.github/workflows/test-add-compiler-matrix.yml

@@ -84,10 +84,10 @@ jobs:
             architecture=${{ matrix.architecture }} \
             console_password=${{ secrets.CONSOLE_PASSWORD }} \
             version=${{ matrix.version }}
-      - name: Run add_compiler plan
+      - name: Run add_compilers plan
         timeout-minutes: 50
         run: |
-          bundle exec bolt plan run peadm_spec::add_compiler -v \
+          bundle exec bolt plan run peadm_spec::add_compilers -v \
             --inventoryfile spec/fixtures/litmus_inventory.yaml \
             --modulepath spec/fixtures/modules \
             architecture=${{ matrix.architecture }}

.github/workflows/test-add-compiler.yaml

@@ -85,10 +85,10 @@ jobs:
             architecture=${{ matrix.architecture }} \
             version=${{ matrix.version }} \
             console_password=${{ secrets.CONSOLE_PASSWORD }
-      - name: Run add_compiler plan
+      - name: Run add_compilers plan
         timeout-minutes: 50
         run: |
-          bundle exec bolt plan run peadm_spec::add_compiler -v \
+          bundle exec bolt plan run peadm_spec::add_compilers -v \
             --inventoryfile spec/fixtures/litmus_inventory.yaml \
             --modulepath spec/fixtures/modules \
             architecture=${{ matrix.architecture }} \

.github/workflows/test-legacy-upgrade.yaml

@@ -97,7 +97,8 @@ jobs:
           compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | head -n 1)
           legacy_compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | sed -n 2p)
           replica=$(yq '.groups[].targets[] | select(.vars.role == "replica") | .name' spec/fixtures/litmus_inventory.yaml)
-          echo -n '{ "download_mode": "direct", "primary_host": "'$primary'", "replica_host": "'$replica'", "legacy_compilers": ["'$legacy_compiler'"], "compiler_hosts": ["'$compiler'"], "version": "2023.7.0", "console_password": "'${{ secrets.CONSOLE_PASSWORD }}'" }' > params.json
+          hash_random=$(LC_ALL=C tr -dc 'A-Za-z0-9!#$%&'\''()*+,-./:;<=>?@[\]^_`{|}~' </dev/urandom | head -c 30; echo)
+          echo -n '{ "download_mode": "direct", "primary_host": "'$primary'", "replica_host": "'$replica'", "legacy_compilers": ["'$legacy_compiler'"], "compiler_hosts": ["'$compiler'"], "version": "2023.7.0", "console_password": "'$hash_random'" }' > params.json
       - name: Install PE with legacy compilers
         timeout-minutes: 120
         run: |

CHANGELOG.md

@@ -5,6 +5,25 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## [v3.25.1](https://github.com/puppetlabs/puppetlabs-peadm/tree/v3.25.1) - 2024-10-24
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-peadm/compare/v3.25.0...v3.25.1)
+
+### Added
+
+- (PE-39411) Add descriptive error during infrastructure upgrade when rbac token is invalid [#514](https://github.com/puppetlabs/puppetlabs-peadm/pull/514) ([jhbuchanan45](https://github.com/jhbuchanan45))
+- (PE-39412) PEADM should be able to add multiple compilers at once without requiring service restarts on Primary [#512](https://github.com/puppetlabs/puppetlabs-peadm/pull/512) ([CoMfUcIoS](https://github.com/CoMfUcIoS))
+- PE-38801 Task added to fetch rules for PE Infrastructure Agent group and warn user that they will be replaced [#510](https://github.com/puppetlabs/puppetlabs-peadm/pull/510) ([AaronShannon](https://github.com/AaronShannon))
+
+### Fixed
+
+- fix: echo environment variable containing special char [#516](https://github.com/puppetlabs/puppetlabs-peadm/pull/516) ([LordKa0S](https://github.com/LordKa0S))
+- (PE-39429) Only restart puppetdb on non-legacy compilers [#511](https://github.com/puppetlabs/puppetlabs-peadm/pull/511) ([jhbuchanan45](https://github.com/jhbuchanan45))
+
+### Other
+
+- feat(workflow): add random hash generation for console password in test-legacy-upgrade [#513](https://github.com/puppetlabs/puppetlabs-peadm/pull/513) ([CoMfUcIoS](https://github.com/CoMfUcIoS))
+
 ## [v3.25.0](https://github.com/puppetlabs/puppetlabs-peadm/tree/v3.25.0) - 2024-09-30
 
