.github/workflows/test-install-matrix.yaml

@@ -28,8 +28,8 @@ jobs:
           - large
           - extra-large-with-dr
         version:
-          - 2019.8.8
-          - 2021.3.0
+          - 2019.8.9
+          - 2021.4.0
         image:
           - centos-7
 

.github/workflows/test-install.yaml

@@ -15,7 +15,7 @@ on:
       version:
         description: 'PE version to install'
         required: true
-        default: '2021.3.0'
+        default: '2021.4.0'
       ssh-debugging:
         description: 'Boolean; whether or not to pause for ssh debugging'
         required: true

.github/workflows/test-upgrade.yaml

@@ -27,9 +27,9 @@ jobs:
           - 'standard'
           - 'extra-large-with-dr'
         version:
-          - '2019.8.8'
+          - '2019.8.9'
         version_to_upgrade:
-          - '2021.3.0'
+          - '2021.4.0'
         image:
           - 'centos-7'
         download_mode:

.gitignore

@@ -32,3 +32,7 @@
 .plan_cache.json
 .resource_types/
 bolt-debug.log
+spec/docker/**/*.tar.gz
+spec/docker/**/*.asc
+spec/docker/**/files/puppet-enterprise*
+spec/docker/.task_cache.json

CHANGELOG.md

@@ -2,6 +2,22 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## [v3.3.0](https://github.com/puppetlabs/puppetlabs-peadm/tree/v3.3.0) (2022-01-05)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-peadm/compare/v3.2.0...v3.3.0)
+
+### Added
+
+- Support PE 2021.4 [\#229](https://github.com/puppetlabs/puppetlabs-peadm/pull/229) ([reidmv](https://github.com/reidmv))
+- Add development and testing option to permit installing unsupported PE versions [\#204](https://github.com/puppetlabs/puppetlabs-peadm/pull/204) ([jarretlavallee](https://github.com/jarretlavallee))
+
+### Fixed
+
+- Fail agent\_install if agent is already installed [\#223](https://github.com/puppetlabs/puppetlabs-peadm/pull/223) ([reidmv](https://github.com/reidmv))
+- Catch mv errors when downloading [\#220](https://github.com/puppetlabs/puppetlabs-peadm/pull/220) ([reidmv](https://github.com/reidmv))
+- Determine validation key from asc signature file [\#219](https://github.com/puppetlabs/puppetlabs-peadm/pull/219) ([reidmv](https://github.com/reidmv))
+- Improve reliability of downloading PE tarball [\#215](https://github.com/puppetlabs/puppetlabs-peadm/pull/215) ([mcka1n](https://github.com/mcka1n))
+
 ## [v3.2.0](https://github.com/puppetlabs/puppetlabs-peadm/tree/v3.2.0) (2021-09-20)
 
 [Full Changelog](https://github.com/puppetlabs/puppetlabs-peadm/compare/v3.1.0...v3.2.0)

README.md

@@ -42,8 +42,8 @@ The normal usage pattern for peadm is as follows.
 
 ### Requirements
 
-* Puppet Enterprise 2019.8.1 or newer (tested with PE 2021.3)
-* Bolt 3.17.0 or newer (tested with Bolt 3.17.0)
+* Puppet Enterprise 2019.8.1 or newer (tested with PE 2021.4)
+* Bolt 3.17.0 or newer (tested with Bolt 3.21.0)
 * EL 7, EL 8, Ubuntu 18.04, or Ubuntu 20.04
 * Classifier Data enabled. This PE feature is enabled by default on new installs, but can be disabled by users if they remove the relevant configuration from their global hiera.yaml file. See the [PE docs](https://puppet.com/docs/pe/latest/config_console.html#task-5039) for more information.
 

REFERENCE.md

@@ -165,7 +165,7 @@ Type: Puppet Language
 
 Assert that the PE version given is supported by PEAdm
 
-#### `peadm::assert_supported_pe_version(String $version)`
+#### `peadm::assert_supported_pe_version(String $version, Boolean $permit_unsafe_versions = false)`
 
 The peadm::assert_supported_pe_version function.
 
