diff --git a/.devcontainer/README.md b/.devcontainer/README.md new file mode 100644 index 00000000..a7193616 --- /dev/null +++ b/.devcontainer/README.md @@ -0,0 +1,38 @@ +# devcontainer + + +For format details, see https://aka.ms/devcontainer.json. + +For config options, see the README at: +https://github.com/microsoft/vscode-dev-containers/tree/v0.140.1/containers/puppet + +``` json +{ + "name": "Puppet Development Kit (Community)", + "dockerFile": "Dockerfile", + + // Set *default* container specific settings.json values on container create. + "settings": { + "terminal.integrated.profiles.linux": { + "bash": { + "path": "bash", + } + } + }, + + // Add the IDs of extensions you want installed when the container is created. + "extensions": [ + "puppet.puppet-vscode", + "rebornix.Ruby" + ], + + // Use 'forwardPorts' to make a list of ports inside the container available locally. + "forwardPorts": [], + + // Use 'postCreateCommand' to run commands after the container is created. + "postCreateCommand": "pdk --version", +} +``` + + + diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index f1a55dc3..cdd65d22 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,23 +1,17 @@ -// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at: -// https://github.com/microsoft/vscode-dev-containers/tree/v0.140.1/containers/puppet { "name": "Puppet Development Kit (Community)", "dockerFile": "Dockerfile", - // Set *default* container specific settings.json values on container create. "settings": { - "terminal.integrated.shell.linux": "/bin/bash" + "terminal.integrated.profiles.linux": { + "bash": { + "path": "bash" + } + } }, - // Add the IDs of extensions you want installed when the container is created. "extensions": [ "puppet.puppet-vscode", "rebornix.Ruby" ] - - // Use 'forwardPorts' to make a list of ports inside the container available locally. - // "forwardPorts": [], - - // Use 'postCreateCommand' to run commands after the container is created. - // "postCreateCommand": "pdk --version", } diff --git a/.puppet-lint.rc b/.puppet-lint.rc index cc96ece0..6684ba38 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1 +1,3 @@ --relative +--no-strict_indent-check +--no-manifest_whitespace_missing_newline_end_of_file-check diff --git a/.rubocop.yml b/.rubocop.yml index 8f782e74..31e8248f 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -4,7 +4,7 @@ require: - rubocop-rspec AllCops: DisplayCopNames: true - TargetRubyVersion: '2.4' + TargetRubyVersion: '2.5' Include: - "**/*.rb" Exclude: diff --git a/.sync.yml b/.sync.yml index dad341b6..5a21fbe3 100644 --- a/.sync.yml +++ b/.sync.yml @@ -2,8 +2,6 @@ Gemfile: required: ':development': - - gem: 'puppet-debugger' - version: '>= 0.18.0' - gem: 'bolt' version: '>= 3.10.0' optional: @@ -13,6 +11,7 @@ Gemfile: version: '4.21.0' # Locked due to https://github.com/octokit/octokit.rb/issues/1391 Rakefile: changelog_since_tag: '2.5.0' + default_disabled_lint_checks: ['strict_indent','manifest_whitespace_missing_newline_end_of_file'] extras: - 'PuppetSyntax.exclude_paths = ["plans/**/*.pp", "spec/acceptance/**/plans/**/*.pp", "vendor/**/*"]' spec/spec_helper.rb: @@ -25,7 +24,11 @@ spec/spec_helper.rb: - '.plan_cache.json' - '.resource_types/' - 'bolt-debug.log' + - 'spec/docker/**/*.tar.gz' + - 'spec/docker/**/*.asc' + - 'spec/docker/**/files/puppet-enterprise*' + - 'spec/docker/.task_cache.json' .github/workflows/auto_release.yml: - unmanaged: false + unmanaged: true .github/workflows/release.yml: unmanaged: false diff --git a/Gemfile b/Gemfile index 4c76d499..3c5da48f 100644 --- a/Gemfile +++ b/Gemfile @@ -13,25 +13,34 @@ def location_for(place_or_version, fake_version = nil) end end -ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments -minor_version = ruby_version_segments[0..1].join('.') - group :development do - gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 2.8.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "puppet-module-posix-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] - gem "puppet-module-posix-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] - gem "puppet-module-win-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-debugger", '>= 0.18.0', require: false - gem "bolt", '>= 3.17.0', require: false - gem "github_changelog_generator", '>= 1.16.4', require: false - gem "octokit", '4.21.0', require: false + gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.5.1', require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "voxpupuli-puppet-lint-plugins", '~> 3.1', require: false + gem "facterdb", '~> 1.18', require: false + gem "metadata-json-lint", '>= 2.0.2', '< 4.0.0', require: false + gem "puppetlabs_spec_helper", '>= 3.0.0', '< 5.0.0', require: false + gem "rspec-puppet-facts", '~> 2.0', require: false + gem "codecov", '~> 0.2', require: false + gem "dependency_checker", '~> 0.2', require: false + gem "parallel_tests", '~> 3.4', require: false + gem "pry", '~> 0.10', require: false + gem "simplecov-console", '~> 0.5', require: false + gem "puppet-debugger", '~> 1.0', require: false + gem "rubocop", '= 1.6.1', require: false + gem "rubocop-performance", '= 1.9.1', require: false + gem "rubocop-rspec", '= 2.0.1', require: false + gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "bolt", '>= 3.10.0', require: false + gem "github_changelog_generator", require: false + gem "octokit", '4.21.0', require: false end group :system_tests do - gem "puppet-module-posix-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] - gem "puppet-module-win-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "puppet_litmus", '< 1.0.0', require: false, platforms: [:ruby] + gem "serverspec", '~> 2.41', require: false end puppet_version = ENV['PUPPET_GEM_VERSION'] diff --git a/README.md b/README.md index dc9791e8..c2c22264 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ This Puppet module contains Bolt plans used to deploy and manage Puppet Enterprise infrastructure. Plans are provided to automate common lifecycle activities in order to increase velocity and reduce the possibility of human error incurred by manually performing these activities. -The peadm module is able to deploy and manage Puppet Enterprise 2019.x Standard, Large, and Extra Large architectures. +The peadm module is able to deploy and manage Puppet Enterprise 2019.7 and higher for Standard, Large, and Extra Large architectures. #### Table of Contents diff --git a/Rakefile b/Rakefile index 5c7699a4..414b005d 100644 --- a/Rakefile +++ b/Rakefile @@ -42,6 +42,8 @@ def changelog_future_release end PuppetLint.configuration.send('disable_relative') +PuppetLint.configuration.send('disable_strict_indent') +PuppetLint.configuration.send('disable_manifest_whitespace_missing_newline_end_of_file') if Bundler.rubygems.find_name('github_changelog_generator').any? diff --git a/examples/haproxy/compiler.pp b/examples/haproxy/compiler.pp index 88ee5888..1b91945c 100644 --- a/examples/haproxy/compiler.pp +++ b/examples/haproxy/compiler.pp @@ -2,22 +2,20 @@ # # lint:ignore:autoloader_layout class examples::compiler { - - @@haproxy::balancermember { "${::clientcert}_puppetserver_listener": + @@haproxy::balancermember { "${facts['clientcert']}_puppetserver_listener": listening_service => 'puppetserver', - server_names => $::fqdn, - ipaddresses => $::ipaddress, + server_names => $facts['networking']['fqdn'], + ipaddresses => $facts['networking']['ip'], ports => '8140', options => 'check', } - @@haproxy::balancermember { "${::clientcert}_pcp-broker_listener": + @@haproxy::balancermember { "${facts['clientcert']}_pcp-broker_listener": listening_service => 'pcp-broker', - server_names => $::fqdn, - ipaddresses => $::ipaddress, + server_names => $facts['networking']['fqdn'], + ipaddresses => $facts['networking']['ip'], ports => '8142', options => 'check', } - } # lint:endignore diff --git a/examples/haproxy/load_balancer.pp b/examples/haproxy/load_balancer.pp index 51fc01e2..f8cf5ef2 100644 --- a/examples/haproxy/load_balancer.pp +++ b/examples/haproxy/load_balancer.pp @@ -5,10 +5,9 @@ # # lint:ignore:autoloader_layout class examples::load_balancer { - class { 'haproxy': global_options => { - 'log' => "${::ipaddress} local2", + 'log' => "${facts['facts[\'networking\'][\'ip\']']} local2", 'chroot' => '/var/lib/haproxy', 'pidfile' => '/var/run/haproxy.pid', 'maxconn' => 5000, @@ -24,14 +23,14 @@ 'client 2m', 'server 2m', 'http-request 120s', - ] - } + ], + }, } haproxy::listen { 'puppetserver': collect_exported => true, mode => 'tcp', - ipaddress => $::ipaddress, + ipaddress => $facts['networking']['ip'], ports => '8140', options => { option => ['tcplog'], @@ -42,7 +41,7 @@ haproxy::listen { 'pcp-broker': collect_exported => true, mode => 'tcp', - ipaddress => $::ipaddress, + ipaddress => $facts['networking']['ip'], ports => '8142', options => { option => ['tcplog'], @@ -57,10 +56,9 @@ # TODO: split load balancing into two pools, A and B haproxy::listen { 'puppetdb': collect_exported => true, - ipaddress => $::ipaddress, + ipaddress => $facts['networking']['ip'], ports => '8081', options => {}, } - } # lint:endignore diff --git a/examples/haproxy/puppetdb.pp