From 5f9338255f15016907aa24e1a64569249bb5b313 Mon Sep 17 00:00:00 2001 From: David Sandilands Date: Mon, 30 Jan 2023 14:10:06 +0000 Subject: [PATCH 1/9] Updating to latest PDK version --- .devcontainer/README.md | 38 +++++++++ .devcontainer/devcontainer.json | 16 ++-- .github/workflows/auto_release.yml | 90 +++++++++++++++++++++ .gitignore | 4 - .puppet-lint.rc | 1 + .rubocop.yml | 2 +- .sync.yml | 3 +- Gemfile | 41 ++++++---- Rakefile | 1 + examples/haproxy/compiler.pp | 14 ++-- examples/haproxy/load_balancer.pp | 14 ++-- examples/haproxy/puppetdb.pp | 8 +- functions/assert_supported_architecture.pp | 27 ++++--- functions/assert_supported_bolt_version.pp | 8 +- functions/assert_supported_pe_version.pp | 12 ++- functions/certname.pp | 16 ++-- functions/convert_status.pp | 11 ++- functions/determine_status.pp | 24 +++--- functions/file_or_content.pp | 2 - functions/get_targets.pp | 4 +- manifests/setup/convert_node_manager.pp | 1 - manifests/setup/convert_pre20197.pp | 1 - manifests/setup/node_manager.pp | 16 ++-- manifests/setup/node_manager_yaml.pp | 4 +- metadata.json | 4 +- plans/add_compiler.pp | 29 ++++--- plans/add_database.pp | 84 +++++++++---------- plans/add_replica.pp | 17 ++-- plans/backup.pp | 25 +++--- plans/convert.pp | 30 ++++--- plans/install.pp | 3 +- plans/misc/divert_code_manager.pp | 8 +- plans/modify_cert_extensions.pp | 10 +-- plans/modify_certificate.pp | 4 +- plans/restore.pp | 71 ++++++++-------- plans/status.pp | 26 +++--- plans/subplans/component_install.pp | 2 +- plans/subplans/configure.pp | 28 +++---- plans/subplans/db_populate.pp | 17 ++-- plans/subplans/install.pp | 88 ++++++++++---------- plans/subplans/modify_certificate.pp | 40 ++++----- plans/subplans/prepare_agent.pp | 11 ++- plans/uninstall.pp | 1 - plans/upgrade.pp | 67 +++++++-------- plans/util/code_sync_status.pp | 14 ++-- plans/util/copy_file.pp | 1 - plans/util/db_disable_pglogical.pp | 1 - plans/util/db_purge.pp | 5 +- plans/util/insert_csr_extension_requests.pp | 8 +- plans/util/update_classification.pp | 11 ++- plans/util/update_db_setting.pp | 10 +-- types/ldap_config.pp | 46 +++++------ types/recovery_opts.pp | 12 +-- 53 files changed, 575 insertions(+), 456 deletions(-) create mode 100644 .devcontainer/README.md create mode 100644 .github/workflows/auto_release.yml diff --git a/.devcontainer/README.md b/.devcontainer/README.md new file mode 100644 index 00000000..a7193616 --- /dev/null +++ b/.devcontainer/README.md @@ -0,0 +1,38 @@ +# devcontainer + + +For format details, see https://aka.ms/devcontainer.json. + +For config options, see the README at: +https://github.com/microsoft/vscode-dev-containers/tree/v0.140.1/containers/puppet + +``` json +{ + "name": "Puppet Development Kit (Community)", + "dockerFile": "Dockerfile", + + // Set *default* container specific settings.json values on container create. + "settings": { + "terminal.integrated.profiles.linux": { + "bash": { + "path": "bash", + } + } + }, + + // Add the IDs of extensions you want installed when the container is created. + "extensions": [ + "puppet.puppet-vscode", + "rebornix.Ruby" + ], + + // Use 'forwardPorts' to make a list of ports inside the container available locally. + "forwardPorts": [], + + // Use 'postCreateCommand' to run commands after the container is created. + "postCreateCommand": "pdk --version", +} +``` + + + diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index f1a55dc3..cdd65d22 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,23 +1,17 @@ -// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at: -// https://github.com/microsoft/vscode-dev-containers/tree/v0.140.1/containers/puppet { "name": "Puppet Development Kit (Community)", "dockerFile": "Dockerfile", - // Set *default* container specific settings.json values on container create. "settings": { - "terminal.integrated.shell.linux": "/bin/bash" + "terminal.integrated.profiles.linux": { + "bash": { + "path": "bash" + } + } }, - // Add the IDs of extensions you want installed when the container is created. "extensions": [ "puppet.puppet-vscode", "rebornix.Ruby" ] - - // Use 'forwardPorts' to make a list of ports inside the container available locally. - // "forwardPorts": [], - - // Use 'postCreateCommand' to run commands after the container is created. - // "postCreateCommand": "pdk --version", } diff --git a/.github/workflows/auto_release.yml b/.github/workflows/auto_release.yml new file mode 100644 index 00000000..f4aed440 --- /dev/null +++ b/.github/workflows/auto_release.yml @@ -0,0 +1,90 @@ +name: "Auto release" + +on: + workflow_dispatch: + +env: + HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 + HONEYCOMB_DATASET: litmus tests + CHANGELOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + +jobs: + auto_release: + name: "Automatic release prep" + runs-on: ubuntu-20.04 + + steps: + + - name: "Honeycomb: Start recording" + uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 + with: + apikey: ${{ env.HONEYCOMB_WRITEKEY }} + dataset: ${{ env.HONEYCOMB_DATASET }} + job-status: ${{ job.status }} + + - name: "Honeycomb: start first step" + run: | + echo STEP_ID="auto-release" >> $GITHUB_ENV + echo STEP_START=$(date +%s) >> $GITHUB_ENV + - name: "Checkout Source" + if: ${{ github.repository_owner == 'puppetlabs' }} + uses: actions/checkout@v2 + with: + fetch-depth: 0 + persist-credentials: false + + - name: "PDK Release prep" + uses: docker://puppet/iac_release:ci + with: + args: 'release prep --force' + env: + CHANGELOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: "Get Version" + if: ${{ github.repository_owner == 'puppetlabs' }} + id: gv + run: | + echo "::set-output name=ver::$(jq --raw-output .version metadata.json)" + + - name: "Check if a release is necessary" + if: ${{ github.repository_owner == 'puppetlabs' }} + id: check + run: | + git diff --quiet CHANGELOG.md && echo "::set-output name=release::false" || echo "::set-output name=release::true" + + - name: "Commit changes" + if: ${{ github.repository_owner == 'puppetlabs' && steps.check.outputs.release == 'true' }} + run: | + git config --local user.email "${{ github.repository_owner }}@users.noreply.github.com" + git config --local user.name "GitHub Action" + git add . + git commit -m "Release prep v${{ steps.gv.outputs.ver }}" + + - name: Create Pull Request + id: cpr + uses: puppetlabs/peter-evans-create-pull-request@v3 + if: ${{ github.repository_owner == 'puppetlabs' && steps.check.outputs.release == 'true' }} + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: "Release prep v${{ steps.gv.outputs.ver }}" + branch: "release-prep" + delete-branch: true + title: "Release prep v${{ steps.gv.outputs.ver }}" + body: | + Automated release-prep through [pdk-templates](https://github.com/puppetlabs/pdk-templates/blob/main/moduleroot/.github/workflows/auto_release.yml.erb) from commit ${{ github.sha }}. + Please verify before merging: + - [ ] last [nightly](https://github.com/${{ github.repository }}/actions/workflows/nightly.yml) run is green + - [ ] [Changelog](https://github.com/${{ github.repository }}/blob/release-prep/CHANGELOG.md) is readable and has no unlabeled pull requests + - [ ] Ensure the [changelog](https://github.com/${{ github.repository }}/blob/release-prep/CHANGELOG.md) version and [metadata](https://github.com/${{ github.repository }}/blob/release-prep/metadata.json) version match + labels: "maintenance" + + - name: PR outputs + if: ${{ github.repository_owner == 'puppetlabs' && steps.check.outputs.release == 'true' }} + run: | + echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" + echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" + + - name: "Honeycomb: Record finish step" + if: ${{ always() }} + run: | + buildevents step $TRACE_ID $STEP_ID $STEP_START 'Finished auto release workflow' diff --git a/.gitignore b/.gitignore index aa93de59..3aabfaed 100644 --- a/.gitignore +++ b/.gitignore @@ -32,7 +32,3 @@ .plan_cache.json .resource_types/ bolt-debug.log -spec/docker/**/*.tar.gz -spec/docker/**/*.asc -spec/docker/**/files/puppet-enterprise* -spec/docker/.task_cache.json diff --git a/.puppet-lint.rc b/.puppet-lint.rc index cc96ece0..175e065c 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1 +1,2 @@ --relative +--no-strict_indent-check diff --git a/.rubocop.yml b/.rubocop.yml index 8f782e74..31e8248f 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -4,7 +4,7 @@ require: - rubocop-rspec AllCops: DisplayCopNames: true - TargetRubyVersion: '2.4' + TargetRubyVersion: '2.5' Include: - "**/*.rb" Exclude: diff --git a/.sync.yml b/.sync.yml index dad341b6..1827bdfe 100644 --- a/.sync.yml +++ b/.sync.yml @@ -2,8 +2,6 @@ Gemfile: required: ':development': - - gem: 'puppet-debugger' - version: '>= 0.18.0' - gem: 'bolt' version: '>= 3.10.0' optional: @@ -13,6 +11,7 @@ Gemfile: version: '4.21.0' # Locked due to https://github.com/octokit/octokit.rb/issues/1391 Rakefile: changelog_since_tag: '2.5.0' + default_disabled_lint_checks: ['strict_indent'] extras: - 'PuppetSyntax.exclude_paths = ["plans/**/*.pp", "spec/acceptance/**/plans/**/*.pp", "vendor/**/*"]' spec/spec_helper.rb: diff --git a/Gemfile b/Gemfile index 4c76d499..3c5da48f 100644 --- a/Gemfile +++ b/Gemfile @@ -13,25 +13,34 @@ def location_for(place_or_version, fake_version = nil) end end -ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments -minor_version = ruby_version_segments[0..1].join('.') - group :development do - gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 2.8.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "puppet-module-posix-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] - gem "puppet-module-posix-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] - gem "puppet-module-win-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-debugger", '>= 0.18.0', require: false - gem "bolt", '>= 3.17.0', require: false - gem "github_changelog_generator", '>= 1.16.4', require: false - gem "octokit", '4.21.0', require: false + gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.5.1', require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "voxpupuli-puppet-lint-plugins", '~> 3.1', require: false + gem "facterdb", '~> 1.18', require: false + gem "metadata-json-lint", '>= 2.0.2', '< 4.0.0', require: false + gem "puppetlabs_spec_helper", '>= 3.0.0', '< 5.0.0', require: false + gem "rspec-puppet-facts", '~> 2.0', require: false + gem "codecov", '~> 0.2', require: false + gem "dependency_checker", '~> 0.2', require: false + gem "parallel_tests", '~> 3.4', require: false + gem "pry", '~> 0.10', require: false + gem "simplecov-console", '~> 0.5', require: false + gem "puppet-debugger", '~> 1.0', require: false + gem "rubocop", '= 1.6.1', require: false + gem "rubocop-performance", '= 1.9.1', require: false + gem "rubocop-rspec", '= 2.0.1', require: false + gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "bolt", '>= 3.10.0', require: false + gem "github_changelog_generator", require: false + gem "octokit", '4.21.0', require: false end group :system_tests do - gem "puppet-module-posix-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby] - gem "puppet-module-win-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "puppet_litmus", '< 1.0.0', require: false, platforms: [:ruby] + gem "serverspec", '~> 2.41', require: false end puppet_version = ENV['PUPPET_GEM_VERSION'] diff --git a/Rakefile b/Rakefile index 5c7699a4..89f9932d 100644 --- a/Rakefile +++ b/Rakefile @@ -42,6 +42,7 @@ def changelog_future_release end PuppetLint.configuration.send('disable_relative') +PuppetLint.configuration.send('disable_strict_indent') if Bundler.rubygems.find_name('github_changelog_generator').any? diff --git a/examples/haproxy/compiler.pp b/examples/haproxy/compiler.pp index 88ee5888..1b91945c 100644 --- a/examples/haproxy/compiler.pp +++ b/examples/haproxy/compiler.pp @@ -2,22 +2,20 @@ # # lint:ignore:autoloader_layout class examples::compiler { - - @@haproxy::balancermember { "${::clientcert}_puppetserver_listener": + @@haproxy::balancermember { "${facts['clientcert']}_puppetserver_listener": listening_service => 'puppetserver', - server_names => $::fqdn, - ipaddresses => $::ipaddress, + server_names => $facts['networking']['fqdn'], + ipaddresses => $facts['networking']['ip'], ports => '8140', options => 'check', } - @@haproxy::balancermember { "${::clientcert}_pcp-broker_listener": + @@haproxy::balancermember { "${facts['clientcert']}_pcp-broker_listener": listening_service => 'pcp-broker', - server_names => $::fqdn, - ipaddresses => $::ipaddress, + server_names => $facts['networking']['fqdn'], + ipaddresses => $facts['networking']['ip'], ports => '8142', options => 'check', } - } # lint:endignore diff --git a/examples/haproxy/load_balancer.pp b/examples/haproxy/load_balancer.pp index 51fc01e2..f8cf5ef2 100644 --- a/examples/haproxy/load_balancer.pp +++ b/examples/haproxy/load_balancer.pp @@ -5,10 +5,9 @@ # # lint:ignore:autoloader_layout class examples::load_balancer { - class { 'haproxy': global_options => { - 'log' => "${::ipaddress} local2", + 'log' => "${facts['facts[\'networking\'][\'ip\']']} local2", 'chroot' => '/var/lib/haproxy', 'pidfile' => '/var/run/haproxy.pid', 'maxconn' => 5000, @@ -24,14 +23,14 @@ 'client 2m', 'server 2m', 'http-request 120s', - ] - } + ], + }, } haproxy::listen { 'puppetserver': collect_exported => true, mode => 'tcp', - ipaddress => $::ipaddress, + ipaddress => $facts['networking']['ip'], ports => '8140', options => { option => ['tcplog'], @@ -42,7 +41,7 @@ haproxy::listen { 'pcp-broker': collect_exported => true, mode => 'tcp', - ipaddress => $::ipaddress, + ipaddress => $facts['networking']['ip'], ports => '8142', options => { option => ['tcplog'], @@ -57,10 +56,9 @@ # TODO: split load balancing into two pools, A and B haproxy::listen { 'puppetdb': collect_exported => true, - ipaddress => $::ipaddress, + ipaddress => $facts['networking']['ip'], ports => '8081', options => {}, } - } # lint:endignore diff --git a/examples/haproxy/puppetdb.pp b/examples/haproxy/puppetdb.pp index 17df2cc6..ac9c9a8c 100644 --- a/examples/haproxy/puppetdb.pp +++ b/examples/haproxy/puppetdb.pp @@ -2,15 +2,13 @@ # # lint:ignore:autoloader_layout class examples::puppetdb { - # TODO: split load balancing into two pools, A and B - @@haproxy::balancermember { "${::clientcert}_puppetdb_listener": + @@haproxy::balancermember { "${facts['clientcert']}_puppetdb_listener": listening_service => 'puppetdb', - server_names => $::fqdn, - ipaddresses => $::ipaddress, + server_names => $facts['networking']['fqdn'], + ipaddresses => $facts['networking']['ip'], ports => '8081', options => 'check', } - } # lint:endignore diff --git a/functions/assert_supported_architecture.pp b/functions/assert_supported_architecture.pp index 79739bcc..fec64901 100644 --- a/functions/assert_supported_architecture.pp +++ b/functions/assert_supported_architecture.pp @@ -14,25 +14,26 @@ function peadm::assert_supported_architecture ( ] { [true, false, false, false]: { # Standard or Large, no DR ({ 'disaster-recovery' => false, 'architecture' => $compiler_hosts ? { - undef => 'standard', - default => 'large', - }}) + undef => 'standard', + default => 'large', + } }) } - [true, true, false, false]: { # Standard or Large, DR + [true, true, false, false]: { # Standard or Large, DR ({ 'disaster-recovery' => true, 'architecture' => $compiler_hosts ? { - undef => 'standard', - default => 'large', - }}) + undef => 'standard', + default => 'large', + } }) } - [true, false, true, false]: { # Extra Large, no DR + [true, false, true, false]: { # Extra Large, no DR ({ 'disaster-recovery' => false, 'architecture' => 'extra-large' }) } - [true, true, true, true]: { # Extra Large, DR + [true, true, true, true]: { # Extra Large, DR ({ 'disaster-recovery' => true, 'architecture' => 'extra-large' }) } - default: { # Invalid +# lint:ignore:strict_indent + default: { # Invalid out::message(inline_epp(@(HEREDOC))) - Invalid architecture! Recieved: + Invalid architecture! Recieved: - primary <% if $replica_host { -%> - primary-replica @@ -75,7 +76,7 @@ function peadm::assert_supported_architecture ( fail('Invalid architecture!') } } - +# lint:endignore # Return value - return({ 'supported' => true } + $result) + return({ 'supported' => true } + $result) } diff --git a/functions/assert_supported_bolt_version.pp b/functions/assert_supported_bolt_version.pp index a138ef50..df444b82 100644 --- a/functions/assert_supported_bolt_version.pp +++ b/functions/assert_supported_bolt_version.pp @@ -5,13 +5,13 @@ # Accepts a parameter for the $supported_bolt_version for unit testing purposes function peadm::assert_supported_bolt_version ( # No arguments -) >> Struct[{'supported' => Boolean}] { +) >> Struct[{ 'supported' => Boolean }] { $supported_bolt_version = '>= 3.17.0 < 4.0.0' $supported = (peadm::bolt_version() =~ SemVerRange($supported_bolt_version)) - +# lint:ignore:strict_indent unless $supported { fail(@("REASON"/L)) - This version of puppetlabs-peadm requires Bolt version ${supported_bolt_version}. + This version of puppetlabs-peadm requires Bolt version ${supported_bolt_version}. You are using Bolt version ${peadm::bolt_version()}. @@ -19,6 +19,6 @@ function peadm::assert_supported_bolt_version ( | REASON } - +# lint:endignore return({ 'supported' => $supported }) } diff --git a/functions/assert_supported_pe_version.pp b/functions/assert_supported_pe_version.pp index 7080c8e8..236d607a 100644 --- a/functions/assert_supported_pe_version.pp +++ b/functions/assert_supported_pe_version.pp @@ -10,20 +10,25 @@ function peadm::assert_supported_pe_version ( $supported = ($version =~ SemVerRange(">= ${oldest} <= ${newest}")) if $permit_unsafe_versions { +# lint:ignore:strict_indent warning(@("WARN"/L)) - WARNING: Permitting unsafe PE versions. This is not supported or tested. + WARNING: Permitting unsafe PE versions. This is not supported or tested. Proceeding with this action could result in a broken PE Infrastructure. | WARN +# lint:endignore } if (!$supported and $permit_unsafe_versions) { +# lint:ignore:strict_indent warning(@("WARN"/L)) - WARNING: PE version ${version} is NOT SUPPORTED! + WARNING: PE version ${version} is NOT SUPPORTED! | WARN +# lint:endignore } elsif (!$supported) { +# lint:ignore:strict_indent fail(@("REASON"/L)) - This version of the puppetlabs-peadm module does not support PE ${version}. + This version of the puppetlabs-peadm module does not support PE ${version}. For PE versions older than ${oldest}, please check to see if version 1.x \ or 2.x of the puppetlabs-peadm module supports your PE version. @@ -32,6 +37,7 @@ function peadm::assert_supported_pe_version ( exists which supports that version of PE. | REASON +# lint:endignore } return({ 'supported' => $supported }) diff --git a/functions/certname.pp b/functions/certname.pp index 39bb8d78..68219fed 100644 --- a/functions/certname.pp +++ b/functions/certname.pp @@ -9,21 +9,21 @@ # input returns undef. function peadm::certname( Variant[Target, - String, - Undef, - Array[Target,1,1], - Array[String,1,1], - Array[Undef,1,1], - Array[Any,0,0]] $target, + String, + Undef, + Array[Target,1,1], + Array[String,1,1], + Array[Undef,1,1], + Array[Any,0,0]] $target, ) >> Variant[String, Undef] { case $target { - Target: { + 'Target': { $target.vars['certname'] ? { default => $target.vars['certname'], undef => $target.name } } - Array[Target,1,1]: { + Array['Target',1,1]: { $target[0].vars['certname'] ? { default => $target[0].vars['certname'], undef => $target[0].name diff --git a/functions/convert_status.pp b/functions/convert_status.pp index 27f7322f..70c02331 100644 --- a/functions/convert_status.pp +++ b/functions/convert_status.pp @@ -1,4 +1,3 @@ - # @summary Transforms a value in a human readable status with or without colors # @param status A value of true, false, degraded, or an Integer that represents number of non operationally services # If using an integer, you must also supply the total amount of services @@ -19,7 +18,7 @@ function peadm::convert_status( Variant[String,Boolean, Integer] $status, Optional[Integer] $total = 0, Optional[Boolean] $use_colors = true - ) >> String { +) >> String { if $status =~ Integer { if ( $status < 1 ) { $result = 'operational' @@ -30,10 +29,10 @@ function peadm::convert_status( } } else { $result = $status ? { - true => 'operational', - false => 'failed', - /degraded/ => 'degraded', - default => 'unknown' + true => 'operational', + false => 'failed', + /degraded/ => 'degraded', + default => 'unknown' } } if $use_colors { diff --git a/functions/determine_status.pp b/functions/determine_status.pp index 38551314..aa55edbf 100644 --- a/functions/determine_status.pp +++ b/functions/determine_status.pp @@ -47,16 +47,16 @@ # } function peadm::determine_status(Array $status_data, Boolean $use_colors = true) >> Hash { # convert the data into a hash with the sevice names as the keys - $hash_data = $status_data.reduce({}) | $res, $data | { - $res.merge({$data[service] => $data }) - } - $out = $hash_data.reduce({}) | $res, $svc_data | { - $service_name = $svc_data[0] - $server = $svc_data[1][server] - $res.merge("${service_name}/${$server}" => $svc_data[1][state] == 'running') - } - $bad_status = $out.filter | $item | { ! $item[1] } - $passed_status = $out.filter | $item | { $item[1] } - $overall_status = peadm::convert_status($bad_status.count, $out.count, $use_colors) - return { status => $overall_status, state => $out, failed => $bad_status, passed => $passed_status } + $hash_data = $status_data.reduce({}) | $res, $data | { + $res.merge({ $data[service] => $data }) + } + $out = $hash_data.reduce({}) | $res, $svc_data | { + $service_name = $svc_data[0] + $server = $svc_data[1][server] + $res.merge("${service_name}/${$server}" => $svc_data[1][state] == 'running') + } + $bad_status = $out.filter | $item | { ! $item[1] } + $passed_status = $out.filter | $item | { $item[1] } + $overall_status = peadm::convert_status($bad_status.count, $out.count, $use_colors) + return { status => $overall_status, state => $out, failed => $bad_status, passed => $passed_status } } diff --git a/functions/file_or_content.pp b/functions/file_or_content.pp index ed5be20a..e7e35b0d 100644 --- a/functions/file_or_content.pp +++ b/functions/file_or_content.pp @@ -3,7 +3,6 @@ function peadm::file_or_content( Variant[String, Undef] $file, Variant[String, Undef] $content, ) { - $value = [ $file, $content, @@ -15,5 +14,4 @@ function peadm::file_or_content( undef => $content, # content supplied directly, use as-is }, } - } diff --git a/functions/get_targets.pp b/functions/get_targets.pp index 2e34239e..98fb61e8 100644 --- a/functions/get_targets.pp +++ b/functions/get_targets.pp @@ -10,8 +10,8 @@ function peadm::get_targets( # $count is 1, return the result of get_target() in an array. If $count is # undef, return get_targets(). case $spec { - Undef, [ ]: { - [ ] # Return empty array + Undef, []: { + [] # Return empty array } default: { $count ? { diff --git a/manifests/setup/convert_node_manager.pp b/manifests/setup/convert_node_manager.pp index a7629414..769383d5 100644 --- a/manifests/setup/convert_node_manager.pp +++ b/manifests/setup/convert_node_manager.pp @@ -14,5 +14,4 @@ node_group { 'PE Master B': ensure => absent, } - } diff --git a/manifests/setup/convert_pre20197.pp b/manifests/setup/convert_pre20197.pp index efc3ce18..8b5257aa 100644 --- a/manifests/setup/convert_pre20197.pp +++ b/manifests/setup/convert_pre20197.pp @@ -2,7 +2,6 @@ # @summary Defines configuration needed for converting PE 2018 # class peadm::setup::convert_pre20197 { - # This is needed so that compiler certs can be signed. It's included by # default in 2019.7 and newer, but isn't present in 2018.1. It would be # preferable to use the hocon_setting resource, but we can't because it diff --git a/manifests/setup/node_manager.pp b/manifests/setup/node_manager.pp index 4f95adc6..a514b357 100644 --- a/manifests/setup/node_manager.pp +++ b/manifests/setup/node_manager.pp @@ -37,7 +37,6 @@ Optional[String[1]] $internal_compiler_a_pool_address = $server_a_host, Optional[String[1]] $internal_compiler_b_pool_address = $server_b_host, ) { - # "Not-configured" placeholder string. This will be used in places where we # cannot set an explicit null, and need to supply some kind of value. $notconf = 'not-configured' @@ -85,7 +84,7 @@ rule => ['or', ['and', ['=', ['trusted', 'extensions', peadm::oid('peadm_role')], 'puppet/puppetdb-database']], ['=', 'name', $primary_host], - ] + ], } # Create data-only groups to store PuppetDB PostgreSQL database configuration @@ -102,7 +101,7 @@ 'database_host_puppetdb' => pick($postgresql_a_host, $notconf), }, 'puppet_enterprise::profile::puppetdb' => { - 'database_host' => pick($postgresql_a_host, $notconf) + 'database_host' => pick($postgresql_a_host, $notconf), }, }, } @@ -125,12 +124,12 @@ 'puppetdb_host' => ['${trusted[\'certname\']}', $internal_compiler_b_pool_address].filter |$_| { $_ }, # lint:endignore 'puppetdb_port' => [8081], - } + }, }, data => { # Workaround for GH-118 'puppet_enterprise::profile::master::puppetdb' => { - 'ha_enabled_replicas' => [ ], + 'ha_enabled_replicas' => [], }, }, } @@ -145,7 +144,7 @@ ensure => 'present', parent => 'PE Infrastructure', classes => { - 'puppet_enterprise::profile::primary_master_replica' => { } + 'puppet_enterprise::profile::primary_master_replica' => {}, }, variables => { 'peadm_replica' => true }, } @@ -183,14 +182,13 @@ 'puppetdb_host' => ['${trusted[\'certname\']}', $internal_compiler_a_pool_address].filter |$_| { $_ }, # lint:endignore 'puppetdb_port' => [8081], - } + }, }, data => { # Workaround for GH-118 'puppet_enterprise::profile::master::puppetdb' => { - 'ha_enabled_replicas' => [ ], + 'ha_enabled_replicas' => [], }, }, } - } diff --git a/manifests/setup/node_manager_yaml.pp b/manifests/setup/node_manager_yaml.pp index 1336cc16..c013a8e2 100644 --- a/manifests/setup/node_manager_yaml.pp +++ b/manifests/setup/node_manager_yaml.pp @@ -8,7 +8,6 @@ class peadm::setup::node_manager_yaml ( String $primary_host ) { - # Necessary to give the sandboxed Puppet executor the configuration # necessary to connect to the classifier` file { 'node_manager.yaml': @@ -16,8 +15,7 @@ mode => '0644', path => Deferred('peadm::node_manager_yaml_location'), content => epp('peadm/node_manager.yaml.epp', { - server => $primary_host, + server => $primary_host, }), } - } diff --git a/metadata.json b/metadata.json index cafd508f..2cd9b147 100644 --- a/metadata.json +++ b/metadata.json @@ -80,7 +80,7 @@ "version_requirement": ">= 6.0.2 < 8.0.0" } ], - "pdk-version": "2.2.0", + "pdk-version": "2.6.1", "template-url": "https://github.com/puppetlabs/pdk-templates.git#main", - "template-ref": "heads/main-0-gbd3742c" + "template-ref": "heads/main-0-g383f471" } diff --git a/plans/add_compiler.pp b/plans/add_compiler.pp index 023cce62..7e2fbece 100644 --- a/plans/add_compiler.pp +++ b/plans/add_compiler.pp @@ -33,8 +33,8 @@ # Stop puppet.service run_command('systemctl stop puppet.service', peadm::flatten_compact([ - $primary_postgresql_target, - $replica_puppetdb_target + $primary_postgresql_target, + $replica_puppetdb_target, ])) apply($replica_puppetdb_target) { @@ -78,11 +78,11 @@ # Check for and merge csr_attributes. run_plan('peadm::util::insert_csr_extension_requests', $compiler_target, - extension_requests => { - peadm::oid('pp_auth_role') => 'pe_compiler', - peadm::oid('peadm_availability_group') => $avail_group_letter - } - ) + extension_requests => { + peadm::oid('pp_auth_role') => 