.github/workflows/README.md

@@ -0,0 +1,26 @@
+# PEADM Workflows for Github Actions
+
+These workflows enable acceptance testing of peadm plans using Github Actions. The Puppet Cloud CI tool from the IAC team is used to provision VMs for testing, and a fixtures module, peadm\_spec, is used to run Bolt-based testing plans. The fixtures module is located in the spec/acceptance/peadm\_spec directory.
+
+## Using workflows
+
+Most workflows start with the same core functionality: provision Cloud CI VMs, then use peadm::provision to install PE. If the installation is successfull, more testing may be performed after that.
+
+If a workflow supports ssh debugging, an optional extra step is added to permit users to ssh into the runner VM prior to the workflow kicking off properly. The credentials and ngrok configuration to enable this must be set as secrets on the Github repository. Once connected, the user can resume flow by touching a "continue" file, and, if they would like flow to pause before tearing down VMs, touch a "pause" file as well. When the pause file is removed, the tear-down will resume.
+
+There are six supported architectures for most tests:
+
+* standard
+* standard-with-dr
+* large
+* large-with-dr
+* extra-large
+* extra-large-with-dr
+
+### PR Test ###
+
+PRs are tested ONLY when a review is requested. This is to prevent unnecessary and expensive testing runs kicking off simply when filing a PR, waiting instead until a user signals the PR is ready for testing by requesting a review.
+
+### Note for maintainers ###
+
+The `steps:` of each of these three workflows are identical, with the exception of the first step in the debugging flow (which is the ssh step). When modifying the steps of any flow, the others should therefore be updatable with a simple full copy-paste. At some point we should wrap these up into composite flows of their own.

.github/workflows/test-add-replica.yaml

@@ -15,7 +15,7 @@ on:
       version:
         description: 'PE version to install'
         required: true
-        default: '2019.8.7'
+        default: '2019.8.8'
       ssh-debugging:
         description: 'Boolean; whether or not to pause for ssh debugging'
         required: true

.github/workflows/test-install-matrix.yaml

@@ -28,8 +28,8 @@ jobs:
           - large
           - extra-large-with-dr
         version:
-          - 2019.8.7
-          - 2021.2.0
+          - 2019.8.8
+          - 2021.3.0
         image:
           - centos-7
 

.github/workflows/test-install.yaml

@@ -15,7 +15,7 @@ on:
       version:
         description: 'PE version to install'
         required: true
-        default: '2019.8.7'
+        default: '2021.3.0'
       ssh-debugging:
         description: 'Boolean; whether or not to pause for ssh debugging'
         required: true

