(PE-38771) Convert plan accepts legacy compilers key in params.json

REFERENCE.md

@@ -1719,6 +1719,7 @@ The following parameters are available in the `peadm::convert` plan:
 * [`primary_host`](#-peadm--convert--primary_host)
 * [`replica_host`](#-peadm--convert--replica_host)
 * [`compiler_hosts`](#-peadm--convert--compiler_hosts)
+* [`legacy_compilers`](#-peadm--convert--legacy_compilers)
 * [`primary_postgresql_host`](#-peadm--convert--primary_postgresql_host)
 * [`replica_postgresql_host`](#-peadm--convert--replica_postgresql_host)
 * [`compiler_pool_address`](#-peadm--convert--compiler_pool_address)
@@ -1747,6 +1748,14 @@ Data type: `Optional[TargetSpec]`
 
 
 
+Default value: `undef`
+
+##### <a name="-peadm--convert--legacy_compilers"></a>`legacy_compilers`
+
+Data type: `Optional[TargetSpec]`
+
+
+
 Default value: `undef`
 
 ##### <a name="-peadm--convert--primary_postgresql_host"></a>`primary_postgresql_host`

documentation/convert.md

@@ -1,6 +1,6 @@
-# Convert infrastructure for use with the peadm module
+# Convert infrastructure for use with the PEADM module
 
-The peadm::convert plan can be used to adopt manually deployed infrastructure for use with peadm, or to adopt infrastructure deployed with an older version of peadm.
+The peadm::convert plan can be used to adopt manually deployed infrastructure for use with PEADM or to adopt infrastructure deployed with an older version of peadm.
 
 ## Convert an Existing Deployment
 
@@ -14,7 +14,10 @@ Prepare to run the plan against all servers in the PE infrastructure, using a pa
     "pe-xl-compiler-0.lab1.puppet.vm",
     "pe-xl-compiler-1.lab1.puppet.vm"
   ],
-
+  "legacy_compilers": [
+    "pe-xl-legacy-compiler-0.lab1.puppet.vm",
+    "pe-xl-legacy-compiler-1.lab1.puppet.vm"
+  ],
   "compiler_pool_address": "puppet.lab1.puppet.vm"
 }
 ```
@@ -29,13 +32,13 @@ bolt plan run peadm::convert --params @params.json
 
 This plan is broken down into steps. Normally, the plan runs through all the steps from start to finish. The name of each step is displayed during the plan run, as the step begins.
 
-The `begin_at_step` parameter can be used to facilitate re-running this plan after a failed attempt, skipping past any steps that already completed successfully on the first try and picking up again at the step specified. The step name to resume at can be read from the previous run logs. A full list of available values for this parameter can be viewed by running `bolt plan show peadm::convert`.
+The `begin_at_step` parameter can be used to facilitate re-running this plan after a failed attempt, skipping past any steps that were already completed successfully on the first try and picking up again at the step specified. The step name to resume can be read from the previous run logs. A full list of available values for this parameter can be viewed by running `bolt plan show peadm::convert`.
 
 ## Convert compilers to legacy
 
 ### Puppet Enterprise installed with puppetlabs-peadm version 3.21 or later
 
-To convert compilers to legacy compilers use the `peadm::convert_compiler_to_legacy` plan. This plan will create the needed Node group and Classifier rules to make the compilers legacy. Also will add certificate extensions to those nodes.
+To convert compilers to legacy compilers use the `peadm::convert_compiler_to_legacy` plan. This plan will create the needed Node group and Classifier rules to make compilers legacy. Also will add certificate extensions to those nodes.
 
