Puppet Plan: peadm::add_compiler

Defined in:
plans/add_compiler.pp

Summary

Add a new compiler to a PE architecture or replace an existing one with new configuration.

Overview

Parameters:

  • avail_group_letter (Enum['A', 'B']) (defaults to: 'A')

    _ Either A or B; whichever of the two letter designations the compiler is being assigned to

  • compiler_host (Peadm::SingleTargetSpec)

    _ The hostname and certname of the new compiler

  • dns_alt_names (Optional[String[1]]) (defaults to: undef)

    _ A comma_separated list of DNS alt names for the compiler

  • primary_host (Peadm::SingleTargetSpec)

    _ The hostname and certname of the primary Puppet server

  • primary_postgresql_host (Optional[Peadm::SingleTargetSpec]) (defaults to: undef)

    _ The hostname and certname of the PE-PostgreSQL server with availability group $avail_group_letter



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
 
# File 'plans/add_compiler.pp', line 9

plan peadm::add_compiler(
  Enum['A', 'B'] $avail_group_letter = 'A' ,
  Optional[String[1]] $dns_alt_names = undef,
  Peadm::SingleTargetSpec $compiler_host,
  Peadm::SingleTargetSpec $primary_host,
  Optional[Peadm::SingleTargetSpec] $primary_postgresql_host = undef,
) {
  $compiler_target           = peadm::get_targets($compiler_host, 1)
  $primary_target            = peadm::get_targets($primary_host, 1)

  # Get current peadm config to determine where to setup additional rules for
  # compiler's secondary PuppetDB instances
  $peadm_config = run_task('peadm::get_peadm_config', $primary_target).first.value

  if $primary_postgresql_host == undef {
    # get the external PostgreSQL host for the specified availability group
    $external_postgresql_host = $avail_group_letter ? {
      'A'     => $peadm_config['params']['primary_postgresql_host'],
      default => $peadm_config['params']['replica_postgresql_host'],
    }

    # If the external_postgresql_host is undef, use the server for that availability group
    $postgresql_host = $external_postgresql_host ? {
      undef   => $peadm_config['role-letter']['server'][$avail_group_letter],
      default => $external_postgresql_host,
    }

    if $postgresql_host == undef {
      fail_plan("No PostgreSQL host found for availability group ${avail_group_letter}")
    }

    $primary_postgresql_target = peadm::get_targets($postgresql_host, 1)
  } else {
    $primary_postgresql_target = peadm::get_targets($primary_postgresql_host, 1)
  }

  # Return the opposite server than the compiler to be added so it can be
  # configured with the appropriate rules for Puppet Server access from
  # compiler
  $replica_avail_group_letter = $avail_group_letter ? { 'A' => 'B', 'B' => 'A' }
  $replica_puppetdb = $peadm_config['role-letter']['server'][$replica_avail_group_letter]

  $replica_puppetdb_target = peadm::get_targets($replica_puppetdb, 1)

  # Stop puppet.service
  run_command('systemctl stop puppet.service', peadm::flatten_compact([
        $primary_postgresql_target,
        $replica_puppetdb_target,
  ]))

  apply($replica_puppetdb_target) {
    file_line { 'pe-puppetdb-compiler-cert-allow':
      path => '/etc/puppetlabs/puppetdb/certificate-allowlist',
      line => $compiler_target.peadm::certname(),
    }
  }

  # On the PostgreSQL server backing PuppetDB for compiler, get version number
  $psql_version = run_task('peadm::get_psql_version', $primary_postgresql_target).first.value['version']

  # Add the following two lines to /opt/puppetlabs/server/data/postgresql/11/data/pg_ident.conf
  # 
  # pe-puppetdb-pe-puppetdb-map <new-compiler-host> pe-puppetdb
  # pe-puppetdb-pe-puppetdb-migrator-map <new-compiler-host> pe-puppetdb-migrator

  apply($primary_postgresql_target) {
    file_line { 'pe-puppetdb-pe-puppetdb-map':
      path => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_ident.conf",
      line => "pe-puppetdb-pe-puppetdb-map ${compiler_target.peadm::certname()} pe-puppetdb",
    }
    file_line { 'pe-puppetdb-pe-puppetdb-migrator-map':
      path => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_ident.conf",
      line => "pe-puppetdb-pe-puppetdb-migrator-map ${compiler_target.peadm::certname()} pe-puppetdb-migrator",
    }
    file_line { 'pe-puppetdb-pe-puppetdb-read-map':
      path => "/opt/puppetlabs/server/data/postgresql/${psql_version}/data/pg_ident.conf",
      line => "pe-puppetdb-pe-puppetdb-read-map ${compiler_target.peadm::certname()} pe-puppetdb-read",
    }
  }

  # Reload pe-postgresql.service
  run_command('systemctl reload pe-postgresql.service', $primary_postgresql_target)

  # Install agent (if required) and regenerate agent certificate to add required data with peadm::subplans::component_install
  run_plan('peadm::subplans::component_install', $compiler_target,
    primary_host       => $primary_target,
    avail_group_letter => $avail_group_letter,
    dns_alt_names      => $dns_alt_names,
    role               => 'pe_compiler',
  )

  # Source the global hiera.yaml from Primary and synchronize to new compiler
  run_plan('peadm::util::copy_file', $compiler_target,
    source_host => $primary_target,
    path        => '/etc/puppetlabs/puppet/hiera.yaml'
  )

  # On <compiler-host>, run puppet agent
  run_task('peadm::puppet_runonce', $compiler_target)

  # On <primary_postgresql_host>, run puppet agent
  run_task('peadm::puppet_runonce', $primary_postgresql_target)

  # On <replica_puppetdb_target>, run puppet agent
  run_task('peadm::puppet_runonce', $replica_puppetdb_target)

  # On <primary_postgresql_host>, start puppet.service
  run_command('systemctl start puppet.service', peadm::flatten_compact([
        $primary_postgresql_target,
        $replica_puppetdb_target,
        $compiler_target,
  ]))

  return("Adding or replacing compiler ${$compiler_target.peadm::certname()} succeeded.")
}