(puppetlabs#469) Assign correct environment to node groups

This checks if a user configured a environment in pe.conf. If that's the
case, it will be used for the PEADM-specific node groups. Otherwise we
fall back to production.

This fixes a timing issue discovered in puppetlabs#469. In situations where the PE
infra isn't running in production, we cannot assume that a production
environment exists. And a node group can only reference classes from the
environment the node group belongs to.

Author: bastelfreak

REFERENCE.md

@@ -30,6 +30,7 @@
 * [`peadm::file_or_content`](#peadm--file_or_content)
 * [`peadm::flatten_compact`](#peadm--flatten_compact)
 * [`peadm::generate_pe_conf`](#peadm--generate_pe_conf): Generate a pe.conf file in JSON format
+* [`peadm::get_node_group_environment`](#peadm--get_node_group_environment): check if a custom PE environment is set in pe.conf
 * [`peadm::get_pe_conf`](#peadm--get_pe_conf)
 * [`peadm::get_targets`](#peadm--get_targets): Accept undef or a SingleTargetSpec, and return an Array[Target, 1, 0]. This differs from get_target() in that:   - It returns an Array[Target
 * [`peadm::log_plan_parameters`](#peadm--log_plan_parameters)
@@ -105,10 +106,6 @@
 * [`peadm::add_compiler`](#peadm--add_compiler): Proxy plan for peadm::add_compilers.
 * [`peadm::add_compilers`](#peadm--add_compilers): Add new compilers to a PE architecture or replace an existing with new configuration.
 * [`peadm::add_database`](#peadm--add_database)
-* [`peadm::add_replica`](#peadm--add_replica): Add or replace a replica host.
-Supported use cases:
-1: Adding a replica to an existing primary.
-2: The existing replica is broken, we have a fresh new VM we want to provision the replica to.
 * [`peadm::backup`](#peadm--backup): Backup puppet primary configuration
 * [`peadm::backup_ca`](#peadm--backup_ca)
 * [`peadm::convert`](#peadm--convert): Convert an existing PE cluster to a PEAdm-managed cluster
@@ -740,6 +737,24 @@ Data type: `Hash`
 A hash of settings to set in the config file. Any keys that are set to
 undef will not be included in the config file.
 
+### <a name="peadm--get_node_group_environment"></a>`peadm::get_node_group_environment`
+
+Type: Puppet Language
+
+check if a custom PE environment is set in pe.conf
+
+#### `peadm::get_node_group_environment(Peadm::SingleTargetSpec $primary)`
+
+The peadm::get_node_group_environment function.
+
+Returns: `String` the desired environment for PE specific node groups
+
+##### `primary`
+
+Data type: `Peadm::SingleTargetSpec`
+
+the FQDN for the primary, here we will read the pe.conf from
+
 ### <a name="peadm--get_pe_conf"></a>`peadm::get_pe_conf`
 
 Type: Puppet Language
@@ -1832,12 +1847,21 @@ The peadm::add_database class.
 
 The following parameters are available in the `peadm::add_database` plan:
 
+* [`node_group_environment`](#-peadm--add_database--node_group_environment)
 * [`targets`](#-peadm--add_database--targets)
 * [`primary_host`](#-peadm--add_database--primary_host)
 * [`mode`](#-peadm--add_database--mode)
 * [`begin_at_step`](#-peadm--add_database--begin_at_step)
 * [`is_migration`](#-peadm--add_database--is_migration)
 
+##### <a name="-peadm--add_database--node_group_environment"></a>`node_group_environment`
+
+Data type: `String[1]`
+
+environment for the PEADM specific node groups, if not set it will be gathered from pe.conf or production
+
+Default value: `peadm::get_node_group_environment($primary_host)`
+
 ##### <a name="-peadm--add_database--targets"></a>`targets`
 
 Data type: `Peadm::SingleTargetSpec`
@@ -1884,51 +1908,6 @@ Data type: `Optional[Boolean]`
 