 ```shell
 bolt plan run peadm::convert_compiler_to_legacy legacy_hosts=compiler1.example.com,compiler2.example.com primary_host=primary.example.com

plans/convert.pp

@@ -10,6 +10,7 @@
 
   # Large
   Optional[TargetSpec]              $compiler_hosts = undef,
+  Optional[TargetSpec]              $legacy_compilers = undef,
 
   # Extra Large
   Optional[Peadm::SingleTargetSpec] $primary_postgresql_host         = undef,
@@ -36,13 +37,15 @@
   $replica_target                   = peadm::get_targets($replica_host, 1)
   $replica_postgresql_target        = peadm::get_targets($replica_postgresql_host, 1)
   $compiler_targets                 = peadm::get_targets($compiler_hosts)
+  $legacy_compiler_targets          = peadm::get_targets($legacy_compilers)
   $primary_postgresql_target        = peadm::get_targets($primary_postgresql_host, 1)
 
   $all_targets = peadm::flatten_compact([
       $primary_target,
       $replica_target,
       $replica_postgresql_target,
       $compiler_targets,
+      $legacy_compiler_targets,
       $primary_postgresql_target,
   ])
 
@@ -53,6 +56,7 @@
     $primary_postgresql_host,
     $replica_postgresql_host,
     $compiler_hosts,
+    $legacy_compilers,
   )
 
   out::message('# Gathering information')
@@ -115,10 +119,36 @@
         $index % 2 != 0
       }
     }
+    $legacy_compiler_a_targets = $legacy_compiler_targets.filter |$index,$target| {
+      $exts = $cert_extensions[$target.peadm::certname()]
+      if ($exts[peadm::oid('peadm_availability_group')] in ['A', 'B']) {
+        $exts[peadm::oid('peadm_availability_group')] == 'A'
+      }
+      elsif ($exts[peadm::oid('pp_cluster')] in ['A', 'B']) {
+        $exts[peadm::oid('pp_cluster')] == 'A'
+      }
+      else {
+        $index % 2 == 0
+      }
+    }
+    $legacy_compiler_b_targets = $legacy_compiler_targets.filter |$index,$target| {
+      $exts = $cert_extensions[$target.peadm::certname()]
+      if ($exts[peadm::oid('peadm_availability_group')] in ['A', 'B']) {
+        $exts[peadm::oid('peadm_availability_group')] == 'B'
+      }
+      elsif ($exts[peadm::oid('pp_cluster')] in ['A', 'B']) {
+        $exts[peadm::oid('pp_cluster')] == 'B'
+      }
+      else {
+        $index % 2 != 0
+      }
+    }
   }
   else {
     $compiler_a_targets = $compiler_targets
     $compiler_b_targets = []
+    $legacy_compiler_a_targets = $legacy_compiler_targets
+    $legacy_compiler_b_targets = []
   }
 
   # Modify csr_attributes.yaml and insert the peadm-specific OIDs to identify
@@ -185,6 +215,7 @@
           add_extensions => {
             peadm::oid('pp_auth_role')             => 'pe_compiler',
             peadm::oid('peadm_availability_group') => 'A',
+            peadm::oid('peadm_legacy_compiler')    => 'false',
           },
         )
       },
@@ -194,6 +225,27 @@
           add_extensions => {
             peadm::oid('pp_auth_role')             => 'pe_compiler',
             peadm::oid('peadm_availability_group') => 'B',
+            peadm::oid('peadm_legacy_compiler')    => 'false',
+          },
+        )
+      },
+      background('modify-compilers-a-certs') || {
+        run_plan('peadm::modify_certificate', $legacy_compiler_a_targets,
+          primary_host   => $primary_target,
+          add_extensions => {
+            peadm::oid('pp_auth_role')             => 'pe_compiler',
+            peadm::oid('peadm_availability_group') => 'A',
+            peadm::oid('peadm_legacy_compiler')    => 'true',
+          },
+        )
+      },
+      background('modify-compilers-b-certs') || {
+        run_plan('peadm::modify_certificate', $legacy_compiler_b_targets,
+          primary_host   => $primary_target,
+          add_extensions => {
+            peadm::oid('pp_auth_role')             => 'pe_compiler',
+            peadm::oid('peadm_availability_group') => 'B',
+            peadm::oid('peadm_legacy_compiler')    => 'true',
           },
         )
       },
@@ -252,6 +304,9 @@
     # completion
     run_command('systemctl restart pe-puppetserver.service pe-puppetdb.service',
     $all_targets - $primary_target - $primary_postgresql_target - $replica_postgresql_target)
+
+    # Run puppet on all targets again to ensure everything is fully up-to-date
+    run_task('peadm::puppet_runonce', $all_targets)
   }
 
   return("Conversion to peadm Puppet Enterprise ${arch['architecture']} completed.")