 [Full Changelog](https://github.com/puppetlabs/puppetlabs-peadm/compare/v3.24.0...v3.25.0)

REFERENCE.md

@@ -43,12 +43,14 @@
 
 ### Data types
 
+* [`Peadm::ConvertSteps`](#Peadm--ConvertSteps): type for the different steps where the peadm::convert plan can be started
 * [`Peadm::Known_hosts`](#Peadm--Known_hosts)
 * [`Peadm::Ldap_config`](#Peadm--Ldap_config)
 * [`Peadm::Pe_version`](#Peadm--Pe_version)
 * [`Peadm::Pem`](#Peadm--Pem)
 * [`Peadm::Recovery_opts`](#Peadm--Recovery_opts)
 * [`Peadm::SingleTargetSpec`](#Peadm--SingleTargetSpec): A SingleTargetSpec represents any String, Target or single-element array of one or the other that can be passed to get_targets() to return an
+* [`Peadm::UpgradeSteps`](#Peadm--UpgradeSteps): type for the different steps where the peadm::upgrade plan can be started
 
 ### Tasks
 
@@ -64,6 +66,7 @@
 * [`download`](#download): Download a file using curl
 * [`enable_replica`](#enable_replica): Execute the enable replica puppet command
 * [`filesize`](#filesize): Return the size of a file in bytes
+* [`get_group_rules`](#get_group_rules): Run on a PE primary node to return the rules currently applied to the PE Infrastructure Agent group
 * [`get_peadm_config`](#get_peadm_config): Run on a PE primary node to return the currently configured PEAdm parameters
 * [`get_psql_version`](#get_psql_version): Run on a PE PSQL node to return the major version of the PSQL server currently installed
 * [`infrastatus`](#infrastatus): Runs puppet infra status and returns the output
@@ -85,13 +88,15 @@
 * [`ssl_clean`](#ssl_clean): Clean an agent's certificate
 * [`submit_csr`](#submit_csr): Submit a certificate signing request
 * [`transform_classification_groups`](#transform_classification_groups): Transform the user groups from a source backup to a list of groups on the target server
+* [`validate_rbac_token`](#validate_rbac_token): Check an RBAC token stored in a file is valid
 * [`wait_until_service_ready`](#wait_until_service_ready): Return when the orchestrator service is healthy, or timeout after 15 seconds
 
 ### Plans
 
 #### Public Plans
 
-* [`peadm::add_compiler`](#peadm--add_compiler): Add a new compiler to a PE architecture or replace an existing one with new configuration.
+* [`peadm::add_compiler`](#peadm--add_compiler): Proxy plan for peadm::add_compilers.
+* [`peadm::add_compilers`](#peadm--add_compilers): Add new compilers to a PE architecture or replace an existing with new configuration.
 * [`peadm::add_database`](#peadm--add_database)
 * [`peadm::add_replica`](#peadm--add_replica): Add or replace a replica host.
 Supported use cases:
@@ -917,6 +922,12 @@ Data type: `TargetSpec`
 
 ## Data types
 
+### <a name="Peadm--ConvertSteps"></a>`Peadm::ConvertSteps`
+
+type for the different steps where the peadm::convert plan can be started
+
+Alias of `Enum['modify-primary-certs', 'modify-infra-certs', 'convert-node-groups', 'finalize']`
+
 ### <a name="Peadm--Known_hosts"></a>`Peadm::Known_hosts`
 
 The Peadm::Known_hosts data type.
@@ -1009,6 +1020,12 @@ targets are not.
 