'pe_compiler', + peadm::oid('peadm_availability_group') => $avail_group_letter, + } + ) # we first assume that there is no agent installed on the node. If there is, nothing will happen. run_task('peadm::agent_install', $compiler_target, @@ -95,10 +95,10 @@ # If necessary, manually submit a CSR # ignoring errors to simplify logic - run_task('peadm::submit_csr', $compiler_target, {'_catch_errors' => true}) + run_task('peadm::submit_csr', $compiler_target, { '_catch_errors' => true }) # On primary, if necessary, sign the certificate request - run_task('peadm::sign_csr', $primary_target, { 'certnames' => [$compiler_target.peadm::certname()] } ) + run_task('peadm::sign_csr', $primary_target, { 'certnames' => [$compiler_target.peadm::certname()] }) # If there was already a signed cert, force the certificate extensions we want # TODO: update peadm::util::add_cert_extensions to take care of dns alt names @@ -121,17 +121,16 @@ # On run the puppet agent run_task('peadm::puppet_runonce', peadm::flatten_compact([ - $primary_postgresql_target, - $replica_puppetdb_target + $primary_postgresql_target, + $replica_puppetdb_target, ])) # On start puppet.service run_command('systemctl start puppet.service', peadm::flatten_compact([ - $primary_postgresql_target, - $replica_puppetdb_target, - $compiler_target, + $primary_postgresql_target, + $replica_puppetdb_target, + $compiler_target, ])) return("Adding or replacing compiler ${$compiler_target.peadm::certname()} succeeded.") - } diff --git a/plans/add_database.pp b/plans/add_database.pp index 3527c2eb..f1986591 100644 --- a/plans/add_database.pp +++ b/plans/add_database.pp @@ -3,14 +3,13 @@ Peadm::SingleTargetSpec $primary_host, Optional[Enum['init', 'pair']] $mode = undef, Optional[Enum[ - 'init-db-node', - 'replicate-db', - 'update-classification', - 'update-db-settings', - 'cleanup-db', - 'finalize']] $begin_at_step = undef, + 'init-db-node', + 'replicate-db', + 'update-classification', + 'update-db-settings', + 'cleanup-db', + 'finalize']] $begin_at_step = undef, ) { - $primary_target = peadm::get_targets($primary_host, 1) $postgresql_target = peadm::get_targets($targets, 1) @@ -44,8 +43,8 @@ } else { # If array is empty then no external databases were previously configured $no_external_db = peadm::flatten_compact([ - $postgresql_a_host, - $postgresql_b_host + $postgresql_a_host, + $postgresql_b_host, ]).empty # Pick operating mode based on array check @@ -60,9 +59,9 @@ if $operating_mode == 'init' { # If no other PSQL node then match primary group letter $avail_group_letter = peadm::flatten_compact($roles['server'].map |$k,$v| { - if $v == $primary_host { - $k - } + if $v == $primary_host { + $k + } })[0] # Assume PuppetDB backend hosted on Primary if in init mode $source_db_host = $primary_host @@ -70,14 +69,14 @@ # The letter which doesn't yet have a server assigned or in the event this # is a replacement operation, the letter this node was assigned to previously $avail_group_letter = peadm::flatten_compact($roles['postgresql'].map |$k,$v| { - if (! $v) or ($v == $postgresql_host) { - $k - } + if (! $v) or ($v == $postgresql_host) { + $k + } })[0] # When in pair mode we assume the other PSQL node will serve as our source $source_db_host = peadm::flatten_compact([ - $postgresql_a_host, - $postgresql_b_host + $postgresql_a_host, + $postgresql_b_host, ]).reject($postgresql_host)[0] } @@ -98,11 +97,11 @@ # Stop Puppet to ensure catalogs are not being compiled for PE infrastructure nodes run_command('systemctl stop puppet.service', peadm::flatten_compact([ - $postgresql_target, - $compilers, - $primary_target, - $replica_target, - $source_db_target + $postgresql_target, + $compilers, + $primary_target, + $replica_target, + $source_db_target, ])) # Stop frontend compiler services that causes changes to PuppetDB backend when @@ -120,7 +119,6 @@ # Update classification and database.ini settings, assume a replica PSQL # does not exist peadm::plan_step('update-classification') || { - # To ensure everything is functional when a replica exists but only a single # PostgreSQL node has been deployed, configure alternate availability group # to connect to other group's new node @@ -145,23 +143,22 @@ peadm::plan_step('update-db-settings') || { run_plan('peadm::util::update_db_setting', peadm::flatten_compact([ - $compilers, - $primary_target, - $replica_target - ]), + $compilers, + $primary_target, + $replica_target, + ]), postgresql_host => $postgresql_host, peadm_config => $peadm_config ) # (Re-)Start PuppetDB now that we are done making modifications run_command('systemctl restart pe-puppetdb.service', peadm::flatten_compact([ - $primary_target, - $replica_target + $primary_target, + $replica_target, ])) } peadm::plan_step('cleanup-db') || { - if $operating_mode == 'init' { # Clean up old puppetdb database on primary and those which were copied to # new host. @@ -170,7 +167,7 @@ 'pe-classifier', 'pe-inventory', 'pe-orchestrator', - 'pe-rbac' + 'pe-rbac', ] # If a primary replica exists then pglogical is enabled and will prevent @@ -181,9 +178,9 @@ # Clean up old databases $clean_source = peadm::flatten_compact([ - $source_db_target, - $primary_target, - $replica_target + $source_db_target, + $primary_target, + $replica_target, ]) run_plan('peadm::util::db_purge', $clean_source, databases => ['pe-puppetdb']) @@ -197,23 +194,22 @@ # agents run_command('systemctl start pe-puppetserver.service pe-puppetdb.service', $compilers) - peadm::plan_step('finalize') || { # Run Puppet to sweep up but no restarts should occur so do them in parallel run_task('peadm::puppet_runonce', peadm::flatten_compact([ - $postgresql_target, - $primary_target, - $compilers, - $replica_target + $postgresql_target, + $primary_target, + $compilers, + $replica_target, ])) # Start Puppet agent run_command('systemctl start puppet.service', peadm::flatten_compact([ - $postgresql_target, - $compilers, - $primary_target, - $replica_target, - $source_db_target + $postgresql_target, + $compilers, + $primary_target, + $replica_target, + $source_db_target, ])) } } diff --git a/plans/add_replica.pp b/plans/add_replica.pp index b30e581e..e801fece 100644 --- a/plans/add_replica.pp +++ b/plans/add_replica.pp @@ -21,14 +21,13 @@ # Common Configuration Optional[String] $token_file = undef, ) { - $primary_target = peadm::get_targets($primary_host, 1) $replica_target = peadm::get_targets($replica_host, 1) $replica_postgresql_target = peadm::get_targets($replica_postgresql_host, 1) run_command('systemctl stop puppet.service', peadm::flatten_compact([ - $primary_target, - $replica_postgresql_target, + $primary_target, + $replica_postgresql_target, ])) # Get current peadm config to ensure we forget active replicas @@ -36,8 +35,8 @@ # Make list of all possible replicas, configured and provided $replicas = peadm::flatten_compact([ - $replica_host, - $peadm_config['params']['replica_host'] + $replica_host, + $peadm_config['params']['replica_host'], ]).unique $certdata = run_task('peadm::cert_data', $primary_target).first.value @@ -103,7 +102,7 @@ '/etc/puppetlabs/orchestration-services/conf.d/secrets/keys.json', '/etc/puppetlabs/orchestration-services/conf.d/secrets/orchestrator-encryption-keys.json', '/etc/puppetlabs/console-services/conf.d/secrets/keys.json', - '/etc/puppetlabs/puppet/hiera.yaml' + '/etc/puppetlabs/puppet/hiera.yaml', ] parallelize($content_sources) |$path| { run_plan('peadm::util::copy_file', $replica_target, @@ -125,9 +124,9 @@ # start puppet service run_command('systemctl start puppet.service', peadm::flatten_compact([ - $primary_target, - $replica_postgresql_target, - $replica_target + $primary_target, + $replica_postgresql_target, + $replica_target, ])) return("Added replica ${replica_target}") diff --git a/plans/backup.pp b/plans/backup.pp index 6672f3dd..108a8075 100644 --- a/plans/backup.pp +++ b/plans/backup.pp @@ -49,7 +49,7 @@ ensure => 'directory', owner => 'root', group => 'root', - mode => '0700' + mode => '0700', } # Create a subdir for each backup type selected @@ -58,7 +58,7 @@ ensure => 'directory', owner => 'root', group => 'root', - mode => '0700' + mode => '0700', } } } @@ -72,32 +72,35 @@ if getvar('recovery_opts.ca') { out::message('# Backing up ca and ssl certificates') +# lint:ignore:strict_indent run_command(@("CMD"), $primary_target) - /opt/puppetlabs/bin/puppet-backup create --dir=${shellquote($backup_directory)}/ca --scope=certs + /opt/puppetlabs/bin/puppet-backup create --dir=${shellquote($backup_directory)}/ca --scope=certs | CMD } # Check if /etc/puppetlabs/console-services/conf.d/secrets/keys.json exists and if so back it up if getvar('recovery_opts.rbac') { out::message('# Backing up ldap secret key if it exists') +# lint:ignore:140chars run_command(@("CMD"/L), $primary_target) - test -f /etc/puppetlabs/console-services/conf.d/secrets/keys.json \ + test -f /etc/puppetlabs/console-services/conf.d/secrets/keys.json \ && cp -rp /etc/puppetlabs/console-services/conf.d/secrets ${shellquote($backup_directory)}/rbac/ \ || echo secret ldap key doesnt exist | CMD +# lint:endignore } - +# lint:ignore:140chars # IF backing up orchestrator back up the secrets too /etc/puppetlabs/orchestration-services/conf.d/secrets/ if getvar('recovery_opts.orchestrator') { out::message('# Backing up orchestrator secret keys') run_command(@("CMD"), $primary_target) - cp -rp /etc/puppetlabs/orchestration-services/conf.d/secrets ${shellquote($backup_directory)}/orchestrator/ + cp -rp /etc/puppetlabs/orchestration-services/conf.d/secrets ${shellquote($backup_directory)}/orchestrator/ | CMD } - +# lint:endignore $backup_databases.each |$name,$database_target| { run_command(@("CMD"/L), $primary_target) - /opt/puppetlabs/server/bin/pg_dump -Fd -Z3 -j4 \ + /opt/puppetlabs/server/bin/pg_dump -Fd -Z3 -j4 \ -f ${shellquote($backup_directory)}/${shellquote($name)}/pe-${shellquote($name)}.dump.d \ "sslmode=verify-ca \ host=${shellquote($database_target.peadm::certname())} \ @@ -110,11 +113,11 @@ } run_command(@("CMD"/L), $primary_target) - umask 0077 \ + umask 0077 \ && cd ${shellquote(dirname($backup_directory))} \ && tar -czf ${shellquote($backup_directory)}.tar.gz ${shellquote(basename($backup_directory))} \ && rm -rf ${shellquote($backup_directory)} | CMD - - return({'path' => "${backup_directory}.tar.gz"}) +# lint:endignore + return({ 'path' => "${backup_directory}.tar.gz" }) } diff --git a/plans/convert.pp b/plans/convert.pp index 346d330b..c50e5838 100644 --- a/plans/convert.pp +++ b/plans/convert.pp @@ -19,13 +19,13 @@ String $compiler_pool_address = $primary_host, Optional[String] $internal_compiler_a_pool_address = undef, Optional[String] $internal_compiler_b_pool_address = undef, - Array[String] $dns_alt_names = [ ], + Array[String] $dns_alt_names = [], Optional[Enum[ - 'modify-primary-certs', - 'modify-infra-certs', - 'convert-node-groups', - 'finalize']] $begin_at_step = undef, + 'modify-primary-certs', + 'modify-infra-certs', + 'convert-node-groups', + 'finalize']] $begin_at_step = undef, ) { peadm::assert_supported_bolt_version() @@ -39,11 +39,11 @@ $primary_postgresql_target = peadm::get_targets($primary_postgresql_host, 1) $all_targets = peadm::flatten_compact([ - $primary_target, - $replica_target, - $replica_postgresql_target, - $compiler_targets, - $primary_postgresql_target, + $primary_target, + $replica_target, + $replica_postgresql_target, + $compiler_targets, + $primary_postgresql_target, ]) # Ensure input valid for a supported architecture @@ -77,12 +77,14 @@ } if (!$previously_configured_by_peadm and ($pe_version =~ SemVerRange('< 2019.7.0'))) { +# lint:ignore:strict_indent fail_plan(@("EOL"/L)) - PE cluster cannot be converted! PE cluster must be a deployment \ + PE cluster cannot be converted! PE cluster must be a deployment \ created by pe_xl, by an older version of peadm, or be PE version \ 2019.7.0 or newer. Detected PE version ${pe_version}, and did not detect \ signs that the deployment was previously created by peadm/pe_xl. | EOL +# lint:endignore } # Clusters A and B are used to divide PuppetDB availability for compilers. If @@ -228,11 +230,13 @@ } } else { +# lint:ignore:strict_indent out::message(@("EOL"/L)) - NOTICE: Node groups not created/updated as part of convert because PE \ + NOTICE: Node groups not created/updated as part of convert because PE \ version is too old to support them. Node groups will be updated when \ the peadm::upgrade plan is run. | EOL +# lint:endignore } } @@ -247,7 +251,7 @@ # final Puppet run to increase chance everything is functional upon plan # completion run_command('systemctl restart pe-puppetserver.service pe-puppetdb.service', - $all_targets - $primary_target - $primary_postgresql_target - $replica_postgresql_target) + $all_targets - $primary_target - $primary_postgresql_target - $replica_postgresql_target) } return("Conversion to peadm Puppet Enterprise ${arch['architecture']} completed.") diff --git a/plans/install.pp b/plans/install.pp index f3ffdbd9..b95e92fc 100644 --- a/plans/install.pp +++ b/plans/install.pp @@ -45,7 +45,7 @@ Optional[String] $compiler_pool_address = undef, Optional[String] $internal_compiler_a_pool_address = undef, Optional[String] $internal_compiler_b_pool_address = undef, - Optional[Hash] $pe_conf_data = { }, + Optional[Hash] $pe_conf_data = {}, Optional[Peadm::Ldap_config] $ldap_config = undef, # Code Manager @@ -131,4 +131,3 @@ # Return a string banner reporting on what was done return([$install_result, $configure_result]) } - diff --git a/plans/misc/divert_code_manager.pp b/plans/misc/divert_code_manager.pp index 2fd7d97b..82b57e5a 100644 --- a/plans/misc/divert_code_manager.pp +++ b/plans/misc/divert_code_manager.pp @@ -15,9 +15,9 @@ plan peadm::misc::divert_code_manager ( $primary_host, ) { - +# lint:ignore:strict_indent notice(@(HEREDOC)) - The