 Default value: `false`
 
-### <a name="peadm--add_replica"></a>`peadm::add_replica`
-
-Add or replace a replica host.
-Supported use cases:
-1: Adding a replica to an existing primary.
-2: The existing replica is broken, we have a fresh new VM we want to provision the replica to.
-
-#### Parameters
-
-The following parameters are available in the `peadm::add_replica` plan:
-
-* [`primary_host`](#-peadm--add_replica--primary_host)
-* [`replica_host`](#-peadm--add_replica--replica_host)
-* [`replica_postgresql_host`](#-peadm--add_replica--replica_postgresql_host)
-* [`token_file`](#-peadm--add_replica--token_file)
-
-##### <a name="-peadm--add_replica--primary_host"></a>`primary_host`
-
-Data type: `Peadm::SingleTargetSpec`
-
-- The hostname and certname of the primary Puppet server
-
-##### <a name="-peadm--add_replica--replica_host"></a>`replica_host`
-
-Data type: `Peadm::SingleTargetSpec`
-
-- The hostname and certname of the replica VM
-
-##### <a name="-peadm--add_replica--replica_postgresql_host"></a>`replica_postgresql_host`
-
-Data type: `Optional[Peadm::SingleTargetSpec]`
-
-- The hostname and certname of the host with the replica PE-PosgreSQL database.
-Can be a separate host in an XL architecture, or undef in Standard or Large.
-
-Default value: `undef`
-
-##### <a name="-peadm--add_replica--token_file"></a>`token_file`
-
-Data type: `Optional[String]`
-
-- (optional) the token file in a different location than the default.
-
-Default value: `undef`
-
 ### <a name="peadm--backup"></a>`peadm::backup`
 
 Backup puppet primary configuration
@@ -2016,6 +1995,7 @@ management using PEAdm.
 The following parameters are available in the `peadm::convert` plan:
 
 * [`begin_at_step`](#-peadm--convert--begin_at_step)
+* [`node_group_environment`](#-peadm--convert--node_group_environment)
 * [`primary_host`](#-peadm--convert--primary_host)
 * [`replica_host`](#-peadm--convert--replica_host)
 * [`compiler_hosts`](#-peadm--convert--compiler_hosts)
@@ -2035,6 +2015,14 @@ The step where the plan should start. If not set, it will start at the beginning
 
 Default value: `undef`
 
+##### <a name="-peadm--convert--node_group_environment"></a>`node_group_environment`
+
+Data type: `String[1]`
+
+environment for the PEADM specific node groups, if not set it will be gathered from pe.conf or production
+
+Default value: `peadm::get_node_group_environment($primary_host)`
+
 ##### <a name="-peadm--convert--primary_host"></a>`primary_host`
 
 Data type: `Peadm::SingleTargetSpec`
@@ -2129,6 +2117,7 @@ The following parameters are available in the `peadm::install` plan:
 * [`final_agent_state`](#-peadm--install--final_agent_state)
 * [`stagingdir`](#-peadm--install--stagingdir)
 * [`uploaddir`](#-peadm--install--uploaddir)
+* [`node_group_environment`](#-peadm--install--node_group_environment)
 * [`primary_host`](#-peadm--install--primary_host)
 * [`replica_host`](#-peadm--install--replica_host)
 * [`compiler_hosts`](#-peadm--install--compiler_hosts)
@@ -2229,6 +2218,14 @@ for offline usage.
 
 Default value: `undef`
 
+##### <a name="-peadm--install--node_group_environment"></a>`node_group_environment`
+
+Data type: `String[1]`
+
+environment for the PEADM specific node groups, if not set it will be gathered from pe.conf or production
+
+Default value: `peadm::get_node_group_environment($primary_host)`
+
 ##### <a name="-peadm--install--primary_host"></a>`primary_host`
 
 Data type: `Peadm::SingleTargetSpec`
@@ -2723,6 +2720,7 @@ The following parameters are available in the `peadm::upgrade` plan:
 * [`stagingdir`](#-peadm--upgrade--stagingdir)
 * [`uploaddir`](#-peadm--upgrade--uploaddir)
 * [`begin_at_step`](#-peadm--upgrade--begin_at_step)
+* [`node_group_environment`](#-peadm--upgrade--node_group_environment)
 * [`primary_host`](#-peadm--upgrade--primary_host)
 * [`replica_host`](#-peadm--upgrade--replica_host)
 * [`compiler_hosts`](#-peadm--upgrade--compiler_hosts)
@@ -2819,6 +2817,14 @@ The step where the plan should start. If not set, it will start at the beginning
 
 Default value: `undef`
 
+##### <a name="-peadm--upgrade--node_group_environment"></a>`node_group_environment`
+
+Data type: `String[1]`
+
+environment for the PEADM specific node groups, if not set it will be gathered from pe.conf or production
+
+Default value: `peadm::get_node_group_environment($primary_host)`
+
 ##### <a name="-peadm--upgrade--primary_host"></a>`primary_host`
 
