00
This reverts commit de462a7. Using Bolt's apply functionality over PCP doesn't work. It produces errors like the following: undefined method `error_hash' for #<Array:0x0000000003d72e38> This is a bug that prevents the real error from being shown. Unpacking that it a bit can eventually lead to: The apply_catalog task does not exist in environment production Reverting back to the task-based methodology until I can figure out with the Puppet Tasks team what's happening here and how to make "apply" work over PCP.
diff --git a/docs/basic_usage.md b/docs/basic_usage.md
@@ -24,7 +24,6 @@ The reference implementation uses trusted facts to put nodes in the right groups
 1. Ensure the hostname of each system is set correctly, to the same value that will be used to connect to the system, and refer to the system as. If the hostname is not set as expected the installation plan will refuse to continue.
 2. Install Bolt on a jumphost. This can be the primary master, or any other system.
 3. Download or git clone the pe\_xl module and put it somewhere on the jumphost, e.g. ~/modules/pe\_xl.
-4. Install the pe\_xl module's dependencies, [puppetlabs/stdlib](https://forge.puppet.com/puppetlabs/stdlib) and [WhatsARanjit/node\_manager](https://forge.puppet.com/WhatsARanjit/node_manager), in the same modules directory as pe\_xl
 4. Create an inventory file with connection information. Example included below. Available Bolt configuration options are documented here.
 5. Create a parameters file. Example included below. Note at the top of the file are arguments which dictate which plans should be run, such as install+configure.
 6. Run the pe\_xl plan with the inputs created. Example:
diff --git a/manifests/node_manager.pp b/manifests/node_manager.pp
@@ -25,92 +25,29 @@
   # PE INFRASTRUCTURE GROUPS
   ##################################################
 
-  # We modify this group's rule such that all PE infrastructure nodes will be
-  # members.
   node_group { 'PE Infrastructure Agent':
-    rule => ['and', ['~', ['trusted', 'extensions', 'pp_role'], '^pe_xl::']],
+    rule   => ['and', ['~', ['trusted', 'extensions', 'pp_role'], '^pe_xl::']],
   }
 
-  # We modify this group to add, as data, the compile_master_pool_address only.
-  # Because the group does not have any data by default this does not impact
-  # out-of-box configuration of the group.
   node_group { 'PE Master':
-    rule => ['or',
+    rule   => ['or',
       ['and', ['=', ['trusted', 'extensions', 'pp_role'], 'pe_xl::compile_master']],
       ['=', 'name', $primary_master_host],
     ],
-    data => {
+    data   => {
       'pe_repo' => { 'compile_master_pool_address' => $compile_master_pool_address },
     },
   }
 
-  # We need to pre-create this group so that the primary master replica can be
-  # identified as running PuppetDB, so that Puppet will create a pg_ident
-  # authorization rule for it on the PostgreSQL nodes.
-  node_group { 'PE HA Replica':
-    ensure  => 'present',
-    parent  => 'PE Infrastructure',
-    rule => ['or', ['=', 'name', $primary_master_replica_host]],
-    classes => {
-      'puppet_enterprise::profile::primary_master_replica' => { }
-    },
-  }
-
-  # Create data-only groups to store PuppetDB PostgreSQL database configuration
-  # information specific to the primary master and primary master replica nodes.
-  node_group { 'PE Master A':
-    ensure  => present,
-    parent  => 'PE Infrastructure',
-    rule    => ['and',
-      ['=', ['trusted', 'extensions', 'pp_role'], 'pe_xl::primary_master'],
-      ['=', ['trusted', 'extensions', 'pp_cluster'], 'A'],
-    ],
-    data => {
-      'puppet_enterprise::profile::primary_master_replica' => {
-        'database_host_puppetdb' => $puppetdb_database_host,
-      },
-      'puppet_enterprise::profile::puppetdb' => {
-        'database_host' => $puppetdb_database_host,
-      },
-    },
-  }
-
-  node_group { 'PE Master B':
-    ensure  => present,
-    parent  => 'PE Infrastructure',
-    rule    => ['and',
-      ['=', ['trusted', 'extensions', 'pp_role'], 'pe_xl::primary_master'],
-      ['=', ['trusted', 'extensions', 'pp_cluster'], 'B'],
-    ],
-    data => {
-      'puppet_enterprise::profile::primary_master_replica' => {
-        'database_host_puppetdb' => $puppetdb_database_replica_host,
-      },
-      'puppet_enterprise::profile::puppetdb' => {
-        'database_host' => $puppetdb_database_replica_host,
-      },
-    },
-  }
-
-  # Configure the compile masters for HA, grouped into two pools, each pool
-  # having an affinity for one "availability zone" or the other. Even with an
-  # affinity, note that data from each compile master is replicated to both
-  # "availability zones".
   node_group { 'PE Compile Master Group A':
     ensure  => 'present',
     parent  => 'PE Master',
     rule    => ['and',
       ['=', ['trusted', 'extensions', 'pp_role'], 'pe_xl::compile_master'],
       ['=', ['trusted', 'extensions', 'pp_cluster'], 'A'],
-    ],
-    classes => {
-      'puppet_enterprise::profile::puppetdb' => {
-        'database_host' => $puppetdb_database_host,
-      },
-      'puppet_enterprise::profile::master'   => {
-        'puppetdb_host' => ['${clientcert}', $primary_master_replica_host],
-        'puppetdb_port' => [8081],
-      }
+    ], 
+    data    => {
+      'puppet_enterprise::profile::primary_master_replica' => {'database_host_puppetdb' => $puppetdb_database_host }
     },
   }
 
