.github/workflows/test-install-matrix.yaml

@@ -28,8 +28,8 @@ jobs:
           - large
           - extra-large-with-dr
         version:
-          - 2019.8.10
-          - 2021.5.0
+          - 2019.8.11
+          - 2021.6.0
         image:
           - centos-7
 

.github/workflows/test-install.yaml

@@ -15,7 +15,7 @@ on:
       version:
         description: 'PE version to install'
         required: true
-        default: '2021.5.0'
+        default: '2021.6.0'
       ssh-debugging:
         description: 'Boolean; whether or not to pause for ssh debugging'
         required: true

.github/workflows/test-upgrade.yaml

@@ -27,9 +27,9 @@ jobs:
           - 'standard'
           - 'extra-large-with-dr'
         version:
-          - '2019.8.10'
+          - '2019.8.11'
         version_to_upgrade:
-          - '2021.5.0'
+          - '2021.6.0'
         image:
           - 'centos-7'
         download_mode:

CHANGELOG.md

@@ -2,18 +2,28 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## [v3.7.0](https://github.com/puppetlabs/puppetlabs-peadm/tree/v3.7.0) (2022-05-11)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-peadm/compare/v3.6.0...v3.7.0)
+
+### Added
+
+- Add support for PE 2021.6 and 2019.8.11 [\#260](https://github.com/puppetlabs/puppetlabs-peadm/pull/260) ([reidmv](https://github.com/reidmv))
+- Add optional `pe_installer_source` parameter [\#261](https://github.com/puppetlabs/puppetlabs-peadm/pull/261) ([reidmv](https://github.com/reidmv))
+- Add experimental restore plan [\#250](https://github.com/puppetlabs/puppetlabs-peadm/pull/250) ([reidmv](https://github.com/reidmv))
+
 ## [v3.6.0](https://github.com/puppetlabs/puppetlabs-peadm/tree/v3.6.0) (2022-05-04)
 
 [Full Changelog](https://github.com/puppetlabs/puppetlabs-peadm/compare/v3.5.0...v3.6.0)
 
 ### Added
 
-- Solarch 581 [\#235](https://github.com/puppetlabs/puppetlabs-peadm/pull/235) ([davidsandilands](https://github.com/davidsandilands))
+- Add experimental backup plan [\#235](https://github.com/puppetlabs/puppetlabs-peadm/pull/235) ([davidsandilands](https://github.com/davidsandilands))
 
 ### Fixed
 
 - Add read map so puppetdb can start on new compiler [\#252](https://github.com/puppetlabs/puppetlabs-peadm/pull/252) ([ody](https://github.com/ody))
-- \(SOLARCH-434\) Procedure for recovering PSQL [\#243](https://github.com/puppetlabs/puppetlabs-peadm/pull/243) ([ody](https://github.com/ody))
+- Fix and document recovery procedure for PSQL [\#243](https://github.com/puppetlabs/puppetlabs-peadm/pull/243) ([ody](https://github.com/ody))
 
 ## [v3.5.0](https://github.com/puppetlabs/puppetlabs-peadm/tree/v3.5.0) (2022-04-13)
 

README.md

@@ -42,7 +42,7 @@ The normal usage pattern for peadm is as follows.
 
 ### Requirements
 
-* Puppet Enterprise 2019.8.1 or newer (tested with PE 2021.5)
+* Puppet Enterprise 2019.8.1 or newer (tested with PE 2021.6)
 * Bolt 3.17.0 or newer (tested with Bolt 3.21.0)
 * EL 7, EL 8, Ubuntu 18.04, or Ubuntu 20.04
 * Classifier Data enabled. This PE feature is enabled by default on new installs, but can be disabled by users if they remove the relevant configuration from their global hiera.yaml file. See the [PE docs](https://puppet.com/docs/pe/latest/config_console.html#task-5039) for more information.

REFERENCE.md

@@ -69,17 +69,18 @@
 * [`puppet_runonce`](#puppet_runonce): Run the Puppet agent one time
 * [`rbac_token`](#rbac_token): Get and save an rbac token for the root user, admin rbac user
 * [`read_file`](#read_file): Read the contents of a file
+* [`restore_classification`](#restore_classification): A short description of this task
 * [`sign_csr`](#sign_csr): Submit a certificate signing request
 * [`ssl_clean`](#ssl_clean): Clean an agent's certificate
 * [`submit_csr`](#submit_csr): Submit a certificate signing request
+* [`transform_classification_groups`](#transform_classification_groups): Transform the user groups from a source backup to a list of groups on the target server
 * [`wait_until_service_ready`](#wait_until_service_ready): Return when the orchestrator service is healthy, or timeout after 15 seconds
 
