Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #382 from puppetlabs/PE-36789
(PE-36789) R10k Known hosts upgrade path
- Loading branch information
Showing
8 changed files
with
294 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
{ | ||
"version": "2023.3.0", | ||
"primary_host": "pe-master-09a40c-0.us-west1-a.c.reidmv-peadm.internal", | ||
"primary_postgresql_host": "pe-psql-09a40c-0.us-west1-a.c.reidmv-peadm.internal", | ||
"replica_host": "pe-master-09a40c-1.us-west1-b.c.reidmv-peadm.internal", | ||
"replica_postgresql_host": "pe-psql-09a40c-1.us-west1-b.c.reidmv-peadm.internal", | ||
"compiler_hosts": [ | ||
"pe-compiler-09a40c-0.us-west1-a.c.reidmv-peadm.internal", | ||
"pe-compiler-09a40c-1.us-west1-b.c.reidmv-peadm.internal", | ||
"pe-compiler-09a40c-2.us-west1-c.c.reidmv-peadm.internal", | ||
"pe-compiler-09a40c-3.us-west1-a.c.reidmv-peadm.internal" | ||
], | ||
"r10k_known_hosts": [ | ||
{"name": "remotehostname", "type": "ssh-rsa", "key": "hash"}, | ||
{"name": "remotehostname2", "type": "ssh-rsa", "key": "hash"} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
# @summary Checks PE verison and warns about setting r10k_known_hosts | ||
# Checks if the current PE version is less than 2023.3.0 and the target version is greater than or equal to 2023.3.0 | ||
# If both conditions are true and the r10k_known_hosts parameter is not defined, a warning message is displayed. | ||
# @param $current_version [String] The current PE version | ||
# @param $target_version [String] The target PE version | ||
# @param $r10k_known_hosts [Optional[Peadm::Known_hosts]] The r10k_known_hosts parameter | ||
function peadm::check_version_and_known_hosts( | ||
String $current_version, | ||
String $target_version, | ||
Optional[Peadm::Known_hosts] $r10k_known_hosts = undef, | ||
) { | ||
$version = '2023.3.0' | ||
$current_check = SemVer($current_version) < SemVer($version) | ||
$target_check = SemVer($target_version) >= SemVer($version) | ||
# lint:ignore:140chars | ||
if ($current_check and $target_check and $r10k_known_hosts == undef) { | ||
out::message( @(HEREDOC/n) | ||
\nWARNING: Starting in PE 2023.3, SSH host key verification is required for Code Manager and r10k.\n | ||
To enable host key verification, you must define the puppet_enterprise::profile::master::r10k_known_hosts parameter with an array of hashes containing "name", "type", and "key" to specify your hostname, key type, and public key for your remote host(s).\n | ||
If you currently use SSH protocol to allow r10k to access your remote Git repository, your Code Manager or r10k code management tool cannot function until you define the r10k_known_hosts parameter.\n | ||
Please refer to the Puppet Enterprise 2023.3 Upgrade cautions for more details.\n | ||
HEREDOC | ||
)# lint:endignore | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
function peadm::get_pe_conf(Target $target) { | ||
$current_pe_conf_content = run_task('peadm::read_file', $target, path => '/etc/puppetlabs/enterprise/conf.d/pe.conf').first['content'] | ||
|
||
# Parse the current pe.conf content and return the hash | ||
return $current_pe_conf_content ? { | ||
undef => {}, | ||
default => stdlib::parsehocon($current_pe_conf_content), | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
# @summary Update the pe.conf file on a target with the provided hash | ||
# @param target [Bolt::Target] The target to update the pe.conf file on | ||
# @param updated_pe_conf_hash [Hash] The hash to update the pe.conf file with | ||
function peadm::update_pe_conf(Target $target, Hash $updated_pe_conf_hash) { | ||
# Convert the updated hash back to a pretty JSON string | ||
$updated_pe_conf_content = stdlib::to_json_pretty($updated_pe_conf_hash) | ||
|
||
# Write the updated content back to pe.conf on the target | ||
write_file($updated_pe_conf_content, '/etc/puppetlabs/enterprise/conf.d/pe.conf', $target) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.