Skip to content

Commit 81e986a

Browse files
author
petergmurphy
committed
Add task to update PE Master group rules
This commit introduces a new private task to update the AND conditional for the pe_compiler auth role in the PE Master node group, changing it to regex match for any *_compiler role. The task ensures that the group rules are simplified and display more correctly on the PE console.
1 parent a0db439 commit 81e986a

File tree

11 files changed

+156
-31
lines changed

11 files changed

+156
-31
lines changed

manifests/setup/legacy_compiler_group.pp

Lines changed: 11 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -9,11 +9,10 @@
99
}
1010

1111
node_group { 'PE Legacy Compiler':
12-
ensure => 'present',
13-
parent => 'PE Master',
14-
purge_behavior => 'classes',
15-
rule => ['=', ['trusted', 'extensions', 'pp_auth_role'], 'legacy_compiler'],
16-
classes => {
12+
ensure => 'present',
13+
parent => 'PE Infrastructure',
14+
rule => ['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler_legacy'],
15+
classes => {
1716
'puppet_enterprise::profile::master' => {
1817
'puppetdb_host' => [$internal_compiler_a_pool_address, $internal_compiler_b_pool_address].filter |$_| { $_ },
1918
'puppetdb_port' => [8081],
@@ -24,20 +23,19 @@
2423
}
2524

2625
node_group { 'PE Legacy Compiler Group A':
27-
ensure => 'present',
28-
parent => 'PE Legacy Compiler',
29-
purge_behavior => 'classes',
30-
rule => ['and',
31-
['=', ['trusted', 'extensions', 'pp_auth_role'], 'legacy_compiler'],
26+
ensure => 'present',
27+
parent => 'PE Legacy Compiler',
28+
rule => ['and',
29+
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler_legacy'],
3230
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'A'],
3331
],
34-
classes => {
32+
classes => {
3533
'puppet_enterprise::profile::master' => {
3634
'puppetdb_host' => [$internal_compiler_b_pool_address, $internal_compiler_a_pool_address].filter |$_| { $_ },
3735
'puppetdb_port' => [8081],
3836
},
3937
},
40-
data => {
38+
data => {
4139
'puppet_enterprise::profile::master::puppetdb' => {
4240
'ha_enabled_replicas' => [],
4341
},
@@ -49,7 +47,7 @@
4947
parent => 'PE Legacy Compiler',
5048
purge_behavior => 'classes',
5149
rule => ['and',
52-
['=', ['trusted', 'extensions', 'pp_auth_role'], 'legacy_compiler'],
50+
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler_legacy'],
5351
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'B'],
5452
],
5553
classes => {

manifests/setup/node_manager.pp

Lines changed: 3 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -77,10 +77,6 @@
7777
parent => 'PE Infrastructure',
7878
data => $compiler_pool_address_data,
7979
variables => { 'pe_master' => true },
80-
rule => ['or',
81-
['=', ['trusted', 'extensions', 'pp_auth_role'], 'legacy_compiler'],
82-
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
83-
],
8480
}
8581

8682
# PE Compiler group comes from default PE and already has the pe compiler role
@@ -205,7 +201,7 @@
205201

206202
node_group { 'PE Legacy Compiler':
207203
parent => 'PE Master',
208-
rule => ['=', ['trusted', 'extensions', 'pp_auth_role'], 'legacy_compiler'],
204+
rule => ['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler_legacy'],
209205
classes => {
210206
'puppet_enterprise::profile::master' => {
211207
'puppetdb_host' => [$internal_compiler_a_pool_address, $internal_compiler_b_pool_address].filter |$_| { $_ },
@@ -220,7 +216,7 @@
220216
ensure => 'present',
221217
parent => 'PE Legacy Compiler',
222218
rule => ['and',
223-
['=', ['trusted', 'extensions', 'pp_auth_role'], 'legacy_compiler'],
219+
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler_legacy'],
224220
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'A'],
225221
],
226222
classes => {
@@ -243,7 +239,7 @@
243239
ensure => 'present',
244240
parent => 'PE Legacy Compiler',
245241
rule => ['and',
246-
['=', ['trusted', 'extensions', 'pp_auth_role'], 'legacy_compiler'],
242+
['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler_legacy'],
247243
['=', ['trusted', 'extensions', peadm::oid('peadm_availability_group')], 'B'],
248244
],
249245
classes => {

plans/convert.pp

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -230,7 +230,7 @@
230230
run_plan('peadm::modify_certificate', $legacy_compiler_a_targets,
231231
primary_host => $primary_target,
232232
add_extensions => {
233-
peadm::oid('pp_auth_role') => 'legacy_compiler',
233+
peadm::oid('pp_auth_role') => 'pe_compiler_legacy',
234234
peadm::oid('peadm_availability_group') => 'A',
235235
},
236236
)
@@ -239,7 +239,7 @@
239239
run_plan('peadm::modify_certificate', $legacy_compiler_b_targets,
240240
primary_host => $primary_target,
241241
add_extensions => {
242-
peadm::oid('pp_auth_role') => 'legacy_compiler',
242+
peadm::oid('pp_auth_role') => 'pe_compiler_legacy',
243243
peadm::oid('peadm_availability_group') => 'B',
244244
},
245245
)
@@ -333,5 +333,7 @@
333333
# lint:endignore
334334
}
335335
336+
run_task('peadm::update_pe_master_rules', $primary_target)
337+
336338
return("Conversion to peadm Puppet Enterprise ${arch['architecture']} completed.")
337339
}

