New changes

Author: petergmurphy

plans/convert.pp

@@ -60,6 +60,54 @@
 
   out::message('# Gathering information')
 
+  $cert_extensions_temp = run_task('peadm::cert_data', $all_targets).reduce({}) |$memo,$result| {
+    $memo + { $result.target.peadm::certname() => $result['extensions'] }
+  }
+
+  # Add legacy compiler role to compilers that are missing it
+  $compilers_with_legacy_compiler_flag = $cert_extensions_temp.filter |$name,$exts| {
+    ($name in $compiler_targets.map |$t| { $t.name } or $name in $legacy_compiler_targets.map |$t| { $t.name }) and
+    ($exts[peadm::oid('peadm_legacy_compiler')] != undef)
+  }
+
+  if $compilers_with_legacy_compiler_flag.size > 0 {
+    $legacy_compilers_with_flag = $compilers_with_legacy_compiler_flag.filter |$name,$exts| {
+      $exts[peadm::oid('peadm_legacy_compiler')] == 'true'
+    }.keys
+
+    $modern_compilers_with_flag = $compilers_with_legacy_compiler_flag.filter |$name,$exts| {
+      $exts[peadm::oid('peadm_legacy_compiler')] == 'false'
+    }.keys
+
+    if $modern_compilers_with_flag.size > 0 {
+      out::message('MODERN COMPILERS: Beginning removal of legacy compiler flag')
+      out::message($modern_compilers_with_flag)
+      run_plan('peadm::modify_certificate', $modern_compilers_with_flag,
+        primary_host   => $primary_target,
+        remove_extensions => [peadm::oid('peadm_legacy_compiler')],
+      )
+      out::message('MODERN COMPILERS: Removed legacy compiler flag')
+    }
+
+    if $legacy_compilers_with_flag.size > 0 {
+      out::message('LEGACY COMPILERS: Beginning addition of legacy compiler role and removal of legacy compiler flag')
+      out::message($legacy_compilers_with_flag)
+      run_plan('peadm::modify_certificate', $legacy_compilers_with_flag,
+        primary_host   => $primary_target,
+        add_extensions => {
+          'pp_auth_role' => 'pe_compiler_legacy',
+        },
+        remove_extensions => [peadm::oid('peadm_legacy_compiler'), peadm::oid('pp_auth_role')],
+      )
+      out::message('LEGACY COMPILERS: Added legacy compiler role and removed legacy compiler flag')
+    }
+
+    run_task('peadm::puppet_runonce', peadm::flatten_compact([
+          $compiler_targets,
+          $legacy_compiler_targets,
+    ]))
+  }
+
   # Get trusted fact information for all compilers. Use peadm::certname() as
   # the hash key because the apply block below will break trying to parse the
   # $compiler_extensions variable if it has Target-type hash keys.
@@ -318,6 +366,9 @@
       run_command('systemctl restart pe-puppetserver.service pe-puppetdb.service', $compiler_targets)
     }
 
+    # Update PE Master rules to support legacy compilers
+    run_task('peadm::update_pe_master_rules', $primary_target)
+
     # Run puppet on all targets again to ensure everything is fully up-to-date
     run_task('peadm::puppet_runonce', $all_targets)
   }
@@ -333,7 +384,5 @@
 # lint:endignore
   }
 
-  run_task('peadm::update_pe_master_rules', $primary_target)
-
   return("Conversion to peadm Puppet Enterprise ${arch['architecture']} completed.")
 }

plans/install.pp

@@ -143,8 +143,6 @@
     final_agent_state                => $final_agent_state,
   )
 
-  run_task('peadm::update_pe_master_rules', $primary_host)
-
   # Return a string banner reporting on what was done
   return([$install_result, $configure_result])
 }

