Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(PE-39577) Optimise legacy compiler support #536

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

(PE-39577) Optimise legacy compiler support #536

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
1431087
(PE-39577) Optimise legacy compiler support
Jan 15, 2025
a0db439
Make node_group_unpin accept an array of certnames
Jan 30, 2025
81e986a
Add task to update PE Master group rules
Feb 5, 2025
55d852f
Migrate to new method for legacy compiler checks
Feb 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions REFERENCE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@
* [`infrastatus`](#infrastatus): Runs puppet infra status and returns the output
* [`mkdir_p_file`](#mkdir_p_file): Create a file with the specified content at the specified location
* [`mv`](#mv): Wrapper task for mv command
* [`node_group_unpin`](#node_group_unpin): Unpins nodes from a specified PE node group
* [`os_identification`](#os_identification): Return the operating system runnin gon the target as a string
* [`pe_install`](#pe_install): Install Puppet Enterprise from a tarball
* [`pe_ldap_config`](#pe_ldap_config): Set the ldap config in the PE console
Expand Down Expand Up @@ -1324,6 +1325,26 @@ Data type: `String`

New path of file

### <a name="node_group_unpin"></a>`node_group_unpin`

Unpins nodes from a specified PE node group

**Supports noop?** false

#### Parameters

##### `node_certnames`

Data type: `Array[String]`

The certnames of the nodes to unpin

##### `group_name`

Data type: `String`

The name of the node group to unpin the nodes from

### <a name="os_identification"></a>`os_identification`

Return the operating system runnin gon the target as a string
Expand Down
45 changes: 21 additions & 24 deletions manifests/setup/legacy_compiler_group.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,23 @@
# @api private
class peadm::setup::legacy_compiler_group (
String[1] $primary_host,
Optional[String] $internal_compiler_a_pool_address = undef,
Optional[String] $internal_compiler_b_pool_address = undef,
Optional[String] $internal_compiler_a_pool_address = undef,
Optional[String] $internal_compiler_b_pool_address = undef,
) {
Node_group {
purge_behavior => none,
}

node_group { 'PE Legacy Compiler':
parent => 'PE Master',
rule => ['and',
['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'true'],
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
],
ensure => 'present',
parent => 'PE Infrastructure',
rule => ['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler_legacy'],
classes => {
'puppet_enterprise::profile::master' => {
'puppetdb_host' => [$internal_compiler_a_pool_address, $internal_compiler_b_pool_address].filter |$_| { $_ },
'puppetdb_port' => [8081],
'puppet_enterprise::profile::master' => {
'puppetdb_host' => [$internal_compiler_a_pool_address, $internal_compiler_b_pool_address].filter |$_| { $_ },
'puppetdb_port' => [8081],
'replication_mode' => 'none',
'code_manager_auto_configure' => true,
},
},
}
Expand All @@ -26,47 +26,44 @@
ensure => 'present',
parent => 'PE Legacy Compiler',
rule => ['and',
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler_legacy'],
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'A'],
['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'true'],
],
classes => {
'puppet_enterprise::profile::master' => {
'puppet_enterprise::profile::master' => {
'puppetdb_host' => [$internal_compiler_b_pool_address, $internal_compiler_a_pool_address].filter |$_| { $_ },
'puppetdb_port' => [8081],
},
},
data => {
# Workaround for GH-118
'puppet_enterprise::profile::master::puppetdb' => {
'ha_enabled_replicas' => [],
},
},
}

node_group { 'PE Legacy Compiler Group B':
ensure => 'present',
parent => 'PE Legacy Compiler',
rule => ['and',
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
ensure => 'present',
parent => 'PE Legacy Compiler',
purge_behavior => 'classes',
rule => ['and',
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler_legacy'],
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'B'],
['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'true'],
],
classes => {
'puppet_enterprise::profile::master' => {
classes => {
'puppet_enterprise::profile::master' => {
'puppetdb_host' => [$internal_compiler_a_pool_address, $internal_compiler_b_pool_address].filter |$_| { $_ },
'puppetdb_port' => [8081],
},
},
data => {
# Workaround for GH-118
data => {
'puppet_enterprise::profile::master::puppetdb' => {
'ha_enabled_replicas' => [],
},
},
}

node_group { 'PE Compiler':
rule => ['and', ['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'false']],
rule => ['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
}
}
15 changes: 4 additions & 11 deletions manifests/setup/node_manager.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@
# PE Compiler group comes from default PE and already has the pe compiler role
node_group { 'PE Compiler':
parent => 'PE Master',
rule => ['and', ['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'false']],
rule => ['and', ['=', ['trusted', 'extensions', peadm::oid('pp_auth_role')], 'pe_compiler']],
}