.github/workflows/test-upgrade.yaml

@@ -0,0 +1,187 @@
+---
+name: "Upgrade test"
+
+on:
+  pull_request:
+    branches: [main]
+    types: [review_requested]
+  workflow_dispatch: {}
+
+env:
+  HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6
+  HONEYCOMB_DATASET: litmus tests
+
+jobs:
+  test-upgrade:
+    name: "PE ${{ matrix.version }} ${{ matrix.architecture }} on ${{ matrix.image }}"
+    runs-on: ubuntu-20.04
+    env:
+      BOLT_GEM: true
+      BOLT_DISABLE_ANALYTICS: true
+      BUILDEVENT_FILE: '../buildevents.txt'
+      LANG: 'en_US.UTF-8'
+    strategy:
+      fail-fast: false
+      matrix:
+        architecture:
+          - 'standard'
+          - 'extra-large-with-dr'
+        version:
+          - '2019.8.8'
+        version_to_upgrade:
+          - '2021.3.0'
+        image:
+          - 'centos-7'
+        download_mode:
+          - 'direct'
+
+    steps:
+      - name: 'Start SSH session'
+        if: ${{ github.event.inputs.ssh-debugging == 'true' }}
+        uses: luchihoratiu/debug-via-ssh@main
+        with:
+          NGROK_AUTH_TOKEN: ${{ secrets.NGROK_AUTH_TOKEN }}
+          SSH_PASS: ${{ secrets.SSH_PASS }}
+
+      - name: "Honeycomb: Start recording"
+        uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1
+        with:
+          apikey: ${{ env.HONEYCOMB_WRITEKEY }}
+          dataset: ${{ env.HONEYCOMB_DATASET }}
+          job-status: ${{ job.status }}
+
+      - name: "Honeycomb: Start first step"
+        run: |
+          echo STEP_ID=setup-test-cluster >> $GITHUB_ENV
+          echo STEP_START=$(date +%s) >> $GITHUB_ENV
+
+      - name: "Checkout Source"
+        uses: actions/checkout@v2
+
+      - name: "Activate Ruby 2.7"
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "2.7"
+          bundler-cache: true
+
+      - name: "Print bundle environment"
+        if: ${{ github.repository_owner == 'puppetlabs' }}
+        run: |
+          echo ::group::info:bundler
+            buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env
+          echo ::endgroup::
+
+      - name: "Honeycomb: Record environment setup time"
+        if: ${{ always() }}
+        run: |
+          echo ::group::honeycomb
+            buildevents step $TRACE_ID $STEP_ID $STEP_START 'Set up environment'
+            echo STEP_ID=${{ matrix.architecture }}-${{ matrix.image }}-provision >> $GITHUB_ENV
+            echo STEP_START=$(date +%s) >> $GITHUB_ENV
+          echo ::endgroup::
+
+      - name: 'Provision test cluster'
+        timeout-minutes: 15
+        run: |
+          echo ::group::prepare
+            mkdir -p $HOME/.ssh
+            echo 'Host *'                      >  $HOME/.ssh/config
+            echo '    ServerAliveInterval 150' >> $HOME/.ssh/config
+            echo '    ServerAliveCountMax 2'   >> $HOME/.ssh/config
+            buildevents cmd $TRACE_ID $STEP_ID 'rake spec_prep' -- bundle exec rake spec_prep
+          echo ::endgroup::
+
+          echo ::group::provision
+            buildevents cmd $TRACE_ID $STEP_ID 'bolt plan run peadm_spec::provision_test_cluster' -- \
+              bundle exec bolt plan run peadm_spec::provision_test_cluster \
+                --modulepath spec/fixtures/modules \
+                provider=provision_service \
+                image=${{ matrix.image }} \
+                architecture=${{ matrix.architecture }}
+          echo ::endgroup::
+
+          echo ::group::info:request
+            cat request.json || true; echo
+          echo ::endgroup::
+
+          echo ::group::info:inventory
+            sed -e 's/password: .*/password: "[redacted]"/' < spec/fixtures/litmus_inventory.yaml || true
+          echo ::endgroup::
+
+      - name: "Honeycomb: Record provision time"
+        if: ${{ always() }}
+        run: |
+          echo ::group::honeycomb
+            buildevents step $TRACE_ID $STEP_ID $STEP_START 'Provision test cluster'
+            echo STEP_ID=${{ matrix.architecture }}-${{ matrix.image }}-install >> $GITHUB_ENV
+            echo STEP_START=$(date +%s) >> $GITHUB_ENV
+          echo ::endgroup::
+
+      - name: 'Install PE on test cluster'
+        timeout-minutes: 120
+        run: |
+          buildevents cmd $TRACE_ID $STEP_ID 'bolt plan run peadm_spec::install_test_cluster' -- \
+            bundle exec bolt plan run peadm_spec::install_test_cluster \
+              --inventoryfile spec/fixtures/litmus_inventory.yaml \
+              --modulepath spec/fixtures/modules \
+              architecture=${{ matrix.architecture }} \
+              version=${{ matrix.version }}
+
+      - name: "Honeycomb: Record install time"
+        if: ${{ always() }}
+        run: |
+          echo ::group::honeycomb
+            buildevents step $TRACE_ID $STEP_ID $STEP_START 'Install PE on test cluster'
+            echo STEP_ID=${{ matrix.architecture }}-${{ matrix.image }}-tear_down >> $GITHUB_ENV
+            echo STEP_START=$(date +%s) >> $GITHUB_ENV
+          echo ::endgroup::
+
+      - name: 'Wait as long as the file ${HOME}/pause file is present'
+        if: ${{ always() && github.event.inputs.ssh-debugging == 'true' }}
+        run: |
+          while [ -f "${HOME}/pause" ] ; do
+            echo "${HOME}/pause present, sleeping for 60 seconds..."
+            sleep 60
+          done 
+          echo "${HOME}/pause absent, continuing workflow."
+
+      - name: 'Upgrade PE on test cluster'
+        timeout-minutes: 120
+        run: |
+          buildevents cmd $TRACE_ID $STEP_ID 'bolt plan run peadm_spec::upgrade_test_cluster' -- \
+            bundle exec bolt plan run peadm_spec::upgrade_test_cluster \
+              --inventoryfile spec/fixtures/litmus_inventory.yaml \
+              --modulepath spec/fixtures/modules \
+              architecture=${{ matrix.architecture }} \
+              download_mode=${{ matrix.download_mode }} \
+              version=${{ matrix.version_to_upgrade }}
+
+      - name: "Honeycomb: Record upgrade time"
+        if: ${{ always() }}
+        run: |
+          echo ::group::honeycomb
+            buildevents step $TRACE_ID $STEP_ID $STEP_START 'Upgrade PE on test cluster'
+            echo STEP_ID=${{ matrix.architecture }}-${{ matrix.version_to_upgrade }}-tear_down >> $GITHUB_ENV
+            echo STEP_START=$(date +%s) >> $GITHUB_ENV
+          echo ::endgroup::
+
+      - name: 'Tear down test cluster'
+        if: ${{ always() }}
+        continue-on-error: true
+        run: |
+          if [ -f spec/fixtures/litmus_inventory.yaml ]; then
+            echo ::group::tear_down
+              buildevents cmd $TRACE_ID $STEP_ID 'rake litmus:tear_down' -- bundle exec rake 'litmus:tear_down'
+            echo ::endgroup::
+
+            echo ::group::info:request
+              cat request.json || true; echo
+            echo ::endgroup::
+          fi
+
+      - name: "Honeycomb: Record tear down time"
+        if: ${{ always() }}
+        run: |
+          echo ::group::honeycomb
+            buildevents step $TRACE_ID $STEP_ID $STEP_START 'Tear down test cluster'
+          echo ::endgroup::