b/examples/haproxy/puppetdb.pp index 17df2cc6..ac9c9a8c 100644 --- a/examples/haproxy/puppetdb.pp +++ b/examples/haproxy/puppetdb.pp @@ -2,15 +2,13 @@ # # lint:ignore:autoloader_layout class examples::puppetdb { - # TODO: split load balancing into two pools, A and B - @@haproxy::balancermember { "${::clientcert}_puppetdb_listener": + @@haproxy::balancermember { "${facts['clientcert']}_puppetdb_listener": listening_service => 'puppetdb', - server_names => $::fqdn, - ipaddresses => $::ipaddress, + server_names => $facts['networking']['fqdn'], + ipaddresses => $facts['networking']['ip'], ports => '8081', options => 'check', } - } # lint:endignore diff --git a/functions/assert_supported_architecture.pp b/functions/assert_supported_architecture.pp index 79739bcc..4e6723f4 100644 --- a/functions/assert_supported_architecture.pp +++ b/functions/assert_supported_architecture.pp @@ -14,23 +14,24 @@ function peadm::assert_supported_architecture ( ] { [true, false, false, false]: { # Standard or Large, no DR ({ 'disaster-recovery' => false, 'architecture' => $compiler_hosts ? { - undef => 'standard', - default => 'large', - }}) + undef => 'standard', + default => 'large', + } }) } - [true, true, false, false]: { # Standard or Large, DR + [true, true, false, false]: { # Standard or Large, DR ({ 'disaster-recovery' => true, 'architecture' => $compiler_hosts ? { - undef => 'standard', - default => 'large', - }}) + undef => 'standard', + default => 'large', + } }) } - [true, false, true, false]: { # Extra Large, no DR + [true, false, true, false]: { # Extra Large, no DR ({ 'disaster-recovery' => false, 'architecture' => 'extra-large' }) } - [true, true, true, true]: { # Extra Large, DR + [true, true, true, true]: { # Extra Large, DR ({ 'disaster-recovery' => true, 'architecture' => 'extra-large' }) } - default: { # Invalid +# lint:ignore:strict_indent + default: { # Invalid out::message(inline_epp(@(HEREDOC))) Invalid architecture! Recieved: - primary @@ -75,7 +76,7 @@ function peadm::assert_supported_architecture ( fail('Invalid architecture!') } } - +# lint:endignore # Return value - return({ 'supported' => true } + $result) + return({ 'supported' => true } + $result) } diff --git a/functions/assert_supported_bolt_version.pp b/functions/assert_supported_bolt_version.pp index a138ef50..5f01fe3e 100644 --- a/functions/assert_supported_bolt_version.pp +++ b/functions/assert_supported_bolt_version.pp @@ -5,10 +5,10 @@ # Accepts a parameter for the $supported_bolt_version for unit testing purposes function peadm::assert_supported_bolt_version ( # No arguments -) >> Struct[{'supported' => Boolean}] { +) >> Struct[{ 'supported' => Boolean }] { $supported_bolt_version = '>= 3.17.0 < 4.0.0' $supported = (peadm::bolt_version() =~ SemVerRange($supported_bolt_version)) - +# lint:ignore:strict_indent unless $supported { fail(@("REASON"/L)) This version of puppetlabs-peadm requires Bolt version ${supported_bolt_version}. @@ -19,6 +19,6 @@ function peadm::assert_supported_bolt_version ( | REASON } - +# lint:endignore return({ 'supported' => $supported }) } diff --git a/functions/assert_supported_pe_version.pp b/functions/assert_supported_pe_version.pp index 7080c8e8..3576d377 100644 --- a/functions/assert_supported_pe_version.pp +++ b/functions/assert_supported_pe_version.pp @@ -10,18 +10,23 @@ function peadm::assert_supported_pe_version ( $supported = ($version =~ SemVerRange(">= ${oldest} <= ${newest}")) if $permit_unsafe_versions { +# lint:ignore:strict_indent warning(@("WARN"/L)) WARNING: Permitting unsafe PE versions. This is not supported or tested. Proceeding with this action could result in a broken PE Infrastructure. | WARN +# lint:endignore } if (!$supported and $permit_unsafe_versions) { +# lint:ignore:strict_indent warning(@("WARN"/L)) WARNING: PE version ${version} is NOT SUPPORTED! | WARN +# lint:endignore } elsif (!$supported) { +# lint:ignore:strict_indent fail(@("REASON"/L)) This version of the puppetlabs-peadm module does not support PE ${version}. @@ -32,6 +37,7 @@ function peadm::assert_supported_pe_version ( exists which supports that version of PE. | REASON +# lint:endignore } return({ 'supported' => $supported }) diff --git a/functions/certname.pp b/functions/certname.pp index 39bb8d78..2f9633f9 100644 --- a/functions/certname.pp +++ b/functions/certname.pp @@ -9,13 +9,14 @@ # input returns undef. function peadm::certname( Variant[Target, - String, - Undef, - Array[Target,1,1], - Array[String,1,1], - Array[Undef,1,1], - Array[Any,0,0]] $target, + String, + Undef, + Array[Target,1,1], + Array[String,1,1], + Array[Undef,1,1], + Array[Any,0,0]] $target, ) >> Variant[String, Undef] { +# lint:ignore:unquoted_string_in_case case $target { Target: { $target.vars['certname'] ? { @@ -28,6 +29,7 @@ function peadm::certname( default => $target[0].vars['certname'], undef => $target[0].name } +# lint:endignore } String: { $target diff --git a/functions/convert_status.pp b/functions/convert_status.pp index 27f7322f..70c02331 100644 --- a/functions/convert_status.pp +++ b/functions/convert_status.pp @@ -1,4 +1,3 @@ - # @summary Transforms a value in a human readable status with or without colors # @param status A value of true, false, degraded, or an Integer that represents number of non operationally services # If using an integer, you must also supply the total amount of services @@ -19,7 +18,7 @@ function peadm::convert_status( Variant[String,Boolean, Integer] $status, Optional[Integer] $total = 0, Optional[Boolean] $use_colors = true - ) >> String { +) >> String { if $status =~ Integer { if ( $status < 1 ) { $result = 'operational' @@ -30,10 +29,10 @@ function peadm::convert_status( } } else { $result = $status ? { - true => 'operational', - false => 'failed', - /degraded/ => 'degraded', - default => 'unknown' + true => 'operational', + false => 'failed', + /degraded/ => 'degraded', + default => 'unknown' } } if $use_colors { diff --git a/functions/determine_status.pp b/functions/determine_status.pp index 38551314..aa55edbf 100644 --- a/functions/determine_status.pp +++ b/functions/determine_status.pp @@ -47,16 +47,16 @@ # } function peadm::determine_status(Array $status_data, Boolean $use_colors = true) >> Hash { # convert the data into a hash with the sevice names as the keys - $hash_data = $status_data.reduce({}) | $res, $data | { - $res.merge({$data[service] => $data }) - } - $out = $hash_data.reduce({}) | $res, $svc_data | { - $service_name = $svc_data[0] - $server = $svc_data[1][server] - $res.merge("${service_name}/${$server}" => $svc_data[1][state] == 'running') - } - $bad_status = $out.filter | $item | { ! $item[1] } - $passed_status = $out.filter | $item | { $item[1] } - $overall_status = peadm::convert_status($bad_status.count, $out.count, $use_colors) - return { status => $overall_status, state => $out, failed => $bad_status, passed => $passed_status } + $hash_data = $status_data.reduce({}) | $res, $data | { + $res.merge({ $data[service] => $data }) + } + $out = $hash_data.reduce({}) | $res, $svc_data | { + $service_name = $svc_data[0] + $server = $svc_data[1][server] + $res.merge("${service_name}/${$server}" => $svc_data[1][state] == 'running') + } + $bad_status = $out.filter | $item | { ! $item[1] } + $passed_status = $out.filter | $item | { $item[1] } + $overall_status = peadm::convert_status($bad_status.count, $out.count, $use_colors) + return { status => $overall_status, state => $out, failed => $bad_status, passed => $passed_status } } diff --git a/functions/file_or_content.pp b/functions/file_or_content.pp index ed5be20a..e7e35b0d 100644 --- a/functions/file_or_content.pp +++ b/functions/file_or_content.pp @@ -3,7 +3,6 @@ function peadm::file_or_content( Variant[String, Undef] $file, Variant[String, Undef] $content, ) { - $value = [ $file, $content, @@ -15,5 +14,4 @@ function peadm::file_or_content( undef => $content, # content supplied directly, use as-is }, } - } diff --git a/functions/get_targets.pp b/functions/get_targets.pp index 2e34239e..98fb61e8 100644 --- a/functions/get_targets.pp +++ b/functions/get_targets.pp @@ -10,8 +10,8 @@ function peadm::get_targets( # $count is 1, return the result of get_target() in an array. If $count is # undef, return get_targets(). case $spec { - Undef, [ ]: { - [ ] # Return empty array + Undef, []: { + [] # Return empty array } default: { $count ? { diff --git a/manifests/setup/convert_node_manager.pp b/manifests/setup/convert_node_manager.pp index a7629414..769383d5 100644 --- a/manifests/setup/convert_node_manager.pp +++ b/manifests/setup/convert_node_manager.pp @@ -14,5 +14,4 @@ node_group { 'PE Master B': ensure => absent, } - } diff --git a/manifests/setup/convert_pre20197.pp b/manifests/setup/convert_pre20197.pp index efc3ce18..8b5257aa 100644 --- a/manifests/setup/convert_pre20197.pp +++ b/manifests/setup/convert_pre20197.pp @@ -2,7 +2,6 @@ # @summary Defines configuration needed for converting PE 2018 # class peadm::setup::convert_pre20197 { - # This is needed so that compiler certs can be signed. It's included by # default in 2019.7 and newer, but isn't present in 2018.1. It would be # preferable to use the