Use custom OIDs for peadm role and avil. group

README.md

@@ -16,6 +16,7 @@ Plans:
 
 * [Provision](documentation/provision.md)
 * [Upgrade](documentation/upgrade.md)
+* [Convert](documentation/convert.md)
 
 Reference:
 

documentation/convert.md

@@ -0,0 +1,26 @@
+# Convert infrastructure for use with the peadm module
+
+The peadm::convert plan can be used to adopt manually deployed infrastructure for use with peadm, or to adopt infrastructure deployed with a version of peadm older than 1.0.0.
+
+## Convert an Existing Deployment
+
+Prepare to run the plan against all servers in the PE infrastructure, using a params.json file such as this one:
+
+```json
+{
+  "master_host": "pe-xl-core-0.lab1.puppet.vm",
+  "master_replica_host": "pe-xl-core-1.lab1.puppet.vm",
+  "compiler_hosts": [
+    "pe-xl-compiler-0.lab1.puppet.vm",
+    "pe-xl-compiler-1.lab1.puppet.vm"
+  ],
+
+  "compiler_pool_address": "puppet.lab1.puppet.vm",
+}
+```
+
+See the [provision](provision.md#reference-architectures) documentation for a list of supported architectures. Note that for convert, *all infrastructure being converted must already be functional*; you cannot use convert to add new systems to the infrastructure, nor can you use it to change your architecture.
+
+```
+bolt plan run peadm::convert --params @params.json 
+```

functions/oid.pp

@@ -0,0 +1,11 @@
+function peadm::oid (
+  String $short_name,
+) {
+  case $short_name {
+    'peadm_role':  { '1.3.6.1.4.1.34380.1.1.9812' }
+    'peadm_availability_group': { '1.3.6.1.4.1.34380.1.1.9813' }
+    'pp_application': { '1.3.6.1.4.1.34380.1.1.8' }
+    'pp_cluster': { '1.3.6.1.4.1.34380.1.1.16' }
+    default: { fail("No peadm OID for ${short_name}") }
+  }
+}

manifests/setup/node_manager.pp

@@ -1,8 +1,6 @@
 # This profile is not intended to be continously enforced on PE masters.
 # Rather, it describes state to enforce as a boostrap action, preparing the
 # Puppet Enterprise console with a sane default environment configuration.
-# Importantly, this includes assigning nodes to an environment matching thier
-# trusted.extensions.pp_environment value by default.
 #
 # This class will be applied during master bootstrap using e.g.
 #
@@ -49,7 +47,7 @@
   # We modify this group's rule such that all PE infrastructure nodes will be
   # members.
   node_group { 'PE Infrastructure Agent':
-    rule => ['and', ['~', ['trusted', 'extensions', 'pp_application'], '^puppet/']],
+    rule => ['and', ['~', ['trusted', 'extensions', peadm::oid('peadm_role')], '^puppet/']],
   }
 
