Merge pull request #5 from benjamin-robertson/devmain

Bump to version 1.0.0

Author: benjamin-robertson

CHANGELOG.md

@@ -2,6 +2,16 @@
 
 All notable changes to this project will be documented in this file.
 
+## Release 1.0.0
+
+**Features**
+
+- Added support for older Puppet enterprise versions which still use 'master' instead of 'primary server'. (must set the support_legacy_pe parameter to true to enable this support)
+
+**Bugfixes**
+
+- Added exception handling for reading existing csr_attributes.yaml. Corrupted yaml caused the plan to fail for that node. Csr_attributes data is now ignored if its invalid.
+
 ## Release 0.2.0
 
 **Features**

Gemfile.lock

@@ -2,24 +2,24 @@ GEM
   remote: https://rubygems.org/
   specs:
     CFPropertyList (2.3.6)
-    addressable (2.8.1)
+    addressable (2.8.4)
       public_suffix (>= 2.0.2, < 6.0)
     ansi (1.5.0)
     ast (2.4.2)
     awesome_print (1.9.2)
     aws-eventstream (1.2.0)
-    aws-partitions (1.700.0)
-    aws-sdk-core (3.170.0)
+    aws-partitions (1.748.0)
+    aws-sdk-core (3.171.0)
       aws-eventstream (~> 1, >= 1.0.2)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.5)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-ec2 (1.361.0)
+    aws-sdk-ec2 (1.375.0)
       aws-sdk-core (~> 3, >= 3.165.0)
       aws-sigv4 (~> 1.1)
     aws-sigv4 (1.5.2)
       aws-eventstream (~> 1, >= 1.0.2)
-    bindata (2.4.14)
+    bindata (2.4.15)
     bolt (3.26.2)
       CFPropertyList (~> 2.2)
       addressable (~> 2.5)
@@ -49,7 +49,7 @@ GEM
     coderay (1.1.3)
     colored2 (3.1.2)
     concurrent-ruby (1.1.10)
-    connection_pool (2.3.0)
+    connection_pool (2.4.0)
     cri (2.15.11)
     deep_merge (1.2.2)
     dependency_checker (0.3.0)
@@ -65,8 +65,8 @@ GEM
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
     erubi (1.12.0)
-    excon (0.97.2)
-    facter (4.2.14)
+    excon (0.99.0)
+    facter (4.3.1)
       hocon (~> 1.3)
       thor (>= 1.0.1, < 2.0)
     facterdb (1.21.0)
@@ -97,7 +97,7 @@ GEM
     faraday-retry (1.0.3)
     faraday_middleware (1.2.0)
       faraday (~> 1.0)
-    fast_gettext (2.2.0)
+    fast_gettext (2.3.0)
     ffi (1.15.5)
     ffi-compiler (1.0.1)
       ffi (>= 1.0.0)
@@ -117,12 +117,12 @@ GEM
     gyoku (1.4.0)
       builder (>= 2.1.2)
       rexml (~> 3.0)
-    hiera (3.11.0)
+    hiera (3.12.0)
     hiera-eyaml (3.3.0)
       highline
       optimist
     highline (2.1.0)
-    hocon (1.3.1)
+    hocon (1.4.0)
     honeycomb-beeline (2.11.0)
       libhoney (>= 1.14.2)
     http (5.1.1)
@@ -161,8 +161,8 @@ GEM
     mocha (1.16.1)
     molinillo (0.8.0)
     multi_json (1.15.0)
-    multipart-post (2.2.3)
-    net-http-persistent (4.0.1)
+    multipart-post (2.3.0)
+    net-http-persistent (4.0.2)
       connection_pool (~> 2.2)
     net-scp (1.2.1)
       net-ssh (>= 2.6.5)
@@ -179,7 +179,7 @@ GEM
     parallel (1.22.1)
     parallel_tests (3.13.0)
       parallel
-    parser (3.2.0.0)
+    parser (3.2.2.0)
       ast (~> 2.4.1)
     pathspec (1.0.0)
     pluginator (1.5.0)
@@ -259,7 +259,7 @@ GEM
     puppet-strings (3.0.1)
       rgen (~> 0.9.0)
       yard (~> 0.9.5)
-    puppet-syntax (3.2.1)
+    puppet-syntax (3.3.0)
       puppet (>= 5)
       rake
     puppet_forge (3.2.0)
@@ -300,23 +300,23 @@ GEM
     rainbow (3.1.1)
     rake (13.0.6)
     rb-readline (0.5.5)
-    regexp_parser (2.6.2)
+    regexp_parser (2.7.0)
     retryable (3.0.5)
     rexml (3.2.5)
     rgen (0.9.1)
     rspec (3.12.0)
       rspec-core (~> 3.12.0)
       rspec-expectations (~> 3.12.0)
       rspec-mocks (~> 3.12.0)
-    rspec-core (3.12.0)
+    rspec-core (3.12.1)
       rspec-support (~> 3.12.0)
     rspec-expectations (3.12.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
     rspec-its (1.3.0)
       rspec-core (>= 3.0.0)
       rspec-expectations (>= 3.0.0)
-    rspec-mocks (3.12.3)
+    rspec-mocks (3.12.5)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
     rspec-puppet (2.12.0)
@@ -338,15 +338,15 @@ GEM
       rubocop-ast (>= 1.2.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-ast (1.24.1)
-      parser (>= 3.1.1.0)
+    rubocop-ast (1.28.0)
+      parser (>= 3.2.1.0)
     rubocop-performance (1.9.1)
       rubocop (>= 0.90.0, < 2.0)
       rubocop-ast (>= 0.4.0)
     rubocop-rspec (2.0.1)
       rubocop (~> 1.0)
       rubocop-ast (>= 1.1.0)
-    ruby-progressbar (1.11.0)
+    ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
     ruby_smb (1.1.0)
       bindata
@@ -355,8 +355,8 @@ GEM
     rubyntlm (0.6.3)
     rubyzip (2.3.2)
     scanf (1.0.0)
-    semantic_puppet (1.0.4)
-    serverspec (2.42.1)
+    semantic_puppet (1.1.0)
+    serverspec (2.42.2)
       multi_json
       rspec (~> 3.0)
       rspec-its
@@ -423,7 +423,6 @@ GEM
       puppet-lint-unquoted_string-check (~> 2.2)
       puppet-lint-variable_contains_upcase (~> 1.2)
       puppet-lint-version_comparison-check (~> 1.1)
-    webrick (1.7.0)
     windows_error (0.1.5)
     winrm (2.3.6)
       builder (>= 2.1.2)
@@ -439,8 +438,7 @@ GEM
       logging (>= 1.6.1, < 3.0)
       rubyzip (~> 2.0)
       winrm (~> 2.0)
-    yard (0.9.28)
-      webrick (~> 1.7.0)
+    yard (0.9.34)
 