hocon_setting resource, but we can't because it diff --git a/manifests/setup/node_manager.pp b/manifests/setup/node_manager.pp index 4f95adc6..a514b357 100644 --- a/manifests/setup/node_manager.pp +++ b/manifests/setup/node_manager.pp @@ -37,7 +37,6 @@ Optional[String[1]] $internal_compiler_a_pool_address = $server_a_host, Optional[String[1]] $internal_compiler_b_pool_address = $server_b_host, ) { - # "Not-configured" placeholder string. This will be used in places where we # cannot set an explicit null, and need to supply some kind of value. $notconf = 'not-configured' @@ -85,7 +84,7 @@ rule => ['or', ['and', ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/puppetdb-database']], ['=', 'name', $primary_host], - ] + ], } # Create data-only groups to store PuppetDB PostgreSQL database configuration @@ -102,7 +101,7 @@ 'database_host_puppetdb' => pick($postgresql_a_host, $notconf), }, 'puppet_enterprise::profile::puppetdb' => { - 'database_host' => pick($postgresql_a_host, $notconf) + 'database_host' => pick($postgresql_a_host, $notconf), }, }, } @@ -125,12 +124,12 @@ 'puppetdb_host' => ['${trusted[\'certname\']}', $internal_compiler_b_pool_address].filter |$_| { $_ }, # lint:endignore 'puppetdb_port' => [8081], - } + }, }, data => { # Workaround for GH-118 'puppet_enterprise::profile::master::puppetdb' => { - 'ha_enabled_replicas' => [ ], + 'ha_enabled_replicas' => [], }, }, } @@ -145,7 +144,7 @@ ensure => 'present', parent => 'PE Infrastructure', classes => { - 'puppet_enterprise::profile::primary_master_replica' => { } + 'puppet_enterprise::profile::primary_master_replica' => {}, }, variables => { 'peadm_replica' => true }, } @@ -183,14 +182,13 @@ 'puppetdb_host' => ['${trusted[\'certname\']}', $internal_compiler_a_pool_address].filter |$_| { $_ }, # lint:endignore 'puppetdb_port' => [8081], - } + }, }, data => { # Workaround for GH-118 'puppet_enterprise::profile::master::puppetdb' => { - 'ha_enabled_replicas' => [ ], + 'ha_enabled_replicas' => [], }, }, } - } diff --git a/manifests/setup/node_manager_yaml.pp b/manifests/setup/node_manager_yaml.pp index 1336cc16..c013a8e2 100644 --- a/manifests/setup/node_manager_yaml.pp +++ b/manifests/setup/node_manager_yaml.pp @@ -8,7 +8,6 @@ class peadm::setup::node_manager_yaml ( String $primary_host ) { - # Necessary to give the sandboxed Puppet executor the configuration # necessary to connect to the classifier` file { 'node_manager.yaml': @@ -16,8 +15,7 @@ mode => '0644', path => Deferred('peadm::node_manager_yaml_location'), content => epp('peadm/node_manager.yaml.epp', { - server => $primary_host, + server => $primary_host, }), } - } diff --git a/metadata.json b/metadata.json index cafd508f..2cd9b147 100644 --- a/metadata.json +++ b/metadata.json @@ -80,7 +80,7 @@ "version_requirement": ">= 6.0.2 < 8.0.0" } ], - "pdk-version": "2.2.0", + "pdk-version": "2.6.1", "template-url": "https://github.com/puppetlabs/pdk-templates.git#main", - "template-ref": "heads/main-0-gbd3742c" + "template-ref": "heads/main-0-g383f471" } diff --git a/plans/add_compiler.pp b/plans/add_compiler.pp index 023cce62..7e2fbece 100644 --- a/plans/add_compiler.pp +++ b/plans/add_compiler.pp @@ -33,8 +33,8 @@ # Stop puppet.service run_command('systemctl stop puppet.service', peadm::flatten_compact([ - $primary_postgresql_target, - $replica_puppetdb_target + $primary_postgresql_target, + $replica_puppetdb_target, ])) apply($replica_puppetdb_target) { @@ -78,11 +78,11 @@ # Check for and merge csr_attributes. run_plan('peadm::util::insert_csr_extension_requests', $compiler_target, - extension_requests => { - peadm::oid('pp_auth_role') => 'pe_compiler', - peadm::oid('peadm_availability_group') => $avail_group_letter - } - ) + extension_requests => { + peadm::oid('pp_auth_role') => 'pe_compiler', + peadm::oid('peadm_availability_group') => $avail_group_letter, + } + ) # we first assume that there is no agent installed on the node. If there is, nothing will happen. run_task('peadm::agent_install', $compiler_target, @@ -95,10 +95,10 @@ # If necessary, manually submit a CSR # ignoring errors to simplify logic - run_task('peadm::submit_csr', $compiler_target, {'_catch_errors' => true}) + run_task('peadm::submit_csr', $compiler_target, { '_catch_errors' => true }) # On primary, if necessary, sign the certificate request - run_task('peadm::sign_csr', $primary_target, { 'certnames' => [$compiler_target.peadm::certname()] } ) + run_task('peadm::sign_csr', $primary_target, { 'certnames' => [$compiler_target.peadm::certname()] }) # If there was already a signed cert, force the certificate extensions we want # TODO: update peadm::util::add_cert_extensions to take care of dns alt names @@ -121,17 +121,16 @@ # On run the puppet agent run_task('peadm::puppet_runonce', peadm::flatten_compact([ - $primary_postgresql_target, - $replica_puppetdb_target + $primary_postgresql_target, + $replica_puppetdb_target, ])) # On start puppet.service run_command('systemctl start puppet.service', peadm::flatten_compact([ - $primary_postgresql_target, - $replica_puppetdb_target, - $compiler_target, + $primary_postgresql_target, + $replica_puppetdb_target, + $compiler_target, ])) return("Adding or replacing compiler ${$compiler_target.peadm::certname()} succeeded.") - } diff --git a/plans/add_database.pp b/plans/add_database.pp index 3527c2eb..f1986591 100644 --- a/plans/add_database.pp +++ b/plans/add_database.pp @@ -3,14 +3,13 @@ Peadm::SingleTargetSpec $primary_host, Optional[Enum['init', 'pair']] $mode = undef, Optional[Enum[ - 'init-db-node', - 'replicate-db', - 'update-classification', - 'update-db-settings', - 'cleanup-db', - 'finalize']] $begin_at_step = undef, + 'init-db-node', + 'replicate-db', + 'update-classification', + 'update-db-settings', + 'cleanup-db', + 'finalize']] $begin_at_step = undef, ) { - $primary_target = peadm::get_targets($primary_host, 1) $postgresql_target = peadm::get_targets($targets, 1) @@ -44,8 +43,8 @@ } else { # If array is empty then no external databases were previously configured $no_external_db = peadm::flatten_compact([ - $postgresql_a_host, - $postgresql_b_host + $postgresql_a_host, + $postgresql_b_host, ]).empty # Pick operating mode based on array check @@ -60,9 +59,9 @@ if $operating_mode == 'init' { # If no other PSQL node then match primary group letter $avail_group_letter = peadm::flatten_compact($roles['server'].map |$k,$v| { - if $v == $primary_host { - $k - } + if $v == $primary_host { + $k + } })[0] # Assume PuppetDB backend hosted on Primary if in init mode $source_db_host = $primary_host @@ -70,14 +69,14 @@ # The letter which doesn't yet have a server assigned or in the event this # is a replacement operation, the letter this node was assigned to previously $avail_group_letter = peadm::flatten_compact($roles['postgresql'].map |$k,$v| { - if (! $v) or ($v == $postgresql_host) { - $k - } + if (! $v) or ($v == $postgresql_host) { + $k + } })[0] # When in pair mode we assume the other PSQL node will serve as our source $source_db_host = peadm::flatten_compact([ - $postgresql_a_host, - $postgresql_b_host + $postgresql_a_host, + $postgresql_b_host, ]).reject($postgresql_host)[0] } @@ -98,11 +97,11 @@ # Stop Puppet to ensure catalogs are not being compiled for PE infrastructure nodes run_command('systemctl stop puppet.service', peadm::flatten_compact([ - $postgresql_target, - $compilers, - $primary_target, - $replica_target, - $source_db_target + $postgresql_target, + $compilers, + $primary_target, + $replica_target, + $source_db_target, ])) # Stop frontend compiler services that causes changes to PuppetDB backend when @@ -120,7 +119,6 @@ # Update classification and database.ini settings, assume a replica PSQL # does not exist peadm::plan_step('update-classification') || { - # To ensure everything is functional when a replica exists but only a single # PostgreSQL node has been deployed, configure alternate availability group # to connect to other group's new node @@ -145,23 +143,22 @@ peadm::plan_step('update-db-settings') || { run_plan('peadm::util::update_db_setting', peadm::flatten_compact([ - $compilers, - $primary_target, - $replica_target - ]), + $compilers, + $primary_target, + $replica_target, + ]), postgresql_host => $postgresql_host, peadm_config => $peadm_config ) # (Re-)Start PuppetDB now that we are done making modifications run_command('systemctl restart pe-puppetdb.service', peadm::flatten_compact([ - $primary_target, - $replica_target + $primary_target, + $replica_target, ])) } peadm::plan_step('cleanup-db') || { - if $operating_mode == 'init' { # Clean up old puppetdb database on primary and those which were copied to # new host. @@ -170,7 +167,7 @@ 'pe-classifier', 'pe-inventory', 'pe-orchestrator', - 'pe-rbac' + 'pe-rbac', ] # If a primary replica exists then pglogical is enabled and will prevent @@ -181,9 +178,9 @@ # Clean up old databases $clean_source = peadm::flatten_compact([ - $source_db_target, - $primary_target, - $replica_target + $source_db_target, + $primary_target, + $replica_target, ]) run_plan('peadm::util::db_purge', $clean_source, databases => ['pe-puppetdb']) @@ -197,23 +194,22 @@ # agents