plans/convert_compiler_to_legacy.pp

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -102,15 +102,15 @@
102102
run_plan('peadm::modify_certificate', $compiler_targets,
103103
primary_host => $primary_target,
104104
add_extensions => {
105-
peadm::oid('pp_auth_role') => 'legacy_compiler',
105+
peadm::oid('pp_auth_role') => 'pe_compiler_legacy',
106106
},
107107
)
108108
},
109109
background('modify-compilers-a-certs') || {
110110
run_plan('peadm::modify_certificate', $legacy_compiler_a_targets,
111111
primary_host => $primary_target,
112112
add_extensions => {
113-
peadm::oid('pp_auth_role') => 'legacy_compiler',
113+
peadm::oid('pp_auth_role') => 'pe_compiler_legacy',
114114
peadm::oid('peadm_availability_group') => 'A',
115115
},
116116
)
@@ -119,7 +119,7 @@
119119
run_plan('peadm::modify_certificate', $legacy_compiler_b_targets,
120120
primary_host => $primary_target,
121121
add_extensions => {
122-
peadm::oid('pp_auth_role') => 'legacy_compiler',
122+
peadm::oid('pp_auth_role') => 'pe_compiler_legacy',
123123
peadm::oid('peadm_availability_group') => 'B',
124124
},
125125
)

plans/install.pp

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -143,6 +143,8 @@
143143
final_agent_state => $final_agent_state,
144144
)
145145

146+
run_task('peadm::update_pe_master_rules', $primary_host)
147+
146148
# Return a string banner reporting on what was done
147149
return([$install_result, $configure_result])
148150
}

plans/subplans/component_install.pp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@
2424
}
2525
} elsif $role == 'pe_compiler_legacy' {
2626
$certificate_extensions = {
27-
peadm::oid('pp_auth_role') => 'legacy_compiler',
27+
peadm::oid('pp_auth_role') => 'pe_compiler_legacy',
2828
peadm::oid('peadm_availability_group') => $avail_group_letter,
2929
}
3030
} else {

plans/subplans/install.pp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -301,15 +301,15 @@
301301
background('compiler-a-csr.yaml') || {
302302
run_plan('peadm::util::insert_csr_extension_requests', $legacy_a_targets,
303303
extension_requests => {
304-
peadm::oid('pp_auth_role') => 'legacy_compiler',
304+
peadm::oid('pp_auth_role') => 'pe_compiler_legacy',
305305
peadm::oid('peadm_availability_group') => 'A',
306306
}
307307
)
308308
},
309309
background('compiler-b-csr.yaml') || {
310310
run_plan('peadm::util::insert_csr_extension_requests', $legacy_b_targets,
311311
extension_requests => {
312-
peadm::oid('pp_auth_role') => 'legacy_compiler',
312+
peadm::oid('pp_auth_role') => 'pe_compiler_legacy',
313313
peadm::oid('peadm_availability_group') => 'B',
314314
}
315315
)

plans/upgrade.pp

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -440,5 +440,7 @@
440440
441441
peadm::check_version_and_known_hosts($current_pe_version, $_version, $r10k_known_hosts)
442442
443+
run_task('peadm::update_pe_master_rules', $primary_target)
444+
443445
return("Upgrade of Puppet Enterprise ${arch['architecture']} completed.")
444446
}

spec/plans/convert_spec.rb

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
end
1010

1111
let(:params) do
12-
{ 'primary_host' => 'primary', 'legacy_compilers' => ['legacy_compiler'] }
12+
{ 'primary_host' => 'primary', 'legacy_compilers' => ['pe_compiler_legacy'] }
1313
end
1414

1515
it 'single primary no dr valid' do
@@ -21,8 +21,8 @@
2121
expect_task('peadm::cert_data').return_for_targets('primary' => trustedjson)
2222
expect_task('peadm::read_file').always_return({ 'content' => '2021.7.9' })
2323
expect_task('peadm::get_group_rules').return_for_targets('primary' => { '_output' => '{"rules": []}' })
24-
expect_task('peadm::node_group_unpin').with_targets('primary').with_params({ 'node_certnames' => ['legacy_compiler'], 'group_name' => 'PE Master' })
25-
expect_task('peadm::check_legacy_compilers').with_targets('primary').with_params({ 'legacy_compilers' => 'legacy_compiler' }).return_for_targets('primary' => { '_output' => '' })
24+
expect_task('peadm::node_group_unpin').with_targets('primary').with_params({ 'node_certnames' => ['pe_compiler_legacy'], 'group_name' => 'PE Master' })
25+
expect_task('peadm::check_legacy_compilers').with_targets('primary').with_params({ 'legacy_compilers' => 'pe_compiler_legacy' }).return_for_targets('primary' => { '_output' => '' })
2626

2727
# For some reason, expect_plan() was not working??
2828
allow_plan('peadm::modify_certificate').always_return({})

tasks/update_pe_master_rules.json

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
{
2+
"description": "Updates the PE Master group rules to replace pe_compiler with a regex match for any pe_compiler role",
3+
"input_method": "stdin",
4+
"private": true,
5+
"implementations": [
6+
{"name": "update_pe_master_rules.rb"}
7+
]
8+
}

0 commit comments

Comments
 (0)