 PLATFORMS
   ruby

README.md

@@ -89,6 +89,8 @@ Puppet Nodes
 - Windows 2019
 - RHEL 8
 
+To support legacy version of Puppet Enterprise (Before changing naming standard to Primary server from master.) You must set the support_legacy_pe parameter to true.
+
 ## Development
 
 If you find any issues with this module, please log them in the issues register of the GitHub project. [Issues][1]

REFERENCE.md

@@ -98,6 +98,7 @@ The following parameters are available in the `update_trusted_facts::update_trus
 * [`preserve_existing_facts`](#preserve_existing_facts)
 * [`ignore_infra_status_error`](#ignore_infra_status_error)
 * [`noop`](#noop)
+* [`support_legacy_pe`](#support_legacy_pe)
 * [`pp_role`](#pp_role)
 * [`pp_uuid`](#pp_uuid)
 * [`pp_environment`](#pp_environment)
@@ -160,6 +161,14 @@ Run the plan in noop. csr_attributes.yaml will still generated, however certific
 
 Default value: ``false``
 
+##### <a name="support_legacy_pe"></a>`support_legacy_pe`
+
+Data type: `Boolean`
+
+Attempt to support legacy PE. Default: false
+
+Default value: ``false``
+
 ##### <a name="pp_role"></a>`pp_role`
 
 Data type: `Optional[String]`

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "benjaminrobertson-update_trusted_facts",
-  "version": "0.2.0",
+  "version": "1.0.0",
   "author": "benjaminrobertson",
   "summary": "Plan for Puppet enterprise to update trusted facts on nodes.",
   "license": "Apache-2.0",
@@ -9,7 +9,7 @@
   "dependencies": [
     {
       "name": "puppetlabs/stdlib",
-      "version_requirement": ">= 5.2.0 < 8.0.0"
+      "version_requirement": ">= 5.2.0 < 9.0.0"
     }
   ],
   "operatingsystem_support": [
@@ -50,7 +50,8 @@
     {
       "operatingsystem": "Rocky",
       "operatingsystemrelease": [
-        "8"
+        "8",
+        "9"
       ]
     },
     {
@@ -76,7 +77,7 @@
   "requirements": [
     {
       "name": "puppet",
-      "version_requirement": ">= 7.21.0 < 8.0.0"
+      "version_requirement": ">= 6.0.0 < 9.0.0"
     }
   ],
   "pdk-version": "2.6.1",