# This group should pin the primary, and also map to any pe-postgresql nodes
Expand Down Expand Up @@ -121,7 +121,6 @@
rule => ['and',
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'A'],
['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'false'],
],
classes => {
'puppet_enterprise::profile::puppetdb' => {
Expand Down Expand Up @@ -180,7 +179,6 @@
rule => ['and',
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'B'],
['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'false'],
],
classes => {
'puppet_enterprise::profile::puppetdb' => {
Expand All @@ -203,10 +201,7 @@

node_group { 'PE Legacy Compiler':
parent => 'PE Master',
rule => ['and',
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'true'],
],
rule => ['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler_legacy'],
classes => {
'puppet_enterprise::profile::master' => {
'puppetdb_host' => [$internal_compiler_a_pool_address, $internal_compiler_b_pool_address].filter |$_| { $_ },
Expand All @@ -221,9 +216,8 @@
ensure => 'present',
parent => 'PE Legacy Compiler',
rule => ['and',
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler_legacy'],
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'A'],
['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'true'],
],
classes => {
'puppet_enterprise::profile::master' => {
Expand All @@ -245,9 +239,8 @@
ensure => 'present',
parent => 'PE Legacy Compiler',
rule => ['and',
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler_legacy'],
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'B'],
['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'true'],
],
classes => {
'puppet_enterprise::profile::master' => {
Expand Down
18 changes: 12 additions & 6 deletions plans/convert.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,6 @@
add_extensions => {
peadm::oid('pp_auth_role') => 'pe_compiler',
peadm::oid('peadm_availability_group') => 'A',
peadm::oid('peadm_legacy_compiler') => 'false',
},
)
},
Expand All @@ -224,27 +223,24 @@
add_extensions => {
peadm::oid('pp_auth_role') => 'pe_compiler',
peadm::oid('peadm_availability_group') => 'B',
peadm::oid('peadm_legacy_compiler') => 'false',
},
)
},
background('modify-compilers-a-certs') || {
run_plan('peadm::modify_certificate', $legacy_compiler_a_targets,
primary_host => $primary_target,
add_extensions => {
peadm::oid('pp_auth_role') => 'pe_compiler',
peadm::oid('pp_auth_role') => 'pe_compiler_legacy',
peadm::oid('peadm_availability_group') => 'A',
peadm::oid('peadm_legacy_compiler') => 'true',
},
)
},
background('modify-compilers-b-certs') || {
run_plan('peadm::modify_certificate', $legacy_compiler_b_targets,
primary_host => $primary_target,
add_extensions => {
peadm::oid('pp_auth_role') => 'pe_compiler',
peadm::oid('pp_auth_role') => 'pe_compiler_legacy',
peadm::oid('peadm_availability_group') => 'B',
peadm::oid('peadm_legacy_compiler') => 'true',
},
)
},
Expand Down Expand Up @@ -283,6 +279,14 @@

include peadm::setup::convert_node_manager
}

# Unpin legacy compilers from PE Master group
if $legacy_compiler_targets {
run_task('peadm::node_group_unpin', $primary_target,
node_certnames => $legacy_compiler_targets.map |$target| { $target.peadm::certname() },
group_name => 'PE Master',
)
}
}
else {
# lint:ignore:strict_indent
Expand Down Expand Up @@ -329,5 +333,7 @@
# lint:endignore
}

run_task('peadm::update_pe_master_rules', $primary_target)