 Alias of `Variant[Pattern[/\A[^[:space:],]+\z/], Target, Array[Peadm::SingleTargetSpec, 1, 1]]`
 
+### <a name="Peadm--UpgradeSteps"></a>`Peadm::UpgradeSteps`
+
+type for the different steps where the peadm::upgrade plan can be started
+
+Alias of `Enum['upgrade-primary', 'upgrade-node-groups', 'upgrade-primary-compilers', 'upgrade-replica', 'upgrade-replica-compilers', 'finalize']`
+
 ## Tasks
 
 ### <a name="agent_install"></a>`agent_install`
@@ -1185,6 +1202,12 @@ Data type: `String`
 
 Path to the file to return the size of
 
+### <a name="get_group_rules"></a>`get_group_rules`
+
+Run on a PE primary node to return the rules currently applied to the PE Infrastructure Agent group
+
+**Supports noop?** false
+
 ### <a name="get_peadm_config"></a>`get_peadm_config`
 
 Run on a PE primary node to return the currently configured PEAdm parameters
@@ -1565,6 +1588,20 @@ Data type: `String`
 
 Location of target node group yaml file and where to create the transformed file
 
+### <a name="validate_rbac_token"></a>`validate_rbac_token`
+
+Check an RBAC token stored in a file is valid
+
+**Supports noop?** false
+
+#### Parameters
+
+##### `token_file`
+
+Data type: `Optional[String]`
+
+The path to the token file to use
+
 ### <a name="wait_until_service_ready"></a>`wait_until_service_ready`
 
 Return when the orchestrator service is healthy, or timeout after 15 seconds
@@ -1589,7 +1626,7 @@ Which port to query the status API on
 
 ### <a name="peadm--add_compiler"></a>`peadm::add_compiler`
 
-Add a new compiler to a PE architecture or replace an existing one with new configuration.
+Proxy plan for peadm::add_compilers.
 
 #### Parameters
 
@@ -1605,7 +1642,7 @@ The following parameters are available in the `peadm::add_compiler` plan:
 
 Data type: `Enum['A', 'B']`
 
-_ Either A or B; whichever of the two letter designations the compiler is being assigned to
+_ Either A or B; whichever of the two letter designations the compiler are being assigned to
 
 Default value: `'A'`
 
@@ -1619,7 +1656,7 @@ _ The hostname and certname of the new compiler
 
 Data type: `Optional[String[1]]`
 
-_ A comma_separated list of DNS alt names for the compiler
+_ A comma-separated list of DNS alt names for the compiler.
 
 Default value: `undef`
 
@@ -1637,6 +1674,56 @@ _ The hostname and certname of the PE-PostgreSQL server with availability group
 
 Default value: `undef`
 
+### <a name="peadm--add_compilers"></a>`peadm::add_compilers`
+
+Add new compilers to a PE architecture or replace an existing with new configuration.
+
+#### Parameters
+
+The following parameters are available in the `peadm::add_compilers` plan:
+
+* [`avail_group_letter`](#-peadm--add_compilers--avail_group_letter)
+* [`compiler_hosts`](#-peadm--add_compilers--compiler_hosts)
+* [`dns_alt_names`](#-peadm--add_compilers--dns_alt_names)
+* [`primary_host`](#-peadm--add_compilers--primary_host)
+* [`primary_postgresql_host`](#-peadm--add_compilers--primary_postgresql_host)
+
+##### <a name="-peadm--add_compilers--avail_group_letter"></a>`avail_group_letter`
+
+Data type: `Enum['A', 'B']`
+
+_ Either A or B; whichever of the two letter designations the compilers are being assigned to
+
+Default value: `'A'`
+
+##### <a name="-peadm--add_compilers--compiler_hosts"></a>`compiler_hosts`
+
+Data type: `TargetSpec`
+
+_ The hostnames and certnames of the new compilers
+
+##### <a name="-peadm--add_compilers--dns_alt_names"></a>`dns_alt_names`
+
+Data type: `Optional[Array[String[1]]]`
+
+_ An array of strings, where each string is a comma-separated list of DNS alt names for the compilers. Order matters; if a compiler doesn't need dns_alt_names, use "undef" as string.
+
+Default value: `undef`
+
+##### <a name="-peadm--add_compilers--primary_host"></a>`primary_host`
+
+Data type: `Peadm::SingleTargetSpec`
+
+_ The hostname and certname of the primary Puppet server
+
+##### <a name="-peadm--add_compilers--primary_postgresql_host"></a>`primary_postgresql_host`
+
+Data type: `Optional[Peadm::SingleTargetSpec]`
+
+_ The hostname and certname of the PE-PostgreSQL server with availability group $avail_group_letter
+
+Default value: `undef`
+
 ### <a name="peadm--add_database"></a>`peadm::add_database`
 
 The peadm::add_database class.
@@ -1819,6 +1906,7 @@ management using PEAdm.
 