plans/update_trusted_facts.pp

@@ -15,6 +15,7 @@
 # @param preserve_existing_facts Whether to preserve existing facts from the nodes. If set to false all existing facts will be wiped and replaced with those set in the plan. Default: true
 # @param ignore_infra_status_error Ignore errors from 'puppet infrastructure status' command. This is used to verify the primary server. Can be used to allow the plan the run when some PE components are unavaliable. Default: false
 # @param noop Run the plan in noop. csr_attributes.yaml will still generated, however certificates will not be resigned. Default: false
+# @param support_legacy_pe Attempt to support legacy PE. Default: false
 # @param pp_role Set the pp_role trusted fact. Default: undef
 # @param pp_uuid Set the pp_uuid trusted fact. Default: undef
 # @param pp_environment Set the pp_environment trusted fact. Default: undef
@@ -47,6 +48,7 @@
   Boolean          $preserve_existing_facts   = true,
   Boolean          $ignore_infra_status_error = false,
   Boolean          $noop                      = false,
+  Boolean          $support_legacy_pe         = false,
   Optional[String] $pp_role                   = undef,
   Optional[String] $pp_uuid                   = undef,
   Optional[String] $pp_environment            = undef,
@@ -115,6 +117,18 @@
     if length("${confirm_pe_primary_server_results.ok_set}") <= 2 {
       fail_plan("Primary server provided not the primary server for this Puppet Enterprise installation: ${pe_server_target.name} ")
     }
+    # Check if we are attempting to support legacy PE.
+    if $support_legacy_pe {
+      if $confirm_pe_primary_server_results[0].message =~ /^Master server/ {
+        $am_i_primary = 'master'
+        out::message("Detected ${am_i_primary}, using ${am_i_primary} for agent_cert_regen plan")
+      } else {
+        $am_i_primary = 'primary'
+        out::message("Detected ${am_i_primary}, using ${am_i_primary} for agent_cert_regen plan")
+      }
+    } else {
+      $am_i_primary = 'primary'
+    }
 
     # Create hash with trusted facts
     $new_trusted = $trusted_fact_names.reduce({}) | $memo, $value | {
@@ -144,8 +158,8 @@
     if $nodes_to_regen_cert != undef {
       if $noop != true {
         run_plan('enterprise_tasks::agent_cert_regen',
-                'primary' => $pe_primary_server,
-                'agent'   => $nodes_to_regen_cert)
+                $am_i_primary => $pe_primary_server,
+                'agent'       => $nodes_to_regen_cert)
       }
     }
   }

tasks/confirm_primary_server.rb

@@ -15,9 +15,12 @@ def get_primary_hostname(ignore_infra_status_error)
     end
   end
   output.each_line do |line|
-    if line.match(/^Primary: |^Master: /)
-      primary = line.gsub(/^Primary: |^Master: /, '').lstrip.rstrip
-      return primary
+    if line.match(/^Primary: /)
+      primary = line.gsub(/^Primary: /, '').lstrip.rstrip
+      return [ primary, 'Primary' ]
+    elsif line.match(/^Master: /)
+      master = line.gsub(/^Master: /, '').lstrip.rstrip
+      return [ master, 'Master' ]
     end
   end
   puts 'No Primary server found in output. Are you sure you specified the correct server as primary?'
@@ -33,8 +36,8 @@ def get_primary_hostname(ignore_infra_status_error)
 primary = get_primary_hostname(ignore_infra_status_error)
 
 # Confirm primary server matches
-if primary == pe_primary_server
-  puts 'Primary server match successful'
+if primary[0] == pe_primary_server
+  puts "#{primary[1]} server match successful"
   exit 0
 else
   puts "Primary server did not match as expected, recieved #{primary} expected #{pe_primary_server}"

tasks/set_csr_attributes.rb

@@ -52,7 +52,11 @@ def csr_attribute_location
 
 def get_existing_csr(csr_attr_file_location)
   if File.exist?(csr_attr_file_location)
-    data = YAML.safe_load(File.read(csr_attr_file_location))
+    begin
+      data = YAML.safe_load(File.read(csr_attr_file_location))
+    rescue => exception
+      nil
+    end
   else
     nil
   end