 ### Plans
 
 #### Public Plans
 
 * [`peadm::add_database`](#peadmadd_database)
-* [`peadm::backup`](#peadmbackup): Backup the core user settings for puppet infrastructure
 * [`peadm::convert`](#peadmconvert): Convert an existing PE cluster to a PEAdm-managed cluster
 * [`peadm::install`](#peadminstall): Install a new PE cluster
 * [`peadm::modify_certificate`](#peadmmodify_certificate): Modify the certificate of one or more targets
@@ -93,8 +94,10 @@
 Supported use cases:
 1: The existing replica is broken, we have a fresh new VM we want to provision the replica to.
    The new replica should have the same certname as the broken one.
+* `peadm::backup`: Backup the core user settings for puppet infrastructure
 * `peadm::misc::divert_code_manager`: This plan exists to account for a scenario where a PE XL
 * `peadm::modify_cert_extensions`
+* `peadm::restore`: Restore the core user settings for puppet infrastructure from backup
 * `peadm::subplans::component_install`: Install a new PEADM component
 * `peadm::subplans::configure`: Configure first-time classification and DR setup
 * `peadm::subplans::db_populate`: Destructively (re)populates a new or existing database with the contents or a known good source
@@ -1202,6 +1205,20 @@ Data type: `String`
 
 Path to the file to read
 
+### <a name="restore_classification"></a>`restore_classification`
+
+A short description of this task
+
+**Supports noop?** false
+
+#### Parameters
+
+##### `classification_file`
+
+Data type: `String`
+
+The full path to a backed up or transformed classification file
+
 ### <a name="sign_csr"></a>`sign_csr`
 
 Submit a certificate signing request
@@ -1244,6 +1261,26 @@ Data type: `Optional[Array[String]]`
 
 DNS Alternative Names to request for the certificate
 
+### <a name="transform_classification_groups"></a>`transform_classification_groups`
+
+Transform the user groups from a source backup to a list of groups on the target server
+
+**Supports noop?** false
+
+#### Parameters
+
+##### `source_directory`
+
+Data type: `String`
+
+Location of Source node group yaml file
+
+##### `working_directory`
+
+Data type: `String`
+
+Location of target node group yaml file and where to create the transformed file
+
 ### <a name="wait_until_service_ready"></a>`wait_until_service_ready`
 
 Return when the orchestrator service is healthy, or timeout after 15 seconds
@@ -1313,40 +1350,6 @@ Data type: `Optional[Enum[
 
 Default value: ``undef``
 
-### <a name="peadmbackup"></a>`peadm::backup`
-
-This plan can backup data as outlined at insert doc
-
-#### Parameters
-
-The following parameters are available in the `peadm::backup` plan:
-
-* [`targets`](#targets)
-* [`backup`](#backup)
-* [`output_directory`](#output_directory)
-
-##### <a name="targets"></a>`targets`
-
-Data type: `Peadm::SingleTargetSpec`
-
-
-
-##### <a name="backup"></a>`backup`
-
-Data type: `Peadm::Recovery_opts`
-
-
-
-Default value: `{}`
-
-##### <a name="output_directory"></a>`output_directory`
-
-Data type: `String`
-
-
-
-Default value: `'/tmp'`
-
 ### <a name="peadmconvert"></a>`peadm::convert`
 
 This plan sets required certificate extensions on PE nodes, and configures
@@ -1461,6 +1464,7 @@ The following parameters are available in the `peadm::install` plan:
 * [`compiler_pool_address`](#compiler_pool_address)
 * [`internal_compiler_a_pool_address`](#internal_compiler_a_pool_address)
 * [`internal_compiler_b_pool_address`](#internal_compiler_b_pool_address)
+* [`pe_installer_source`](#pe_installer_source)
 * [`primary_host`](#primary_host)
 * [`replica_host`](#replica_host)
 * [`compiler_hosts`](#compiler_hosts)
@@ -1509,6 +1513,17 @@ architectures.
 
 Default value: ``undef``
 
+##### <a name="pe_installer_source"></a>`pe_installer_source`
+
+Data type: `Optional[String]`
+
+The URL to download the Puppet Enterprise installer media from. If not
+specified, PEAdm will attempt to download PE installation media from its
+standard public source. When specified, PEAdm will download directly from the
+URL given.
+
+Default value: ``undef``
+
 ##### <a name="primary_host"></a>`primary_host`
 
 Data type: `Peadm::SingleTargetSpec`
@@ -1780,6 +1795,7 @@ The following parameters are available in the `peadm::upgrade` plan:
 * [`compiler_pool_address`](#compiler_pool_address)
 * [`internal_compiler_a_pool_address`](#internal_compiler_a_pool_address)
 * [`internal_compiler_b_pool_address`](#internal_compiler_b_pool_address)
+* [`pe_installer_source`](#pe_installer_source)
 * [`primary_host`](#primary_host)
 * [`replica_host`](#replica_host)
 * [`compiler_hosts`](#compiler_hosts)
@@ -1821,6 +1837,17 @@ architectures.
 