 The following parameters are available in the `peadm::convert` plan:
 
+* [`begin_at_step`](#-peadm--convert--begin_at_step)
 * [`primary_host`](#-peadm--convert--primary_host)
 * [`replica_host`](#-peadm--convert--replica_host)
 * [`compiler_hosts`](#-peadm--convert--compiler_hosts)
@@ -1829,7 +1917,14 @@ The following parameters are available in the `peadm::convert` plan:
 * [`internal_compiler_a_pool_address`](#-peadm--convert--internal_compiler_a_pool_address)
 * [`internal_compiler_b_pool_address`](#-peadm--convert--internal_compiler_b_pool_address)
 * [`dns_alt_names`](#-peadm--convert--dns_alt_names)
-* [`begin_at_step`](#-peadm--convert--begin_at_step)
+
+##### <a name="-peadm--convert--begin_at_step"></a>`begin_at_step`
+
+Data type: `Optional[Peadm::ConvertSteps]`
+
+The step where the plan should start. If not set, it will start at the beginning
+
+Default value: `undef`
 
 ##### <a name="-peadm--convert--primary_host"></a>`primary_host`
 
@@ -1909,22 +2004,6 @@ Data type: `Array[String]`
 
 Default value: `[]`
 
-##### <a name="-peadm--convert--begin_at_step"></a>`begin_at_step`
-
-Data type:
-
-```puppet
-Optional[Enum[
-      'modify-primary-certs',
-      'modify-infra-certs',
-      'convert-node-groups',
-  'finalize']]
-```
-
-
-
-Default value: `undef`
-
 ### <a name="peadm--install"></a>`peadm::install`
 
 Install a new PE cluster
@@ -2422,6 +2501,7 @@ The following parameters are available in the `peadm::upgrade` plan:
 * [`r10k_known_hosts`](#-peadm--upgrade--r10k_known_hosts)
 * [`stagingdir`](#-peadm--upgrade--stagingdir)
 * [`uploaddir`](#-peadm--upgrade--uploaddir)
+* [`begin_at_step`](#-peadm--upgrade--begin_at_step)
 * [`primary_host`](#-peadm--upgrade--primary_host)
 * [`replica_host`](#-peadm--upgrade--replica_host)
 * [`compiler_hosts`](#-peadm--upgrade--compiler_hosts)
@@ -2431,7 +2511,6 @@ The following parameters are available in the `peadm::upgrade` plan:
 * [`token_file`](#-peadm--upgrade--token_file)
 * [`download_mode`](#-peadm--upgrade--download_mode)
 * [`permit_unsafe_versions`](#-peadm--upgrade--permit_unsafe_versions)
-* [`begin_at_step`](#-peadm--upgrade--begin_at_step)
 
 ##### <a name="-peadm--upgrade--compiler_pool_address"></a>`compiler_pool_address`
 
@@ -2511,6 +2590,14 @@ for offline usage.
 
 Default value: `'/tmp'`
 
+##### <a name="-peadm--upgrade--begin_at_step"></a>`begin_at_step`
+
+Data type: `Optional[Peadm::UpgradeSteps]`
+
+The step where the plan should start. If not set, it will start at the beginning
+
+Default value: `undef`
+
 ##### <a name="-peadm--upgrade--primary_host"></a>`primary_host`
 
 Data type: `Peadm::SingleTargetSpec`
@@ -2581,24 +2668,6 @@ Data type: `Boolean`
 
 Default value: `false`
 
-##### <a name="-peadm--upgrade--begin_at_step"></a>`begin_at_step`
-
-Data type:
-
-```puppet
-Optional[Enum[
-      'upgrade-primary',
-      'upgrade-node-groups',
-      'upgrade-primary-compilers',
-      'upgrade-replica',
-      'upgrade-replica-compilers',
-  'finalize']]
-```
-
-
-
-Default value: `undef`
-
 ### <a name="peadm--util--init_db_server"></a>`peadm::util::init_db_server`
 
 The peadm::util::init_db_server class.