 Data type: `Peadm::SingleTargetSpec`

functions/get_node_group_environment.pp

@@ -0,0 +1,33 @@
+#
+# @summary check if a custom PE environment is set in pe.conf
+#
+# @param primary the FQDN for the primary, here we will read the pe.conf from
+#
+# @return [String] the desired environment for PE specific node groups
+#
+# @see https://www.puppet.com/docs/pe/latest/upgrade_pe#update_environment
+#
+# @author Tim Meusel <[email protected]>
+#
+function peadm::get_node_group_environment(Peadm::SingleTargetSpec $primary) {
+  $peconf = peadm::get_pe_conf(get_target($primary))
+  # if both are set, they need to be set to the same value
+  # if they are not set, we assume that the user runs their infra in production
+  $pe_install = $peconf['pe_install::install::classification::pe_node_group_environment']
+  $puppet_enterprise = $peconf['puppet_enterprise::master::recover_configuration::pe_environment']
+
+  # check if both are equal
+  # This also evaluates to true if both are undef
+  if $pe_install == $puppet_enterprise {
+    # check if the option isn't undef
+    # ToDo: A proper regex for allowed characters in an environment would be nice
+    # https://github.com/puppetlabs/puppet-docs/issues/1158
+    if $pe_install =~ String[1] {
+      return $pe_install
+    } else {
+      return 'production'
+    }
+  } else {
+    fail("pe_install::install::classification::pe_node_group_environment and puppet_enterprise::master::recover_configuration::pe_environment need to be set to the same value, not '${pe_install}' and '${puppet_enterprise}'")
+  }
+}

manifests/setup/node_manager.pp

@@ -23,6 +23,7 @@
 #   A load balancer address directing traffic to any of the "B" pool
 #   compilers. This is used for DR configuration in large and extra large
 #   architectures.
+# @param node_group_environment the environment that will be assigned to all the PE Infra node groups
 #
 class peadm::setup::node_manager (
   String[1] $primary_host,
@@ -36,6 +37,7 @@
   Optional[String[1]] $compiler_pool_address            = undef,
   Optional[String[1]] $internal_compiler_a_pool_address = $server_a_host,
   Optional[String[1]] $internal_compiler_b_pool_address = $server_b_host,
+  String[1]           $node_group_environment           = 'production',
 ) {
   # "Not-configured" placeholder string. This will be used in places where we
   # cannot set an explicit null, and need to supply some kind of value.
@@ -46,6 +48,7 @@
   # else.
   Node_group {
     purge_behavior => none,
+    environment    => $node_group_environment,
   }
 
   ##################################################

plans/add_database.pp

@@ -1,3 +1,6 @@
+#
+# @param node_group_environment environment for the PEADM specific node groups, if not set it will be gathered from pe.conf or production
+#
 plan peadm::add_database(
   Peadm::SingleTargetSpec $targets,
   Peadm::SingleTargetSpec $primary_host,
@@ -10,6 +13,7 @@
       'cleanup-db',
   'finalize']] $begin_at_step = undef,
   Optional[Boolean] $is_migration = false,
+  String[1] $node_group_environment = peadm::get_node_group_environment($primary_host),
 ) {
   $primary_target = peadm::get_targets($primary_host, 1)
   $postgresql_target = peadm::get_targets($targets, 1)
@@ -98,7 +102,7 @@
     run_plan('peadm::subplans::component_install', $postgresql_target,
       primary_host       => $primary_target,
       avail_group_letter => $avail_group_letter,
-      role               => 'puppet/puppetdb-database'
+      role               => 'puppet/puppetdb-database',
     )
   }
 
@@ -135,15 +139,17 @@
       $host = pick($a_host, $b_host)
       out::verbose("In transitive state, setting classification to ${host}")
       run_plan('peadm::util::update_classification', $primary_target,
-        postgresql_a_host => $host,
-        postgresql_b_host => $host,
-        peadm_config      => $peadm_config
+        postgresql_a_host      => $host,
+        postgresql_b_host      => $host,
+        peadm_config           => $peadm_config,
+        node_group_environment => $node_group_environment,
       )
     } else {
       run_plan('peadm::util::update_classification', $primary_target,
-        postgresql_a_host => $avail_group_letter ? { 'A' => $postgresql_host, default => undef },
-        postgresql_b_host => $avail_group_letter ? { 'B' => $postgresql_host, default => undef },
-        peadm_config      => $peadm_config
+        postgresql_a_host      => $avail_group_letter ? { 'A' => $postgresql_host, default => undef },
+        postgresql_b_host      => $avail_group_letter ? { 'B' => $postgresql_host, default => undef },
+        peadm_config           => $peadm_config,
+        node_group_environment => $node_group_environment,
       )
     }
   }

plans/add_replica.pp

@@ -7,6 +7,9 @@
 # @param replica_postgresql_host - The hostname and certname of the host with the replica PE-PosgreSQL database.
 #   Can be a separate host in an XL architecture, or undef in Standard or Large.
 # @param token_file - (optional) the token file in a different location than the default.
+# @param node_group_environment environment for the PEADM specific node groups, if not set it will be gathered from pe.conf or production
+#
+# @param token_file - (optional) the token file in a different location than the default.
 plan peadm::add_replica(
   # Standard or Large
   Peadm::SingleTargetSpec           $primary_host,
@@ -17,6 +20,7 @@
 