@@ -183,6 +183,12 @@ Data type: `String`
 
 
 
+##### `permit_unsafe_versions`
+
+Data type: `Boolean`
+
+
+
 ### <a name="peadmbolt_version"></a>`peadm::bolt_version`
 
 Type: Ruby 4.x API
@@ -861,17 +867,11 @@ Data type: `Boolean`
 
 Whether to check the integrity of the downloaded file
 
-##### `key_id`
-
-Data type: `String`
-
-The GPG key ID to use when verifying the download
-
 ##### `key_server`
 
 Data type: `String`
 
-The GPG keyserver to retrieve the GPG key from
+The GPG keyserver to retrieve GPG keys from
 
 ### <a name="enable_replica"></a>`enable_replica`
 
@@ -1330,6 +1330,7 @@ The following parameters are available in the `peadm::install` plan:
 * [`license_key_content`](#license_key_content)
 * [`stagingdir`](#stagingdir)
 * [`download_mode`](#download_mode)
+* [`permit_unsafe_versions`](#permit_unsafe_versions)
 
 ##### <a name="compiler_pool_address"></a>`compiler_pool_address`
 
@@ -1410,7 +1411,7 @@ Data type: `String`
 
 
 
-Default value: `'2019.8.5'`
+Default value: `'2019.8.8'`
 
 ##### <a name="dns_alt_names"></a>`dns_alt_names`
 
@@ -1492,6 +1493,14 @@ Data type: `Enum[direct,bolthost]`
 
 Default value: `'bolthost'`
 
+##### <a name="permit_unsafe_versions"></a>`permit_unsafe_versions`
+
+Data type: `Boolean`
+
+
+
+Default value: ``false``
+
 ### <a name="peadmmodify_certificate"></a>`peadm::modify_certificate`
 
 Certificates can be modified by adding extensions, removing extensions, or
@@ -1632,6 +1641,7 @@ The following parameters are available in the `peadm::upgrade` plan:
 * [`token_file`](#token_file)
 * [`stagingdir`](#stagingdir)
 * [`download_mode`](#download_mode)
+* [`permit_unsafe_versions`](#permit_unsafe_versions)
 * [`begin_at_step`](#begin_at_step)
 
 ##### <a name="compiler_pool_address"></a>`compiler_pool_address`
@@ -1731,6 +1741,14 @@ Data type: `Enum[direct,bolthost]`
 
 Default value: `'bolthost'`
 
+##### <a name="permit_unsafe_versions"></a>`permit_unsafe_versions`
+
+Data type: `Boolean`
+
+
+
+Default value: ``false``
+
 ##### <a name="begin_at_step"></a>`begin_at_step`
 
 Data type: `Optional[Enum[

documentation/docker_examples.md

@@ -1,17 +1,12 @@
 ## Docker Based Examples
 This module provides docker compose files for the various architectures for experimentation purposes. This gives you the ability to stand up an entire PE stack in order to learn how this module and DR works. If you have docker and docker-compose you can start up a full Puppet architecture with a single command.  Please note that Puppet does not support PE on containers in production.  
 
-In order to decouple Bolt from a dev system, a special bolt container is created that will run all the bolt commands.  This is
-required to achieve maximum portability.  Should you want to run bolt commands against the PE stack you must
-first login to this bolt container via ssh, docker or docker-compose.
-
-Example: `docker-compose run --entrypoint=/bin/bash bolt`
-
 ### Requirements
 To run the container based examples you will need the following requirements:
 
 1. Docker
 2. Docker compose
+3. Bolt 3.18+
 3. realpath (brew install coreutils on mac)
 4. 16GB memory, 24GB+ for XL and XL-DR architectures
 5. CPU with many cores (Tested with Core i7 6700)
@@ -46,6 +41,8 @@ In order to stop and remove the containers you will need to perform the followin
 2. `cd <chosen architecture>` 
 3. docker-compose down
 