code manager puppet-code live-dir will be diverted + The code manager puppet-code live-dir will be diverted from: /etc/puppetlabs/code to: /etc/puppetlabs/code-synchronized This will allow /etc/puppetlabs/code to be managed manually @@ -26,7 +26,7 @@ run_task('peadm::divert_code_manager', $primary_host) notice(@(HEREDOC)) - Remember to enforce this configuration in your Puppet code with a Collector Override. E.g. + Remember to enforce this configuration in your Puppet code with a Collector Override. E.g. Pe_hocon_setting <| title == 'file-sync.repos.puppet-code.live-dir' |> { value => '/etc/puppetlabs/code-synchronized', @@ -42,6 +42,6 @@ https://puppet.com/docs/pe/2018.1/static_catalogs.html | HEREDOC - +# lint:endignore return('Plan completed successfully') } diff --git a/plans/modify_cert_extensions.pp b/plans/modify_cert_extensions.pp index 6a55d383..c3d89915 100644 --- a/plans/modify_cert_extensions.pp +++ b/plans/modify_cert_extensions.pp @@ -2,15 +2,15 @@ plan peadm::modify_cert_extensions ( TargetSpec $targets, Peadm::SingleTargetSpec $primary_host, - Hash $add = { }, - Array $remove = [ ], + Hash $add = {}, + Array $remove = [], ) { - +# lint:ignore:strict_indent out::message(@(EOS)) - The peadm::modify_cert_extensions plan has been deprecated. + The peadm::modify_cert_extensions plan has been deprecated. Please use peadm::modify_certificate instead. | EOS - +# lint:endignore return( run_plan('peadm::modify_certificate', $targets, primary_host => $primary_host, diff --git a/plans/modify_certificate.pp b/plans/modify_certificate.pp index 1e8d796a..9286c1a8 100644 --- a/plans/modify_certificate.pp +++ b/plans/modify_certificate.pp @@ -5,8 +5,8 @@ plan peadm::modify_certificate ( TargetSpec $targets, Peadm::SingleTargetSpec $primary_host, - Hash $add_extensions = { }, - Array $remove_extensions = [ ], + Hash $add_extensions = {}, + Array $remove_extensions = [], Optional[Array] $dns_alt_names = undef, Boolean $force_regenerate = false, ) { diff --git a/plans/restore.pp b/plans/restore.pp index 68a7cd9b..a8dc3f2e 100644 --- a/plans/restore.pp +++ b/plans/restore.pp @@ -33,30 +33,30 @@ # should be restored to. This could be as simple as just the primary server, # or it could be two separate PostgreSQL servers. $puppetdb_postgresql_targets = peadm::flatten_compact([ - getvar('cluster.params.primary_postgresql_host') ? { - undef => $primary_target, - default => peadm::get_targets(getvar('cluster.params.primary_postgresql_host'), 1), - }, - getvar('cluster.params.replica_postgresql_host') ? { - undef => $replica_target, - default => peadm::get_targets(getvar('cluster.params.replica_postgresql_host'), 1), - }, + getvar('cluster.params.primary_postgresql_host') ? { + undef => $primary_target, + default => peadm::get_targets(getvar('cluster.params.primary_postgresql_host'), 1), + }, + getvar('cluster.params.replica_postgresql_host') ? { + undef => $replica_target, + default => peadm::get_targets(getvar('cluster.params.replica_postgresql_host'), 1), + }, ]) $puppetdb_targets = peadm::flatten_compact([ - $primary_target, - $replica_target, - $compiler_targets, + $primary_target, + $replica_target, + $compiler_targets, ]) - $recovery_directory = "${dirname($input_file)}/${basename("${input_file}", '.tar.gz')}" - + $recovery_directory = "${dirname($input_file)}/${basename($input_file, '.tar.gz')}" +# lint:ignore:strict_indent run_command(@("CMD"/L), $primary_target) - umask 0077 \ + umask 0077 \ && cd ${shellquote(dirname($recovery_directory))} \ && tar -xzf ${shellquote($input_file)} | CMD - +# lint:endignore # Map of recovery option name to array of database hosts to restore the # relevant .dump content to. $restore_databases = { @@ -87,8 +87,9 @@ if getvar('recovery_opts.ca') { out::message('# Restoring ca and ssl certificates') +# lint:ignore:strict_indent run_command(@("CMD"/L), $primary_target) - /opt/puppetlabs/bin/puppet-backup restore \ + /opt/puppetlabs/bin/puppet-backup restore \ --scope=certs \ --tempdir=${shellquote($recovery_directory)} \ --force \ @@ -102,31 +103,32 @@ # or other factors. if getvar('recovery_opts.puppetdb') { run_command(@("CMD"/L), $primary_target) - /opt/puppetlabs/bin/puppet-db export ${shellquote($recovery_directory)}/puppetdb-archive.bin + /opt/puppetlabs/bin/puppet-db export ${shellquote($recovery_directory)}/puppetdb-archive.bin | CMD } ## shutdown services run_command(@("CMD"/L), $primary_target) - systemctl stop pe-console-services pe-nginx pxp-agent pe-puppetserver \ + systemctl stop pe-console-services pe-nginx pxp-agent pe-puppetserver \ pe-orchestration-services puppet pe-puppetdb | CMD # Restore secrets/keys.json if it exists out::message('# Restoring ldap secret key if it exists') run_command(@("CMD"/L), $primary_target) - test -f ${shellquote($recovery_directory)}/rbac/keys.json \ + test -f ${shellquote($recovery_directory)}/rbac/keys.json \ && cp -rp ${shellquote($recovery_directory)}/keys.json /etc/puppetlabs/console-services/conf.d/secrets/ \ || echo secret ldap key doesnt exist | CMD - +# lint:ignore:140chars # IF restoring orchestrator restore the secrets to /etc/puppetlabs/orchestration-services/conf.d/secrets/ if getvar('recovery_opts.orchestrator') { out::message('# Restoring orchestrator secret keys') run_command(@("CMD"/L), $primary_target) - cp -rp ${shellquote($recovery_directory)}/orchestrator/secrets/* /etc/puppetlabs/orchestration-services/conf.d/secrets/ + cp -rp ${shellquote($recovery_directory)}/orchestrator/secrets/* /etc/puppetlabs/orchestration-services/conf.d/secrets/ | CMD } +# lint:endignore #$database_to_restore.each |Integer $index, Boolean $value | { $restore_databases.each |$name,$database_targets| { @@ -135,7 +137,7 @@ # Drop pglogical extensions and schema if present run_command(@("CMD"/L), $database_targets) - su - pe-postgres -s /bin/bash -c \ + su - pe-postgres -s /bin/bash -c \ "/opt/puppetlabs/server/bin/psql \ --tuples-only \ -d '${dbname}' \ @@ -143,7 +145,7 @@ | CMD run_command(@("CMD"/L), $database_targets) - su - pe-postgres -s /bin/bash -c \ + su - pe-postgres -s /bin/bash -c \ "/opt/puppetlabs/server/bin/psql \ -d '${dbname}' \ -c 'DROP SCHEMA public CASCADE; CREATE SCHEMA public;'" @@ -151,7 +153,7 @@ # To allow db user to restore the database grant temporary privileges run_command(@("CMD"/L), $database_targets) - su - pe-postgres -s /bin/bash -c \ + su - pe-postgres -s /bin/bash -c \ "/opt/puppetlabs/server/bin/psql \ -d '${dbname}' \ -c 'ALTER USER \"${dbname}\" WITH SUPERUSER;'" @@ -161,7 +163,7 @@ # the restore(s) in parallel. parallelize($database_targets) |$database_target| { run_command(@("CMD"/L), $primary_target) - /opt/puppetlabs/server/bin/pg_restore \ + /opt/puppetlabs/server/bin/pg_restore \ -j 4 \ -d "sslmode=verify-ca \ host=${shellquote($database_target.peadm::certname())} \ @@ -176,7 +178,7 @@ # Remove db user privileges post restore run_command(@("CMD"/L), $database_targets) - su - pe-postgres -s /bin/bash -c \ + su - pe-postgres -s /bin/bash -c \ "/opt/puppetlabs/server/bin/psql \ -d '${dbname}' \ -c 'ALTER USER \"${dbname}\" WITH NOSUPERUSER;'" @@ -184,7 +186,7 @@ # Drop pglogical extension and schema (again) if present after db restore run_command(@("CMD"/L), $database_targets) - su - pe-postgres -s /bin/bash -c \ + su - pe-postgres -s /bin/bash -c \ "/opt/puppetlabs/server/bin/psql \ --tuples-only \ -d '${dbname}' \ @@ -192,7 +194,7 @@ | CMD run_command(@("CMD"/L), $database_targets) - su - pe-postgres -s /bin/bash -c \ + su - pe-postgres -s /bin/bash -c \ "/opt/puppetlabs/server/bin/psql \ -d '${dbname}' \ -c 'DROP EXTENSION IF EXISTS pglogical CASCADE;'" @@ -203,12 +205,12 @@ # etc. Make sure not to try and get config data from the classifier, which # isn't yet up and running. run_command(@("CMD"/L), $primary_target) - /opt/puppetlabs/bin/puppet-infrastructure configure --no-recover + /opt/puppetlabs/bin/puppet-infrastructure configure --no-recover | CMD # If we have replicas reinitalise them run_command(@("CMD"/L), $replica_target) - /opt/puppetlabs/bin/puppet-infra reinitialize replica -y + /opt/puppetlabs/bin/puppet-infra reinitialize replica -y | CMD # Use PuppetDB's /pdb/admin/v1/archive API to MERGE previously saved data @@ -217,19 +219,20 @@ # or other factors. if getvar('recovery_opts.puppetdb') { run_command(@("CMD"/L), $primary_target) - /opt/puppetlabs/bin/puppet-db import ${shellquote($recovery_directory)}/puppetdb-archive.bin + /opt/puppetlabs/bin/puppet-db import ${shellquote($recovery_directory)}/puppetdb-archive.bin | CMD +# lint:endignore } # Run Puppet to pick up last remaining config tweaks run_task('peadm::puppet_runonce', $primary_target) - apply($primary_target){ + apply($primary_target) { file { $recovery_directory : ensure => 'absent', - force => true + force => true, } } - return("success") + return('success') } diff --git a/plans/status.pp b/plans/status.pp index ceaee2f0..0ebf2708 100644 --- a/plans/status.pp +++ b/plans/status.pp @@ -12,11 +12,11 @@ Enum[json,table] $format = 'table', Boolean $verbose = false, Boolean $summarize = true, - Boolean $colors = $format ? { json => false, default => true } + Boolean $colors = $format ? { 'json' => false, default => true } ) { peadm::assert_supported_bolt_version() - $results = run_task('peadm::infrastatus', $targets, { format => 'json'}) + $results = run_task('peadm::infrastatus', $targets, { format => 'json' }) # returns the data in a hash $stack_status = $results.reduce({}) | $res, $item | { $data = $item.value[output] @@ -63,26 +63,26 @@ # Summary table out::message( format::table({ - title => $table_title, - head => $table_head, - rows => $stack_table_rows})) + title => $table_title, + head => $table_head, + rows => $stack_table_rows })) # Failed services table unless $bad_svc_rows.empty { out::message( format::table({ - title => 'Failed Service Status', - head => $service_table_head, - rows => $bad_svc_rows.reduce([]) |$memo,$rows| { $memo + $rows }})) + title => 'Failed Service Status', + head => $service_table_head, + rows => $bad_svc_rows.reduce([]) |$memo,$rows| { $memo + $rows } })) } # Operational services table if $verbose and ! $good_svc_rows.empty { out::message( format::table({ - title => 'Operational Service Status', - head => $service_table_head, - rows => $good_svc_rows.reduce([]) |$memo,$rows| { $memo + $rows }})) + title => 'Operational Service Status', + head => $service_table_head, + rows => $good_svc_rows.reduce([]) |$memo,$rows| { $memo + $rows } })) } } else { if $summarize { @@ -91,10 +91,10 @@ $summary_json = { 'summary' => { 'status' => $overall_status, - 'stacks' => $stack_table_rows.hash + 'stacks' => $stack_table_rows.hash, }, 'failed' => $failed, - 'operational' => $passed + 'operational' => $passed, } return $summary_json } else { diff --git a/plans/subplans/component_install.pp b/plans/subplans/component_install.pp index 774b1403..80f2cd7e 100644 --- a/plans/subplans/component_install.pp +++ b/plans/subplans/component_install.pp @@ -12,7 +12,7 @@ Enum['A', 'B'] $avail_group_letter, Optional[Variant[String[1], Array]] $dns_alt_names = undef, Optional[String[1]] $role = undef -){ +) { $component_target = peadm::get_targets($targets, 1) $primary_target = peadm::get_targets($primary_host, 1) diff --git a/plans/subplans/configure.pp b/plans/subplans/configure.pp index 2aa57465..908975bb 100644 --- a/plans/subplans/configure.pp +++ b/plans/subplans/configure.pp @@ -72,9 +72,9 @@ ] run_plan('peadm::util::copy_file', peadm::flatten_compact([ - $replica_target, - $compiler_targets, - ]), + $replica_target, + $compiler_targets, + ]), source_host => $primary_target, path => $common_content_source ) @@ -120,7 +120,7 @@ } if $ldap_config { - # Run the task to configure ldap + # Run the task to configure ldap $ldap_result = run_task('peadm::pe_ldap_config', $primary_target, pe_main => $primary_target.peadm::certname(), ldap_config => $ldap_config, @@ -136,11 +136,11 @@ # Run Puppet everywhere to pick up last remaining config tweaks run_task('peadm::puppet_runonce', peadm::flatten_compact([ - $primary_target, - $primary_postgresql_target, - $compiler_targets, - $replica_target, - $replica_postgresql_target, + $primary_target, + $primary_postgresql_target, + $compiler_targets, + $replica_target, + $replica_postgresql_target, ])) # Deploy an environment if a deploy environment is specified @@ -156,11 +156,11 @@ 'stopped' => 'stop' } run_command("systemctl ${systemctl_state} puppet", peadm::flatten_compact([ - $primary_target, - $replica_target, - $primary_postgresql_target, - $replica_postgresql_target, - $compiler_targets, + $primary_target, + $replica_target, + $primary_postgresql_target, + $replica_postgresql_target, + $compiler_targets, ])) return("Configuration of Puppet Enterprise ${arch['architecture']} succeeded.") diff --git a/plans/subplans/db_populate.pp b/plans/subplans/db_populate.pp index 39ceb417..1a5b5366 100644 --- a/plans/subplans/db_populate.pp +++ b/plans/subplans/db_populate.pp @@ -51,11 +51,10 @@ # Save existing certificates to use for authentication to source. Can not use # certs stored in /etc/puppetlabs/puppet/ssl because we will run pg_basebackup # as pe-postgres user, which lacks access - run_command("mv /opt/puppetlabs/server/data/postgresql/${psql_version}/data/certs /opt/puppetlabs/server/data/pg_certs", $destination_target) + run_command("mv /opt/puppetlabs/server/data/postgresql/${psql_version}/data/certs /opt/puppetlabs/server/data/pg_certs", $destination_target)# lint:ignore:140chars # pg_basebackup requires an entirely empty data directory run_command('rm -rf /opt/puppetlabs/server/data/postgresql/*', $destination_target) - $pg_basebackup = @("PGBASE") runuser -u pe-postgres -- \ /opt/puppetlabs/server/bin/pg_basebackup \ @@ -67,18 +66,17 @@ sslkey=/opt/puppetlabs/server/data/pg_certs/_local.private_key.pem sslrootcert=/etc/puppetlabs/puppet/ssl/certs/ca.pem" | - PGBASE - - run_command($pg_basebackup, $destination_target) + run_command(${pg_basebackup}, ${destination_target}) # Delete the saved certs, they'll be properly re-populated by an agent run - run_command('rm -rf /opt/puppetlabs/server/data/pg_certs', $destination_target) + run_command('rm -rf /opt/puppetlabs/server/data/pg_certs', ${destination_target}) # Start pe-postgresql.service - run_command('systemctl start pe-postgresql.service', $destination_target) + run_command('systemctl start pe-postgresql.service', ${destination_target}) # Delete the previously add replication rules to prevent Puppet restarting # thing later - apply($source_target) { + apply(${source_target}) { file_line { 'replication-pe-ha-replication-map': ensure => absent, path => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_ident.conf", @@ -97,8 +95,7 @@ } # Reload pe-postgresql to revoke replication rules - run_command('systemctl reload pe-postgresql.service', $source_target) - - return("Population of ${$destination_target.peadm::certname()} with data from s${$source_target.peadm::certname()} succeeded.") + run_command('systemctl reload pe-postgresql.service', ${source_target}) + return("Population of ${$destination_target.peadm::certname()} with data from s$source_target } diff --git a/plans/subplans/install.pp b/plans/subplans/install.pp index c391e49f..8945be7d 100644 --- a/plans/subplans/install.pp +++ b/plans/subplans/install.pp @@ -42,8 +42,8 @@ String $console_password, Peadm::Pe_version $version, Optional[String] $pe_installer_source = undef, - Array[String] $dns_alt_names = [ ], - Hash $pe_conf_data = { }, + Array[String] $dns_alt_names = [], + Hash $pe_conf_data = {}, # Code Manager Optional[String] $r10k_remote = undef, @@ -79,32 +79,32 @@ ) $all_targets = peadm::flatten_compact([ - $primary_target, - $primary_postgresql_target, - $replica_target, - $replica_postgresql_target, - $compiler_targets, + $primary_target, + $primary_postgresql_target, + $replica_target, + $replica_postgresql_target, + $compiler_targets, ]) $primary_targets = peadm::flatten_compact([ - $primary_target, - $replica_target, + $primary_target, + $replica_target, ]) $database_targets = peadm::flatten_compact([ - $primary_postgresql_target, - $replica_postgresql_target, + $primary_postgresql_target, + $replica_postgresql_target, ]) $pe_installer_targets = peadm::flatten_compact([ - $primary_target, - $primary_postgresql_target, - $replica_postgresql_target, + $primary_target, + $primary_postgresql_target, + $replica_postgresql_target, ]) $agent_installer_targets = peadm::flatten_compact([ - $compiler_targets, - $replica_target, + $compiler_targets, + $replica_target, ]) # Clusters A and B are used to divide PuppetDB availability for compilers @@ -135,10 +135,12 @@ $precheck_results.each |$result| { $name = $result.target.peadm::certname() if ($name != $result['hostname']) { +# lint:ignore:strict_indent warning(@("HEREDOC")) - WARNING: Target name / hostname mismatch: target ${name} reports ${result['hostname']} + WARNING: Target name / hostname mismatch: target ${name} reports ${result['hostname']} Certificate name will be set to target name. Please ensure target name is correct and resolvable |-HEREDOC +# lint:endignore } if ($result['platform'] != $platform) { fail_plan("Platform mismatch: target ${name} reports '${result['platform']}; expected ${platform}'") @@ -157,28 +159,28 @@ } $primary_pe_conf = peadm::generate_pe_conf({ - 'console_admin_password' => $console_password, - 'puppet_enterprise::puppet_master_host' => $primary_target.peadm::certname(), - 'pe_install::puppet_master_dnsaltnames' => $dns_alt_names, - 'puppet_enterprise::puppetdb_database_host' => $primary_postgresql_target.peadm::certname(), - 'puppet_enterprise::profile::master::code_manager_auto_configure' => true, - 'puppet_enterprise::profile::master::r10k_remote' => $r10k_remote, - 'puppet_enterprise::profile::master::r10k_private_key' => $r10k_private_key ? { - undef => undef, - default => '/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa', - }, + 'console_admin_password' => $console_password, + 'puppet_enterprise::puppet_master_host' => $primary_target.peadm::certname(), + 'pe_install::puppet_master_dnsaltnames' => $dns_alt_names, + 'puppet_enterprise::puppetdb_database_host' => $primary_postgresql_target.peadm::certname(), + 'puppet_enterprise::profile::master::code_manager_auto_configure' => true, + 'puppet_enterprise::profile::master::r10k_remote' => $r10k_remote, + 'puppet_enterprise::profile::master::r10k_private_key' => $r10k_private_key ? { + undef => undef, + default => '/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa', + }, } + $puppetdb_database_temp_config + $pe_conf_data) $primary_postgresql_pe_conf = peadm::generate_pe_conf({ - 'console_admin_password' => 'not used', - 'puppet_enterprise::puppet_master_host' => $primary_target.peadm::certname(), - 'puppet_enterprise::database_host' => $primary_postgresql_target.peadm::certname(), + 'console_admin_password' => 'not used', + 'puppet_enterprise::puppet_master_host' => $primary_target.peadm::certname(), + 'puppet_enterprise::database_host' => $primary_postgresql_target.peadm::certname(), } + $puppetdb_database_temp_config + $pe_conf_data) $replica_postgresql_pe_conf = peadm::generate_pe_conf({ - 'console_admin_password' => 'not used', - 'puppet_enterprise::puppet_master_host' => $primary_target.peadm::certname(), - 'puppet_enterprise::database_host' => $replica_postgresql_target.peadm::certname(), + 'console_admin_password' => 'not used', + 'puppet_enterprise::puppet_master_host' => $primary_target.peadm::certname(), + 'puppet_enterprise::database_host' => $replica_postgresql_target.peadm::certname(), } + $puppetdb_database_temp_config + $pe_conf_data) # Upload the pe.conf files to the hosts that need them, and ensure correctly @@ -189,12 +191,14 @@ $pe_conf = getvar("${var}_pe_conf") peadm::file_content_upload($pe_conf, '/tmp/pe.conf', $target) +# lint:ignore:strict_indent run_task('peadm::mkdir_p_file', $target, path => '/etc/puppetlabs/puppet/puppet.conf', content => @("HEREDOC"), - [main] + [main] certname = ${target.peadm::certname()} | HEREDOC +# lint:endignore ) } @@ -231,7 +235,7 @@ run_plan('peadm::util::insert_csr_extension_requests', $primary_target, extension_requests => { peadm::oid('peadm_role') => 'puppet/server', - peadm::oid('peadm_availability_group') => 'A' + peadm::oid('peadm_availability_group') => 'A', } ) }, @@ -239,7 +243,7 @@ run_plan('peadm::util::insert_csr_extension_requests', $replica_target, extension_requests => { peadm::oid('peadm_role') => 'puppet/server', - peadm::oid('peadm_availability_group') => 'B' + peadm::oid('peadm_availability_group') => 'B', } ) }, @@ -247,7 +251,7 @@ run_plan('peadm::util::insert_csr_extension_requests', $compiler_a_targets, extension_requests => { peadm::oid('pp_auth_role') => 'pe_compiler', - peadm::oid('peadm_availability_group') => 'A' + peadm::oid('peadm_availability_group') => 'A', } ) }, @@ -255,7 +259,7 @@ run_plan('peadm::util::insert_csr_extension_requests', $compiler_b_targets, extension_requests => { peadm::oid('pp_auth_role') => 'pe_compiler', - peadm::oid('peadm_availability_group') => 'B' + peadm::oid('peadm_availability_group') => 'B', } ) }, @@ -263,7 +267,7 @@ run_plan('peadm::util::insert_csr_extension_requests', $primary_postgresql_target, extension_requests => { peadm::oid('peadm_role') => 'puppet/puppetdb-database', - peadm::oid('peadm_availability_group') => 'A' + peadm::oid('peadm_availability_group') => 'A', } ) }, @@ -271,10 +275,10 @@ run_plan('peadm::util::insert_csr_extension_requests', $replica_postgresql_target, extension_requests => { peadm::oid('peadm_role') => 'puppet/puppetdb-database', - peadm::oid('peadm_availability_group') => 'B' + peadm::oid('peadm_availability_group') => 'B', } ) - } + }, ] wait($csr_yaml_jobs) @@ -370,7 +374,7 @@ # Ensure certificate requests have been submitted, then run Puppet run_task('peadm::submit_csr', $target) - run_task('peadm::sign_csr', $primary_target, { 'certnames' => [$target.peadm::certname] } ) + run_task('peadm::sign_csr', $primary_target, { 'certnames' => [$target.peadm::certname] }) run_task('peadm::puppet_runonce', $target) } diff --git a/plans/subplans/modify_certificate.pp b/plans/subplans/modify_certificate.pp index 1b571aee..915acabd 100644 --- a/plans/subplans/modify_certificate.pp +++ b/plans/subplans/modify_certificate.pp @@ -3,8 +3,8 @@ Peadm::SingleTargetSpec $targets, TargetSpec $primary_host, String $primary_certname, - Hash $add_extensions = { }, - Array $remove_extensions = [ ], + Hash $add_extensions = {}, + Array $remove_extensions = [], Optional[Array] $dns_alt_names = undef, Boolean $force_regenerate = false, ) { @@ -32,11 +32,10 @@ # If the existing certificate meets all the requirements, there's no need # to regenerate it. Skip it and move on to the next. if ($certdata['certificate-exists'] and - ($desired_alt_names == $existing_alt_names) and - ($desired_exts.all |$key,$val| { $existing_exts[$key] == $val }) and - !($remove_extensions.any |$key| { $key in $existing_exts.keys }) and - !$force_regenerate) - { + ($desired_alt_names == $existing_alt_names) and + ($desired_exts.all |$key,$val| { $existing_exts[$key] == $val }) and + !($remove_extensions.any |$key| { $key in $existing_exts.keys }) and + !$force_regenerate) { out::message("${certname} already has requested modifications; certificate will not be re-issued") return('Skipped') } @@ -57,21 +56,20 @@ extension_requests => $desired_exts, merge => false, ) - - $ca_clean_result = run_command(@("HEREDOC"/L), $primary_target, _catch_errors => true).first - /opt/puppetlabs/bin/puppetserver ca clean --certname ${certname} +# lint:ignore:strict_indent + $ca_clean_result = run_command(@("HEREDOC"/L), $primary_target, _catch_errors => true).first + /opt/puppetlabs/bin/puppetserver ca clean --certname ${certname} |-HEREDOC - +# lint:endignore unless $ca_clean_result.ok { # fail the plan unless it's a known circumstance in which it's okay to proceed. # Scenario 1: the primary's cert can't be cleaned because it's already revoked. # Scenario 2: the primary's cert can't be cleaned because it's been deleted. # Scenario 3: any component's cert can't be cleaned because it's been deleted. unless ($target_is_primary and - ($ca_clean_result[merged_output] =~ /certificate revoked/ or - $ca_clean_result[merged_output] =~ /Could not find 'hostcert'/)) or - ($ca_clean_result[merged_output] =~ /Could not find files to clean/) - { + ($ca_clean_result[merged_output] =~ /certificate revoked/ or + $ca_clean_result[merged_output] =~ /Could not find 'hostcert'/)) or + ($ca_clean_result[merged_output] =~ /Could not find files to clean/) { fail_plan($ca_clean_result[merged_output]) } } @@ -87,17 +85,18 @@ # w/ PCP transport. If using a task, we run into problems downloading # the task file at this point, because there is no longer a cert file # present on the agent. +# lint:ignore:strict_indent run_command(@("HEREDOC"/L), $target) - /opt/puppetlabs/bin/puppet ssl download_cert --certname ${certname} || \ + /opt/puppetlabs/bin/puppet ssl download_cert --certname ${certname} || \ /opt/puppetlabs/bin/puppet certificate find --ca-location remote ${certname} |-HEREDOC } else { # PRIMARY cert regeneration # The docs are broken, and the process is unclean. Sadface. - run_task('service', $target, {action => 'stop', name => 'pe-puppetserver'}) + run_task('service', $target, { action => 'stop', name => 'pe-puppetserver' }) run_command(@("HEREDOC"/L), $target) - rm -f \ + rm -f \ /etc/puppetlabs/puppet/ssl/certs/${certname}.pem \ /etc/puppetlabs/puppet/ssl/private_keys/${certname}.pem \ /etc/puppetlabs/puppet/ssl/public_keys/${certname}.pem \ @@ -105,12 +104,13 @@ /etc/puppetlabs/puppet/ssl/ca/signed/${certname}.pem \ |-HEREDOC run_command(@("HEREDOC"/L), $target) - /opt/puppetlabs/bin/puppetserver ca generate \ + /opt/puppetlabs/bin/puppetserver ca generate \ --certname ${certname} \ --subject-alt-names ${alt_names.join(',')} \ --ca-client |-HEREDOC - run_task('service', $target, {action => 'start', name => 'pe-puppetserver'}) +# lint:endignore + run_task('service', $target, { action => 'start', name => 'pe-puppetserver' }) } # Fire puppet back up when done diff --git a/plans/subplans/prepare_agent.pp b/plans/subplans/prepare_agent.pp index 507c33ac..938a3a07 100644 --- a/plans/subplans/prepare_agent.pp +++ b/plans/subplans/prepare_agent.pp @@ -5,7 +5,6 @@ Hash $certificate_extensions, Optional[Array] $dns_alt_names = undef, ) { - $agent_target = peadm::get_targets($targets, 1) $primary_target = peadm::get_targets($primary_host, 1) @@ -16,7 +15,7 @@ $status = run_task('package', $agent_target, action => 'status', - name => 'puppet-agent').first['status'] + name => 'puppet-agent').first['status'] if $status == 'uninstalled' { run_plan('peadm::util::insert_csr_extension_requests', $agent_target, @@ -42,7 +41,7 @@ # Obtain data about certificate from primary $certstatus = run_task('peadm::cert_valid_status', $primary_target, - certname => $agent_target.peadm::certname()).first.value + certname => $agent_target.peadm::certname()).first.value # Obtain data about certificate from agent $certdata = run_task('peadm::cert_data', $agent_target).first.value @@ -59,7 +58,7 @@ # agent claims it has one, clean the agent to get to an agreed upon state # before moving onto the submit and sign process. if $certdata['certificate-exists'] and $certstatus['reason'] =~ /The private key is missing from/ { - out::message("Agent: ${agent_target.peadm::certname()} has a local cert but Primary: ${primary_target.peadm::certname()} does