 Default value: ``undef``
 
+##### <a name="pe_installer_source"></a>`pe_installer_source`
+
+Data type: `Optional[String]`
+
+The URL to download the Puppet Enterprise installer media from. If not
+specified, PEAdm will attempt to download PE installation media from its
+standard public source. When specified, PEAdm will download directly from the
+URL given.
+
+Default value: ``undef``
+
 ##### <a name="primary_host"></a>`primary_host`
 
 Data type: `Peadm::SingleTargetSpec`

documentation/convert.md

@@ -19,7 +19,7 @@ Prepare to run the plan against all servers in the PE infrastructure, using a pa
 }
 ```
 
-See the [provision](provision.md#reference-architectures) documentation for a list of supported architectures. Note that for convert, *all infrastructure being converted must already be functional*; you cannot use convert to add new systems to the infrastructure, nor can you use it to change your architecture.
+See the [install](install.md#reference-architectures) documentation for a list of supported architectures. Note that for convert, *all infrastructure being converted must already be functional*; you cannot use convert to add new systems to the infrastructure, nor can you use it to change your architecture.
 
 ```
 bolt plan run peadm::convert --params @params.json 

documentation/install.md

@@ -103,7 +103,7 @@ Example params.json Bolt parameters file (shown: Extra Large with DR):
   "console_password": "puppetlabs",
   "dns_alt_names": [ "puppet", "puppet.lab1.puppet.vm" ],
   "compiler_pool_address": "puppet.lab1.puppet.vm",
-  "version": "2021.5.0"
+  "version": "2021.6.0"
 }
 ```
 

documentation/upgrade.md

@@ -42,7 +42,7 @@ Installation content can be downloaded from [https://puppet.com/try-puppet/puppe
 
 ## Online usage
 
-The peadm::provision plan can be configured to download installation content directly to hosts. To configure online installation, set the `download_mode` parameter of the `peadm::provision` plan to `direct`. The direct mode is often more efficient when PE hosts have a route to the internet.
+The `peadm::install` plan can be configured to download installation content directly to hosts. To configure online installation, set the `download_mode` parameter of the `peadm::install` plan to `direct`. The direct mode is often more efficient when PE hosts have a route to the internet.
 
 ## Usage over the Orchestrator transport
 

functions/assert_supported_pe_version.pp

@@ -6,7 +6,7 @@ function peadm::assert_supported_pe_version (
   Boolean $permit_unsafe_versions = false,
 ) >> Struct[{'supported' => Boolean}] {
   $oldest = '2019.7'
-  $newest = '2021.5'
+  $newest = '2021.6'
   $supported = ($version =~ SemVerRange(">= ${oldest} <= ${newest}"))
 
   if $permit_unsafe_versions {

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-peadm",
-  "version": "3.6.0",
+  "version": "3.7.0",
   "author": "puppetlabs",
   "summary": "Bolt plans used to deploy an at-scale Puppet Enterprise architecture",
   "license": "Apache-2.0",

plans/backup.pp

@@ -1,3 +1,4 @@
+# @api private
 # @summary Backup the core user settings for puppet infrastructure
 #
 # This plan can backup data as outlined at insert doc
@@ -110,7 +111,8 @@
 
   run_command(@("CMD"/L), $primary_target)
     umask 0077 \
-      && tar -czf ${shellquote($backup_directory)}.tar.gz ${shellquote($backup_directory)} \
+      && cd ${shellquote(dirname($backup_directory))} \
+      && tar -czf ${shellquote($backup_directory)}.tar.gz ${shellquote(basename($backup_directory))} \
       && rm -rf ${shellquote($backup_directory)}
     | CMD
 

plans/install.pp

@@ -11,6 +11,11 @@
 #   A load balancer address directing traffic to any of the "B" pool
 #   compilers. This is used for DR configuration in large and extra large
 #   architectures.
+# @param pe_installer_source
+#   The URL to download the Puppet Enterprise installer media from. If not
+#   specified, PEAdm will attempt to download PE installation media from its
+#   standard public source. When specified, PEAdm will download directly from the
+#   URL given.
 #
 plan peadm::install (
   # Standard
@@ -27,6 +32,7 @@
   # Common Configuration
   String                            $console_password,
   Peadm::Pe_version                 $version                          = '2019.8.8',
+  Optional[String]                  $pe_installer_source              = undef,
   Optional[Array[String]]           $dns_alt_names                    = undef,
   Optional[String]                  $compiler_pool_address            = undef,
   Optional[String]                  $internal_compiler_a_pool_address = undef,
@@ -66,6 +72,7 @@
 
     # Common Configuration
     version                        => $version,
+    pe_installer_source            => $pe_installer_source,
     console_password               => $console_password,
     dns_alt_names                  => $dns_alt_names,
     pe_conf_data                   => $pe_conf_data,