Skip to content

Commit 1431087

Browse files
author
petergmurphy
committed
(PE-39577) Optimise legacy compiler support
This commit: - Adds the `node_group_unpin` task. - `node_group_unpin` task is called in the convert plan to remove legacy compilers from from the PE Master node group. - Legacy compilers `pp_auth_role` changed to `legacy_compiler`. - Changes the PEADM config to use the PE Certificate Authority node group. - Removes peadm_legacy_compiler extension.
1 parent 26c3ddf commit 1431087

13 files changed

+220
-76
lines changed

REFERENCE.md

+21
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,7 @@
7474
* [`infrastatus`](#infrastatus): Runs puppet infra status and returns the output
7575
* [`mkdir_p_file`](#mkdir_p_file): Create a file with the specified content at the specified location
7676
* [`mv`](#mv): Wrapper task for mv command
77+
* [`node_group_unpin`](#node_group_unpin): Unpins a node from a specified PE node group
7778
* [`os_identification`](#os_identification): Return the operating system runnin gon the target as a string
7879
* [`pe_install`](#pe_install): Install Puppet Enterprise from a tarball
7980
* [`pe_ldap_config`](#pe_ldap_config): Set the ldap config in the PE console
@@ -1324,6 +1325,26 @@ Data type: `String`
13241325

13251326
New path of file
13261327

1328+
### <a name="node_group_unpin"></a>`node_group_unpin`
1329+
1330+
Unpins a node from a specified PE node group
1331+
1332+
**Supports noop?** false
1333+
1334+
#### Parameters
1335+
1336+
##### `node_certname`
1337+
1338+
Data type: `String`
1339+
1340+
The certname of the node to unpin
1341+
1342+
##### `group_name`
1343+
1344+
Data type: `String`
1345+
1346+
The name of the node group to unpin the node from
1347+
13271348
### <a name="os_identification"></a>`os_identification`
13281349

13291350
Return the operating system runnin gon the target as a string

manifests/setup/legacy_compiler_group.pp

+29-30
Original file line numberDiff line numberDiff line change
@@ -1,72 +1,71 @@
11
# @api private
22
class peadm::setup::legacy_compiler_group (
33
String[1] $primary_host,
4-
Optional[String] $internal_compiler_a_pool_address = undef,
5-
Optional[String] $internal_compiler_b_pool_address = undef,
4+
Optional[String] $internal_compiler_a_pool_address = undef,
5+
Optional[String] $internal_compiler_b_pool_address = undef,
66
) {
77
Node_group {
88
purge_behavior => none,
99
}
1010

1111
node_group { 'PE Legacy Compiler':
12-
parent => 'PE Master',
13-
rule => ['and',
14-
['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'true'],
15-
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
16-
],
17-
classes => {
18-
'puppet_enterprise::profile::master' => {
19-
'puppetdb_host' => [$internal_compiler_a_pool_address, $internal_compiler_b_pool_address].filter |$_| { $_ },
20-
'puppetdb_port' => [8081],
12+
ensure => 'present',
13+
parent => 'PE Master',
14+
purge_behavior => 'classes',
15+
rule => ['=', ['trusted', 'extensions', 'pp_auth_role'], 'legacy_compiler'],
16+
classes => {
17+
'puppet_enterprise::profile::master' => {
18+
'puppetdb_host' => [$internal_compiler_a_pool_address, $internal_compiler_b_pool_address].filter |$_| { $_ },
19+
'puppetdb_port' => [8081],
20+
'replication_mode' => 'none',
21+
'code_manager_auto_configure' => true,
2122
},
2223
},
2324
}
2425

2526
node_group { 'PE Legacy Compiler Group A':
26-
ensure => 'present',
27-
parent => 'PE Legacy Compiler',
28-
rule => ['and',
29-
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
27+
ensure => 'present',
28+
parent => 'PE Legacy Compiler',
29+
purge_behavior => 'classes',
30+
rule => ['and',
31+
['=', ['trusted', 'extensions', 'pp_auth_role'], 'legacy_compiler'],
3032
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'A'],
31-
['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'true'],
3233
],
33-
classes => {
34-
'puppet_enterprise::profile::master' => {
34+
classes => {
35+
'puppet_enterprise::profile::master' => {
3536
'puppetdb_host' => [$internal_compiler_b_pool_address, $internal_compiler_a_pool_address].filter |$_| { $_ },
3637
'puppetdb_port' => [8081],
3738
},
3839
},
39-
data => {
40-
# Workaround for GH-118
40+
data => {
4141
'puppet_enterprise::profile::master::puppetdb' => {
4242
'ha_enabled_replicas' => [],
4343
},
4444
},
4545
}
4646