plans/migrate_old.pp

@@ -0,0 +1,124 @@
+# @summary Migrate a PE primary server to a new host
+#
+# @param old_primary_host
+#   The existing PE primary server that will be migrated from
+# @param new_primary_host
+#   The new server that will become the PE primary server
+# @param upgrade_version
+#   Optional version to upgrade to after migration is complete
+#
+plan peadm::migrate (
+  Peadm::SingleTargetSpec $old_primary_host,
+  Peadm::SingleTargetSpec $new_primary_host,
+  Optional[String] $upgrade_version = undef,
+  Optional[Peadm::SingleTargetSpec] $replica_host = undef,
+) {
+  peadm::assert_supported_bolt_version()
+
+  $backup_file = run_plan('peadm::backup', $old_primary_host, {
+      backup_type => 'migration',
+  })
+
+  $download_results = download_file($backup_file['path'], 'backup', $old_primary_host)
+  $download_path = $download_results[0]['path']
+
+  $backup_filename = basename($backup_file['path'])
+  $remote_backup_path = "/tmp/${backup_filename}"
+
+  upload_file($download_path, $remote_backup_path, $new_primary_host)
+
+  $old_primary_target = get_targets($old_primary_host)[0]
+  $old_primary_password = peadm::get_pe_conf($old_primary_target)['console_admin_password']
+  $old_pe_conf = run_task('peadm::get_peadm_config', $old_primary_target).first.value
+
+  out::message("old_pe_conf:${old_pe_conf}.")
+
+  # run_plan('peadm::install', {
+  #     primary_host                => $new_primary_host,
+  #     console_password            => $old_primary_password,
+  #     code_manager_auto_configure => true,
+  #     download_mode               => 'direct',
+  #     version                     => $old_pe_conf['pe_version'],
+  # })
+
+  # run_plan('peadm::restore', {
+  #     targets => $new_primary_host,
+  #     restore_type => 'migration',
+  #     input_file => $remote_backup_path,
+  # })
+
+  # Use the old PE configuration to determine which nodes to purge
+  $old_primary_host_value = $old_pe_conf['params']['primary_host']
+  $replica_host_value = $old_pe_conf['params']['replica_host']
+  $primary_postgresql_host_value = $old_pe_conf['params']['primary_postgresql_host']
+  $replica_postgresql_host_value = $old_pe_conf['params']['replica_postgresql_host']
+  $compilers_value = $old_pe_conf['params']['compilers']
+  $legacy_compilers_value = $old_pe_conf['params']['legacy_compilers']
+
+  $old_primary_host_string = !empty($old_primary_host_value) ? {
+    true    => $old_primary_host_value,
+    default => ''
+  }
+
+  $replica_host_string = !empty($replica_host_value) ? {
+    true    => $replica_host_value,
+    default => ''
+  }
+
+  $primary_postgresql_host_string = !empty($primary_postgresql_host_value) ? {
+    true    => $primary_postgresql_host_value,
+    default => ''
+  }
+
+  $replica_postgresql_host_string = !empty($replica_postgresql_host_value) ? {
+    true    => $replica_postgresql_host_value,
+    default => ''
+  }
+
+  $compilers_string = !empty($compilers_value) ? {
+    true    => $compilers_value.filter |$node| { !empty($node) }.join(','),
+    default => ''
+  }
+
+  $legacy_compilers_string = !empty($legacy_compilers_value) ? {
+    true    => $legacy_compilers_value.filter |$node| { !empty($node) }.join(','),
+    default => ''
+  }
+
+  $purge_components = [
+    $replica_host_string,
+    $primary_postgresql_host_string,
+    $replica_postgresql_host_string,
+    $compilers_string,
+    $legacy_compilers_string,
+    $old_primary_host_string,
+  ].filter |$component| { !empty($component) }
+
+  out::message("purge_components: ${purge_components}")
+
+  if !empty($purge_components) {
+    out::message('Purging nodes from old configuration individually')
+    $purge_components.each |$component| {
+      out::message("Purging component: ${component}")
+      run_command("/opt/puppetlabs/bin/puppet node purge ${component}", $new_primary_host)
+    }
+  } else {
+    out::message('No nodes to purge from old configuration')
+  }
+
+  # if $replica_host {
+  #   run_plan('peadm::add_replica', {
+  #       primary_host => $new_primary_host,
+  #       replica_host => $replica_host,
+  #   })
+  # }
+
+  # if $upgrade_version and $upgrade_version != '' and !empty($upgrade_version) {
+  #   run_plan('peadm::upgrade', {
+  #       primary_host                => $new_primary_host,
+  #       version                     => $upgrade_version,
+  #       download_mode               => 'direct',
+  #       replica_host                => $replica_host,
+  #   })
+  # }
+}

plans/subplans/configure.pp

@@ -174,5 +174,9 @@
         $legacy_compiler_targets,
   ]))
 
