HA upgrade sequence #73

vchepkov · 2020-03-18T11:48:11Z

Currently, while upgrading HA installation with only master/replica, plan uses installer script to upgrade the master and then proceeded upgrading replica using curl/upgrade.sh

Unfortunately, installer always unconfigures replica's access and while upgrading replica it fails to connect.

2020-03-14T14:32:13.262-04:00 - [Notice]: /Stage[main]/Pe_postgresql::Server::Config/Pe_concat[/opt/puppetlabs/server/data/postgresql/9.6/data/pg_hba.conf]/File[/opt/puppetlabs/server/data/postgresql/9.6/data/pg_hba.conf]/content:
--- /opt/puppetlabs/server/data/postgresql/9.6/data/pg_hba.conf 2020-02-08 06:24:19.240036914 -0500
+++ /tmp/puppet-file20200314-7669-kgq9h2        2020-03-14 14:32:13.252528149 -0400
@@ -20,11 +20,6 @@
 # Order: 0
 hostssl        pe-orchestrator pe-ha-replication       0.0.0.0/0       cert    map=pe-orchestrator-pe-ha-replication-map clientcert=1

-# Rule Name: Allow infprdx-puppet101.localdomain to connect to pe-puppetdb as pe-puppetdb (ipv4)
-# Description: none
-# Order: 0
-hostssl        pe-puppetdb     pe-puppetdb     0.0.0.0/0       cert    map=pe-puppetdb-pe-puppetdb-map clientcert=1
-
 # Rule Name: Allow infprdx-puppet101.localdomain to connect to pe-rbac as pe-ha-replication (ipv4)
 # Description: none
 # Order: 0
@@ -135,11 +130,6 @@
 # Order: 1
 hostssl        pe-orchestrator pe-ha-replication       ::/0    cert    map=pe-orchestrator-pe-ha-replication-map clientcert=1

-# Rule Name: Allow infprdx-puppet101.localdomain to connect to pe-puppetdb as pe-puppetdb (ipv6)
-# Description: none
-# Order: 1
-hostssl        pe-puppetdb     pe-puppetdb     ::/0    cert    map=pe-puppetdb-pe-puppetdb-map clientcert=1
-
 # Rule Name: Allow infprdx-puppet101.localdomain to connect to pe-rbac as pe-ha-replication (ipv6)
 # Description: none
 # Order: 1
2020-03-14T14:32:13.268-04:00 - [Notice]: /Stage[main]/Pe_postgresql::Server::Config/Pe_concat[/opt/puppetlabs/server/data/postgresql/9.6/data/pg_hba.conf]/File[/opt/puppetlabs/server/data/postgresql/9.6/data/pg_hba.conf]/content: content changed '{md5}812273660d0a44470f64fe637123fbb9' to '{md5}c73330422a1ae9cc6665167a6333190d'
2020-03-14T14:32:13.381-04:00 - [Notice]: /Stage[main]/Puppet_enterprise::Profile::Database/Pe_concat[/opt/puppetlabs/server/data/postgresql/9.6/data/pg_ident.conf]/Exec[pe_concat_/opt/puppetlabs/server/data/postgresql/9.6/data/pg_ident.conf]/returns: executed successfully
2020-03-14T14:32:13.442-04:00 - [Notice]: /Stage[main]/Puppet_enterprise::Profile::Database/Pe_concat[/opt/puppetlabs/server/data/postgresql/9.6/data/pg_ident.conf]/Exec[pe_concat_/opt/puppetlabs/server/data/postgresql/9.6/data/pg_ident.conf]: Triggered 'refresh' from 1 event
2020-03-14T14:32:13.455-04:00 - [Notice]: /Stage[main]/Puppet_enterprise::Profile::Database/Pe_concat[/opt/puppetlabs/server/data/postgresql/9.6/data/pg_ident.conf]/File[/opt/puppetlabs/server/data/postgresql/9.6/data/pg_ident.conf]/content:
--- /opt/puppetlabs/server/data/postgresql/9.6/data/pg_ident.conf       2020-02-08 06:24:19.393051257 -0500
+++ /tmp/puppet-file20200314-7669-1i60s7        2020-03-14 14:32:13.446546362 -0400
@@ -2,7 +2,6 @@
 pe-activity-pe-ha-replication-map infprdx-puppet101.localdomain pe-ha-replication
 pe-classifier-pe-ha-replication-map infprdx-puppet101.localdomain pe-ha-replication
 pe-orchestrator-pe-ha-replication-map infprdx-puppet101.localdomain pe-ha-replication
-pe-puppetdb-pe-puppetdb-map infprdx-puppet101.localdomain pe-puppetdb
 pe-rbac-pe-ha-replication-map infprdx-puppet101.localdomain pe-ha-replication
 pe-activity-pe-activity-map infprdx-puppet201.localdomain pe-activity

IMHO, plan should run puppet agent on master before it attempts to upgrade the replica, otherwise after upgrade I always end up with puppet infrastructure status in faulty state.
I can attach the whole installer log if it helps

The text was updated successfully, but these errors were encountered:

Previously, when upgrading a standard architecture deployment, after the master runs the puppet-enterprise-installer script auth for compilers needs to be restored by a puppet agent run. However, the upgrade plan only performed a run on the dedicated database host, which doesn't exist in a standard install (the databases are all on the master). This commit reworks the upgrade sequence such that the master and replica recieve puppet runs at the appropriate points, along with the database targets, to ensure that regardless of which node the database(s) are located on the node will have a Puppet run to finalize its config before upgrade moves on to the compilers. Fixes #73

Rework upgrade sequence to support Standard arch

vchepkov · 2020-03-24T22:56:52Z

Thank you!

reidmv · 2020-03-24T23:11:24Z

Thanks for reporting this!

vchepkov added the bug label Mar 18, 2020

reidmv mentioned this issue Mar 24, 2020

Rework upgrade sequence to support Standard arch #77

Merged

reidmv closed this as completed in #77 Mar 24, 2020

reidmv added a commit that referenced this issue Mar 24, 2020

Merge pull request #77 from puppetlabs/GH-73

320b60e

Rework upgrade sequence to support Standard arch

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

HA upgrade sequence #73

HA upgrade sequence #73

vchepkov commented Mar 18, 2020

vchepkov commented Mar 24, 2020

reidmv commented Mar 24, 2020

HA upgrade sequence #73

HA upgrade sequence #73

Comments

vchepkov commented Mar 18, 2020

vchepkov commented Mar 24, 2020

reidmv commented Mar 24, 2020