puppetlabs · jpartlow · Sep 14, 2023 · Sep 1, 2023 · Sep 7, 2023 · Sep 14, 2023
@@ -37,6 +37,7 @@
 
 ### Data types
 
+* [`Peadm::Known_hosts`](#Peadm--Known_hosts)
 * [`Peadm::Ldap_config`](#Peadm--Ldap_config)
 * [`Peadm::Pe_version`](#Peadm--Pe_version)
 * [`Peadm::Pem`](#Peadm--Pem)
@@ -776,6 +777,23 @@ Data type: `TargetSpec`
 
 ## Data types
 
+### <a name="Peadm--Known_hosts"></a>`Peadm::Known_hosts`
+
+The Peadm::Known_hosts data type.
+
+Alias of
+
+```puppet
+Array[Struct[
+    'title'        => Optional[String[1]],
+    'ensure'       => Optional[Enum['present','absent']],
+    'name'         => String[1],
+    'type'         => String[1],
+    'key'          => String[1],
+    'host_aliases' => Optional[Variant[String[1],Array[String[1]]]],
+  ]]
+```
+
 ### <a name="Peadm--Ldap_config"></a>`Peadm::Ldap_config`
 
 The Peadm::Ldap_config data type.
@@ -1548,6 +1566,7 @@ The following parameters are available in the `peadm::install` plan:
 * [`r10k_remote`](#-peadm--install--r10k_remote)
 * [`r10k_private_key_file`](#-peadm--install--r10k_private_key_file)
 * [`r10k_private_key_content`](#-peadm--install--r10k_private_key_content)
+* [`r10k_known_hosts`](#-peadm--install--r10k_known_hosts)
 * [`deploy_environment`](#-peadm--install--deploy_environment)
 * [`license_key_file`](#-peadm--install--license_key_file)
 * [`license_key_content`](#-peadm--install--license_key_content)
@@ -1714,6 +1733,14 @@ Data type: `Optional[Peadm::Pem]`
 
 
 
+Default value: `undef`
+
+##### <a name="-peadm--install--r10k_known_hosts"></a>`r10k_known_hosts`
+
+Data type: `Optional[Peadm::Known_hosts]`
+
+
+
 Default value: `undef`
 
 ##### <a name="-peadm--install--deploy_environment"></a>`deploy_environment`

@@ -53,6 +53,7 @@
   Optional[String]                  $r10k_remote              = undef,
   Optional[String]                  $r10k_private_key_file    = undef,
   Optional[Peadm::Pem]              $r10k_private_key_content = undef,
+  Optional[Peadm::Known_hosts]      $r10k_known_hosts         = undef,
   Optional[String]                  $deploy_environment       = undef,
 
   # License Key
@@ -94,6 +95,7 @@
     r10k_remote                    => $r10k_remote,
     r10k_private_key_file          => $r10k_private_key_file,
     r10k_private_key_content       => $r10k_private_key_content,
+    r10k_known_hosts               => $r10k_known_hosts,
 
     # License Key
     license_key_file               => $license_key_file,

@@ -11,6 +11,14 @@
 #   over to the primary at /etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa
 #   If the file does not exist the value will simply be supplied to the primary
 #
+# @param r10k_known_hosts
+#   Puppet Enterprise 2023.3+ requires host key verification for the
+#   r10k_remote host when using ssh. When setting \$r10k_private_key, you must
+#   also provide \$r10k_known_hosts information in the form of an array of
+#   hashes with 'name', 'type' and 'key' information for hostname, key-type and
+#   public key. Please refer to the Puppet Enterprise 2023.3+ Configure Code
+#   Manager documentation for further details.
+#
 # @param license_key_file
 #   The license key to use with Puppet Enterprise.  If this is a local file it
 #   will be copied over to the MoM at /etc/puppetlabs/license.key
@@ -50,6 +58,7 @@
   Optional[String]     $r10k_remote              = undef,
   Optional[String]     $r10k_private_key_file    = undef,
   Optional[Peadm::Pem] $r10k_private_key_content = undef,
+  Optional[Peadm::Known_hosts] $r10k_known_hosts = undef,
 
   # License key
   Optional[String]     $license_key_file    = undef,
@@ -125,7 +134,7 @@
   # either be undef or else the key content to write.
   $r10k_private_key = peadm::file_or_content('r10k_private_key', $r10k_private_key_file, $r10k_private_key_content)
 
-  # Same for license key
+  # Process user input for license key (same process as for r10k private key above).
   $license_key = peadm::file_or_content('license_key', $license_key_file, $license_key_content)
 
   $precheck_results = run_task('peadm::precheck', $all_targets)
@@ -170,6 +179,7 @@
         undef   => undef,
         default => '/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa',
       },
+      'puppet_enterprise::profile::master::r10k_known_hosts'            => $r10k_known_hosts,
   } + $puppetdb_database_temp_config + $pe_conf_data)
 
   $primary_postgresql_pe_conf = peadm::generate_pe_conf({

@@ -4,7 +4,7 @@
   # Include the BoltSpec library functions
   include BoltSpec::Plans
 
-  it 'minimum variables to run' do
+  before(:each) do
     allow_any_task
     allow_any_plan
     allow_any_command
@@ -35,7 +35,9 @@
     # rubocop:enable AnyInstance
     ## </🤮>
     ##########
+  end
 
+  it 'minimum variables to run' do
     params = {
       'primary_host'     => 'primary',
       'console_password' => 'puppetlabs',
@@ -44,4 +46,36 @@
 
     expect(run_plan('peadm::subplans::install', params)).to be_ok
   end
+
+  it 'installs 2023.2 without r10k_known_hosts' do
+    params = {
+      'primary_host'             => 'primary',
+      'console_password'         => 'puppetlabs',
+      'version'                  => '2023.2.0',
+      'r10k_remote'              => '[email protected]:puppetlabs/nothing',
+      'r10k_private_key_content' => '-----BEGINfoo',
+    }
+
+    expect(run_plan('peadm::subplans::install', params)).to be_ok
+  end
+
+  it 'installs 2023.3+ with r10k_private_key and r10k_known_hosts' do
+    params = {
+      'primary_host'             => 'primary',
+      'console_password'         => 'puppetlabs',
+      'version'                  => '2023.3.0',
+      'r10k_remote'              => '[email protected]:puppetlabs/nothing',
+      'r10k_private_key_content' => '-----BEGINfoo',
+      'r10k_known_hosts'         => [
+        {
+          'name' => 'test',
+          'type' => 'key-type',
+          'key'  => 'abcdef',
+        },
+      ],
+      'permit_unsafe_versions' => true,
+    }
+
+    expect(run_plan('peadm::subplans::install', params)).to be_ok
+  end
 end
@@ -0,0 +1,10 @@
+type Peadm::Known_hosts = Array[
+  Struct[
+    'title'        => Optional[String[1]],
+    'ensure'       => Optional[Enum['present','absent']],
+    'name'         => String[1],
+    'type'         => String[1],
+    'key'          => String[1],
+    'host_aliases' => Optional[Variant[String[1],Array[String[1]]]],
+  ]
+]