4747
node_group { 'PE Legacy Compiler Group B':
48-
ensure => 'present',
49-
parent => 'PE Legacy Compiler',
50-
rule => ['and',
51-
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
48+
ensure => 'present',
49+
parent => 'PE Legacy Compiler',
50+
purge_behavior => 'classes',
51+
rule => ['and',
52+
['=', ['trusted', 'extensions', 'pp_auth_role'], 'legacy_compiler'],
5253
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'B'],
53-
['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'true'],
5454
],
55-
classes => {
56-
'puppet_enterprise::profile::master' => {
55+
classes => {
56+
'puppet_enterprise::profile::master' => {
5757
'puppetdb_host' => [$internal_compiler_a_pool_address, $internal_compiler_b_pool_address].filter |$_| { $_ },
5858
'puppetdb_port' => [8081],
5959
},
6060
},
61-
data => {
62-
# Workaround for GH-118
61+
data => {
6362
'puppet_enterprise::profile::master::puppetdb' => {
6463
'ha_enabled_replicas' => [],
6564
},
6665
},
6766
}
6867

6968
node_group { 'PE Compiler':
70-
rule => ['and', ['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'false']],
69+
rule => ['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
7170
}
7271
}

manifests/setup/node_manager.pp

+8-11
Original file line numberDiff line numberDiff line change
@@ -77,12 +77,16 @@
7777
parent => 'PE Infrastructure',
7878
data => $compiler_pool_address_data,
7979
variables => { 'pe_master' => true },
80+
rule => ['or',
81+
['=', ['trusted', 'extensions', 'pp_auth_role'], 'legacy_compiler'],
82+
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
83+
],
8084
}
8185

8286
# PE Compiler group comes from default PE and already has the pe compiler role
8387
node_group { 'PE Compiler':
8488
parent => 'PE Master',
85-
rule => ['and', ['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'false']],
89+
rule => ['and', ['=', ['trusted', 'extensions', peadm::oid('pp_auth_role')], 'pe_compiler']],
8690
}
8791

8892
# This group should pin the primary, and also map to any pe-postgresql nodes
@@ -121,7 +125,6 @@
121125
rule => ['and',
122126
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
123127
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'A'],
124-
['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'false'],
125128
],
126129
classes => {
127130
'puppet_enterprise::profile::puppetdb' => {
@@ -180,7 +183,6 @@
180183
rule => ['and',
181184
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
182185
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'B'],
183-
['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'false'],
184186
],
185187
classes => {
186188
'puppet_enterprise::profile::puppetdb' => {
@@ -203,10 +205,7 @@
203205

204206
node_group { 'PE Legacy Compiler':
205207
parent => 'PE Master',
206-
rule => ['and',
207-
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
208-
['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'true'],
209-
],
208+
rule => ['=', ['trusted', 'extensions', 'pp_auth_role'], 'legacy_compiler'],
210209
classes => {
211210
'puppet_enterprise::profile::master' => {
212211
'puppetdb_host' => [$internal_compiler_a_pool_address, $internal_compiler_b_pool_address].filter |$_| { $_ },
@@ -221,9 +220,8 @@
221220
ensure => 'present',
222221
parent => 'PE Legacy Compiler',
223222
rule => ['and',
224-
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
223+
['=', ['trusted', 'extensions', 'pp_auth_role'], 'legacy_compiler'],
225224
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'A'],
226-
['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'true'],
227225
],
228226
classes => {
229227
'puppet_enterprise::profile::master' => {
@@ -245,9 +243,8 @@
245243
ensure => 'present',
246244
parent => 'PE Legacy Compiler',
247245
rule => ['and',
248-
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
246+
['=', ['trusted', 'extensions', 'pp_auth_role'], 'legacy_compiler'],
249247
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'B'],
250-
['=', ['trusted', 'extensions', peadm::oid('peadm_legacy_compiler')], 'true'],
251248
],
252249
classes => {
253250
'puppet_enterprise::profile::master' => {

