(puppetlabs#469) Assign correct environment to node groups

This checks if a user configured a environment in pe.conf. If that's the
case, it will be used for the PEADM-specific node groups. Otherwise we
fall back to production.

This fixes a timing issue discovered in puppetlabs#469. In situations where the PE
infra isn't running in production, we cannot assume that a production
environment exists. And a node group can only reference classes from the
environment the node group belongs to.

Author: bastelfreak

REFERENCE.md

@@ -29,6 +29,7 @@
 * [`peadm::file_or_content`](#peadm--file_or_content)
 * [`peadm::flatten_compact`](#peadm--flatten_compact)
 * [`peadm::generate_pe_conf`](#peadm--generate_pe_conf): Generate a pe.conf file in JSON format
+* [`peadm::get_node_group_environment`](#peadm--get_node_group_environment): check if a custom PE environment is set in pe.conf
 * [`peadm::get_pe_conf`](#peadm--get_pe_conf)
 * [`peadm::get_targets`](#peadm--get_targets): Accept undef or a SingleTargetSpec, and return an Array[Target, 1, 0]. This differs from get_target() in that:   - It returns an Array[Target
 * [`peadm::migration_opts_default`](#peadm--migration_opts_default)
@@ -715,6 +716,24 @@ Data type: `Hash`
 A hash of settings to set in the config file. Any keys that are set to
 undef will not be included in the config file.
 
+### <a name="peadm--get_node_group_environment"></a>`peadm::get_node_group_environment`
+
+Type: Puppet Language
+
+check if a custom PE environment is set in pe.conf
+
+#### `peadm::get_node_group_environment(Target $primary)`
+
+The peadm::get_node_group_environment function.
+
+Returns: `Any`
+
+##### `primary`
+
+Data type: `Target`
+
+the FQDN for the primary, here we will read the pe.conf from
+
 ### <a name="peadm--get_pe_conf"></a>`peadm::get_pe_conf`
 
 Type: Puppet Language
@@ -1692,6 +1711,7 @@ management using PEAdm.
 
 The following parameters are available in the `peadm::convert` plan:
 
+* [`node_group_environment`](#-peadm--convert--node_group_environment)
 * [`primary_host`](#-peadm--convert--primary_host)
 * [`replica_host`](#-peadm--convert--replica_host)
 * [`compiler_hosts`](#-peadm--convert--compiler_hosts)
@@ -1702,6 +1722,11 @@ The following parameters are available in the `peadm::convert` plan:
 * [`internal_compiler_b_pool_address`](#-peadm--convert--internal_compiler_b_pool_address)
 * [`dns_alt_names`](#-peadm--convert--dns_alt_names)
 * [`begin_at_step`](#-peadm--convert--begin_at_step)
+* [`environment_node_group`](#-peadm--convert--environment_node_group)
+
+##### <a name="-peadm--convert--node_group_environment"></a>`node_group_environment`
+
+environment for the PEADM specific node groups, if not set it will be gathered from pe.conf or production
 
 ##### <a name="-peadm--convert--primary_host"></a>`primary_host`
 
@@ -1789,6 +1814,14 @@ Optional[Enum[
 
 Default value: `undef`
 
+##### <a name="-peadm--convert--environment_node_group"></a>`environment_node_group`
+
+Data type: `Optional[String[1]]`
+
+
+
+Default value: `peadm::get_node_group_environment($primary_host)`
+
 ### <a name="peadm--install"></a>`peadm::install`
 
 Install a new PE cluster

functions/get_node_group_environment.pp

@@ -0,0 +1,31 @@
+#
+# @summary check if a custom PE environment is set in pe.conf
+#
+# @param primary the FQDN for the primary, here we will read the pe.conf from
+#
+# @see https://www.puppet.com/docs/pe/latest/upgrade_pe#update_environment
+#
+# @author Tim Meusel <[email protected]>
+#
+function peadm::get_node_group_environment(Target $primary) {
+  $peconf = peadm::get_pe_conf($primary)
+  # if both are set, they need to be set to the same value
+  # if they are not set, we assume that the user runs their infra in production
+  $pe_install = $peconf['pe_install::install::classification::pe_node_group_environment']
+  $puppet_enterprise = $peconf['puppet_enterprise::master::recover_configuration::pe_environment']
+
+  # check if both are equal
+  # This also evaluates to true if both are undef
+  if $pe_install == $puppet_enterprise {
+    # check if the option isn't undef
+    # ToDo: A proper regex for allowed characters in an environment would be nice
+    # https://github.com/puppetlabs/puppet-docs/issues/1158
+    if $pe_install =~ String[1] {
+      return $pe_install
+    } else {
+      return 'production'
+    }
+  } else {
+    fail("pe_install::install::classification::pe_node_group_environment and puppet_enterprise::master::recover_configuration::pe_environment need to be set to the same value, not '${pe_install}' and ${puppet_enterprise}")
+  }
+}

manifests/setup/node_manager.pp

@@ -23,6 +23,7 @@
 #   A load balancer address directing traffic to any of the "B" pool
 #   compilers. This is used for DR configuration in large and extra large
 #   architectures.
+# @param node_group_environment the environment that will be assigned to all the PE Infra node groups
 #
 class peadm::setup::node_manager (
   String[1] $primary_host,
@@ -36,6 +37,7 @@
   Optional[String[1]] $compiler_pool_address            = undef,
   Optional[String[1]] $internal_compiler_a_pool_address = $server_a_host,
   Optional[String[1]] $internal_compiler_b_pool_address = $server_b_host,
+  String[1]           $node_group_environment           = 'production',
 ) {
   # "Not-configured" placeholder string. This will be used in places where we
   # cannot set an explicit null, and need to supply some kind of value.
@@ -46,6 +48,7 @@
   # else.
   Node_group {
     purge_behavior => none,
+    environment    => $node_group_environment,
   }
 
   ##################################################

plans/convert.pp

@@ -3,6 +3,9 @@
 # This plan sets required certificate extensions on PE nodes, and configures
 # the required PE node groups to make an existing cluster compatible with
 # management using PEAdm.
+#
+# @param node_group_environment environment for the PEADM specific node groups, if not set it will be gathered from pe.conf or production
+#
 plan peadm::convert (
   # Standard
   Peadm::SingleTargetSpec           $primary_host,
@@ -26,6 +29,8 @@
       'modify-infra-certs',
       'convert-node-groups',
   'finalize']] $begin_at_step = undef,
+
+  Optional[String[1]] $environment_node_group = peadm::get_node_group_environment($primary_host),
 ) {
   peadm::assert_supported_bolt_version()
 
@@ -223,6 +228,7 @@
           compiler_pool_address            => $compiler_pool_address,
           internal_compiler_a_pool_address => $internal_compiler_a_pool_address,
           internal_compiler_b_pool_address => $internal_compiler_b_pool_address,
+          node_group_environment           => $node_group_environment,
           require                          => Class['peadm::setup::node_manager_yaml'],
         }
 

spec/plans/convert_spec.rb

@@ -19,7 +19,8 @@
     allow_apply
 
     expect_task('peadm::cert_data').return_for_targets('primary' => trustedjson)
-    expect_task('peadm::read_file').always_return({ 'content' => '2021.7.8' })
+    expect_task('peadm::read_file').with_params('path' => '/opt/puppetlabs/server/pe_build').always_return({ 'content' => '2021.7.8' })
+    expect_task('peadm::read_file').with_params('path' => '/etc/puppetlabs/enterprise/conf.d/pe.conf').always_return({ 'content' => {} })
 
     # For some reason, expect_plan() was not working??
     allow_plan('peadm::modify_certificate').always_return({})