   # We modify this group to add, as data, the compiler_pool_address only.
@@ -58,7 +56,7 @@
   node_group { 'PE Master':
     parent    => 'PE Infrastructure',
     rule      => ['or',
-      ['and', ['=', ['trusted', 'extensions', 'pp_application'], 'puppet/compiler']],
+      ['and', ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/compiler']],
       ['=', 'name', $master_host],
     ],
     data      => {
@@ -77,7 +75,7 @@
       parent               => 'PE Infrastructure',
       environment          => 'production',
       override_environment => false,
-      rule                 => ['and', ['=', ['trusted', 'extensions', 'pp_application'], 'puppet/puppetdb-database']],
+      rule                 => ['and', ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/puppetdb-database']],
       classes              => {
         'puppet_enterprise::profile::database' => { },
       },
@@ -90,8 +88,8 @@
     ensure => present,
     parent => 'PE Infrastructure',
     rule   => ['and',
-      ['=', ['trusted', 'extensions', 'pp_application'], 'puppet/master'],
-      ['=', ['trusted', 'extensions', 'pp_cluster'], 'A'],
+      ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/master'],
+      ['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'A'],
     ],
     data   => {
       'puppet_enterprise::profile::primary_master_replica' => {
@@ -109,8 +107,8 @@
     ensure  => 'present',
     parent  => 'PE Master',
     rule    => ['and',
-      ['=', ['trusted', 'extensions', 'pp_application'], 'puppet/compiler'],
-      ['=', ['trusted', 'extensions', 'pp_cluster'], 'A'],
+      ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/compiler'],
+      ['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'A'],
     ],
     classes => {
       'puppet_enterprise::profile::puppetdb' => {
@@ -144,8 +142,8 @@
       ensure => present,
       parent => 'PE Infrastructure',
       rule   => ['and',
-        ['=', ['trusted', 'extensions', 'pp_application'], 'puppet/master'],
-        ['=', ['trusted', 'extensions', 'pp_cluster'], 'B'],
+        ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/master'],
+        ['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'B'],
       ],
       data   => {
         'puppet_enterprise::profile::primary_master_replica' => {
@@ -161,8 +159,8 @@
       ensure  => 'present',
       parent  => 'PE Master',
       rule    => ['and',
-        ['=', ['trusted', 'extensions', 'pp_application'], 'puppet/compiler'],
-        ['=', ['trusted', 'extensions', 'pp_cluster'], 'B'],
+        ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/compiler'],
+        ['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'B'],
       ],
       classes => {
         'puppet_enterprise::profile::puppetdb' => {

manifests/setup/node_manager_yaml.pp

@@ -0,0 +1,16 @@
+class peadm::setup::node_manager_yaml (
+  String $master_host,
+) {
+
+  # Necessary to give the sandboxed Puppet executor the configuration
+  # necessary to connect to the classifier`
+  file { 'node_manager.yaml':
+    ensure  => file,
+    mode    => '0644',
+    path    => Deferred('peadm::node_manager_yaml_location'),
+    content => epp('peadm/node_manager.yaml.epp', {
+      server => $master_host,
+    }),
+  }
+
+}

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-peadm",
-  "version": "0.5.2",
+  "version": "1.0.0",
   "author": "Puppet Labs Solutions Architecture",
   "summary": "Bolt plans used to deploy an at-scale Puppet Enterprise architecture",
   "license": "Apache-2.0",

plans/action/configure.pp

@@ -56,37 +56,19 @@
 
   # Set up the console node groups to configure the various hosts in their roles
 
-  # Pending resolution of Bolt GH-1244, Target objects and their methods are
-  # not accessible inside apply() blocks. Work around the limitation for now
-  # by using string variables calculated outside the apply block. The
-  # commented-out values should be used once GH-1244 is resolved.
-
-  # WORKAROUND: GH-1244
-  $master_host_string = $master_target.peadm::target_name()
-  $master_replica_host_string = $master_replica_target.peadm::target_name()
-  $puppetdb_database_host_string = $puppetdb_database_target.peadm::target_name()
-  $puppetdb_database_replica_host_string = $puppetdb_database_replica_target.peadm::target_name()
-
   apply($master_target) {
-    # Necessary to give the sandboxed Puppet executor the configuration
-    # necessary to connect to the classifier`
-    file { 'node_manager.yaml':
-      ensure  => file,
-      mode    => '0644',
-      path    => Deferred('peadm::node_manager_yaml_location'),
-      content => epp('peadm/node_manager.yaml.epp', {
-        server => $master_host_string,
-      }),
+    class { 'peadm::setup::node_manager_yaml':
+      master_host => $master_target.peadm::target_name(),
     }
 
     class { 'peadm::setup::node_manager':
       # WORKAROUND: GH-1244
-      master_host                    => $master_host_string, # $master_target.peadm::target_name(),
-      master_replica_host            => $master_replica_host_string, # $master_replica_target.peadm::target_name(),
-      puppetdb_database_host         => $puppetdb_database_host_string, # $puppetdb_database_target.peadm::target_name(),
-      puppetdb_database_replica_host => $puppetdb_database_replica_host_string, # $puppetdb_database_replica_target.peadm::target_name(),
+      master_host                    => $master_target.peadm::target_name(),
+      master_replica_host            => $master_replica_target.peadm::target_name(),
+      puppetdb_database_host         => $puppetdb_database_target.peadm::target_name(),
+      puppetdb_database_replica_host => $puppetdb_database_replica_target.peadm::target_name(),
       compiler_pool_address          => $compiler_pool_address,
-      require                        => File['node_manager.yaml'],
+      require                        => Class['peadm::setup::node_manager_yaml'],
     }
   }
 

plans/action/install.pp

@@ -179,40 +179,29 @@
     upload_path => $upload_tarball_path,
   )
 