@@ -120,18 +57,19 @@
     rule    => ['and',
       ['=', ['trusted', 'extensions', 'pp_role'], 'pe_xl::compile_master'],
       ['=', ['trusted', 'extensions', 'pp_cluster'], 'B'],
-    ],
-    classes => {
-      'puppet_enterprise::profile::puppetdb' => {
-        'database_host' => $puppetdb_database_replica_host,
-      },
-      'puppet_enterprise::profile::master'   => {
-        'puppetdb_host' => ['${clientcert}', $primary_master_host],
-        'puppetdb_port' => [8081],
-      }
+    ], 
+    data    => {
+      'puppet_enterprise::profile::primary_master_replica' => {'database_host_puppetdb' => $puppetdb_database_replica_host }
     },
   }
 
+  node_group { 'PE PuppetDB':
+    rule   => ['or',
+      ['=', ['trusted', 'extensions', 'pp_role'], 'pe_xl::primary_master'],
+      ['=', ['trusted', 'extensions', 'pp_role'], 'pe_xl::compile_master'],
+    ],
+  }
+
   # This class has to be included here because puppet_enterprise is declared
   # in the console with parameters. It is therefore not possible to include
   # puppet_enterprise::profile::database in code without causing a conflict.
diff --git a/plans/configure.pp b/plans/configure.pp
@@ -11,17 +11,20 @@
   String[1]           $stagingdir = '/tmp',
 ) {
 
+  # Retrieve and deploy Puppet modules from the Forge so that they can be used
+  # for ensuring some configuration (node groups)
+  pe_xl::install_module($primary_master_host, 'WhatsARanjit-node_manager', '0.7.1', $stagingdir)
+  pe_xl::install_module($primary_master_host, 'puppetlabs-stdlib', '5.0.0', $stagingdir)
+
   # Set up the console node groups to configure the various hosts in their
   # roles
-  apply($primary_master_host) {
-    class { 'pe_xl::node_manager':
-      primary_master_host            => $primary_master_host,
-      primary_master_replica_host    => $primary_master_replica_host,
-      puppetdb_database_host         => $puppetdb_database_host,
-      puppetdb_database_replica_host => $puppetdb_database_replica_host,
-      compile_master_pool_address    => $compile_master_pool_address,
-    }
-  }
+  run_task('pe_xl::configure_node_groups', $primary_master_host,
+    primary_master_host            => $primary_master_host,
+    primary_master_replica_host    => $primary_master_replica_host,
+    puppetdb_database_host         => $puppetdb_database_host,
+    puppetdb_database_replica_host => $puppetdb_database_replica_host,
+    compile_master_pool_address    => $compile_master_pool_address,
+  )
 