not, force agent clean") + out::message("Agent: ${agent_target.peadm::certname()} has a local cert but Primary: ${primary_target.peadm::certname()} does not, force agent clean") # lint:ignore:140chars run_task('peadm::ssl_clean', $agent_target, certname => $agent_target.peadm::certname()) } $force_regenerate = false @@ -73,10 +72,10 @@ # If necessary, manually submit a CSR # ignoring errors to simplify logic unless $skip_csr { - run_task('peadm::submit_csr', $agent_target, {'_catch_errors' => true}) + run_task('peadm::submit_csr', $agent_target, { '_catch_errors' => true }) # On primary, if necessary, sign the certificate request - run_task('peadm::sign_csr', $primary_target, { 'certnames' => [$agent_target.peadm::certname()] } ) + run_task('peadm::sign_csr', $primary_target, { 'certnames' => [$agent_target.peadm::certname()] }) } # If agent certificate is good but lacks appropriate extensions, plan will still diff --git a/plans/uninstall.pp b/plans/uninstall.pp index 3579b662..7869f27c 100644 --- a/plans/uninstall.pp +++ b/plans/uninstall.pp @@ -12,4 +12,3 @@ return($uninstall_results) } - diff --git a/plans/upgrade.pp b/plans/upgrade.pp index eea92339..1fe8dc8a 100644 --- a/plans/upgrade.pp +++ b/plans/upgrade.pp @@ -43,14 +43,13 @@ Boolean $permit_unsafe_versions = false, Optional[Enum[ - 'upgrade-primary', - 'upgrade-node-groups', - 'upgrade-primary-compilers', - 'upgrade-replica', - 'upgrade-replica-compilers', - 'finalize']] $begin_at_step = undef, + 'upgrade-primary', + 'upgrade-node-groups', + 'upgrade-primary-compilers', + 'upgrade-replica', + 'upgrade-replica-compilers', + 'finalize']] $begin_at_step = undef, ) { - # Ensure input valid for a supported architecture $arch = peadm::assert_supported_architecture( $primary_host, @@ -68,17 +67,17 @@ $compiler_targets = peadm::get_targets($compiler_hosts) $all_targets = peadm::flatten_compact([ - $primary_target, - $primary_postgresql_target, - $replica_target, - $replica_postgresql_target, - $compiler_targets, + $primary_target, + $primary_postgresql_target, + $replica_target, + $replica_postgresql_target, + $compiler_targets, ]) $pe_installer_targets = peadm::flatten_compact([ - $primary_target, - $primary_postgresql_target, - $replica_postgresql_target, + $primary_target, + $primary_postgresql_target, + $replica_postgresql_target, ]) out::message('# Gathering information') @@ -122,22 +121,24 @@ [peadm::oid('peadm_role'), 'pp_auth_role'].all |$ext| { $cert[$ext] == undef } or $cert[peadm::oid('peadm_availability_group')] == undef } { +# lint:ignore:strict_indent fail_plan(@(HEREDOC/L)) - Required trusted facts are not present; upgrade cannot be completed. If \ + Required trusted facts are not present; upgrade cannot be completed. If \ this infrastructure was provisioned with an old version of peadm, you may \ need to run the peadm::convert plan\ | HEREDOC +# lint:endignore } # Determine which compilers are associated with which DR group $compiler_m1_targets = $compiler_targets.filter |$target| { ($cert_extensions.dig($target.peadm::certname, peadm::oid('peadm_availability_group')) - == $cert_extensions.dig($primary_target[0].peadm::certname, peadm::oid('peadm_availability_group'))) + == $cert_extensions.dig($primary_target[0].peadm::certname, peadm::oid('peadm_availability_group'))) } $compiler_m2_targets = $compiler_targets.filter |$target| { ($cert_extensions.dig($target.peadm::certname, peadm::oid('peadm_availability_group')) - == $cert_extensions.dig($replica_target[0].peadm::certname, peadm::oid('peadm_availability_group'))) + == $cert_extensions.dig($replica_target[0].peadm::certname, peadm::oid('peadm_availability_group'))) } peadm::plan_step('preparation') || { @@ -176,20 +177,20 @@ # is only ever consulted during install and upgrade of these nodes, but if # it contains the wrong values, upgrade will fail. peadm::flatten_compact([ - $primary_postgresql_target, - $replica_postgresql_target, + $primary_postgresql_target, + $replica_postgresql_target, ]).each |$target| { $current_pe_conf = run_task('peadm::read_file', $target, path => '/etc/puppetlabs/enterprise/conf.d/pe.conf', ).first['content'] $pe_conf = ($current_pe_conf ? { - undef => {}, - default => $current_pe_conf.parsehocon(), - } + { - 'console_admin_password' => 'not used', - 'puppet_enterprise::puppet_master_host' => $primary_target.peadm::certname(), - 'puppet_enterprise::database_host' => $target.peadm::certname(), + undef => {}, + default => $current_pe_conf.parsehocon(), + } + { + 'console_admin_password' => 'not used', + 'puppet_enterprise::puppet_master_host' => $primary_target.peadm::certname(), + 'puppet_enterprise::database_host' => $target.peadm::certname(), } + $profile_database_puppetdb_hosts).to_json_pretty() write_file($pe_conf, '/etc/puppetlabs/enterprise/conf.d/pe.conf', $target) @@ -220,8 +221,8 @@ # Installer-driven upgrade will de-configure auth access for compilers. # Re-run Puppet immediately to fully re-enable run_task('peadm::puppet_runonce', peadm::flatten_compact([ - $primary_target, - $primary_postgresql_target, + $primary_target, + $primary_postgresql_target, ])) } @@ -290,8 +291,8 @@ # `puppet infra upgrade` cannot handle orchestration services restarting, # also run Puppet immediately on the primary. run_task('peadm::puppet_runonce', peadm::flatten_compact([ - $primary_target, - $replica_postgresql_target, + $primary_target, + $replica_postgresql_target, ])) # The `puppetdb delete-reports` CLI app has a bug in 2019.8.0 where it @@ -300,8 +301,9 @@ $pdbapps = '/opt/puppetlabs/server/apps/puppetdb/cli/apps' $workaround_delete_reports = $arch['disaster-recovery'] and $_version =~ SemVerRange('>= 2019.8') if $workaround_delete_reports { +# lint:ignore:strict_indent run_command(@("COMMAND"/$), $replica_target) - if [ -e ${pdbapps}/delete-reports -a ! -h ${pdbapps}/delete-reports ] + if [ -e ${pdbapps}/delete-reports -a ! -h ${pdbapps}/delete-reports ] then mv ${pdbapps}/delete-reports ${pdbapps}/delete-reports.original ln -s \$(which true) ${pdbapps}/delete-reports @@ -319,11 +321,12 @@ # Return the delete-reports CLI app to its original state if $workaround_delete_reports { run_command(@("COMMAND"/$), $replica_target) - if [ -e ${pdbapps}/delete-reports.original ] + if [ -e ${pdbapps}/delete-reports.original ] then mv ${pdbapps}/delete-reports.original ${pdbapps}/delete-reports fi | COMMAND +# lint:endignore } } diff --git a/plans/util/code_sync_status.pp b/plans/util/code_sync_status.pp index 06db9e7b..64e72f44 100644 --- a/plans/util/code_sync_status.pp +++ b/plans/util/code_sync_status.pp @@ -7,18 +7,18 @@ # Print a table of summary status out::message( format::table({ - title => 'Summary', - rows => $data['environments'].reduce([['Overall sync status', $data['sync']]]) |$memo, $val| { - $memo << ["${val[0]} environment in sync", $val[1]['sync']] }})) + title => 'Summary', + rows => $data['environments'].reduce([['Overall sync status', $data['sync']]]) |$memo, $val| { + $memo << ["${val[0]} environment in sync", $val[1]['sync']] } })) # Print a server status table, one for each environment $data['environments'].each |$env, $_| { out::message( format::table({ - title => "Server sync status - ${env}", - head => ['Server', 'In Sync', 'Commit'], - rows => $data['environments'][$env]['servers'].reduce([]) |$memo, $val| { - $memo << [$val[0], $val[1]['sync'], $val[1]['commit']] }})) + title => "Server sync status - ${env}", + head => ['Server', 'In Sync', 'Commit'], + rows => $data['environments'][$env]['servers'].reduce([]) |$memo, $val| { + $memo << [$val[0], $val[1]['sync'], $val[1]['commit']] } })) } return('Done') diff --git a/plans/util/copy_file.pp b/plans/util/copy_file.pp index 793364fb..cc324611 100644 --- a/plans/util/copy_file.pp +++ b/plans/util/copy_file.pp @@ -4,7 +4,6 @@ Peadm::SingleTargetSpec $source_host, Stdlib::Absolutepath $path ) { - $source_target = peadm::get_targets($source_host, 1) $replica_target = $targets diff --git a/plans/util/db_disable_pglogical.pp b/plans/util/db_disable_pglogical.pp index 9f0abb8a..fdf37bed 100644 --- a/plans/util/db_disable_pglogical.pp +++ b/plans/util/db_disable_pglogical.pp @@ -3,7 +3,6 @@ Peadm::SingleTargetSpec $targets, Array[String[1]] $databases, ) { - # Simplest way to disable the connection that the pglogical supervisor opens # to each database it means to replicate. $databases.each |$database| { diff --git a/plans/util/db_purge.pp b/plans/util/db_purge.pp index b419022b..74852ae2 100644 --- a/plans/util/db_purge.pp +++ b/plans/util/db_purge.pp @@ -3,18 +3,17 @@ TargetSpec $targets, Array[String[1]] $databases, ) { - # Their are more sophisticated ways to clean up these databases so they do not # continue taking up disk space but they are finicky and grow complex. Instead # just delete them even though Puppet will recreate them on the next agent run. $databases.each |$database| { run_command( "runuser -u pe-postgres -- \ /opt/puppetlabs/server/bin/psql pe-postgres -c 'DROP DATABASE IF EXISTS \"${database}\"'", - $targets + $targets ) run_command("runuser -u pe-postgres -- \ /opt/puppetlabs/server/bin/psql pe-postgres -c 'DROP TABLESPACE IF EXISTS \"${database}\"'", - $targets + $targets ) } } diff --git a/plans/util/insert_csr_extension_requests.pp b/plans/util/insert_csr_extension_requests.pp index 23e12215..63c4edcc 100644 --- a/plans/util/insert_csr_extension_requests.pp +++ b/plans/util/insert_csr_extension_requests.pp @@ -6,9 +6,9 @@ ) { get_targets($targets).each |$target| { $csr_attributes_data = ($csr_file = run_task('peadm::read_file', $target, - path => '/etc/puppetlabs/puppet/csr_attributes.yaml', + path => '/etc/puppetlabs/puppet/csr_attributes.yaml', ).first['content']) ? { - undef => { }, + undef => {}, default => $csr_file.parseyaml, } @@ -16,8 +16,8 @@ # If we're not merging, only ours will be used; existing requests will be # overwritten. $csr_file_data = $merge ? { - true => $csr_attributes_data.deep_merge({'extension_requests' => $extension_requests}), - false => ($csr_attributes_data + {'extension_requests' => $extension_requests}), + true => $csr_attributes_data.deep_merge({ 'extension_requests' => $extension_requests }), + false => ($csr_attributes_data + { 'extension_requests' => $extension_requests }), } run_task('peadm::mkdir_p_file', $target, diff --git a/plans/util/update_classification.pp b/plans/util/update_classification.pp index 0e88aa18..247a9632 100644 --- a/plans/util/update_classification.pp +++ b/plans/util/update_classification.pp @@ -18,7 +18,6 @@ Optional[String] $internal_compiler_a_pool_address = undef, Optional[String] $internal_compiler_b_pool_address = undef, ) { - $primary_target = peadm::get_targets($targets, 1) # Makes this more easily usable outside a plan @@ -34,25 +33,25 @@ $filtered_params = { 'compiler_pool_address' => $compiler_pool_address, 'internal_compiler_a_pool_address' => $internal_compiler_a_pool_address, - 'internal_compiler_b_pool_address' => $internal_compiler_b_pool_address + 'internal_compiler_b_pool_address' => $internal_compiler_b_pool_address, }.filter |$parameter| { $parameter[1] } $filtered_server = { 'A' => $server_a_host, - 'B' => $server_b_host + 'B' => $server_b_host, }.filter |$parameter| { $parameter[1] } $filtered_psql = { 'A' => $postgresql_a_host, - 'B' => $postgresql_b_host + 'B' => $postgresql_b_host, }.filter |$parameter| { $parameter[1] } $filtered = { 'params' => $filtered_params, 'role-letter' => { 'server' => $filtered_server, - 'postgresql' => $filtered_psql - } + 'postgresql' => $filtered_psql, + }, } out::verbose('New values are...') diff --git a/plans/util/update_db_setting.pp b/plans/util/update_db_setting.pp index aa74a0ff..9035d0fc 100644 --- a/plans/util/update_db_setting.pp +++ b/plans/util/update_db_setting.pp @@ -8,11 +8,9 @@ Optional[Hash] $peadm_config = undef, Boolean $override = false ) { - # FIX ME: Section needs to be parallelized, can't use built in functionality # of apply(). get_targets($targets).each |$target| { - if $override { $db = $postgresql_host } else { @@ -23,9 +21,9 @@ # Determine configuration by pairing target with existing availability letter # assignments, setting to the new node if no match is found. $target_group_letter = peadm::flatten_compact([$roles['compilers'],$roles['server']].map |$role| { - $role.map |$k,$v| { - if $target.peadm::certname() in $v { $k } - } + $role.map |$k,$v| { + if $target.peadm::certname() in $v { $k } + } })[0] $match = $roles['postgresql'][$target_group_letter] if $match { @@ -35,7 +33,7 @@ } } - $db_setting = "//${db}:5432/pe-puppetdb?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/certs/ca.pem&sslkey=/etc/puppetlabs/puppetdb/ssl/${target.peadm::certname()}.private_key.pk8&sslcert=/etc/puppetlabs/puppetdb/ssl/${$target.peadm::certname()}.cert.pem" + $db_setting = "//${db}:5432/pe-puppetdb?