-  # Create csr_attributes.yaml files for the nodes that need them
-  # There is a problem with OID names in csr_attributes.yaml for some
-  # installs, e.g. PE 2019.0.1, PUP-9746. Use the raw OIDs for now.
-  $pp_application = '1.3.6.1.4.1.34380.1.1.8'
-  $pp_cluster     = '1.3.6.1.4.1.34380.1.1.16'
-
-  run_task('peadm::mkdir_p_file', $master_target,
-    path    => '/etc/puppetlabs/puppet/csr_attributes.yaml',
-    content => @("HEREDOC"),
-      ---
-      extension_requests:
-        ${pp_application}: "puppet/master"
-        ${pp_cluster}: "A"
-      | HEREDOC
+  # Create csr_attributes.yaml files for the nodes that need them. Ensure that
+  # if a csr_attributes.yaml file is already present, the values we need are
+  # merged with the existing values.
+
+  run_plan('peadm::util::insert_csr_extensions', $master_target,
+    extensions => {
+      peadm::oid('peadm_role')               => 'puppet/master',
+      peadm::oid('peadm_availability_group') => 'A',
+    },
   )
 
-  run_task('peadm::mkdir_p_file', $puppetdb_database_target,
-    path    => '/etc/puppetlabs/puppet/csr_attributes.yaml',
-    content => @("HEREDOC"),
-      ---
-      extension_requests:
-        ${pp_application}: "puppet/puppetdb-database"
-        ${pp_cluster}: "A"
-      | HEREDOC
+  run_plan('peadm::util::insert_csr_extensions', $puppetdb_database_target,
+    extensions => {
+      peadm::oid('peadm_role')               => 'puppet/puppetdb-database',
+      peadm::oid('peadm_availability_group') => 'A',
+    },
   )
 
-  run_task('peadm::mkdir_p_file', $puppetdb_database_replica_target,
-    path    => '/etc/puppetlabs/puppet/csr_attributes.yaml',
-    content => @("HEREDOC"),
-      ---
-      extension_requests:
-        ${pp_application}: "puppet/puppetdb-database"
-        ${pp_cluster}: "B"
-      | HEREDOC
+  run_plan('peadm::util::insert_csr_extensions', $puppetdb_database_replica_target,
+    extensions => {
+      peadm::oid('peadm_role')               => 'puppet/puppetdb-database',
+      peadm::oid('peadm_availability_group') => 'B',
+    },
   )
 
   # Get the master installation up and running. The installer will
@@ -307,8 +296,8 @@
       '--puppet-service-ensure', 'stopped',
       "main:certname=${master_replica_target.peadm::target_name()}",
       "main:dns_alt_names=${dns_alt_names_csv}",
-      "extension_requests:${pp_application}=puppet/master",
-      "extension_requests:${pp_cluster}=B",
+      "extension_requests:${peadm::oid('peadm_role')}=puppet/master",
+      "extension_requests:${peadm::oid('peadm_availability_group')}=B",
     ],
   )
 
@@ -320,8 +309,8 @@
           '--puppet-service-ensure', 'stopped',
           "main:certname=${target.peadm::target_name()}",
           "main:dns_alt_names=${dns_alt_names_csv}",
-          "extension_requests:${pp_application}=puppet/compiler",
-          "extension_requests:${pp_cluster}=${group}",
+          "extension_requests:${peadm::oid('peadm_role')}=puppet/compiler",
+          "extension_requests:${peadm::oid('peadm_availability_group')}=${group}",
         ],
       )
     }