   # Run Puppet in no-op on the compile masters so that their status in PuppetDB
   # is updated and they can be identified by the puppet_enterprise module as
diff --git a/tasks/configure_node_groups.json b/tasks/configure_node_groups.json
@@ -0,0 +1,29 @@
+{
+  "description": "Configure console node groups for a new install",
+  "parameters": {
+    "primary_master_host": {
+      "type": "String",
+      "description": "The certname of the primary master"
+    },
+    "primary_master_replica_host": {
+      "type": "String",
+      "description": "The certname of the primary master replica"
+    },
+    "puppetdb_database_host": {
+      "type": "String",
+      "description": "The certname of the PuppetDB database"
+    },
+    "puppetdb_database_replica_host": {
+      "type": "String",
+      "description": "The certname of the PuppetDB database replica"
+    },
+    "compile_master_pool_address": {
+      "type": "String",
+      "description": "The service name to use for the compile master pool"
+    }
+  },
+  "input_method": "environment",
+  "implementations": [
+    {"name": "configure_node_groups.pp"}
+  ]
+}
diff --git a/tasks/configure_node_groups.pp b/tasks/configure_node_groups.pp
@@ -0,0 +1,184 @@
+#!/opt/puppetlabs/bin/puppet apply 
+function param($name) { inline_template("<%= ENV['PT_${name}'] %>") }
+
+class configure_node_groups (
+  String[1]                        $primary_master_host            = param('primary_master_host'),
+  String[1]                        $primary_master_replica_host    = param('primary_master_replica_host'),
+  String[1]                        $puppetdb_database_host         = param('puppetdb_database_host'),
+  String[1]                        $puppetdb_database_replica_host = param('puppetdb_database_replica_host'),
+  String[1]                        $compile_master_pool_address    = param('compile_master_pool_address'),
+  Pattern[/\A[a-z0-9_]+\Z/]        $default_environment            = 'production',
+  Array[Pattern[/\A[a-z0-9_]+\Z/]] $environments                   = ['production'],
+) {
+
+  ##################################################
+  # PE INFRASTRUCTURE GROUPS
+  ##################################################
+
+  # We modify this group's rule such that all PE infrastructure nodes will be
+  # members.
+  node_group { 'PE Infrastructure Agent':
+    rule => ['and', ['~', ['trusted', 'extensions', 'pp_role'], '^pe_xl::']],
+  }
+
+  # We modify this group to add, as data, the compile_master_pool_address only.
+  # Because the group does not have any data by default this does not impact
+  # out-of-box configuration of the group.
+  node_group { 'PE Master':
+    rule => ['or',
+      ['and', ['=', ['trusted', 'extensions', 'pp_role'], 'pe_xl::compile_master']],
+      ['=', 'name', $primary_master_host],
+    ],
+    data => {
+      'pe_repo' => { 'compile_master_pool_address' => $compile_master_pool_address },
+    },
+  }
+
+  # We need to pre-create this group so that the primary master replica can be
+  # identified as running PuppetDB, so that Puppet will create a pg_ident
+  # authorization rule for it on the PostgreSQL nodes.
+  node_group { 'PE HA Replica':
+    ensure  => 'present',
+    parent  => 'PE Infrastructure',
+    rule => ['or', ['=', 'name', $primary_master_replica_host]],
+    classes => {
+      'puppet_enterprise::profile::primary_master_replica' => { }
+    },
+  }
+
+  # Create data-only groups to store PuppetDB PostgreSQL database configuration
+  # information specific to the primary master and primary master replica nodes.
+  node_group { 'PE Master A':
+    ensure  => present,
+    parent  => 'PE Infrastructure',
+    rule    => ['and',
+      ['=', ['trusted', 'extensions', 'pp_role'], 'pe_xl::primary_master'],
+      ['=', ['trusted', 'extensions', 'pp_cluster'], 'A'],
+    ], 
+    data => {
+      'puppet_enterprise::profile::primary_master_replica' => {
+        'database_host_puppetdb' => $puppetdb_database_host,
+      },
+      'puppet_enterprise::profile::puppetdb' => {
+        'database_host' => $puppetdb_database_host,
+      },
+    },
+  }
+
+  node_group { 'PE Master B':
+    ensure  => present,
+    parent  => 'PE Infrastructure',
+    rule    => ['and',