run_command('systemctl start pe-puppetserver.service pe-puppetdb.service', $compilers) - peadm::plan_step('finalize') || { # Run Puppet to sweep up but no restarts should occur so do them in parallel run_task('peadm::puppet_runonce', peadm::flatten_compact([ - $postgresql_target, - $primary_target, - $compilers, - $replica_target + $postgresql_target, + $primary_target, + $compilers, + $replica_target, ])) # Start Puppet agent run_command('systemctl start puppet.service', peadm::flatten_compact([ - $postgresql_target, - $compilers, - $primary_target, - $replica_target, - $source_db_target + $postgresql_target, + $compilers, + $primary_target, + $replica_target, + $source_db_target, ])) } } diff --git a/plans/add_replica.pp b/plans/add_replica.pp index b30e581e..e801fece 100644 --- a/plans/add_replica.pp +++ b/plans/add_replica.pp @@ -21,14 +21,13 @@ # Common Configuration Optional[String] $token_file = undef, ) { - $primary_target = peadm::get_targets($primary_host, 1) $replica_target = peadm::get_targets($replica_host, 1) $replica_postgresql_target = peadm::get_targets($replica_postgresql_host, 1) run_command('systemctl stop puppet.service', peadm::flatten_compact([ - $primary_target, - $replica_postgresql_target, + $primary_target, + $replica_postgresql_target, ])) # Get current peadm config to ensure we forget active replicas @@ -36,8 +35,8 @@ # Make list of all possible replicas, configured and provided $replicas = peadm::flatten_compact([ - $replica_host, - $peadm_config['params']['replica_host'] + $replica_host, + $peadm_config['params']['replica_host'], ]).unique $certdata = run_task('peadm::cert_data', $primary_target).first.value @@ -103,7 +102,7 @@ '/etc/puppetlabs/orchestration-services/conf.d/secrets/keys.json', '/etc/puppetlabs/orchestration-services/conf.d/secrets/orchestrator-encryption-keys.json', '/etc/puppetlabs/console-services/conf.d/secrets/keys.json', - '/etc/puppetlabs/puppet/hiera.yaml' + '/etc/puppetlabs/puppet/hiera.yaml', ] parallelize($content_sources) |$path| { run_plan('peadm::util::copy_file', $replica_target, @@ -125,9 +124,9 @@ # start puppet service run_command('systemctl start puppet.service', peadm::flatten_compact([ - $primary_target, - $replica_postgresql_target, - $replica_target + $primary_target, + $replica_postgresql_target, + $replica_target, ])) return("Added replica ${replica_target}") diff --git a/plans/backup.pp b/plans/backup.pp index 6672f3dd..b653e99f 100644 --- a/plans/backup.pp +++ b/plans/backup.pp @@ -49,7 +49,7 @@ ensure => 'directory', owner => 'root', group => 'root', - mode => '0700' + mode => '0700', } # Create a subdir for each backup type selected @@ -58,7 +58,7 @@ ensure => 'directory', owner => 'root', group => 'root', - mode => '0700' + mode => '0700', } } } @@ -72,6 +72,7 @@ if getvar('recovery_opts.ca') { out::message('# Backing up ca and ssl certificates') +# lint:ignore:strict_indent run_command(@("CMD"), $primary_target) /opt/puppetlabs/bin/puppet-backup create --dir=${shellquote($backup_directory)}/ca --scope=certs | CMD @@ -80,21 +81,23 @@ # Check if /etc/puppetlabs/console-services/conf.d/secrets/keys.json exists and if so back it up if getvar('recovery_opts.rbac') { out::message('# Backing up ldap secret key if it exists') +# lint:ignore:140chars run_command(@("CMD"/L), $primary_target) test -f /etc/puppetlabs/console-services/conf.d/secrets/keys.json \ && cp -rp /etc/puppetlabs/console-services/conf.d/secrets ${shellquote($backup_directory)}/rbac/ \ || echo secret ldap key doesnt exist | CMD +# lint:endignore } - +# lint:ignore:140chars # IF backing up orchestrator back up the secrets too /etc/puppetlabs/orchestration-services/conf.d/secrets/ if getvar('recovery_opts.orchestrator') { out::message('# Backing up orchestrator secret keys') run_command(@("CMD"), $primary_target) - cp -rp /etc/puppetlabs/orchestration-services/conf.d/secrets ${shellquote($backup_directory)}/orchestrator/ + cp -rp /etc/puppetlabs/orchestration-services/conf.d/secrets ${shellquote($backup_directory)}/orchestrator/ | CMD } - +# lint:endignore $backup_databases.each |$name,$database_target| { run_command(@("CMD"/L), $primary_target) /opt/puppetlabs/server/bin/pg_dump -Fd -Z3 -j4 \ @@ -115,6 +118,6 @@ && tar -czf ${shellquote($backup_directory)}.tar.gz ${shellquote(basename($backup_directory))} \ && rm -rf ${shellquote($backup_directory)} | CMD - - return({'path' => "${backup_directory}.tar.gz"}) +# lint:endignore + return({ 'path' => "${backup_directory}.tar.gz" }) } diff --git a/plans/convert.pp b/plans/convert.pp index 346d330b..1995a0b0 100644 --- a/plans/convert.pp +++ b/plans/convert.pp @@ -19,13 +19,13 @@ String $compiler_pool_address = $primary_host, Optional[String] $internal_compiler_a_pool_address = undef, Optional[String] $internal_compiler_b_pool_address = undef, - Array[String] $dns_alt_names = [ ], + Array[String] $dns_alt_names = [], Optional[Enum[ - 'modify-primary-certs', - 'modify-infra-certs', - 'convert-node-groups', - 'finalize']] $begin_at_step = undef, + 'modify-primary-certs', + 'modify-infra-certs', + 'convert-node-groups', + 'finalize']] $begin_at_step = undef, ) { peadm::assert_supported_bolt_version() @@ -39,11 +39,11 @@ $primary_postgresql_target = peadm::get_targets($primary_postgresql_host, 1) $all_targets = peadm::flatten_compact([ - $primary_target, - $replica_target, - $replica_postgresql_target, - $compiler_targets, - $primary_postgresql_target, + $primary_target, + $replica_target, + $replica_postgresql_target, + $compiler_targets, + $primary_postgresql_target, ]) # Ensure input valid for a supported architecture @@ -77,12 +77,14 @@ } if (!$previously_configured_by_peadm and ($pe_version =~ SemVerRange('< 2019.7.0'))) { +# lint:ignore:strict_indent fail_plan(@("EOL"/L)) PE cluster cannot be converted! PE cluster must be a deployment \ created by pe_xl, by an older version of peadm, or be PE version \ 2019.7.0 or newer. Detected PE version ${pe_version}, and did not detect \ signs that the deployment was previously created by peadm/pe_xl. | EOL +# lint:endignore } # Clusters A and B are used to divide PuppetDB availability for compilers. If @@ -228,11 +230,13 @@ } } else { +# lint:ignore:strict_indent out::message(@("EOL"/L)) NOTICE: Node groups not created/updated as part of convert because PE \ version is too old to support them. Node groups will be updated when \ the peadm::upgrade plan is run. | EOL +# lint:endignore } } @@ -247,7 +251,7 @@ # final Puppet run to increase chance everything is functional upon plan # completion run_command('systemctl restart pe-puppetserver.service pe-puppetdb.service', - $all_targets - $primary_target - $primary_postgresql_target - $replica_postgresql_target) + $all_targets - $primary_target - $primary_postgresql_target - $replica_postgresql_target) } return("Conversion to peadm Puppet Enterprise ${arch['architecture']} completed.") diff --git a/plans/install.pp b/plans/install.pp index f3ffdbd9..b95e92fc 100644 --- a/plans/install.pp +++ b/plans/install.pp @@ -45,7 +45,7 @@ Optional[String] $compiler_pool_address = undef, Optional[String] $internal_compiler_a_pool_address = undef, Optional[String] $internal_compiler_b_pool_address = undef, - Optional[Hash] $pe_conf_data = { }, + Optional[Hash] $pe_conf_data = {}, Optional[Peadm::Ldap_config] $ldap_config = undef, # Code Manager @@ -131,4 +131,3 @@ # Return a string banner reporting on what was done return([$install_result, $configure_result]) } - diff --git a/plans/misc/divert_code_manager.pp b/plans/misc/divert_code_manager.pp index 2fd7d97b..5e945737 100644 --- a/plans/misc/divert_code_manager.pp +++ b/plans/misc/divert_code_manager.pp @@ -15,7 +15,7 @@ plan peadm::misc::divert_code_manager ( $primary_host, ) { - +# lint:ignore:strict_indent notice(@(HEREDOC)) The code manager puppet-code live-dir will be diverted from: /etc/puppetlabs/code @@ -42,6 +42,6 @@ https://puppet.com/docs/pe/2018.1/static_catalogs.html | HEREDOC - +# lint:endignore return('Plan completed successfully') } diff --git a/plans/modify_cert_extensions.pp b/plans/modify_cert_extensions.pp index 6a55d383..021ee941 100644 --- a/plans/modify_cert_extensions.pp +++ b/plans/modify_cert_extensions.pp @@ -2,15 +2,15 @@ plan peadm::modify_cert_extensions ( TargetSpec $targets, Peadm::SingleTargetSpec $primary_host, - Hash $add = { }, - Array $remove = [ ], + Hash $add = {}, + Array $remove = [], ) { - +# lint:ignore:strict_indent out::message(@(EOS)) The peadm::modify_cert_extensions plan has been deprecated. Please use peadm::modify_certificate instead. | EOS - +# lint:endignore return( run_plan('peadm::modify_certificate', $targets, primary_host => $primary_host, diff --git a/plans/modify_certificate.pp b/plans/modify_certificate.pp index 1e8d796a..9286c1a8 100644 --- a/plans/modify_certificate.pp +++ b/plans/modify_certificate.pp @@ -5,8 +5,8 @@ plan peadm::modify_certificate ( TargetSpec $targets, Peadm::SingleTargetSpec $primary_host, - Hash $add_extensions = { }, - Array $remove_extensions = [ ], + Hash $add_extensions = {}, + Array $remove_extensions = [], Optional[Array] $dns_alt_names = undef, Boolean $force_regenerate = false, ) { diff --git a/plans/restore.pp b/plans/restore.pp index 68a7cd9b..2bbe7d8c 100644 --- a/plans/restore.pp +++ b/plans/restore.pp @@ -33,30 +33,30 @@ # should be restored to. This could be as simple as just the primary server, # or it could be two separate PostgreSQL servers. $puppetdb_postgresql_targets = peadm::flatten_compact([ - getvar('cluster.params.primary_postgresql_host') ? { - undef => $primary_target, - default => peadm::get_targets(getvar('cluster.params.primary_postgresql_host'), 1), - }, - getvar('cluster.params.replica_postgresql_host') ? { - undef => $replica_target, - default => peadm::get_targets(getvar('cluster.params.replica_postgresql_host'), 1), - }, + getvar('cluster.params.primary_postgresql_host') ? { + undef => $primary_target, + default => peadm::get_targets(getvar('cluster.params.primary_postgresql_host'), 1), + }, + getvar('cluster.params.replica_postgresql_host') ? { + undef => $replica_target, + default => peadm::get_targets(getvar('cluster.params.replica_postgresql_host'), 1), + }, ]) $puppetdb_targets = peadm::flatten_compact([ - $primary_target, - $replica_target, - $compiler_targets, + $primary_target, + $replica_target, + $compiler_targets, ]) - $recovery_directory = "${dirname($input_file)}/${basename("${input_file}", '.tar.gz')}" - + $recovery_directory = "${dirname($input_file)}/${basename($input_file, '.tar.gz')}" +# lint:ignore:strict_indent run_command(@("CMD"/L), $primary_target) umask 0077 \ && cd ${shellquote(dirname($recovery_directory))} \ && tar -xzf ${shellquote($input_file)} | CMD - +# lint:endignore # Map of recovery option name to array of database hosts to restore the # relevant .dump content to. $restore_databases = { @@ -87,6 +87,7 @@ if getvar('recovery_opts.ca') { out::message('# Restoring ca and ssl certificates') +# lint:ignore:strict_indent run_command(@("CMD"/L), $primary_target) /opt/puppetlabs/bin/puppet-backup restore \ --scope=certs \ @@ -119,14 +120,15 @@ && cp -rp ${shellquote($recovery_directory)}/keys.json /etc/puppetlabs/console-services/conf.d/secrets/ \ || echo secret ldap key doesnt exist | CMD - +# lint:ignore:140chars # IF restoring orchestrator restore the secrets to /etc/puppetlabs/orchestration-services/conf.d/secrets/ if getvar('recovery_opts.orchestrator') { out::message('# Restoring orchestrator secret keys') run_command(@("CMD"/L), $primary_target) - cp -rp ${shellquote($recovery_directory)}/orchestrator/secrets/* /etc/puppetlabs/orchestration-services/conf.d/secrets/ + cp -rp ${shellquote($recovery_directory)}/orchestrator/secrets/* /etc/puppetlabs/orchestration-services/conf.d/secrets/ | CMD } +# lint:endignore #$database_to_restore.each |Integer $index, Boolean $value | { $restore_databases.each |$name,$database_targets| { @@ -217,19 +219,20 @@ # or other factors. if getvar('recovery_opts.puppetdb') { run_command(@("CMD"/L), $primary_target) - /opt/puppetlabs/bin/puppet-db import ${shellquote($recovery_directory)}/puppetdb-archive.bin + /opt/puppetlabs/bin/puppet-db import ${shellquote($recovery_directory)}/puppetdb-archive.bin | CMD +# lint:endignore } # Run Puppet to pick up last remaining config tweaks run_task('peadm::puppet_runonce', $primary_target) - apply($primary_target){ + apply($primary_target) { file { $recovery_directory : ensure => 'absent', - force => true + force => true, } } - return("success") + return('success') } diff --git a/plans/status.pp b/plans/status.pp index ceaee2f0..0ebf2708 100644 --- a/plans/status.pp +++ b/plans/status.pp @@ -12,11 +12,11 @@ Enum[json,table] $format = 'table', Boolean $verbose = false, Boolean $summarize = true, - Boolean $colors = $format ? { json => false, default => true } + Boolean $colors = $format ? { 'json' => false, default => true } ) { peadm::assert_supported_bolt_version() - $results = run_task('peadm::infrastatus', $targets, { format => 'json'}) + $results = run_task('peadm::infrastatus', $targets, { format => 'json' }) # returns the data in a hash $stack_status = $results.reduce({}) | $res, $item | { $data = $item.value[output] @@ -63,26 +63,26 @@ # Summary table out::message( format::table({ - title => $table_title, - head => $table_head, - rows => $stack_table_rows})) + title => $table_title, + head => $table_head, + rows => $stack_table_rows })) # Failed services table unless $bad_svc_rows.empty { out::message( format::table({ - title => 'Failed Service Status', - head => $service_table_head, - rows => $bad_svc_rows.reduce([]) |$memo,$rows| { $memo + $rows }})) + title => 'Failed Service Status', + head => $service_table_head, + rows => $bad_svc_rows.reduce([]) |$memo,$rows| { $memo + $rows } })) } # Operational services table if $verbose and ! $good_svc_rows.empty { out::message( format::table({ - title => 'Operational Service Status', - head => $service_table_head, - rows => $good_svc_rows.reduce([]) |$memo,$rows| { $memo + $rows }})) + title => 'Operational Service Status', + head => $service_table_head, + rows => $good_svc_rows.reduce([]) |$memo,$rows| { $memo + $rows } })) } } else { if $summarize { @@ -91,10 +91,10 @@ $summary_json = { 'summary' => { 'status' => $overall_status, - 'stacks' => $stack_table_rows.hash + 'stacks' => $stack_table_rows.hash, }, 'failed' => $failed, - 'operational' => $passed + 'operational' => $passed, } return $summary_json } else { diff --git a/plans/subplans/component_install.pp b/plans/subplans/component_install.pp index 774b1403..80f2cd7e 100644 --- a/plans/subplans/component_install.pp +++ b/plans/subplans/component_install.pp @@ -12,7 +12,7 @@ Enum['A', 'B'] $avail_group_letter, Optional[Variant[String[1], Array]] $dns_alt_names = undef, Optional[String[1]] $role = undef -){ +) { $component_target = peadm::get_targets($targets, 1) $primary_target = peadm::get_targets($primary_host, 1) diff --git a/plans/subplans/configure.pp b/plans/subplans/configure.pp index 2aa57465..908975bb 100644 --- a/plans/subplans/configure.pp +++ b/plans/subplans/configure.pp @@ -72,9 +72,9 @@ ] run_plan('peadm::util::copy_file', peadm::flatten_compact([ - $replica_target, - $compiler_targets, - ]), + $replica_target, + $compiler_targets, + ]), source_host => $primary_target, path => $common_content_source ) @@ -120,7 +120,7 @@ } if $ldap_config { - # Run the task to configure ldap + # Run the task to configure ldap $ldap_result = run_task('peadm::pe_ldap_config', $primary_target, pe_main => $primary_target.peadm::certname(), ldap_config => $ldap_config, @@ -136,11 +136,11 @@ # Run Puppet everywhere to pick up last remaining config tweaks run_task('peadm::puppet_runonce', peadm::flatten_compact([ - $primary_target, - $primary_postgresql_target, - $compiler_targets, - $replica_target, - $replica_postgresql_target, + $primary_target, + $primary_postgresql_target, + $compiler_targets, + $replica_target, + $replica_postgresql_target, ])) # Deploy an environment if a deploy environment is specified @@ -156,11 +156,11 @@ 'stopped' => 'stop' } run_command("systemctl ${systemctl_state} puppet", peadm::flatten_compact([ - $primary_target, - $replica_target, - $primary_postgresql_target, - $replica_postgresql_target, - $compiler_targets, + $primary_target, + $replica_target, + $primary_postgresql_target, + $replica_postgresql_target, + $compiler_targets, ])) return("Configuration of Puppet Enterprise ${arch['architecture']} succeeded.") diff --git a/plans/subplans/db_populate.pp b/plans/subplans/db_populate.pp index 39ceb417..8dedd134 100644 --- a/plans/subplans/db_populate.pp +++ b/plans/subplans/db_populate.pp @@ -51,11 +51,10 @@ # Save existing certificates to use for authentication to source. Can not use # certs stored in /etc/puppetlabs/puppet/ssl because we will run pg_basebackup # as pe-postgres user, which lacks access - run_command("mv /opt/puppetlabs/server/data/postgresql/${psql_version}/data/certs /opt/puppetlabs/server/data/pg_certs", $destination_target) + run_command("mv /opt/puppetlabs/server/data/postgresql/${psql_version}/data/certs /opt/puppetlabs/server/data/pg_certs", $destination_target)# lint:ignore:140chars # pg_basebackup requires an entirely empty data directory run_command('rm -rf /opt/puppetlabs/server/data/postgresql/*', $destination_target) - $pg_basebackup = @("PGBASE") runuser -u pe-postgres -- \ /opt/puppetlabs/server/bin/pg_basebackup \ @@ -67,18 +66,17 @@ sslkey=/opt/puppetlabs/server/data/pg_certs/_local.private_key.pem sslrootcert=/etc/puppetlabs/puppet/ssl/certs/ca.pem" | - PGBASE - - run_command($pg_basebackup, $destination_target) + run_command(${pg_basebackup}, ${destination_target}) # Delete the saved certs, they'll be properly re-populated by an agent run - run_command('rm -rf /opt/puppetlabs/server/data/pg_certs', $destination_target) + run_command('rm -rf /opt/puppetlabs/server/data/pg_certs', ${destination_target}) # Start pe-postgresql.service - run_command('systemctl start pe-postgresql.service', $destination_target) + run_command('systemctl start pe-postgresql.service', ${destination_target}) # Delete the previously add replication rules to prevent Puppet restarting # thing later - apply($source_target) { + apply(${source_target}) { file_line { 