diff --git a/plans/add_compiler.pp b/plans/add_compiler.pp index 4bb46376..4db0c8c7 100644 --- a/plans/add_compiler.pp +++ b/plans/add_compiler.pp @@ -47,13 +47,19 @@ default => ["main:dns_alt_names=${dns_alt_names}"], } + # Check for and merge csr_attributes. + run_plan('peadm::util::insert_csr_extension_requests', $compiler_target, + extension_requests => { + peadm::oid('pp_auth_role') => 'pe_compiler', + peadm::oid('peadm_availability_group') => $avail_group_letter + } + ) + # we first assume that there is no agent installed on the node. If there is, nothing will happen. run_task('peadm::agent_install', $compiler_target, server => $primary_target.peadm::certname(), install_flags => $dns_alt_names_flag + [ '--puppet-service-ensure', 'stopped', - "extension_requests:${peadm::oid('pp_auth_role')}=pe_compiler", - "extension_requests:${peadm::oid('peadm_availability_group')}=${avail_group_letter}", "main:certname=${compiler_target.peadm::certname()}", ], ) diff --git a/plans/add_replica.pp b/plans/add_replica.pp index 34426207..7f0e4705 100644 --- a/plans/add_replica.pp +++ b/plans/add_replica.pp @@ -37,12 +37,18 @@ # This has the effect of revoking the node's certificate, if it exists run_command("puppet infrastructure forget ${replica_target.peadm::certname()}", $primary_target, _catch_errors => true) + # Check for and merge csr_attributes. + run_plan('peadm::util::insert_csr_extension_requests', $replica_target, + extension_requests => { + peadm::oid('peadm_role') => 'puppet/server', + peadm::oid('peadm_availability_group') => $replica_avail_group_letter + } + ) + run_task('peadm::agent_install', $replica_target, server => $primary_target.peadm::certname(), install_flags => [ '--puppet-service-ensure', 'stopped', - "extension_requests:${peadm::oid('peadm_role')}=puppet/server", - "extension_requests:${peadm::oid('peadm_availability_group')}=${replica_avail_group_letter}", "main:certname=${replica_target.peadm::certname()}", "main:dns_alt_names=${dns_alt_names.join(',')}", ], diff --git a/plans/subplans/install.pp b/plans/subplans/install.pp index e1959ad0..ee88443c 100644 --- a/plans/subplans/install.pp +++ b/plans/subplans/install.pp @@ -221,6 +221,30 @@ } ) }, + background('replica-csr.yaml') || { + run_plan('peadm::util::insert_csr_extension_requests', $replica_target, + extension_requests => { + peadm::oid('peadm_role') => 'puppet/server', + peadm::oid('peadm_availability_group') => 'B' + } + ) + }, + background('compiler-a-csr.yaml') || { + run_plan('peadm::util::insert_csr_extension_requests', $compiler_a_targets, + extension_requests => { + peadm::oid('pp_auth_role') => 'pe_compiler', + peadm::oid('peadm_availability_group') => 'A' + } + ) + }, + background('compiler-b-csr.yaml') || { + run_plan('peadm::util::insert_csr_extension_requests', $compiler_b_targets, + extension_requests => { + peadm::oid('pp_auth_role') => 'pe_compiler', + peadm::oid('peadm_availability_group') => 'B' + } + ) + }, background('primary-postgresql-csr.yaml') || { run_plan('peadm::util::insert_csr_extension_requests', $primary_postgresql_target, extension_requests => { @@ -323,24 +347,10 @@ "main:certname=${target.peadm::certname()}", ] - $role_and_group = - if ($target in $compiler_a_targets) {[ - "extension_requests:${peadm::oid('pp_auth_role')}=pe_compiler", - "extension_requests:${peadm::oid('peadm_availability_group')}=A", - ]} - elsif ($target in $compiler_b_targets) {[ - "extension_requests:${peadm::oid('pp_auth_role')}=pe_compiler", - "extension_requests:${peadm::oid('peadm_availability_group')}=B", - ]} - elsif ($target in $replica_target) {[ - "extension_requests:${peadm::oid('peadm_role')}=puppet/server", - "extension_requests:${peadm::oid('peadm_availability_group')}=B", - ]} - # Get an agent installed and cert signed run_task('peadm::agent_install', $target, server => $primary_target.peadm::certname(), - install_flags => $common_install_flags + $role_and_group, + install_flags => $common_install_flags, ) # Ensure certificate requests have been submitted, then run Puppet diff --git a/spec/plans/add_compiler_spec.rb b/spec/plans/add_compiler_spec.rb index 2635c14c..0868c50b 100644 --- a/spec/plans/add_compiler_spec.rb +++ b/spec/plans/add_compiler_spec.rb @@ -28,8 +28,6 @@ def allow_standard_non_returning_calls .with_params({ 'server' => 'primary', 'install_flags' => [ '--puppet-service-ensure', 'stopped', - 'extension_requests:1.3.6.1.4.1.34380.1.3.13=pe_compiler', - 'extension_requests:1.3.6.1.4.1.34380.1.1.9813=A', 'main:certname=compiler' ] }) @@ -53,8 +51,6 @@ def allow_standard_non_returning_calls 'install_flags' => [ 'main:dns_alt_names=foo,bar', '--puppet-service-ensure', 'stopped', - 'extension_requests:1.3.6.1.4.1.34380.1.3.13=pe_compiler', - 'extension_requests:1.3.6.1.4.1.34380.1.1.9813=A', 'main:certname=compiler' ] }) diff --git a/spec/plans/add_replica_spec.rb b/spec/plans/add_replica_spec.rb index 2f0e58b8..b6265f32 100644 --- a/spec/plans/add_replica_spec.rb +++ b/spec/plans/add_replica_spec.rb @@ -20,8 +20,6 @@ def allow_standard_non_returning_calls .with_params({ 'server' => 'primary', 'install_flags' => [ '--puppet-service-ensure', 'stopped', - 'extension_requests:1.3.6.1.4.1.34380.1.1.9812=puppet/server', - 'extension_requests:1.3.6.1.4.1.34380.1.1.9813=B', 'main:certname=replica', 'main:dns_alt_names=replica' ] }) @@ -36,8 +34,6 @@ def allow_standard_non_returning_calls .with_params({ 'server' => 'primary', 'install_flags' => [ '--puppet-service-ensure', 'stopped', - 'extension_requests:1.3.6.1.4.1.34380.1.1.9812=puppet/server', - 'extension_requests:1.3.6.1.4.1.34380.1.1.9813=B', 'main:certname=replica', 'main:dns_alt_names=replica,alt' ] })