+      ['=', ['trusted', 'extensions', 'pp_role'], 'pe_xl::primary_master'],
+      ['=', ['trusted', 'extensions', 'pp_cluster'], 'B'],
+    ], 
+    data => {
+      'puppet_enterprise::profile::primary_master_replica' => {
+        'database_host_puppetdb' => $puppetdb_database_replica_host,
+      },
+      'puppet_enterprise::profile::puppetdb' => {
+        'database_host' => $puppetdb_database_replica_host,
+      },
+    },
+  }
+
+  # Configure the compile masters for HA, grouped into two pools, each pool
+  # having an affinity for one "availability zone" or the other. Even with an
+  # affinity, note that data from each compile master is replicated to both
+  # "availability zones".
+  node_group { 'PE Compile Master Group A':
+    ensure  => 'present',
+    parent  => 'PE Master',
+    rule    => ['and',
+      ['=', ['trusted', 'extensions', 'pp_role'], 'pe_xl::compile_master'],
+      ['=', ['trusted', 'extensions', 'pp_cluster'], 'A'],
+    ], 
+    classes => {
+      'puppet_enterprise::profile::puppetdb' => {
+        'database_host' => $puppetdb_database_host,
+      },
+      'puppet_enterprise::profile::master'   => {
+        'puppetdb_host' => ['${clientcert}', $primary_master_replica_host],
+        'puppetdb_port' => [8081],
+      }
+    },
+  }
+
+  node_group { 'PE Compile Master Group B':
+    ensure  => 'present',
+    parent  => 'PE Master',
+    rule    => ['and',
+      ['=', ['trusted', 'extensions', 'pp_role'], 'pe_xl::compile_master'],
+      ['=', ['trusted', 'extensions', 'pp_cluster'], 'B'],
+    ], 
+    classes => {
+      'puppet_enterprise::profile::puppetdb' => {
+        'database_host' => $puppetdb_database_replica_host,
+      },
+      'puppet_enterprise::profile::master'   => {
+        'puppetdb_host' => ['${clientcert}', $primary_master_host],
+        'puppetdb_port' => [8081],
+      }
+    },
+  }
+
+  # This class has to be included here because puppet_enterprise is declared
+  # in the console with parameters. It is therefore not possible to include
+  # puppet_enterprise::profile::database in code without causing a conflict.
+  node_group { 'PE Database':
+    ensure               => present,
+    parent               => 'PE Infrastructure',
+    environment          => 'production',
+    override_environment => false,
+    rule                 => ['and', ['=', ['trusted', 'extensions', 'pp_role'], 'pe_xl::puppetdb_database']],
+    classes              => {
+      'puppet_enterprise::profile::database' => { },
+    },
+  }
+
+  ##################################################
+  # ENVIRONMENT GROUPS
+  ##################################################
+
+  node_group { 'All Environments':
+    ensure               => present,
+    description          => 'Environment group parent and default',
+    environment          => $default_environment,
+    override_environment => true,
+    parent               => 'All Nodes',
+    rule                 => ['and', ['~', 'name', '.*']],
+  }
+
+  node_group { 'Agent-specified environment':
+    ensure               => present,
+    description          => 'This environment group exists for unusual testing and development only. Expect it to be empty',
+    environment          => 'agent-specified',
+    override_environment => true,
+    parent               => 'All Environments',
+    rule                 => [ ],
+  }
+
+  $environments.each |$env| {
+    $title_env = capitalize($env)
+
+    node_group { "${title_env} environment":
+      ensure               => present,
+      environment          => $env,
+      override_environment => true,
+      parent               => 'All Environments',
+      rule                 => ['and', ['=', ['trusted', 'extensions', 'pp_environment'], $env]],
+    }
+
+    node_group { "${title_env} one-time run exception":
+      ensure               => present,
+      description          => "Allow ${env} nodes to request a different puppet environment for a one-time run",
+      environment          => 'agent-specified',
+      override_environment => true,
+      parent               => "${title_env} environment",
+      rule                 => ['and', ['~', ['fact', 'agent_specified_environment'], '.+']],
+    }
+  }
+
+}
+
+include configure_node_groups