'replication-pe-ha-replication-map': ensure => absent, path => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_ident.conf", @@ -97,8 +95,8 @@ } # Reload pe-postgresql to revoke replication rules - run_command('systemctl reload pe-postgresql.service', $source_target) + run_command('systemctl reload pe-postgresql.service', ${source_target}) return("Population of ${$destination_target.peadm::certname()} with data from s${$source_target.peadm::certname()} succeeded.") - } + diff --git a/plans/subplans/install.pp b/plans/subplans/install.pp index c391e49f..1b91b318 100644 --- a/plans/subplans/install.pp +++ b/plans/subplans/install.pp @@ -42,8 +42,8 @@ String $console_password, Peadm::Pe_version $version, Optional[String] $pe_installer_source = undef, - Array[String] $dns_alt_names = [ ], - Hash $pe_conf_data = { }, + Array[String] $dns_alt_names = [], + Hash $pe_conf_data = {}, # Code Manager Optional[String] $r10k_remote = undef, @@ -79,32 +79,32 @@ ) $all_targets = peadm::flatten_compact([ - $primary_target, - $primary_postgresql_target, - $replica_target, - $replica_postgresql_target, - $compiler_targets, + $primary_target, + $primary_postgresql_target, + $replica_target, + $replica_postgresql_target, + $compiler_targets, ]) $primary_targets = peadm::flatten_compact([ - $primary_target, - $replica_target, + $primary_target, + $replica_target, ]) $database_targets = peadm::flatten_compact([ - $primary_postgresql_target, - $replica_postgresql_target, + $primary_postgresql_target, + $replica_postgresql_target, ]) $pe_installer_targets = peadm::flatten_compact([ - $primary_target, - $primary_postgresql_target, - $replica_postgresql_target, + $primary_target, + $primary_postgresql_target, + $replica_postgresql_target, ]) $agent_installer_targets = peadm::flatten_compact([ - $compiler_targets, - $replica_target, + $compiler_targets, + $replica_target, ]) # Clusters A and B are used to divide PuppetDB availability for compilers @@ -135,10 +135,12 @@ $precheck_results.each |$result| { $name = $result.target.peadm::certname() if ($name != $result['hostname']) { +# lint:ignore:strict_indent warning(@("HEREDOC")) WARNING: Target name / hostname mismatch: target ${name} reports ${result['hostname']} Certificate name will be set to target name. Please ensure target name is correct and resolvable |-HEREDOC +# lint:endignore } if ($result['platform'] != $platform) { fail_plan("Platform mismatch: target ${name} reports '${result['platform']}; expected ${platform}'") @@ -157,28 +159,28 @@ } $primary_pe_conf = peadm::generate_pe_conf({ - 'console_admin_password' => $console_password, - 'puppet_enterprise::puppet_master_host' => $primary_target.peadm::certname(), - 'pe_install::puppet_master_dnsaltnames' => $dns_alt_names, - 'puppet_enterprise::puppetdb_database_host' => $primary_postgresql_target.peadm::certname(), - 'puppet_enterprise::profile::master::code_manager_auto_configure' => true, - 'puppet_enterprise::profile::master::r10k_remote' => $r10k_remote, - 'puppet_enterprise::profile::master::r10k_private_key' => $r10k_private_key ? { - undef => undef, - default => '/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa', - }, + 'console_admin_password' => $console_password, + 'puppet_enterprise::puppet_master_host' => $primary_target.peadm::certname(), + 'pe_install::puppet_master_dnsaltnames' => $dns_alt_names, + 'puppet_enterprise::puppetdb_database_host' => $primary_postgresql_target.peadm::certname(), + 'puppet_enterprise::profile::master::code_manager_auto_configure' => true, + 'puppet_enterprise::profile::master::r10k_remote' => $r10k_remote, + 'puppet_enterprise::profile::master::r10k_private_key' => $r10k_private_key ? { + undef => undef, + default => '/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa', + }, } + $puppetdb_database_temp_config + $pe_conf_data) $primary_postgresql_pe_conf = peadm::generate_pe_conf({ - 'console_admin_password' => 'not used', - 'puppet_enterprise::puppet_master_host' => $primary_target.peadm::certname(), - 'puppet_enterprise::database_host' => $primary_postgresql_target.peadm::certname(), + 'console_admin_password' => 'not used', + 'puppet_enterprise::puppet_master_host' => $primary_target.peadm::certname(), + 'puppet_enterprise::database_host' => $primary_postgresql_target.peadm::certname(), } + $puppetdb_database_temp_config + $pe_conf_data) $replica_postgresql_pe_conf = peadm::generate_pe_conf({ - 'console_admin_password' => 'not used', - 'puppet_enterprise::puppet_master_host' => $primary_target.peadm::certname(), - 'puppet_enterprise::database_host' => $replica_postgresql_target.peadm::certname(), + 'console_admin_password' => 'not used', + 'puppet_enterprise::puppet_master_host' => $primary_target.peadm::certname(), + 'puppet_enterprise::database_host' => $replica_postgresql_target.peadm::certname(), } + $puppetdb_database_temp_config + $pe_conf_data) # Upload the pe.conf files to the hosts that need them, and ensure correctly @@ -189,12 +191,14 @@ $pe_conf = getvar("${var}_pe_conf") peadm::file_content_upload($pe_conf, '/tmp/pe.conf', $target) +# lint:ignore:strict_indent run_task('peadm::mkdir_p_file', $target, path => '/etc/puppetlabs/puppet/puppet.conf', content => @("HEREDOC"), [main] certname = ${target.peadm::certname()} | HEREDOC +# lint:endignore ) } @@ -231,7 +235,7 @@ run_plan('peadm::util::insert_csr_extension_requests', $primary_target, extension_requests => { peadm::oid('peadm_role') => 'puppet/server', - peadm::oid('peadm_availability_group') => 'A' + peadm::oid('peadm_availability_group') => 'A', } ) }, @@ -239,7 +243,7 @@ run_plan('peadm::util::insert_csr_extension_requests', $replica_target, extension_requests => { peadm::oid('peadm_role') => 'puppet/server', - peadm::oid('peadm_availability_group') => 'B' + peadm::oid('peadm_availability_group') => 'B', } ) }, @@ -247,7 +251,7 @@ run_plan('peadm::util::insert_csr_extension_requests', $compiler_a_targets, extension_requests => { peadm::oid('pp_auth_role') => 'pe_compiler', - peadm::oid('peadm_availability_group') => 'A' + peadm::oid('peadm_availability_group') => 'A', } ) }, @@ -255,7 +259,7 @@ run_plan('peadm::util::insert_csr_extension_requests', $compiler_b_targets, extension_requests => { peadm::oid('pp_auth_role') => 'pe_compiler', - peadm::oid('peadm_availability_group') => 'B' + peadm::oid('peadm_availability_group') => 'B', } ) }, @@ -263,7 +267,7 @@ run_plan('peadm::util::insert_csr_extension_requests', $primary_postgresql_target, extension_requests => { peadm::oid('peadm_role') => 'puppet/puppetdb-database', - peadm::oid('peadm_availability_group') => 'A' + peadm::oid('peadm_availability_group') => 'A', } ) }, @@ -271,10 +275,10 @@ run_plan('peadm::util::insert_csr_extension_requests', $replica_postgresql_target, extension_requests => { peadm::oid('peadm_role') => 'puppet/puppetdb-database', - peadm::oid('peadm_availability_group') => 'B' + peadm::oid('peadm_availability_group') => 'B', } ) - } + }, ] wait($csr_yaml_jobs) @@ -370,7 +374,7 @@ # Ensure certificate requests have been submitted, then run Puppet run_task('peadm::submit_csr', $target) - run_task('peadm::sign_csr', $primary_target, { 'certnames' => [$target.peadm::certname] } ) + run_task('peadm::sign_csr', $primary_target, { 'certnames' => [$target.peadm::certname] }) run_task('peadm::puppet_runonce', $target) } diff --git a/plans/subplans/modify_certificate.pp b/plans/subplans/modify_certificate.pp index 1b571aee..e79f03ba 100644 --- a/plans/subplans/modify_certificate.pp +++ b/plans/subplans/modify_certificate.pp @@ -3,8 +3,8 @@ Peadm::SingleTargetSpec $targets, TargetSpec $primary_host, String $primary_certname, - Hash $add_extensions = { }, - Array $remove_extensions = [ ], + Hash $add_extensions = {}, + Array $remove_extensions = [], Optional[Array] $dns_alt_names = undef, Boolean $force_regenerate = false, ) { @@ -32,11 +32,10 @@ # If the existing certificate meets all the requirements, there's no need # to regenerate it. Skip it and move on to the next. if ($certdata['certificate-exists'] and - ($desired_alt_names == $existing_alt_names) and - ($desired_exts.all |$key,$val| { $existing_exts[$key] == $val }) and - !($remove_extensions.any |$key| { $key in $existing_exts.keys }) and - !$force_regenerate) - { + ($desired_alt_names == $existing_alt_names) and + ($desired_exts.all |$key,$val| { $existing_exts[$key] == $val }) and + !($remove_extensions.any |$key| { $key in $existing_exts.keys }) and + !