diff --git a/REFERENCE.md b/REFERENCE.md index 250da3cf..b649f54b 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1075,14 +1075,6 @@ Run on a PE primary node to check if Code Manager is enabled. **Supports noop?** false -#### Parameters - -##### `host` - -Data type: `String[1]` - -Hostname of the PE primary node - ### `code_sync_status` A task to confirm code is in sync accross the cluster for clusters with code manager configured diff --git a/plans/add_replica.pp b/plans/add_replica.pp index 54c85523..0806f33f 100644 --- a/plans/add_replica.pp +++ b/plans/add_replica.pp @@ -22,9 +22,7 @@ $replica_target = peadm::get_targets($replica_host, 1) $replica_postgresql_target = peadm::get_targets($replica_postgresql_host, 1) - $code_manager_enabled = run_task( - 'peadm::code_manager_enabled', $primary_target, host => $primary_target.peadm::certname() - ).first.value['code_manager_enabled'] + $code_manager_enabled = run_task('peadm::code_manager_enabled', $primary_target).first.value['code_manager_enabled'] if $code_manager_enabled == false { fail('Code Manager must be enabled to add a replica. Please refer to the docs for more information on enabling Code Manager.') diff --git a/tasks/backup_classification.rb b/tasks/backup_classification.rb index 6ddeeba2..a98238cf 100755 --- a/tasks/backup_classification.rb +++ b/tasks/backup_classification.rb @@ -20,11 +20,12 @@ def execute! private def https_client - client = Net::HTTP.new('localhost', '4433') + client = Net::HTTP.new(Puppet.settings[:certname], 4433) client.use_ssl = true client.cert = @cert ||= OpenSSL::X509::Certificate.new(File.read(Puppet.settings[:hostcert])) client.key = @key ||= OpenSSL::PKey::RSA.new(File.read(Puppet.settings[:hostprivkey])) - client.verify_mode = OpenSSL::SSL::VERIFY_NONE + client.verify_mode = OpenSSL::SSL::VERIFY_PEER + client.ca_file = Puppet.settings[:localcacert] client end diff --git a/tasks/code_manager_enabled.json b/tasks/code_manager_enabled.json index 85d24c67..5de593b9 100644 --- a/tasks/code_manager_enabled.json +++ b/tasks/code_manager_enabled.json @@ -1,10 +1,5 @@ { "description": "Run on a PE primary node to check if Code Manager is enabled.", - "parameters": { - "host": { - "type": "String[1]", - "description": "Hostname of the PE primary node" - } - }, + "parameters": {}, "input_method": "stdin" } diff --git a/tasks/code_manager_enabled.rb b/tasks/code_manager_enabled.rb index 2a8aa5b2..3c41f065 100755 --- a/tasks/code_manager_enabled.rb +++ b/tasks/code_manager_enabled.rb @@ -6,12 +6,8 @@ require 'net/http' require 'puppet' -# GetPEAdmConfig task class -class GetPEAdmConfig - def initialize(params) - @host = params['host'] - end - +# CodeManagerEnabled task class +class CodeManagerEnabled def execute! code_manager_enabled = groups.dig('PE Master', 'classes', 'puppet_enterprise::profile::master', 'code_manager_auto_configure') @@ -20,18 +16,16 @@ def execute! puts({ 'code_manager_enabled' => code_manager_enabled_value }.to_json) end - # Returns a GetPEAdmConfig::NodeGroups object created from the /groups object - # returned by the classifier def groups @groups ||= begin - net = https(@host, 4433) + net = https res = net.get('/classifier-api/v1/groups') NodeGroup.new(JSON.parse(res.body)) end end - def https(host, port) - https = Net::HTTP.new(host, port) + def https + https = Net::HTTP.new(Puppet.settings[:certname], 4433) https.use_ssl = true https.cert = @cert ||= OpenSSL::X509::Certificate.new(File.read(Puppet.settings[:hostcert])) https.key = @key ||= OpenSSL::PKey::RSA.new(File.read(Puppet.settings[:hostprivkey])) @@ -68,6 +62,6 @@ def dig(name, *args) # testing of this task. unless ENV['RSPEC_UNIT_TEST_MODE'] Puppet.initialize_settings - task = GetPEAdmConfig.new(JSON.parse(STDIN.read)) + task = CodeManagerEnabled.new task.execute! end diff --git a/tasks/code_sync_status.rb b/tasks/code_sync_status.rb index 93c2fa69..2ad3a1f9 100755 --- a/tasks/code_sync_status.rb +++ b/tasks/code_sync_status.rb @@ -19,11 +19,12 @@ def execute! private def https_client - client = Net::HTTP.new('localhost', '8140') + client = Net::HTTP.new(Puppet.settings[:certname], 8140) client.use_ssl = true client.cert = @cert ||= OpenSSL::X509::Certificate.new(File.read(Puppet.settings[:hostcert])) client.key = @key ||= OpenSSL::PKey::RSA.new(File.read(Puppet.settings[:hostprivkey])) - client.verify_mode = OpenSSL::SSL::VERIFY_NONE + client.verify_mode = OpenSSL::SSL::VERIFY_PEER + client.ca_file = Puppet.settings[:localcacert] client end diff --git a/tasks/pe_ldap_config.rb b/tasks/pe_ldap_config.rb index fd393ee1..ab00dd15 100755 --- a/tasks/pe_ldap_config.rb +++ b/tasks/pe_ldap_config.rb @@ -32,17 +32,17 @@ def main end uri = URI("https://#{pe_main}:4433/rbac-api/v1/ds") - http = Net::HTTP.new(uri.host, uri.port) - http.use_ssl = true - http.verify_mode = OpenSSL::SSL::VERIFY_NONE - http.ca_file = cafout.strip - http.cert = OpenSSL::X509::Certificate.new(File.read(certout.strip)) - http.key = OpenSSL::PKey::RSA.new(File.read(keyout.strip)) + https = Net::HTTP.new(uri.host, uri.port) + https.use_ssl = true + https.verify_mode = OpenSSL::SSL::VERIFY_PEER + https.ca_file = cafout.strip + https.cert = OpenSSL::X509::Certificate.new(File.read(certout.strip)) + https.key = OpenSSL::PKey::RSA.new(File.read(keyout.strip)) req = Net::HTTP::Put.new(uri, 'Content-type' => 'application/json') req.body = data.to_json - resp = http.request(req) + resp = https.request(req) puts resp.body raise "API response code #{resp.code}" unless resp.code == '200' diff --git a/tasks/puppet_infra_upgrade.rb b/tasks/puppet_infra_upgrade.rb index 4071971b..daad14b8 100755 --- a/tasks/puppet_infra_upgrade.rb +++ b/tasks/puppet_infra_upgrade.rb @@ -7,6 +7,7 @@ require 'open3' require 'timeout' require 'etc' +require 'puppet' # Class to run and execute the `puppet infra upgrade` command as a task. class PuppetInfraUpgrade @@ -39,17 +40,13 @@ def execute! end end - def inventory_uri - @inventory_uri ||= URI.parse('https://localhost:8143/orchestrator/v1/inventory') - end - def request_object(nodes:, token_file:) token = File.read(token_file) body = { 'nodes' => nodes, }.to_json - request = Net::HTTP::Post.new(inventory_uri.request_uri) + request = Net::HTTP::Post.new('/orchestrator/v1/inventory') request['Content-Type'] = 'application/json' request['X-Authentication'] = token.chomp request.body = body @@ -57,21 +54,24 @@ def request_object(nodes:, token_file:) request end - def http_object - http = Net::HTTP.new(inventory_uri.host, inventory_uri.port) - http.use_ssl = true - http.verify_mode = OpenSSL::SSL::VERIFY_NONE + def https_object + https = Net::HTTP.new(Puppet.settings[:certname], 8143) + https.use_ssl = true + https.cert = OpenSSL::X509::Certificate.new(File.read(Puppet.settings[:hostcert])) + https.key = OpenSSL::PKey::RSA.new(File.read(Puppet.settings[:hostprivkey])) + https.verify_mode = OpenSSL::SSL::VERIFY_PEER + https.ca_file = Puppet.settings[:localcacert] - http + https end def wait_until_connected(nodes:, token_file:, timeout: 120) - http = http_object + https = https_object request = request_object(nodes: nodes, token_file: token_file) inventory = {} Timeout.timeout(timeout) do loop do - response = http.request(request) + response = https.request(request) unless response.is_a? Net::HTTPSuccess raise "Unexpected result from orchestrator: #{response.class}\n#{response}" end @@ -92,6 +92,7 @@ def wait_until_connected(nodes:, token_file:, timeout: 120) # environment flag is used to disable auto-execution and enable Ruby unit # testing of this task. unless ENV['RSPEC_UNIT_TEST_MODE'] + Puppet.initialize_settings upgrade = PuppetInfraUpgrade.new(JSON.parse(STDIN.read)) upgrade.execute! end diff --git a/tasks/restore_classification.rb b/tasks/restore_classification.rb index cf08a248..6b778b2a 100755 --- a/tasks/restore_classification.rb +++ b/tasks/restore_classification.rb @@ -20,11 +20,12 @@ def execute! private def https_client - client = Net::HTTP.new('localhost', '4433') + client = Net::HTTP.new(Puppet.settings[:certname], 4433) client.use_ssl = true client.cert = @cert ||= OpenSSL::X509::Certificate.new(File.read(Puppet.settings[:hostcert])) client.key = @key ||= OpenSSL::PKey::RSA.new(File.read(Puppet.settings[:hostprivkey])) - client.verify_mode = OpenSSL::SSL::VERIFY_NONE + client.verify_mode = OpenSSL::SSL::VERIFY_PEER + client.ca_file = Puppet.settings[:localcacert] client end