+Alternative you can run something similar like: `docker-compose --project-directory=large down`
+
 ### Logging into the console
 You can login to the PE Console after successful install.  However, first you will need to 
 grab the mapped port number of the PE console.  The port numbers are mapped dynamically as to not
@@ -108,6 +105,8 @@ docker inspect pe-xl-core-0.puppet.vm -f "{{json .NetworkSettings.Networks }}" |
 }
 ```
 
+You can also run `docker inspect pe-xl-core-0.puppet.vm -f "{{json .HostConfig.NetworkMode }}" | sed -e 's/^"//' -e 's/"$//'`
+
 **NOTE** In these example you may see the use of `jq`.  This is a [cli utility for parsing JSON](https://stedolan.github.io/jq/).  I recommend installing it.  As a alternative you can pipe output to `python -m json.tool`.
 
 ### Starting agent containers
@@ -122,8 +121,38 @@ Example:
 For most tasks these images are great.  However, if you wish to use puppet orchestrator with the pcp transport. The one requirement is that all images used must be systemd aware, otherwise pxp will not start. If you do not plan on using pcp 
 there is no need for containers with systemd.
 
-At this time we have not added documention for starting a container with systemd.  Instructions coming soon.
+You can use the the custom image `pe-base` built with the docker cluster named pe-base.  This is a centos:7 image that you can use to generate tens or hundreds of agents.  (Resources permitting).  You will also want to run the docker run command with additonal flags.
+
+`docker run -d -t --hostname=pe-std-agent1.puppet.vm --network=pe-std_default --privileged --label=pe-std-agent,docker-example-agent" -v /sys/fs/cgroup:/sys/fs/cgroup:ro pe-base"`
+
+Once you have created the container you will obviously want to install the puppet agent
+
+`docker exec -ti $CONTAINER_ID sh -c "curl -k https://${PE_SERVER}:8140/packages/current/install.bash | bash && puppet agent -t"`
+
+Accept the cert in the console and run the puppet agent again on the agent container.
 
+Login interactively if you wish: `docker exec -ti $CONTAINER_ID /bin/bash`
+
+Take a look at the spec/docker/Dockerfile for examples of how to setup systemd in a container.
+
+
+### Cleaning up
+Before you run docker-compose down inside the cluster type directory you will need to stop and remove
+all the agent containers if created.
+
+This can be done like so:
+
+```bash
+# base name is the name of the primary hostname without domain
+PE_CLUSTER_TYPE=standard
+BASE_NAME=pe-std
+docker stop $(docker ps -q -f label="${BASE_NAME}-agent")
+docker rm $(docker ps -a -q -f label="${BASE_NAME}-agent")
+# The docker-compose down command cannot be run until the agents have been removed
+cd spec/docker/${PE_CLUSTER_TYPE}
+docker-compose down
+
+```
 
 ### Other notes
 1. The install plan is not fully idempotent.
@@ -134,3 +163,5 @@ At this time we have not added documention for starting a container with systemd
 6. You can use top to view all the processes being run in the containers.
 7. Docker will use the privilege mode option when running these examples (systemd support)
 8. Systemd is running inside these containers!  The real systemd, not the fake one.
+
+If you see errors regarding peadmin::puppet_runonce, just run the install or upgrade script again.  Might have to perform multiple times for resource constrained docker hosts.

documentation/install.md

@@ -33,6 +33,10 @@ When installing a new PE cluster using peadm, there are several different host p
 
 Supplying a combination of host parameters which does not match one of the supported architectures above will result in an unsupported architecture error.
 
+## Requirements
+
+* Puppet must not be installed on any of the target PE cluster hosts prior to beginning install.
+
 ## Usage
 
 ### Bolt 3 usage
@@ -99,7 +103,7 @@ Example params.json Bolt parameters file (shown: Extra Large with DR):
   "console_password": "puppetlabs",
   "dns_alt_names": [ "puppet", "puppet.lab1.puppet.vm" ],
   "compiler_pool_address": "puppet.lab1.puppet.vm",
-  "version": "2021.3.0"
+  "version": "2021.4.0"
 }
 ```
 
@@ -111,7 +115,7 @@ The peadm::install plan downloads installation content from an online repository
 
 The default staging directory is `/tmp`. If a different staging dir is being used, it can be specified using the `stagingdir` parameter to the peadm::install plan.
 
-The content needed is the PE installation tarball for the target version. The installation content should be in the staging dir, and should have its original name. E.g. `/tmp/puppet-enterprise-2021.3.0-el-7-x86_64.tar.gz`.
+The content needed is the PE installation tarball for the target version. The installation content should be in the staging dir, and should have its original name. E.g. `/tmp/puppet-enterprise-2021.4.0-el-7-x86_64.tar.gz`.
 