return("Conversion to peadm Puppet Enterprise ${arch['architecture']} completed.")
}
8 changes: 3 additions & 5 deletions plans/convert_compiler_to_legacy.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,27 +102,25 @@
run_plan('peadm::modify_certificate', $compiler_targets,
primary_host => $primary_target,
add_extensions => {
peadm::oid('peadm_legacy_compiler') => 'false',
peadm::oid('pp_auth_role') => 'pe_compiler_legacy',
},
)
},
background('modify-compilers-a-certs') || {
run_plan('peadm::modify_certificate', $legacy_compiler_a_targets,
primary_host => $primary_target,
add_extensions => {
peadm::oid('pp_auth_role') => 'pe_compiler',
peadm::oid('pp_auth_role') => 'pe_compiler_legacy',
peadm::oid('peadm_availability_group') => 'A',
peadm::oid('peadm_legacy_compiler') => 'true',
},
)
},
background('modify-compilers-b-certs') || {
run_plan('peadm::modify_certificate', $legacy_compiler_b_targets,
primary_host => $primary_target,
add_extensions => {
peadm::oid('pp_auth_role') => 'pe_compiler',
peadm::oid('pp_auth_role') => 'pe_compiler_legacy',
peadm::oid('peadm_availability_group') => 'B',
peadm::oid('peadm_legacy_compiler') => 'true',
},
)
},
Expand Down
2 changes: 2 additions & 0 deletions plans/install.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,8 @@
final_agent_state => $final_agent_state,
)

run_task('peadm::update_pe_master_rules', $primary_host)

# Return a string banner reporting on what was done
return([$install_result, $configure_result])
}
4 changes: 1 addition & 3 deletions plans/subplans/component_install.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,11 @@
$certificate_extensions = {
peadm::oid('pp_auth_role') => 'pe_compiler',
peadm::oid('peadm_availability_group') => $avail_group_letter,
peadm::oid('peadm_legacy_compiler') => false,
}
} elsif $role == 'pe_compiler_legacy' {
$certificate_extensions = {
peadm::oid('pp_auth_role') => 'pe_compiler',
peadm::oid('pp_auth_role') => 'pe_compiler_legacy',
peadm::oid('peadm_availability_group') => $avail_group_letter,
peadm::oid('peadm_legacy_compiler') => true,
}
} else {
$certificate_extensions = {
Expand Down
8 changes: 2 additions & 6 deletions plans/subplans/install.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -287,7 +287,6 @@
extension_requests => {
peadm::oid('pp_auth_role') => 'pe_compiler',
peadm::oid('peadm_availability_group') => 'A',
peadm::oid('peadm_legacy_compiler') => 'false',
}
)
},
Expand All @@ -296,25 +295,22 @@
extension_requests => {
peadm::oid('pp_auth_role') => 'pe_compiler',
peadm::oid('peadm_availability_group') => 'B',
peadm::oid('peadm_legacy_compiler') => 'false',
}
)
},
background('compiler-a-csr.yaml') || {
run_plan('peadm::util::insert_csr_extension_requests', $legacy_a_targets,
extension_requests => {
peadm::oid('pp_auth_role') => 'pe_compiler',
peadm::oid('pp_auth_role') => 'pe_compiler_legacy',
peadm::oid('peadm_availability_group') => 'A',
peadm::oid('peadm_legacy_compiler') => 'true',
}
)
},
background('compiler-b-csr.yaml') || {
run_plan('peadm::util::insert_csr_extension_requests', $legacy_b_targets,
extension_requests => {
peadm::oid('pp_auth_role') => 'pe_compiler',
peadm::oid('pp_auth_role') => 'pe_compiler_legacy',
peadm::oid('peadm_availability_group') => 'B',
peadm::oid('peadm_legacy_compiler') => 'true',
}
)
},
Expand Down
5 changes: 0 additions & 5 deletions plans/update_compiler_extensions.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,6 @@
$primary_target = peadm::get_targets($primary_host, 1)
$host_targets = peadm::get_targets($compiler_hosts)

run_plan('peadm::modify_certificate', $host_targets,
primary_host => $primary_target,
add_extensions => { peadm::oid('peadm_legacy_compiler') => String($legacy) },
)

run_task('peadm::puppet_runonce', $primary_target)
run_task('peadm::puppet_runonce', $host_targets)

Expand Down
Loading
Loading