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/certs/ca.pem&sslkey=/etc/puppetlabs/puppetdb/ssl/${target.peadm::certname()}.private_key.pk8&sslcert=/etc/puppetlabs/puppetdb/ssl/${$target.peadm::certname()}.cert.pem" # lint:ignore:140chars # Introduces dependency so PEADM can modify INI files apply($target) { diff --git a/types/ldap_config.pp b/types/ldap_config.pp index ab75d005..924ec128 100644 --- a/types/ldap_config.pp +++ b/types/ldap_config.pp @@ -1,25 +1,25 @@ type Peadm::Ldap_config = Struct[{ - base_dn => String, - connect_timeout => Integer, - disable_ldap_matching_rule_in_chain => Boolean, - display_name => String, - group_lookup_attr => String, - group_member_attr => String, - group_name_attr => String, - group_object_class => String, - Optional[group_rdn] => Optional[String], - Optional[help_link] => Optional[String], - hostname => String, - Optional[login] => Optional[String], - Optional[password] => Optional[String], - port => Integer, - search_nested_groups => Boolean, - ssl => Boolean, - ssl_hostname_validation => Boolean, - ssl_wildcard_validation => Boolean, - start_tls => Boolean, - user_display_name_attr => String, - user_email_attr => String, - user_lookup_attr => String, - Optional[user_rdn] => Optional[String], + base_dn => String, + connect_timeout => Integer, + disable_ldap_matching_rule_in_chain => Boolean, + display_name => String, + group_lookup_attr => String, + group_member_attr => String, + group_name_attr => String, + group_object_class => String, + Optional[group_rdn] => Optional[String], + Optional[help_link] => Optional[String], + hostname => String, + Optional[login] => Optional[String], + Optional[password] => Optional[String], + port => Integer, + search_nested_groups => Boolean, + ssl => Boolean, + ssl_hostname_validation => Boolean, + ssl_wildcard_validation => Boolean, + start_tls => Boolean, + user_display_name_attr => String, + user_email_attr => String, + user_lookup_attr => String, + Optional[user_rdn] => Optional[String], }] diff --git a/types/recovery_opts.pp b/types/recovery_opts.pp index 8e88fb65..c759e955 100644 --- a/types/recovery_opts.pp +++ b/types/recovery_opts.pp @@ -1,8 +1,8 @@ type Peadm::Recovery_opts = Struct[{ - 'orchestrator' => Optional[Boolean], - 'puppetdb' => Optional[Boolean], - 'rbac' => Optional[Boolean], - 'activity' => Optional[Boolean], - 'ca' => Optional[Boolean[false]], - 'classifier' => Optional[Boolean], + 'orchestrator' => Optional[Boolean], + 'puppetdb' => Optional[Boolean], + 'rbac' => Optional[Boolean], + 'activity' => Optional[Boolean], + 'ca' => Optional[Boolean[false]], + 'classifier' => Optional[Boolean], }] From 7d9227f8b43c60e5a7c7a56b8fd02d04c651f4e0 Mon Sep 17 00:00:00 2001 From: David Sandilands Date: Tue, 31 Jan 2023 11:21:42 +0000 Subject: [PATCH 2/9] Exluding the manifest_whitespace_missing_newline_end_of_file check due to bug with heredoc --- .puppet-lint.rc | 1 + .sync.yml | 2 +- Rakefile | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.puppet-lint.rc b/.puppet-lint.rc index 175e065c..6684ba38 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1,2 +1,3 @@ --relative --no-strict_indent-check +--no-manifest_whitespace_missing_newline_end_of_file-check diff --git a/.sync.yml b/.sync.yml index 1827bdfe..c9c09aa9 100644 --- a/.sync.yml +++ b/.sync.yml @@ -11,7 +11,7 @@ Gemfile: version: '4.21.0' # Locked due to https://github.com/octokit/octokit.rb/issues/1391 Rakefile: changelog_since_tag: '2.5.0' - default_disabled_lint_checks: ['strict_indent'] + default_disabled_lint_checks: ['strict_indent','manifest_whitespace_missing_newline_end_of_file'] extras: - 'PuppetSyntax.exclude_paths = ["plans/**/*.pp", "spec/acceptance/**/plans/**/*.pp", "vendor/**/*"]' spec/spec_helper.rb: diff --git a/Rakefile b/Rakefile index 89f9932d..414b005d 100644 --- a/Rakefile +++ b/Rakefile @@ -43,6 +43,7 @@ end PuppetLint.configuration.send('disable_relative') PuppetLint.configuration.send('disable_strict_indent') +PuppetLint.configuration.send('disable_manifest_whitespace_missing_newline_end_of_file') if Bundler.rubygems.find_name('github_changelog_generator').any? From 44e84f8c169f6d8671432b8742bd7e9950a42135 Mon Sep 17 00:00:00 2001 From: David Sandilands Date: Tue, 31 Jan 2023 11:22:28 +0000 Subject: [PATCH 3/9] Chaning Target back strings not correct use in this case --- functions/certname.pp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/functions/certname.pp b/functions/certname.pp index 68219fed..2f9633f9 100644 --- a/functions/certname.pp +++ b/functions/certname.pp @@ -16,18 +16,20 @@ function peadm::certname( Array[Undef,1,1], Array[Any,0,0]] $target, ) >> Variant[String, Undef] { +# lint:ignore:unquoted_string_in_case case $target { - 'Target': { + Target: { $target.vars['certname'] ? { default => $target.vars['certname'], undef => $target.name } } - Array['Target',1,1]: { + Array[Target,1,1]: { $target[0].vars['certname'] ? { default => $target[0].vars['certname'], undef => $target[0].name } +# lint:endignore } String: { $target From 047de32dcc1f35c0a470113bc6c21420a1a15c2a Mon Sep 17 00:00:00 2001 From: David Sandilands Date: Tue, 31 Jan 2023 11:23:38 +0000 Subject: [PATCH 4/9] Fixing bug pdk correction --- plans/subplans/db_populate.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plans/subplans/db_populate.pp b/plans/subplans/db_populate.pp index 1a5b5366..6cbdf858 100644 --- a/plans/subplans/db_populate.pp +++ b/plans/subplans/db_populate.pp @@ -97,5 +97,6 @@ # Reload pe-postgresql to revoke replication rules run_command('systemctl reload pe-postgresql.service', ${source_target}) - return("Population of ${$destination_target.peadm::certname()} with data from s$source_target + return("Population of ${$destination_target.peadm::certname()} with data from s$source_target") } + From b5c8d246deb6638109718e7bac347472041348b6 Mon Sep 17 00:00:00 2001 From: David Sandilands Date: Tue, 31 Jan 2023 11:46:58 +0000 Subject: [PATCH 5/9] Moving git ignore entries to sync.yml config --- .gitignore | 4 ++++ .sync.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/.gitignore b/.gitignore index 3aabfaed..aa93de59 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,7 @@ .plan_cache.json .resource_types/ bolt-debug.log +spec/docker/**/*.tar.gz +spec/docker/**/*.asc +spec/docker/**/files/puppet-enterprise* +spec/docker/.task_cache.json diff --git a/.sync.yml b/.sync.yml index c9c09aa9..b21d4873 100644 --- a/.sync.yml +++ b/.sync.yml @@ -24,6 +24,10 @@ spec/spec_helper.rb: - '.plan_cache.json' - '.resource_types/' - 'bolt-debug.log' + - 'spec/docker/**/*.tar.gz' + - 'spec/docker/**/*.asc' + - 'spec/docker/**/files/puppet-enterprise*' + - 'spec/docker/.task_cache.json' .github/workflows/auto_release.yml: unmanaged: false .github/workflows/release.yml: From d3e68c5055e14405f9cde5dd0a665f7d6662bb7e Mon Sep 17 00:00:00 2001 From: David Sandilands Date: Tue, 31 Jan 2023 12:18:46 +0000 Subject: [PATCH 6/9] Correcting some pdk overreach --- functions/assert_supported_architecture.pp | 2 +- functions/assert_supported_bolt_version.pp | 2 +- functions/assert_supported_pe_version.pp | 6 ++--- plans/backup.pp | 10 ++++---- plans/convert.pp | 4 +-- plans/misc/divert_code_manager.pp | 4 +-- plans/modify_cert_extensions.pp | 2 +- plans/restore.pp | 30 +++++++++++----------- plans/subplans/db_populate.pp | 2 +- plans/subplans/install.pp | 4 +-- plans/subplans/modify_certificate.pp | 4 +-- plans/upgrade.pp | 4 +-- 12 files changed, 37 insertions(+), 37 deletions(-) diff --git a/functions/assert_supported_architecture.pp b/functions/assert_supported_architecture.pp index fec64901..4e6723f4 100644 --- a/functions/assert_supported_architecture.pp +++ b/functions/assert_supported_architecture.pp @@ -33,7 +33,7 @@ function peadm::assert_supported_architecture ( # lint:ignore:strict_indent default: { # Invalid out::message(inline_epp(@(HEREDOC))) - Invalid architecture! Recieved: + Invalid architecture! Recieved: - primary <% if $replica_host { -%> - primary-replica diff --git a/functions/assert_supported_bolt_version.pp b/functions/assert_supported_bolt_version.pp index df444b82..5f01fe3e 100644 --- a/functions/assert_supported_bolt_version.pp +++ b/functions/assert_supported_bolt_version.pp @@ -11,7 +11,7 @@ function peadm::assert_supported_bolt_version ( # lint:ignore:strict_indent unless $supported { fail(@("REASON"/L)) - This version of puppetlabs-peadm requires Bolt version ${supported_bolt_version}. + This version of puppetlabs-peadm requires Bolt version ${supported_bolt_version}. You are using Bolt version ${peadm::bolt_version()}. diff --git a/functions/assert_supported_pe_version.pp b/functions/assert_supported_pe_version.pp index 236d607a..3576d377 100644 --- a/functions/assert_supported_pe_version.pp +++ b/functions/assert_supported_pe_version.pp @@ -12,7 +12,7 @@ function peadm::assert_supported_pe_version ( if $permit_unsafe_versions { # lint:ignore:strict_indent warning(@("WARN"/L)) - WARNING: Permitting unsafe PE versions. This is not supported or tested. + WARNING: Permitting unsafe PE versions. This is not supported or tested. Proceeding with this action could result in a broken PE Infrastructure. | WARN # lint:endignore @@ -21,14 +21,14 @@ function peadm::assert_supported_pe_version ( if (!$supported and $permit_unsafe_versions) { # lint:ignore:strict_indent warning(@("WARN"/L)) - WARNING: PE version ${version} is NOT SUPPORTED! + WARNING: PE version ${version} is NOT SUPPORTED! | WARN # lint:endignore } elsif (!$supported) { # lint:ignore:strict_indent fail(@("REASON"/L)) - This version of the puppetlabs-peadm module does not support PE ${version}. + This version of the puppetlabs-peadm module does not support PE ${version}. For PE versions older than ${oldest}, please check to see if version 1.x \ or 2.x of the puppetlabs-peadm module supports your PE version. diff --git a/plans/backup.pp b/plans/backup.pp index 108a8075..b653e99f 100644 --- a/plans/backup.pp +++ b/plans/backup.pp @@ -74,7 +74,7 @@ out::message('# Backing up ca and ssl certificates') # lint:ignore:strict_indent run_command(@("CMD"), $primary_target) - /opt/puppetlabs/bin/puppet-backup create --dir=${shellquote($backup_directory)}/ca --scope=certs + /opt/puppetlabs/bin/puppet-backup create --dir=${shellquote($backup_directory)}/ca --scope=certs | CMD } @@ -83,7 +83,7 @@ out::message('# Backing up ldap secret key if it exists') # lint:ignore:140chars run_command(@("CMD"/L), $primary_target) - test -f /etc/puppetlabs/console-services/conf.d/secrets/keys.json \ + test -f /etc/puppetlabs/console-services/conf.d/secrets/keys.json \ && cp -rp /etc/puppetlabs/console-services/conf.d/secrets ${shellquote($backup_directory)}/rbac/ \ || echo secret ldap key doesnt exist | CMD @@ -94,13 +94,13 @@ if getvar('recovery_opts.orchestrator') { out::message('# Backing up orchestrator secret keys') run_command(@("CMD"), $primary_target) - cp -rp /etc/puppetlabs/orchestration-services/conf.d/secrets ${shellquote($backup_directory)}/orchestrator/ + cp -rp /etc/puppetlabs/orchestration-services/conf.d/secrets ${shellquote($backup_directory)}/orchestrator/ | CMD } # lint:endignore $backup_databases.each |$name,$database_target| { run_command(@("CMD"/L), $primary_target) - /opt/puppetlabs/server/bin/pg_dump -Fd -Z3 -j4 \ + /opt/puppetlabs/server/bin/pg_dump -Fd -Z3 -j4 \ -f ${shellquote($backup_directory)}/${shellquote($name)}/pe-${shellquote($name)}.dump.d \ "sslmode=verify-ca \ host=${shellquote($database_target.peadm::certname())} \ @@ -113,7 +113,7 @@ } run_command(@("CMD"/L), $primary_target) - umask 0077 \ + umask 0077 \ && cd ${shellquote(dirname($backup_directory))} \ && tar -czf ${shellquote($backup_directory)}.tar.gz ${shellquote(basename($backup_directory))} \ && rm -rf ${shellquote($backup_directory)} diff --git a/plans/convert.pp b/plans/convert.pp index c50e5838..1995a0b0 100644 --- a/plans/convert.pp +++ b/plans/convert.pp @@ -79,7 +79,7 @@ if (!$previously_configured_by_peadm and ($pe_version =~ SemVerRange('< 2019.7.0'))) { # lint:ignore:strict_indent fail_plan(@("EOL"/L)) - PE cluster cannot be converted! PE cluster must be a deployment \ + PE cluster cannot be converted! PE cluster must be a deployment \ created by pe_xl, by an older version of peadm, or be PE version \ 2019.7.0 or newer. Detected PE version ${pe_version}, and did not detect \ signs that the deployment was previously created by peadm/pe_xl. @@ -232,7 +232,7 @@ else { # lint:ignore:strict_indent out::message(@("EOL"/L)) - NOTICE: Node groups not created/updated as part of convert because PE \ + NOTICE: Node groups not created/updated as part of convert because PE \ version is too old to support them. Node groups will be updated when \ the peadm::upgrade plan is run. | EOL diff --git a/plans/misc/divert_code_manager.pp b/plans/misc/divert_code_manager.pp index 82b57e5a..5e945737 100644 --- a/plans/misc/divert_code_manager.pp +++ b/plans/misc/divert_code_manager.pp @@ -17,7 +17,7 @@ ) { # lint:ignore:strict_indent notice(@(HEREDOC)) - The code manager puppet-code live-dir will be diverted + The code manager puppet-code live-dir will be diverted from: /etc/puppetlabs/code to: /etc/puppetlabs/code-synchronized This will allow /etc/puppetlabs/code to be managed manually @@ -26,7 +26,7 @@ run_task('peadm::divert_code_manager', $primary_host) notice(@(HEREDOC)) - Remember to enforce this configuration in your Puppet code with a Collector Override. E.g. + Remember to enforce this configuration in your Puppet code with a Collector Override. E.g. Pe_hocon_setting <| title == 'file-sync.repos.puppet-code.live-dir' |> { value => '/etc/puppetlabs/code-synchronized', diff --git a/plans/modify_cert_extensions.pp b/plans/modify_cert_extensions.pp index c3d89915..021ee941 100644 --- a/plans/modify_cert_extensions.pp +++ b/plans/modify_cert_extensions.pp @@ -7,7 +7,7 @@ ) { # lint:ignore:strict_indent out::message(@(EOS)) - The peadm::modify_cert_extensions plan has been deprecated. + The peadm::modify_cert_extensions plan has been deprecated. Please use peadm::modify_certificate instead. | EOS # lint:endignore diff --git a/plans/restore.pp b/plans/restore.pp index a8dc3f2e..2bbe7d8c 100644 --- a/plans/restore.pp +++ b/plans/restore.pp @@ -52,7 +52,7 @@ $recovery_directory = "${dirname($input_file)}/${basename($input_file, '.tar.gz')}" # lint:ignore:strict_indent run_command(@("CMD"/L), $primary_target) - umask 0077 \ + umask 0077 \ && cd ${shellquote(dirname($recovery_directory))} \ && tar -xzf ${shellquote($input_file)} | CMD @@ -89,7 +89,7 @@ out::message('# Restoring ca and ssl certificates') # lint:ignore:strict_indent run_command(@("CMD"/L), $primary_target) - /opt/puppetlabs/bin/puppet-backup restore \ + /opt/puppetlabs/bin/puppet-backup