 Installation content can be downloaded from [https://puppet.com/try-puppet/puppet-enterprise/download/](https://puppet.com/try-puppet/puppet-enterprise/download/).
 

functions/assert_supported_pe_version.pp

@@ -3,12 +3,25 @@
 # @param [String] the version number to check
 function peadm::assert_supported_pe_version (
   String $version,
+  Boolean $permit_unsafe_versions = false,
 ) >> Struct[{'supported' => Boolean}] {
   $oldest = '2019.7'
-  $newest = '2021.3'
+  $newest = '2021.4'
   $supported = ($version =~ SemVerRange(">= ${oldest} <= ${newest}"))
 
-  unless $supported {
+  if $permit_unsafe_versions {
+    warning(@("WARN"/L))
+      WARNING: Permitting unsafe PE versions. This is not supported or tested.
+        Proceeding with this action could result in a broken PE Infrastructure.
+      | WARN
+  }
+
+  if (!$supported and $permit_unsafe_versions) {
+    warning(@("WARN"/L))
+      WARNING: PE version ${version} is NOT SUPPORTED!
+      | WARN
+  }
+  elsif (!$supported) {
     fail(@("REASON"/L))
       This version of the puppetlabs-peadm module does not support PE ${version}.
 

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-peadm",
-  "version": "3.2.0",
+  "version": "3.3.0",
   "author": "puppetlabs",
   "summary": "Bolt plans used to deploy an at-scale Puppet Enterprise architecture",
   "license": "Apache-2.0",
@@ -10,7 +10,7 @@
   "dependencies": [
     {
       "name": "puppetlabs/stdlib",
-      "version_requirement": ">= 6.5.0 < 8.0.0"
+      "version_requirement": ">= 6.5.0 < 9.0.0"
     },
     {
       "name": "WhatsARanjit/node_manager",
@@ -30,7 +30,7 @@
     },
     {
       "name": "puppetlabs/service",
-      "version_requirement": ">= 1.3.0 < 2.0.0"
+      "version_requirement": ">= 1.3.0 < 3.0.0"
     }
   ],
   "operatingsystem_support": [

plans/install.pp

@@ -26,7 +26,7 @@
 
   # Common Configuration
   String                            $console_password,
-  String                            $version                          = '2019.8.5',
+  String                            $version                          = '2019.8.8',
   Optional[Array[String]]           $dns_alt_names                    = undef,
   Optional[String]                  $compiler_pool_address            = undef,
   Optional[String]                  $internal_compiler_a_pool_address = undef,
@@ -44,12 +44,13 @@
   Optional[String]                  $license_key_content = undef,
 
   # Other
-  Optional[String]                  $stagingdir    = undef,
-  Enum[direct,bolthost]             $download_mode = 'bolthost',
+  Optional[String]                  $stagingdir             = undef,
+  Enum[direct,bolthost]             $download_mode          = 'bolthost',
+  Boolean                           $permit_unsafe_versions = false,
 ) {
   peadm::assert_supported_bolt_version()
 
-  peadm::assert_supported_pe_version($version)
+  peadm::assert_supported_pe_version($version, $permit_unsafe_versions)
 
   $install_result = run_plan('peadm::subplans::install',
     # Standard
@@ -81,6 +82,7 @@
     # Other
     stagingdir                     => $stagingdir,
     download_mode                  => $download_mode,
+    permit_unsafe_versions         => $permit_unsafe_versions,
   )
 
   $configure_result = run_plan('peadm::subplans::configure',

plans/subplans/install.pp

@@ -48,10 +48,11 @@
   Optional[String]     $license_key_content = undef,
 
   # Other
-  String                $stagingdir    = '/tmp',
-  Enum[direct,bolthost] $download_mode = 'bolthost',
+  String                $stagingdir             = '/tmp',
+  Enum[direct,bolthost] $download_mode          = 'bolthost',
+  Boolean               $permit_unsafe_versions = false,
 ) {
-  peadm::assert_supported_pe_version($version)
+  peadm::assert_supported_pe_version($version, $permit_unsafe_versions)
 
   # Convert inputs into targets.
   $primary_target            = peadm::get_targets($primary_host, 1)