.gitignore

@@ -32,6 +32,3 @@
 .plan_cache.json
 .resource_types/
 bolt-debug.log
-!spec/fixtures/modules
-spec/fixtures/modules/*
-!spec/fixtures/modules/peadm_spec

.sync.yml

@@ -23,9 +23,6 @@ spec/spec_helper.rb:
     - '.plan_cache.json'
     - '.resource_types/'
     - 'bolt-debug.log'
-    - '!spec/fixtures/modules' # Have to reset this one to correctly not ignore peadm_spec
-    - 'spec/fixtures/modules/*'
-    - '!spec/fixtures/modules/peadm_spec'
 .github/workflows/auto_release.yml:
   unmanaged: false
 .github/workflows/release.yml:

CHANGELOG.md

@@ -2,6 +2,28 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## [v3.1.0](https://github.com/puppetlabs/puppetlabs-peadm/tree/v3.1.0) (2021-09-10)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-peadm/compare/v3.0.1...v3.1.0)
+
+### Added
+
+- Support PE 2021.3 [\#203](https://github.com/puppetlabs/puppetlabs-peadm/pull/203) ([reidmv](https://github.com/reidmv))
+- Add PE download signature checking [\#201](https://github.com/puppetlabs/puppetlabs-peadm/pull/201) ([timidri](https://github.com/timidri))
+- Add task to report on code synchronization status [\#196](https://github.com/puppetlabs/puppetlabs-peadm/pull/196) ([davidsandilands](https://github.com/davidsandilands))
+- Add an experimental peadm::uninstall plan [\#195](https://github.com/puppetlabs/puppetlabs-peadm/pull/195) ([mcka1n](https://github.com/mcka1n))
+- Remove hardcoded default memory configuration [\#194](https://github.com/puppetlabs/puppetlabs-peadm/pull/194) ([reidmv](https://github.com/reidmv))
+- Highlight user-facing plans by hiding internal plans from `bolt plan show` output [\#189](https://github.com/puppetlabs/puppetlabs-peadm/pull/189) ([reidmv](https://github.com/reidmv))
+- Add get\_peadm\_config task [\#187](https://github.com/puppetlabs/puppetlabs-peadm/pull/187) ([reidmv](https://github.com/reidmv))
+- Replace plan peadm::modify\_cert\_extensions with peadm::modify\_certificate [\#181](https://github.com/puppetlabs/puppetlabs-peadm/pull/181) ([reidmv](https://github.com/reidmv))
+
+### Fixed
+
+- Fix upgrade without replica [\#198](https://github.com/puppetlabs/puppetlabs-peadm/pull/198) ([reidmv](https://github.com/reidmv))
+- Fix upgrade bug for token files with newlines [\#193](https://github.com/puppetlabs/puppetlabs-peadm/pull/193) ([reidmv](https://github.com/reidmv))
+- Move load\_balancer class to examples [\#183](https://github.com/puppetlabs/puppetlabs-peadm/pull/183) ([reidmv](https://github.com/reidmv))
+- Fix GitHub README.md problem [\#182](https://github.com/puppetlabs/puppetlabs-peadm/pull/182) ([reidmv](https://github.com/reidmv))
+
 ## [v3.0.1](https://github.com/puppetlabs/puppetlabs-peadm/tree/v3.0.1) (2021-06-30)
 
 [Full Changelog](https://github.com/puppetlabs/puppetlabs-peadm/compare/v3.0.0...v3.0.1)

Gemfile

@@ -25,7 +25,7 @@ group :development do
   gem "puppet-module-win-default-r#{minor_version}", '~> 1.0',   require: false, platforms: [:mswin, :mingw, :x64_mingw]
   gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0',       require: false, platforms: [:mswin, :mingw, :x64_mingw]
   gem "puppet-debugger", '>= 0.18.0',                            require: false
-  gem "bolt", '>= 3.10.0',                                       require: false
+  gem "bolt", '>= 3.17.0',                                       require: false
   gem "github_changelog_generator",                              require: false
 end
 group :system_tests do

README.md

@@ -49,8 +49,8 @@ The normal usage pattern for peadm is as follows.
 
 ### Requirements
 
-* Puppet Enterprise 2019.8.1 or newer (tested with PE 2021.2)
-* Bolt 3.10.0 or newer (tested with Bolt 3.10.0)
+* Puppet Enterprise 2019.8.1 or newer (tested with PE 2021.3)
+* Bolt 3.17.0 or newer (tested with Bolt 3.17.0)
 * EL 7, EL 8, Ubuntu 18.04, or Ubuntu 20.04
 * Classifier Data enabled. This PE feature is enabled by default on new installs, but can be disabled by users if they remove the relevant configuration from their global hiera.yaml file. See the [PE docs](https://puppet.com/docs/pe/latest/config_console.html#task-5039) for more information.