   # Common Configuration
   Optional[String] $token_file = undef,
+  String[1] $node_group_environment = peadm::get_node_group_environment($primary_host),
 ) {
   $primary_target             = peadm::get_targets($primary_host, 1)
   $replica_target             = peadm::get_targets($replica_host, 1)
@@ -97,6 +101,7 @@
     internal_compiler_a_pool_address => $replica_avail_group_letter ? { 'A' => $replica_target.peadm::certname(), default => undef },
     internal_compiler_b_pool_address => $replica_avail_group_letter ? { 'B' => $replica_target.peadm::certname(), default => undef },
     peadm_config                     => $peadm_config
+    node_group_environment           => $node_group_environment,
   )
 
   # Source list of files on Primary and synchronize to new Replica

plans/convert.pp

@@ -5,6 +5,7 @@
 # management using PEAdm.
 #
 # @param begin_at_step The step where the plan should start. If not set, it will start at the beginning
+# @param node_group_environment environment for the PEADM specific node groups, if not set it will be gathered from pe.conf or production
 #
 plan peadm::convert (
   # Standard
@@ -26,6 +27,7 @@
   Array[String]                     $dns_alt_names                    = [],
 
   Optional[Peadm::ConvertSteps] $begin_at_step = undef,
+  String[1] $node_group_environment = peadm::get_node_group_environment($primary_host),
 ) {
   peadm::assert_supported_bolt_version()
 
@@ -316,6 +318,7 @@
           compiler_pool_address            => $compiler_pool_address,
           internal_compiler_a_pool_address => $internal_compiler_a_pool_address,
           internal_compiler_b_pool_address => $internal_compiler_b_pool_address,
+          node_group_environment           => $node_group_environment,
           require                          => Class['peadm::setup::node_manager_yaml'],
         }
 

plans/install.pp

@@ -31,6 +31,8 @@
 #   Directory the installer tarball will be uploaded to or expected to be in
 #   for offline usage.
 #
+# @param node_group_environment environment for the PEADM specific node groups, if not set it will be gathered from pe.conf or production
+#
 plan peadm::install (
   # Standard
   Peadm::SingleTargetSpec           $primary_host,
@@ -74,6 +76,7 @@
   Peadm::Download_mode       $download_mode          = 'bolthost',
   Boolean                    $permit_unsafe_versions = false,
   String                     $token_lifetime         = '1y',
+  String[1] $node_group_environment = peadm::get_node_group_environment($primary_host),
 ) {
   # Log parameters for debugging 
   peadm::log_plan_parameters({
@@ -148,6 +151,7 @@
     internal_compiler_b_pool_address => $internal_compiler_b_pool_address,
     deploy_environment               => $deploy_environment,
     ldap_config                      => $ldap_config,
+    node_group_environment           => $node_group_environment,
 
     # Other
     stagingdir                       => $stagingdir,

plans/subplans/configure.pp

@@ -20,6 +20,8 @@
 #   Configures the state the puppet agent should be in on infrastructure nodes
 #   after PE is configured successfully.
 #
+# @param node_group_environment environment for the PEADM specific node groups, if not set it will be gathered from pe.conf or production
+#
 plan peadm::subplans::configure (
   # Standard
   Peadm::SingleTargetSpec           $primary_host,
@@ -43,7 +45,8 @@
 
   # Other
   String           $stagingdir                   = '/tmp',
-  Enum['running', 'stopped'] $final_agent_state  = 'running'
+  Enum['running', 'stopped'] $final_agent_state  = 'running',
+  String[1] $node_group_environment = peadm::get_node_group_environment($primary_host),
 ) {
   # TODO: get and validate PE version
 
@@ -106,6 +109,7 @@
       compiler_pool_address            => $compiler_pool_address,
       internal_compiler_a_pool_address => $internal_compiler_a_pool_address,
       internal_compiler_b_pool_address => $internal_compiler_b_pool_address,
+      node_group_environment           => $node_group_environment,
       require                          => Class['peadm::setup::node_manager_yaml'],
     }
   }