+  # Update PE Master rules to support legacy compilers
+  run_task('peadm::update_pe_master_rules', $primary_host)
+  run_task('peadm::puppet_runonce', $legacy_compiler_targets)
+
   return("Configuration of Puppet Enterprise ${arch['architecture']} succeeded.")
 }

plans/upgrade.pp

@@ -146,41 +146,12 @@
     ($exts[peadm::oid('peadm_legacy_compiler')] != undef)
   }
 
-  run_task('peadm::update_pe_master_rules', $primary_target)
-
   if $compilers_with_legacy_compiler_flag.size > 0 {
-    $legacy_compilers = $compilers_with_legacy_compiler_flag.filter |$name,$exts| {
-      $exts[peadm::oid('peadm_legacy_compiler')] == 'true'
-    }.keys
-
-    $modern_compilers = $compilers_with_legacy_compiler_flag.filter |$name,$exts| {
-      $exts[peadm::oid('peadm_legacy_compiler')] == 'false'
-    }.keys
-
-    if $modern_compilers.size > 0 {
-      out::message('MODERN COMPILERS: Beginning removal of legacy compiler flag')
-      out::message($modern_compilers)
-      run_plan('peadm::modify_certificate', $modern_compilers,
-        primary_host   => $primary_target,
-        remove_extensions => [peadm::oid('peadm_legacy_compiler')],
-      )
-      out::message('MODERN COMPILERS: Removed legacy compiler flag')
-    }
-
-    if $legacy_compilers.size > 0 {
-      out::message('LEGACY COMPILERS: Beginning addition of legacy compiler role and removal of legacy compiler flag')
-      out::message($legacy_compilers)
-      run_plan('peadm::modify_certificate', $legacy_compilers,
-        primary_host   => $primary_target,
-        add_extensions => {
-          'pp_auth_role' => 'pe_compiler_legacy',
-        },
-        remove_extensions => [peadm::oid('peadm_legacy_compiler'), peadm::oid('pp_auth_role')],
-      )
-      out::message('LEGACY COMPILERS: Added legacy compiler role and removed legacy compiler flag')
-    }
+    fail_plan('Please run the Convert plan to convert your Puppet infrastructure to be managed by PEADM.')
   }
 
+  run_task('peadm::update_pe_master_rules', $primary_target)
+
   # Gather certificate extension information from all systems
   $cert_extensions = run_task('peadm::cert_data', $all_targets).reduce({}) |$memo,$result| {
     $memo + { $result.target.peadm::certname => $result['extensions'] }

tasks/update_pe_master_rules.rb

@@ -57,18 +57,20 @@ def get_current_rules(group_id)
     raise "Error fetching rules: #{e.message}"
   end
 
-  def transform_rule(rule)
-    return rule unless rule.is_a?(Array)
+  def modify_pe_master_rules(rules)
+    # If not an array, return as is
+    return rules unless rules.is_a?(Array)
 
-    if rule[0] == '=' && 
-       rule[1].is_a?(Array) && 
-       rule[1] == ['trusted', 'extensions', 'pp_auth_role'] && 
-       rule[2] == 'pe_compiler'
-      return ['~', ['trusted', 'extensions', 'pp_auth_role'], '^pe_compiler(?:_legacy)?$']
-    end
+    # Make a copy of the rules to avoid modifying the original
+    result = rules.dup
+    
+    result[1] = [
+      'or',
+      ['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler'],
+      ['=', ['trusted', 'extensions', 'pp_auth_role'], 'pe_compiler_legacy']
+    ]
 
-    # Recursively transform nested rules
-    rule.map { |element| transform_rule(element) }
+    result
   end
 
   def update_rules(group_id)
@@ -77,7 +79,7 @@ def update_rules(group_id)
       current_rules = get_current_rules(group_id)
 
       # Transform rules recursively to handle nested structures
-      new_rules = transform_rule(current_rules)
+      new_rules = modify_pe_master_rules(current_rules)
 
       # Update the group with the modified rules
       url = "/classifier-api/v1/groups/#{group_id}"