plans/convert.pp

+12-6
Original file line numberDiff line numberDiff line change
@@ -214,7 +214,6 @@
214214
add_extensions => {
215215
peadm::oid('pp_auth_role') => 'pe_compiler',
216216
peadm::oid('peadm_availability_group') => 'A',
217-
peadm::oid('peadm_legacy_compiler') => 'false',
218217
},
219218
)
220219
},
@@ -224,27 +223,24 @@
224223
add_extensions => {
225224
peadm::oid('pp_auth_role') => 'pe_compiler',
226225
peadm::oid('peadm_availability_group') => 'B',
227-
peadm::oid('peadm_legacy_compiler') => 'false',
228226
},
229227
)
230228
},
231229
background('modify-compilers-a-certs') || {
232230
run_plan('peadm::modify_certificate', $legacy_compiler_a_targets,
233231
primary_host => $primary_target,
234232
add_extensions => {
235-
peadm::oid('pp_auth_role') => 'pe_compiler',
233+
peadm::oid('pp_auth_role') => 'legacy_compiler',
236234
peadm::oid('peadm_availability_group') => 'A',
237-
peadm::oid('peadm_legacy_compiler') => 'true',
238235
},
239236
)
240237
},
241238
background('modify-compilers-b-certs') || {
242239
run_plan('peadm::modify_certificate', $legacy_compiler_b_targets,
243240
primary_host => $primary_target,
244241
add_extensions => {
245-
peadm::oid('pp_auth_role') => 'pe_compiler',
242+
peadm::oid('pp_auth_role') => 'legacy_compiler',
246243
peadm::oid('peadm_availability_group') => 'B',
247-
peadm::oid('peadm_legacy_compiler') => 'true',
248244
},
249245
)
250246
},
@@ -283,6 +279,16 @@
283279
284280
include peadm::setup::convert_node_manager
285281
}
282+
283+
# Unpin legacy compilers from PE Master group
284+
if $legacy_compiler_targets {
285+
$legacy_compiler_targets.each |$target| {
286+
run_task('peadm::node_group_unpin', $primary_target,
287+
node_certname => $target.peadm::certname(),
288+
group_name => 'PE Master',
289+
)
290+
}
291+
}
286292
}
287293
else {
288294
# lint:ignore:strict_indent

plans/convert_compiler_to_legacy.pp

+3-5
Original file line numberDiff line numberDiff line change
@@ -102,27 +102,25 @@
102102
run_plan('peadm::modify_certificate', $compiler_targets,
103103
primary_host => $primary_target,
104104
add_extensions => {
105-
peadm::oid('peadm_legacy_compiler') => 'false',
105+
peadm::oid('pp_auth_role') => 'legacy_compiler',
106106
},
107107
)
108108
},
109109
background('modify-compilers-a-certs') || {
110110
run_plan('peadm::modify_certificate', $legacy_compiler_a_targets,
111111
primary_host => $primary_target,
112112
add_extensions => {
113-
peadm::oid('pp_auth_role') => 'pe_compiler',
113+
peadm::oid('pp_auth_role') => 'legacy_compiler',
114114
peadm::oid('peadm_availability_group') => 'A',
115-
peadm::oid('peadm_legacy_compiler') => 'true',
116115
},
117116
)
118117
},
119118
background('modify-compilers-b-certs') || {
120119
run_plan('peadm::modify_certificate', $legacy_compiler_b_targets,
121120
primary_host => $primary_target,
122121
add_extensions => {
123-
peadm::oid('pp_auth_role') => 'pe_compiler',
122+
peadm::oid('pp_auth_role') => 'legacy_compiler',
124123
peadm::oid('peadm_availability_group') => 'B',
125-
peadm::oid('peadm_legacy_compiler') => 'true',
126124
},
127125
)
128126
},

plans/subplans/component_install.pp

+1-3
Original file line numberDiff line numberDiff line change
@@ -21,13 +21,11 @@
2121
$certificate_extensions = {
2222
peadm::oid('pp_auth_role') => 'pe_compiler',
2323
peadm::oid('peadm_availability_group') => $avail_group_letter,
24-
peadm::oid('peadm_legacy_compiler') => false,
2524
}
2625
} elsif $role == 'pe_compiler_legacy' {
2726
$certificate_extensions = {
28-
peadm::oid('pp_auth_role') => 'pe_compiler',
27+
peadm::oid('pp_auth_role') => 'legacy_compiler',
2928
peadm::oid('peadm_availability_group') => $avail_group_letter,
30-
peadm::oid('peadm_legacy_compiler') => true,
3129
}
3230
} else {
3331
$certificate_extensions = {

