|
| 1 | +# @summary Add a new compiler to a PE architecture or replace an existing one with new configuration. |
| 2 | +# @param avail_group_letter _ Either A or B; whichever of the two letter designations the compiler is being assigned to |
| 3 | +# @param compiler_host _ The hostname and certname of the new compiler |
| 4 | +# @param dns_alt_names _ A comma_separated list of DNS alt names for the compiler |
| 5 | +# @param primary_server_host _ The hostname and certname of the primary Puppet server |
| 6 | +# @param postgresql_server_host _ The hostname and certname of the PE-PostgreSQL server with availability group $avail_group_letter |
| 7 | +plan peadm::add_compiler( |
| 8 | + Enum['A', 'B'] $avail_group_letter, |
| 9 | + Optional[String[1]] $dns_alt_names = undef, |
| 10 | + Peadm::SingleTargetSpec $compiler_host, |
| 11 | + Peadm::SingleTargetSpec $primary_host, |
| 12 | + Peadm::SingleTargetSpec $postgresql_server_host, |
| 13 | +){ |
| 14 | + $compiler_target = peadm::get_targets($compiler_host, 1) |
| 15 | + $primary_target = peadm::get_targets($primary_host, 1) |
| 16 | + $postgresql_server_target = peadm::get_targets($postgresql_server_host, 1) |
| 17 | + |
| 18 | + # Stop puppet.service |
| 19 | + run_command('systemctl stop puppet.service', $postgresql_server_target) |
| 20 | + |
| 21 | + # Add the following two lines to /opt/puppetlabs/server/data/postgresql/11/data/pg_ident.conf |
| 22 | + # |
| 23 | + # pe-puppetdb-pe-puppetdb-map <new-compiler-host> pe-puppetdb |
| 24 | + # pe-puppetdb-pe-puppetdb-migrator-map <new-compiler-host> pe-puppetdb-migrator |
| 25 | + |
| 26 | + apply($postgresql_server_target) { |
| 27 | + file_line { 'pe-puppetdb-pe-puppetdb-map': |
| 28 | + path => '/opt/puppetlabs/server/data/postgresql/11/data/pg_ident.conf', |
| 29 | + line => "pe-puppetdb-pe-puppetdb-map ${compiler_target.peadm::target_name()} pe-puppetdb", |
| 30 | + } |
| 31 | + file_line { 'pe-puppetdb-pe-puppetdb-migrator-map': |
| 32 | + path => '/opt/puppetlabs/server/data/postgresql/11/data/pg_ident.conf', |
| 33 | + line => "pe-puppetdb-pe-puppetdb-migrator-map ${compiler_target.peadm::target_name()} pe-puppetdb-migrator", |
| 34 | + } |
| 35 | + } |
| 36 | + |
| 37 | + # Reload pe-postgresql.service |
| 38 | + run_command('systemctl reload pe-postgresql.service', $postgresql_server_target) |
| 39 | + |
| 40 | + # Install the puppet agent making sure to specify an availability group letter, A or B, as an extension request. |
| 41 | + $dns_alt_names_flag = $dns_alt_names? { |
| 42 | + undef => [], |
| 43 | + default => "main:dns_alt_names=${dns_alt_names}", |
| 44 | + } |
| 45 | + |
| 46 | + # we first assume that there is no agent installed on the node. If there is, nothing will happen. |
| 47 | + run_task('peadm::agent_install', $compiler_target, |
| 48 | + server => $primary_target.peadm::target_name(), |
| 49 | + install_flags => $dns_alt_names_flag + [ |
| 50 | + "extension_requests:${peadm::oid('pp_auth_role')}=pe_compiler", |
| 51 | + "extension_requests:${peadm::oid('peadm_availability_group')}=${avail_group_letter}", |
| 52 | + "main:certname=${compiler_target.peadm::target_name()}", |
| 53 | + ], |
| 54 | + ) |
| 55 | + |
| 56 | + # On <compiler-host>, run the puppet agent |
| 57 | + run_task('peadm::puppet_runonce', $compiler_target, {'_catch_errors' => true}) |
| 58 | + |
| 59 | + # If necessary, manually submit a CSR |
| 60 | + run_task('peadm::submit_csr', $compiler_target, {'_catch_errors' => true}) |
| 61 | + |
| 62 | + # On primary, if necessary, sign the certificate request |
| 63 | + run_task('peadm::sign_csr', $primary_target, { 'certnames' => [$compiler_target.peadm::target_name()] } ) |
| 64 | + |
| 65 | + # On <compiler-host>, run the puppet agent |
| 66 | + run_task('peadm::puppet_runonce', $compiler_target) |
| 67 | + |
| 68 | + # If there was already a signed cert, force the certificate extensions we want |
| 69 | + # TODO: update peadm::util::add_cert_extensions to take care of dns alt names |
| 70 | + run_plan('peadm::util::add_cert_extensions', $compiler_target, |
| 71 | + primary_host => $primary_target.peadm::target_name(), |
| 72 | + extensions => { |
| 73 | + peadm::oid('pp_auth_role') => 'pe_compiler', |
| 74 | + peadm::oid('peadm_availability_group') => $avail_group_letter, |
| 75 | + }, |
| 76 | + ) |
| 77 | + |
| 78 | + # On <postgresql-server-host> run the puppet agent |
| 79 | + run_task('peadm::puppet_runonce', $postgresql_server_target) |
| 80 | + |
| 81 | + # On <postgresql-server-host> start puppet.service |
| 82 | + run_command('systemctl start puppet.service', $postgresql_server_target) |
| 83 | + |
| 84 | + return("Adding or replacing compiler ${$compiler_target.peadm::target_name()} succeeded.") |
| 85 | + |
| 86 | +} |
0 commit comments