$force_regenerate) { out::message("${certname} already has requested modifications; certificate will not be re-issued") return('Skipped') } @@ -57,21 +56,20 @@ extension_requests => $desired_exts, merge => false, ) - - $ca_clean_result = run_command(@("HEREDOC"/L), $primary_target, _catch_errors => true).first +# lint:ignore:strict_indent + $ca_clean_result = run_command(@("HEREDOC"/L), $primary_target, _catch_errors => true).first /opt/puppetlabs/bin/puppetserver ca clean --certname ${certname} |-HEREDOC - +# lint:endignore unless $ca_clean_result.ok { # fail the plan unless it's a known circumstance in which it's okay to proceed. # Scenario 1: the primary's cert can't be cleaned because it's already revoked. # Scenario 2: the primary's cert can't be cleaned because it's been deleted. # Scenario 3: any component's cert can't be cleaned because it's been deleted. unless ($target_is_primary and - ($ca_clean_result[merged_output] =~ /certificate revoked/ or - $ca_clean_result[merged_output] =~ /Could not find 'hostcert'/)) or - ($ca_clean_result[merged_output] =~ /Could not find files to clean/) - { + ($ca_clean_result[merged_output] =~ /certificate revoked/ or + $ca_clean_result[merged_output] =~ /Could not find 'hostcert'/)) or + ($ca_clean_result[merged_output] =~ /Could not find files to clean/) { fail_plan($ca_clean_result[merged_output]) } } @@ -87,6 +85,7 @@ # w/ PCP transport. If using a task, we run into problems downloading # the task file at this point, because there is no longer a cert file # present on the agent. +# lint:ignore:strict_indent run_command(@("HEREDOC"/L), $target) /opt/puppetlabs/bin/puppet ssl download_cert --certname ${certname} || \ /opt/puppetlabs/bin/puppet certificate find --ca-location remote ${certname} @@ -95,7 +94,7 @@ else { # PRIMARY cert regeneration # The docs are broken, and the process is unclean. Sadface. - run_task('service', $target, {action => 'stop', name => 'pe-puppetserver'}) + run_task('service', $target, { action => 'stop', name => 'pe-puppetserver' }) run_command(@("HEREDOC"/L), $target) rm -f \ /etc/puppetlabs/puppet/ssl/certs/${certname}.pem \ @@ -105,12 +104,13 @@ /etc/puppetlabs/puppet/ssl/ca/signed/${certname}.pem \ |-HEREDOC run_command(@("HEREDOC"/L), $target) - /opt/puppetlabs/bin/puppetserver ca generate \ + /opt/puppetlabs/bin/puppetserver ca generate \ --certname ${certname} \ --subject-alt-names ${alt_names.join(',')} \ --ca-client |-HEREDOC - run_task('service', $target, {action => 'start', name => 'pe-puppetserver'}) +# lint:endignore + run_task('service', $target, { action => 'start', name => 'pe-puppetserver' }) } # Fire puppet back up when done diff --git a/plans/subplans/prepare_agent.pp b/plans/subplans/prepare_agent.pp index 507c33ac..938a3a07 100644 --- a/plans/subplans/prepare_agent.pp +++ b/plans/subplans/prepare_agent.pp @@ -5,7 +5,6 @@ Hash $certificate_extensions, Optional[Array] $dns_alt_names = undef, ) { - $agent_target = peadm::get_targets($targets, 1) $primary_target = peadm::get_targets($primary_host, 1) @@ -16,7 +15,7 @@ $status = run_task('package', $agent_target, action => 'status', - name => 'puppet-agent').first['status'] + name => 'puppet-agent').first['status'] if $status == 'uninstalled' { run_plan('peadm::util::insert_csr_extension_requests', $agent_target, @@ -42,7 +41,7 @@ # Obtain data about certificate from primary $certstatus = run_task('peadm::cert_valid_status', $primary_target, - certname => $agent_target.peadm::certname()).first.value + certname => $agent_target.peadm::certname()).first.value # Obtain data about certificate from agent $certdata = run_task('peadm::cert_data', $agent_target).first.value @@ -59,7 +58,7 @@ # agent claims it has one, clean the agent to get to an agreed upon state # before moving onto the submit and sign process. if $certdata['certificate-exists'] and $certstatus['reason'] =~ /The private key is missing from/ { - out::message("Agent: ${agent_target.peadm::certname()} has a local cert but Primary: ${primary_target.peadm::certname()} does not, force agent clean") + out::message("Agent: ${agent_target.peadm::certname()} has a local cert but Primary: ${primary_target.peadm::certname()} does not, force agent clean") # lint:ignore:140chars run_task('peadm::ssl_clean', $agent_target, certname => $agent_target.peadm::certname()) } $force_regenerate = false @@ -73,10 +72,10 @@ # If necessary, manually submit a CSR # ignoring errors to simplify logic unless $skip_csr { - run_task('peadm::submit_csr', $agent_target, {'_catch_errors' => true}) + run_task('peadm::submit_csr', $agent_target, { '_catch_errors' => true }) # On primary, if necessary, sign the certificate request - run_task('peadm::sign_csr', $primary_target, { 'certnames' => [$agent_target.peadm::certname()] } ) + run_task('peadm::sign_csr', $primary_target, { 'certnames' => [$agent_target.peadm::certname()] }) } # If agent certificate is good but lacks appropriate extensions, plan will still diff --git a/plans/uninstall.pp b/plans/uninstall.pp index 3579b662..7869f27c 100644 --- a/plans/uninstall.pp +++ b/plans/uninstall.pp @@ -12,4 +12,3 @@ return($uninstall_results) } - diff --git a/plans/upgrade.pp b/plans/upgrade.pp index eea92339..34e1b370 100644 --- a/plans/upgrade.pp +++ b/plans/upgrade.pp @@ -43,14 +43,13 @@ Boolean $permit_unsafe_versions = false, Optional[Enum[ - 'upgrade-primary', - 'upgrade-node-groups', - 'upgrade-primary-compilers', - 'upgrade-replica', - 'upgrade-replica-compilers', - 'finalize']] $begin_at_step = undef, + 'upgrade-primary', + 'upgrade-node-groups', + 'upgrade-primary-compilers', + 'upgrade-replica', + 'upgrade-replica-compilers', + 'finalize']] $begin_at_step = undef, ) { - # Ensure input valid for a supported architecture $arch = peadm::assert_supported_architecture( $primary_host, @@ -68,17 +67,17 @@ $compiler_targets = peadm::get_targets($compiler_hosts) $all_targets = peadm::flatten_compact([ - $primary_target, - $primary_postgresql_target, - $replica_target, - $replica_postgresql_target, - $compiler_targets, + $primary_target, + $primary_postgresql_target, + $replica_target, + $replica_postgresql_target, + $compiler_targets, ]) $pe_installer_targets = peadm::flatten_compact([ - $primary_target, - $primary_postgresql_target, - $replica_postgresql_target, + $primary_target, + $primary_postgresql_target, + $replica_postgresql_target, ]) out::message('# Gathering information') @@ -122,22 +121,24 @@ [peadm::oid('peadm_role'), 'pp_auth_role'].all |$ext| { $cert[$ext] == undef } or $cert[peadm::oid('peadm_availability_group')] == undef } { +# lint:ignore:strict_indent fail_plan(@(HEREDOC/L)) Required trusted facts are not present; upgrade cannot be completed. If \ this infrastructure was provisioned with an old version of peadm, you may \ need to run the peadm::convert plan\ | HEREDOC +# lint:endignore } # Determine which compilers are associated with which DR group $compiler_m1_targets = $compiler_targets.filter |$target| { ($cert_extensions.dig($target.peadm::certname, peadm::oid('peadm_availability_group')) - == $cert_extensions.dig($primary_target[0].peadm::certname, peadm::oid('peadm_availability_group'))) + == $cert_extensions.dig($primary_target[0].peadm::certname, peadm::oid('peadm_availability_group'))) } $compiler_m2_targets = $compiler_targets.filter |$target| { ($cert_extensions.dig($target.peadm::certname, peadm::oid('peadm_availability_group')) - == $cert_extensions.dig($replica_target[0].peadm::certname, peadm::oid('peadm_availability_group'))) + == $cert_extensions.dig($replica_target[0].peadm::certname, peadm::oid('peadm_availability_group'))) } peadm::plan_step('preparation') || { @@ -176,20 +177,20 @@ # is only ever consulted during install and upgrade of these nodes, but if # it contains the wrong values, upgrade will fail. peadm::flatten_compact([ - $primary_postgresql_target, - $replica_postgresql_target, + $primary_postgresql_target, + $replica_postgresql_target, ]).each |$target| { $current_pe_conf = run_task('peadm::read_file', $target, path => '/etc/puppetlabs/enterprise/conf.d/pe.conf', ).first['content'] $pe_conf = ($current_pe_conf ? { - undef => {}, - default => $current_pe_conf.parsehocon(), - } + { - 'console_admin_password' => 'not used', - 'puppet_enterprise::puppet_master_host' => $primary_target.peadm::certname(), - 'puppet_enterprise::database_host' => $target.peadm::certname(), + undef => {}, + default => $current_pe_conf.parsehocon(), + } + { + 'console_admin_password' => 'not used', + 'puppet_enterprise::puppet_master_host' => $primary_target.peadm::certname(), + 'puppet_enterprise::database_host' => $target.peadm::certname(), } + $profile_database_puppetdb_hosts).to_json_pretty() write_file($pe_conf, '/etc/puppetlabs/enterprise/conf.d/pe.conf', $target) @@ -220,8 +221,8 @@ # Installer-driven upgrade will de-configure auth access for compilers. # Re-run Puppet immediately to fully re-enable run_task('peadm::puppet_runonce', peadm::flatten_compact([ - $primary_target, - $primary_postgresql_target, + $primary_target, + $primary_postgresql_target, ])) } @@ -290,8 +291,8 @@ # `puppet infra upgrade` cannot handle orchestration services restarting, # also run Puppet immediately on the primary. run_task('peadm::puppet_runonce', peadm::flatten_compact([ - $primary_target, - $replica_postgresql_target, + $primary_target, + $replica_postgresql_target, ])) # The `puppetdb delete-reports` CLI app has a bug in 2019.8.0 where it @@ -300,6 +301,7 @@ $pdbapps = '/opt/puppetlabs/server/apps/puppetdb/cli/apps' $workaround_delete_reports = $arch['disaster-recovery'] and $_version =~ SemVerRange('>= 2019.8') if $workaround_delete_reports { +# lint:ignore:strict_indent run_command(@("COMMAND"/$), $replica_target) if [ -e ${pdbapps}/delete-reports -a ! -h ${pdbapps}/delete-reports ] then @@ -324,6 +326,7 @@ mv ${pdbapps}/delete-reports.original ${pdbapps}/delete-reports fi | COMMAND +# lint:endignore } } diff --git a/plans/util/code_sync_status.pp b/plans/util/code_sync_status.pp index 06db9e7b..64e72f44 100644 --- a/plans/util/code_sync_status.pp +++ b/plans/util/code_sync_status.pp @@ -7,18 +7,18 @@ # Print a table of summary status out::message( format::table({ - title => 'Summary', - rows => $data['environments'].reduce([['Overall sync status', $data['sync']]]) |$memo, $val| { - $memo << ["${val[0]} environment in sync", $val[1]['sync']] }})) + title => 'Summary', + rows => $data['environments'].reduce([['Overall sync status', $data['sync']]]) |$memo, $val| { + $memo << ["${val[0]} environment in sync", $val[1]['sync']] } })) # Print a server status table, one for each environment $data['environments'].each |$env, $_| { out::message( format::table({ - title => "Server sync status - ${env}", - head => ['Server', 'In Sync', 'Commit'], - rows => $data['environments'][$env]['servers'].reduce([]) |$memo, $val| { - $memo << [$val[0], $val[1]['sync'], $val[1]['commit']] }})) + title => "Server sync status - ${env}", + head => ['Server', 'In Sync', 'Commit'], + rows => $data['environments'][$env]['servers'].reduce([]) |$memo, $val| { + $memo << [$val[0], $val[1]['sync'], $val[1]['commit']] } })) } return('Done') diff --git a/plans/util/copy_file.pp b/plans/util/copy_file.pp index 793364fb..cc324611 100644 --- a/plans/util/copy_file.pp +++ b/plans/util/copy_file.pp @@ -4,7 +4,6 @@ Peadm::SingleTargetSpec $source_host, Stdlib::Absolutepath $path ) { - $source_target = peadm::get_targets($source_host, 1) $replica_target = $targets diff --git a/plans/util/db_disable_pglogical.pp b/plans/util/db_disable_pglogical.pp index 9f0abb8a..fdf37bed 100644 --- a/plans/util/db_disable_pglogical.pp +++ b/plans/util/db_disable_pglogical.pp @@ -3,7 +3,6 @@ Peadm::SingleTargetSpec $targets, Array[String[1]] $databases, ) { - # Simplest way to disable the connection that the pglogical supervisor opens # to each database it means to replicate. $databases.each |$database| { diff --git a/plans/util/db_purge.pp b/plans/util/db_purge.pp index b419022b..74852ae2 100644 --- a/plans/util/db_purge.pp +++ b/plans/util/db_purge.pp @@ -3,18 +3,17 @@ TargetSpec $targets, Array[String[1]] $databases, ) { - # Their are more sophisticated ways to clean up these databases so they do not # continue taking up disk space but they are finicky and grow complex. Instead # just delete them even though Puppet will recreate them on the next agent run. $databases.each |$database| { run_command( "runuser -u pe-postgres -- \ /opt/puppetlabs/server/bin/psql pe-postgres -c 'DROP DATABASE IF EXISTS \"${database}\"'", - $targets + $targets ) run_command("runuser -u pe-postgres -- \ /opt/puppetlabs/server/bin/psql pe-postgres -c 'DROP TABLESPACE IF EXISTS \"${database}\"'", - $targets + $targets ) } } diff --git a/plans/util/insert_csr_extension_requests.pp b/plans/util/insert_csr_extension_requests.pp index 23e12215..63c4edcc 100644 --- a/plans/util/insert_csr_extension_requests.pp +++ b/plans/util/insert_csr_extension_requests.pp @@ -6,9 +6,9 @@ ) { get_targets($targets).each |$target| { $csr_attributes_data = ($csr_file = run_task('peadm::read_file', $target, - path => '/etc/puppetlabs/puppet/csr_attributes.yaml', + path => '/etc/puppetlabs/puppet/csr_attributes.yaml', ).first['content']) ? { - undef => { }, + undef => {}, default => $csr_file.parseyaml, } @@ -16,8 +16,8 @@ # If we're not merging, only ours will be used; existing requests will be # overwritten. $csr_file_data = $merge ? { - true => $csr_attributes_data.deep_merge({'extension_requests' => $extension_requests}), - false => ($csr_attributes_data + {'extension_requests' => $extension_requests}), + true => $csr_attributes_data.deep_merge({ 'extension_requests' => $extension_requests }), + false => ($csr_attributes_data + { 'extension_requests' => $extension_requests }), } run_task('peadm::mkdir_p_file', $target, diff --git a/plans/util/update_classification.pp b/plans/util/update_classification.pp index 0e88aa18..247a9632 100644 --- a/plans/util/update_classification.pp +++ b/plans/util/update_classification.pp @@ -18,7 +18,6 @@ Optional[String] $internal_compiler_a_pool_address = undef, Optional[String] $internal_compiler_b_pool_address = undef, ) { - $primary_target = peadm::get_targets($targets, 1) # Makes this more easily usable outside a plan @@ -34,25 +33,25 @@ $filtered_params = { 'compiler_pool_address' => $compiler_pool_address, 'internal_compiler_a_pool_address' => $internal_compiler_a_pool_address, - 'internal_compiler_b_pool_address' => $internal_compiler_b_pool_address + 'internal_compiler_b_pool_address' => $internal_compiler_b_pool_address, }.filter |$parameter| { $parameter[1] } $filtered_server = { 'A' => $server_a_host, - 'B' => $server_b_host + 'B' => $server_b_host, }.filter |$parameter| { $parameter[1] } $filtered_psql = { 'A' => $postgresql_a_host, - 'B' => $postgresql_b_host + 'B' => $postgresql_b_host, }.filter |$parameter| { $parameter[1] } $filtered = { 'params' => $filtered_params, 'role-letter' => { 'server' => $filtered_server, - 'postgresql' => $filtered_psql - } + 'postgresql' => $filtered_psql, + }, } out::verbose('New values are...') diff --git a/plans/util/update_db_setting.pp b/plans/util/update_db_setting.pp index aa74a0ff..9035d0fc 100644 --- a/plans/util/update_db_setting.pp +++ b/plans/util/update_db_setting.pp @@ -8,11 +8,9 @@ Optional[Hash] $peadm_config = undef, Boolean $override = false ) { - # FIX ME: Section needs to be parallelized, can't use built in functionality # of apply(). get_targets($targets).each |$target| { - if $override { $db = $postgresql_host } else { @@ -23,9 +21,9 @@ # Determine configuration by pairing target with existing availability letter # assignments, setting to the new node if no match is found. $target_group_letter = peadm::flatten_compact([$roles['compilers'],$roles['server']].map |$role| { - $role.map |$k,$v| { - if $target.peadm::certname() in $v { $k } - } + $role.map |$k,$v| { + if $target.peadm::certname() in $v { $k } + } })[0] $match = $roles['postgresql'][$target_group_letter] if $match { @@ -35,7 +33,7 @@ } } - $db_setting = "//${db}:5432/pe-puppetdb?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/certs/ca.pem&sslkey=/etc/puppetlabs/puppetdb/ssl/${target.peadm::certname()}.private_key.pk8&sslcert=/etc/puppetlabs/puppetdb/ssl/${$target.peadm::certname()}.cert.pem" + $db_setting = "//${db}:5432/pe-puppetdb?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/certs/ca.pem&sslkey=/etc/puppetlabs/puppetdb/ssl/${target.peadm::certname()}.private_key.pk8&sslcert=/etc/puppetlabs/puppetdb/ssl/${$target.peadm::certname()}.cert.pem" # lint:ignore:140chars # Introduces dependency so PEADM can modify INI files apply($target) { diff --git a/types/ldap_config.pp b/types/ldap_config.pp index ab75d005..924ec128 100644 --- a/types/ldap_config.pp +++ b/types/ldap_config.pp @@ -1,25 +1,25 @@ type Peadm::Ldap_config = Struct[{ - base_dn => String, - connect_timeout => Integer, - disable_ldap_matching_rule_in_chain => Boolean, - display_name => String, - group_lookup_attr => String, - group_member_attr => String, - group_name_attr => String, - group_object_class => String, - Optional[group_rdn] => Optional[String], - Optional[help_link] => Optional[String], - hostname => String, - Optional[login] => Optional[String], - Optional[password] => Optional[String], - port => Integer, - search_nested_groups => Boolean, - ssl => Boolean, - ssl_hostname_validation => Boolean, - ssl_wildcard_validation => Boolean, - start_tls => Boolean, - user_display_name_attr => String, - user_email_attr => String, - user_lookup_attr => String, - Optional[user_rdn] => Optional[String], + base_dn => String, + connect_timeout => Integer, + disable_ldap_matching_rule_in_chain => Boolean, + display_name => String, + group_lookup_attr => String, + group_member_attr => String, + group_name_attr => String, + group_object_class => String, + Optional[group_rdn] => Optional[String], + Optional[help_link] => Optional[String], + hostname => String, + Optional[login] => Optional[String], + Optional[password] => Optional[String], + port => Integer, + search_nested_groups => Boolean, + ssl => Boolean, + ssl_hostname_validation => Boolean, + ssl_wildcard_validation => Boolean, + start_tls => Boolean, + user_display_name_attr => String, + user_email_attr => String, + user_lookup_attr => String, + Optional[user_rdn] => Optional[String], }] diff --git a/types/recovery_opts.pp b/types/recovery_opts.pp index 8e88fb65..c759e955 100644 --- a/types/recovery_opts.pp +++ b/types/recovery_opts.pp @@ -1,8 +1,8 @@ type Peadm::Recovery_opts = Struct[{ - 'orchestrator' => Optional[Boolean], - 'puppetdb' => Optional[Boolean], - 'rbac' => Optional[Boolean], - 'activity' => Optional[Boolean], - 'ca' => Optional[Boolean[false]], - 'classifier' => Optional[Boolean], + 'orchestrator' => Optional[Boolean], + 'puppetdb' => Optional[Boolean], + 'rbac' => Optional[Boolean], + 'activity' => Optional[Boolean], + 'ca' => Optional[Boolean[false]], + 'classifier' => Optional[Boolean], }]