restore \ --scope=certs \ --tempdir=${shellquote($recovery_directory)} \ --force \ @@ -103,20 +103,20 @@ # or other factors. if getvar('recovery_opts.puppetdb') { run_command(@("CMD"/L), $primary_target) - /opt/puppetlabs/bin/puppet-db export ${shellquote($recovery_directory)}/puppetdb-archive.bin + /opt/puppetlabs/bin/puppet-db export ${shellquote($recovery_directory)}/puppetdb-archive.bin | CMD } ## shutdown services run_command(@("CMD"/L), $primary_target) - systemctl stop pe-console-services pe-nginx pxp-agent pe-puppetserver \ + systemctl stop pe-console-services pe-nginx pxp-agent pe-puppetserver \ pe-orchestration-services puppet pe-puppetdb | CMD # Restore secrets/keys.json if it exists out::message('# Restoring ldap secret key if it exists') run_command(@("CMD"/L), $primary_target) - test -f ${shellquote($recovery_directory)}/rbac/keys.json \ + test -f ${shellquote($recovery_directory)}/rbac/keys.json \ && cp -rp ${shellquote($recovery_directory)}/keys.json /etc/puppetlabs/console-services/conf.d/secrets/ \ || echo secret ldap key doesnt exist | CMD @@ -137,7 +137,7 @@ # Drop pglogical extensions and schema if present run_command(@("CMD"/L), $database_targets) - su - pe-postgres -s /bin/bash -c \ + su - pe-postgres -s /bin/bash -c \ "/opt/puppetlabs/server/bin/psql \ --tuples-only \ -d '${dbname}' \ @@ -145,7 +145,7 @@ | CMD run_command(@("CMD"/L), $database_targets) - su - pe-postgres -s /bin/bash -c \ + su - pe-postgres -s /bin/bash -c \ "/opt/puppetlabs/server/bin/psql \ -d '${dbname}' \ -c 'DROP SCHEMA public CASCADE; CREATE SCHEMA public;'" @@ -153,7 +153,7 @@ # To allow db user to restore the database grant temporary privileges run_command(@("CMD"/L), $database_targets) - su - pe-postgres -s /bin/bash -c \ + su - pe-postgres -s /bin/bash -c \ "/opt/puppetlabs/server/bin/psql \ -d '${dbname}' \ -c 'ALTER USER \"${dbname}\" WITH SUPERUSER;'" @@ -163,7 +163,7 @@ # the restore(s) in parallel. parallelize($database_targets) |$database_target| { run_command(@("CMD"/L), $primary_target) - /opt/puppetlabs/server/bin/pg_restore \ + /opt/puppetlabs/server/bin/pg_restore \ -j 4 \ -d "sslmode=verify-ca \ host=${shellquote($database_target.peadm::certname())} \ @@ -178,7 +178,7 @@ # Remove db user privileges post restore run_command(@("CMD"/L), $database_targets) - su - pe-postgres -s /bin/bash -c \ + su - pe-postgres -s /bin/bash -c \ "/opt/puppetlabs/server/bin/psql \ -d '${dbname}' \ -c 'ALTER USER \"${dbname}\" WITH NOSUPERUSER;'" @@ -186,7 +186,7 @@ # Drop pglogical extension and schema (again) if present after db restore run_command(@("CMD"/L), $database_targets) - su - pe-postgres -s /bin/bash -c \ + su - pe-postgres -s /bin/bash -c \ "/opt/puppetlabs/server/bin/psql \ --tuples-only \ -d '${dbname}' \ @@ -194,7 +194,7 @@ | CMD run_command(@("CMD"/L), $database_targets) - su - pe-postgres -s /bin/bash -c \ + su - pe-postgres -s /bin/bash -c \ "/opt/puppetlabs/server/bin/psql \ -d '${dbname}' \ -c 'DROP EXTENSION IF EXISTS pglogical CASCADE;'" @@ -205,12 +205,12 @@ # etc. Make sure not to try and get config data from the classifier, which # isn't yet up and running. run_command(@("CMD"/L), $primary_target) - /opt/puppetlabs/bin/puppet-infrastructure configure --no-recover + /opt/puppetlabs/bin/puppet-infrastructure configure --no-recover | CMD # If we have replicas reinitalise them run_command(@("CMD"/L), $replica_target) - /opt/puppetlabs/bin/puppet-infra reinitialize replica -y + /opt/puppetlabs/bin/puppet-infra reinitialize replica -y | CMD # Use PuppetDB's /pdb/admin/v1/archive API to MERGE previously saved data @@ -219,7 +219,7 @@ # or other factors. if getvar('recovery_opts.puppetdb') { run_command(@("CMD"/L), $primary_target) - /opt/puppetlabs/bin/puppet-db import ${shellquote($recovery_directory)}/puppetdb-archive.bin + /opt/puppetlabs/bin/puppet-db import ${shellquote($recovery_directory)}/puppetdb-archive.bin | CMD # lint:endignore } diff --git a/plans/subplans/db_populate.pp b/plans/subplans/db_populate.pp index 6cbdf858..8dedd134 100644 --- a/plans/subplans/db_populate.pp +++ b/plans/subplans/db_populate.pp @@ -97,6 +97,6 @@ # Reload pe-postgresql to revoke replication rules run_command('systemctl reload pe-postgresql.service', ${source_target}) - return("Population of ${$destination_target.peadm::certname()} with data from s$source_target") + return("Population of ${$destination_target.peadm::certname()} with data from s${$source_target.peadm::certname()} succeeded.") } diff --git a/plans/subplans/install.pp b/plans/subplans/install.pp index 8945be7d..1b91b318 100644 --- a/plans/subplans/install.pp +++ b/plans/subplans/install.pp @@ -137,7 +137,7 @@ if ($name != $result['hostname']) { # lint:ignore:strict_indent warning(@("HEREDOC")) - WARNING: Target name / hostname mismatch: target ${name} reports ${result['hostname']} + WARNING: Target name / hostname mismatch: target ${name} reports ${result['hostname']} Certificate name will be set to target name. Please ensure target name is correct and resolvable |-HEREDOC # lint:endignore @@ -195,7 +195,7 @@ run_task('peadm::mkdir_p_file', $target, path => '/etc/puppetlabs/puppet/puppet.conf', content => @("HEREDOC"), - [main] + [main] certname = ${target.peadm::certname()} | HEREDOC # lint:endignore diff --git a/plans/subplans/modify_certificate.pp b/plans/subplans/modify_certificate.pp index 915acabd..01058002 100644 --- a/plans/subplans/modify_certificate.pp +++ b/plans/subplans/modify_certificate.pp @@ -58,7 +58,7 @@ ) # lint:ignore:strict_indent $ca_clean_result = run_command(@("HEREDOC"/L), $primary_target, _catch_errors => true).first - /opt/puppetlabs/bin/puppetserver ca clean --certname ${certname} + /opt/puppetlabs/bin/puppetserver ca clean --certname ${certname} |-HEREDOC # lint:endignore unless $ca_clean_result.ok { @@ -87,7 +87,7 @@ # present on the agent. # lint:ignore:strict_indent run_command(@("HEREDOC"/L), $target) - /opt/puppetlabs/bin/puppet ssl download_cert --certname ${certname} || \ + /opt/puppetlabs/bin/puppet ssl download_cert --certname ${certname} || \ /opt/puppetlabs/bin/puppet certificate find --ca-location remote ${certname} |-HEREDOC } diff --git a/plans/upgrade.pp b/plans/upgrade.pp index 1fe8dc8a..c9a28eb6 100644 --- a/plans/upgrade.pp +++ b/plans/upgrade.pp @@ -123,7 +123,7 @@ } { # lint:ignore:strict_indent fail_plan(@(HEREDOC/L)) - Required trusted facts are not present; upgrade cannot be completed. If \ + Required trusted facts are not present; upgrade cannot be completed. If \ this infrastructure was provisioned with an old version of peadm, you may \ need to run the peadm::convert plan\ | HEREDOC @@ -303,7 +303,7 @@ if $workaround_delete_reports { # lint:ignore:strict_indent run_command(@("COMMAND"/$), $replica_target) - if [ -e ${pdbapps}/delete-reports -a ! -h ${pdbapps}/delete-reports ] + if [ -e ${pdbapps}/delete-reports -a ! -h ${pdbapps}/delete-reports ] then mv ${pdbapps}/delete-reports ${pdbapps}/delete-reports.original ln -s \$(which true) ${pdbapps}/delete-reports From 840446b7969258f4592015ce664bef66881f3af4 Mon Sep 17 00:00:00 2001 From: David Sandilands Date: Tue, 31 Jan 2023 12:28:31 +0000 Subject: [PATCH 7/9] Correcting PDK overreach --- plans/subplans/modify_certificate.pp | 4 ++-- plans/upgrade.pp | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/plans/subplans/modify_certificate.pp b/plans/subplans/modify_certificate.pp index 01058002..e79f03ba 100644 --- a/plans/subplans/modify_certificate.pp +++ b/plans/subplans/modify_certificate.pp @@ -96,7 +96,7 @@ # The docs are broken, and the process is unclean. Sadface. run_task('service', $target, { action => 'stop', name => 'pe-puppetserver' }) run_command(@("HEREDOC"/L), $target) - rm -f \ + rm -f \ /etc/puppetlabs/puppet/ssl/certs/${certname}.pem \ /etc/puppetlabs/puppet/ssl/private_keys/${certname}.pem \ /etc/puppetlabs/puppet/ssl/public_keys/${certname}.pem \ @@ -104,7 +104,7 @@ /etc/puppetlabs/puppet/ssl/ca/signed/${certname}.pem \ |-HEREDOC run_command(@("HEREDOC"/L), $target) - /opt/puppetlabs/bin/puppetserver ca generate \ + /opt/puppetlabs/bin/puppetserver ca generate \ --certname ${certname} \ --subject-alt-names ${alt_names.join(',')} \ --ca-client diff --git a/plans/upgrade.pp b/plans/upgrade.pp index c9a28eb6..34e1b370 100644 --- a/plans/upgrade.pp +++ b/plans/upgrade.pp @@ -321,7 +321,7 @@ # Return the delete-reports CLI app to its original state if $workaround_delete_reports { run_command(@("COMMAND"/$), $replica_target) - if [ -e ${pdbapps}/delete-reports.original ] + if [ -e ${pdbapps}/delete-reports.original ] then mv ${pdbapps}/delete-reports.original ${pdbapps}/delete-reports fi From 7bcc92c9a4d551d4ba8fb2d5eb5273b2633f38d2 Mon Sep 17 00:00:00 2001 From: David Sandilands Date: Tue, 31 Jan 2023 12:39:14 +0000 Subject: [PATCH 8/9] Removing github workflow pdk added which clashes with our release --- .github/workflows/auto_release.yml | 90 ------------------------------ .sync.yml | 2 +- 2 files changed, 1 insertion(+), 91 deletions(-) delete mode 100644 .github/workflows/auto_release.yml diff --git a/.github/workflows/auto_release.yml b/.github/workflows/auto_release.yml deleted file mode 100644 index f4aed440..00000000 --- a/.github/workflows/auto_release.yml +++ /dev/null @@ -1,90 +0,0 @@ -name: "Auto release" - -on: - workflow_dispatch: - -env: - HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6 - HONEYCOMB_DATASET: litmus tests - CHANGELOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - -jobs: - auto_release: - name: "Automatic release prep" - runs-on: ubuntu-20.04 - - steps: - - - name: "Honeycomb: Start recording" - uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1 - with: - apikey: ${{ env.HONEYCOMB_WRITEKEY }} - dataset: ${{ env.HONEYCOMB_DATASET }} - job-status: ${{ job.status }} - - - name: "Honeycomb: start first step" - run: | - echo STEP_ID="auto-release" >> $GITHUB_ENV - echo STEP_START=$(date +%s) >> $GITHUB_ENV - - name: "Checkout Source" - if: ${{ github.repository_owner == 'puppetlabs' }} - uses: actions/checkout@v2 - with: - fetch-depth: 0 - persist-credentials: false - - - name: "PDK Release prep" - uses: docker://puppet/iac_release:ci - with: - args: 'release prep --force' - env: - CHANGELOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: "Get Version" - if: ${{ github.repository_owner == 'puppetlabs' }} - id: gv - run: | - echo "::set-output name=ver::$(jq --raw-output .version metadata.json)" - - - name: "Check if a release is necessary" - if: ${{ github.repository_owner == 'puppetlabs' }} - id: check - run: | - git diff --quiet CHANGELOG.md && echo "::set-output name=release::false" || echo "::set-output name=release::true" - - - name: "Commit changes" - if: ${{ github.repository_owner == 'puppetlabs' && steps.check.outputs.release == 'true' }} - run: | - git config --local user.email "${{ github.repository_owner }}@users.noreply.github.com" - git config --local user.name "GitHub Action" - git add . - git commit -m "Release prep v${{ steps.gv.outputs.ver }}" - - - name: Create Pull Request - id: cpr - uses: puppetlabs/peter-evans-create-pull-request@v3 - if: ${{ github.repository_owner == 'puppetlabs' && steps.check.outputs.release == 'true' }} - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: "Release prep v${{ steps.gv.outputs.ver }}" - branch: "release-prep" - delete-branch: true - title: "Release prep v${{ steps.gv.outputs.ver }}" - body: | - Automated release-prep through [pdk-templates](https://github.com/puppetlabs/pdk-templates/blob/main/moduleroot/.github/workflows/auto_release.yml.erb) from commit ${{ github.sha }}. - Please verify before merging: - - [ ] last [nightly](https://github.com/${{ github.repository }}/actions/workflows/nightly.yml) run is green - - [ ] [Changelog](https://github.com/${{ github.repository }}/blob/release-prep/CHANGELOG.md) is readable and has no unlabeled pull requests - - [ ] Ensure the [changelog](https://github.com/${{ github.repository }}/blob/release-prep/CHANGELOG.md) version and [metadata](https://github.com/${{ github.repository }}/blob/release-prep/metadata.json) version match - labels: "maintenance" - - - name: PR outputs - if: ${{ github.repository_owner == 'puppetlabs' && steps.check.outputs.release == 'true' }} - run: | - echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" - echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" - - - name: "Honeycomb: Record finish step" - if: ${{ always() }} - run: | - buildevents step $TRACE_ID $STEP_ID $STEP_START 'Finished auto release workflow' diff --git a/.sync.yml b/.sync.yml index b21d4873..5a21fbe3 100644 --- a/.sync.yml +++ b/.sync.yml @@ -29,6 +29,6 @@ spec/spec_helper.rb: - 'spec/docker/**/files/puppet-enterprise*' - 'spec/docker/.task_cache.json' .github/workflows/auto_release.yml: - unmanaged: false + unmanaged: true .github/workflows/release.yml: unmanaged: false From 98d4bc3ed8b6996594e11a92b6dda705b740ca3e Mon Sep 17 00:00:00 2001 From: David Sandilands Date: Tue, 31 Jan 2023 12:54:48 +0000 Subject: [PATCH 9/9] Updating readme Updating to reflect versions supported --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dc9791e8..c2c22264 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ This Puppet module contains Bolt plans used to deploy and manage Puppet Enterprise infrastructure. Plans are provided to automate common lifecycle activities in order to increase velocity and reduce the possibility of human error incurred by manually performing these activities. -The peadm module is able to deploy and manage Puppet Enterprise 2019.x Standard, Large, and Extra Large architectures. +The peadm module is able to deploy and manage Puppet Enterprise 2019.7 and higher for Standard, Large, and Extra Large architectures. #### Table of Contents