plans/subplans/install.pp

+2-6
Original file line numberDiff line numberDiff line change
@@ -287,7 +287,6 @@
287287
extension_requests => {
288288
peadm::oid('pp_auth_role') => 'pe_compiler',
289289
peadm::oid('peadm_availability_group') => 'A',
290-
peadm::oid('peadm_legacy_compiler') => 'false',
291290
}
292291
)
293292
},
@@ -296,25 +295,22 @@
296295
extension_requests => {
297296
peadm::oid('pp_auth_role') => 'pe_compiler',
298297
peadm::oid('peadm_availability_group') => 'B',
299-
peadm::oid('peadm_legacy_compiler') => 'false',
300298
}
301299
)
302300
},
303301
background('compiler-a-csr.yaml') || {
304302
run_plan('peadm::util::insert_csr_extension_requests', $legacy_a_targets,
305303
extension_requests => {
306-
peadm::oid('pp_auth_role') => 'pe_compiler',
304+
peadm::oid('pp_auth_role') => 'legacy_compiler',
307305
peadm::oid('peadm_availability_group') => 'A',
308-
peadm::oid('peadm_legacy_compiler') => 'true',
309306
}
310307
)
311308
},
312309
background('compiler-b-csr.yaml') || {
313310
run_plan('peadm::util::insert_csr_extension_requests', $legacy_b_targets,
314311
extension_requests => {
315-
peadm::oid('pp_auth_role') => 'pe_compiler',
312+
peadm::oid('pp_auth_role') => 'legacy_compiler',
316313
peadm::oid('peadm_availability_group') => 'B',
317-
peadm::oid('peadm_legacy_compiler') => 'true',
318314
}
319315
)
320316
},

plans/update_compiler_extensions.pp

-5
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,6 @@
77
$primary_target = peadm::get_targets($primary_host, 1)
88
$host_targets = peadm::get_targets($compiler_hosts)
99

10-
run_plan('peadm::modify_certificate', $host_targets,
11-
primary_host => $primary_target,
12-
add_extensions => { peadm::oid('peadm_legacy_compiler') => String($legacy) },
13-
)
14-
1510
run_task('peadm::puppet_runonce', $primary_target)
1611
run_task('peadm::puppet_runonce', $host_targets)
1712

plans/upgrade.pp

+4-4
Original file line numberDiff line numberDiff line change
@@ -172,8 +172,8 @@
172172
$compiler_m1_nonlegacy_targets = $compiler_targets.filter |$target| {
173173
($cert_extensions.dig($target.peadm::certname, peadm::oid('peadm_availability_group'))
174174
== $cert_extensions.dig($primary_target[0].peadm::certname, peadm::oid('peadm_availability_group'))) and
175-
($cert_extensions.dig($target.peadm::certname, peadm::oid('peadm_legacy_compiler'))
176-
== 'false')
175+
($cert_extensions.dig($target.peadm::certname, peadm::oid('pp_auth_role'))
176+
== 'pe_compiler')
177177
}
178178

179179
$compiler_m2_targets = $compiler_targets.filter |$target| {
@@ -184,8 +184,8 @@
184184
$compiler_m2_nonlegacy_targets = $compiler_targets.filter |$target| {
185185
($cert_extensions.dig($target.peadm::certname, peadm::oid('peadm_availability_group'))
186186
== $cert_extensions.dig($replica_target[0].peadm::certname, peadm::oid('peadm_availability_group'))) and
187-
($cert_extensions.dig($target.peadm::certname, peadm::oid('peadm_legacy_compiler'))
188-
== 'false')
187+
($cert_extensions.dig($target.peadm::certname, peadm::oid('pp_auth_role'))
188+
== 'pe_compiler')
189189
}
190190

191191
peadm::plan_step('preparation') || {

spec/plans/convert_spec.rb

+3-1
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
end
1010

1111
let(:params) do
12-
{ 'primary_host' => 'primary' }
12+
{ 'primary_host' => 'primary', 'legacy_compilers' => ['legacy_compiler'] }
1313
end
1414

1515
it 'single primary no dr valid' do
@@ -21,6 +21,8 @@
2121
expect_task('peadm::cert_data').return_for_targets('primary' => trustedjson)
2222
expect_task('peadm::read_file').always_return({ 'content' => '2021.7.9' })
2323
expect_task('peadm::get_group_rules').return_for_targets('primary' => { '_output' => '{"rules": []}' })
24+
expect_task('peadm::node_group_unpin').with_targets('primary').with_params({ 'node_certname' => 'legacy_compiler', 'group_name' => 'PE Master' })
25+
expect_task('peadm::check_legacy_compilers').with_targets('primary').with_params({ 'legacy_compilers' => 'legacy_compiler' }).return_for_targets('primary' => { '_output' => '' })
2426

2527
# For some reason, expect_plan() was not working??
2628
allow_plan('peadm::modify_certificate').always_return({})

0 commit comments

Comments
 (0)