Skip to content

(PE-39411) Add descriptive error during infrastructure upgrade when rbac token is invalid #29

(PE-39411) Add descriptive error during infrastructure upgrade when rbac token is invalid

(PE-39411) Add descriptive error during infrastructure upgrade when rbac token is invalid #29

---
name: Upgrade PE with legacy compilers
on:
pull_request:
paths:
- .github/workflows/**/*
- spec/**/*
- lib/**/*
- tasks/**/*
- functions/**/*
- types/**/*
- plans/**/*
- hiera/**/*
- manifests/**/*
- templates/**/*
- files/**/*
- metadata.json
- Rakefile
- Gemfile
- provision.yaml
- .rspec
- .rubocop.yml
- .puppet-lint.rc
- .fixtures.yml
branches: [main]
workflow_dispatch:
inputs:
ssh-debugging:
description: Boolean; whether or not to pause for ssh debugging
required: true
default: 'false'
jobs:
upgrade_with_legacy_compilers:
name: Upgrade PE with legacy compilers
runs-on: ubuntu-20.04
env:
BOLT_GEM: true
BOLT_DISABLE_ANALYTICS: true
LANG: en_US.UTF-8
steps:
- name: Start SSH session
if: ${{ github.event.inputs.ssh-debugging == 'true' }}
uses: luchihoratiu/debug-via-ssh@main
with:
NGROK_AUTH_TOKEN: ${{ secrets.NGROK_AUTH_TOKEN }}
SSH_PASS: ${{ secrets.SSH_PASS }}
- name: Checkout Source
uses: actions/checkout@v4
- name: Activate Ruby 2.7
uses: ruby/setup-ruby@v1
with:
ruby-version: '2.7'
bundler-cache: true
- name: Print bundle environment
if: ${{ github.repository_owner == 'puppetlabs' }}
run: |
echo ::group::info:bundler
bundle env
echo ::endgroup::
- name: Provision test cluster
timeout-minutes: 15
run: |
echo ::group::prepare
mkdir -p $HOME/.ssh
echo 'Host *' > $HOME/.ssh/config
echo ' ServerAliveInterval 150' >> $HOME/.ssh/config
echo ' ServerAliveCountMax 2' >> $HOME/.ssh/config
bundle exec rake spec_prep
echo ::endgroup::
echo ::group::provision
bundle exec bolt plan run peadm_spec::provision_test_cluster \
--modulepath spec/fixtures/modules \
provider=provision_service \
image=almalinux-cloud/almalinux-8 \
architecture=large-with-dr
echo ::endgroup::
echo ::group::certnames
bundle exec bolt plan run peadm_spec::add_inventory_hostnames \
--inventory spec/fixtures/litmus_inventory.yaml \
--modulepath spec/fixtures/modules \
--no-host-key-check \
inventory_file=spec/fixtures/litmus_inventory.yaml
echo ::endgroup::
echo ::group::info:request
cat request.json || true; echo
echo ::endgroup::
echo ::group::info:inventory
sed -e 's/password: .*/password: "[redacted]"/' < spec/fixtures/litmus_inventory.yaml || true
echo ::endgroup::
- name: Set up yq
uses: frenck/action-setup-yq@v1
with:
version: v4.30.5
- name: Create the params.json file
run: |
primary=$(yq '.groups[].targets[] | select(.vars.role == "primary") | .name' spec/fixtures/litmus_inventory.yaml)
compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | head -n 1)
legacy_compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | sed -n 2p)
replica=$(yq '.groups[].targets[] | select(.vars.role == "replica") | .name' spec/fixtures/litmus_inventory.yaml)
echo -n '{ "download_mode": "direct", "primary_host": "'$primary'", "replica_host": "'$replica'", "legacy_compilers": ["'$legacy_compiler'"], "compiler_hosts": ["'$compiler'"], "version": "2023.7.0", "console_password": "'${{ secrets.CONSOLE_PASSWORD }}'" }' > params.json
- name: Install PE with legacy compilers
timeout-minutes: 120
run: |
echo ::group::params.json
jq '.console_password = "[redacted]"' params.json || true
echo ::endgroup::
echo ::group::install
bundle exec bolt plan run peadm::install \
--inventoryfile spec/fixtures/litmus_inventory.yaml \
--modulepath spec/fixtures/modules \
--no-host-key-check \
--params @params.json
echo ::endgroup::
- name: Wait as long as the file ${HOME}/pause file is present
if: ${{ always() && github.event.inputs.ssh-debugging == 'true' }}
run: |
while [ -f "${HOME}/pause" ] ; do
echo "${HOME}/pause present, sleeping for 60 seconds..."
sleep 60
done
echo "${HOME}/pause absent, continuing workflow."
- name: Check if compilers are configured
timeout-minutes: 120
run: |
echo ::group::inventory
sed -e 's/password: .*/password: "[redacted]"/' < spec/fixtures/litmus_inventory.yaml || true
echo ::endgroup::
echo ::group::get_peadm_config
primary=$(yq '.groups[].targets[] | select(.vars.role == "primary") | .name' spec/fixtures/litmus_inventory.yaml)
compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | head -n 1)
legacy_compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | sed -n 2p)
bundle exec bolt task run peadm::get_peadm_config \
--targets $primary \
--inventoryfile spec/fixtures/litmus_inventory.yaml \
--modulepath spec/fixtures/modules \
--no-host-key-check \
--format json > peadm_config.json
cat peadm_config.json
echo ::endgroup::
echo ::group::smoke_test
configured_legacy_compiler=$(yq '.items[0].value.params.legacy_compilers[0]' peadm_config.json)
configured_compiler=$(yq '.items[0].value.params.compiler_hosts[0]' peadm_config.json)
if [ "$configured_legacy_compiler" != "$legacy_compiler" ] && [ "$configured_compiler" != "$compiler" ]; then
echo "Compilers are not configured, expected $legacy_compiler and $compiler, got $configured_legacy_compiler and $configured_compiler"
exit 1
fi
echo ::endgroup::
- name: Create the upgrade params.json file
run: |
primary=$(yq '.groups[].targets[] | select(.vars.role == "primary") | .name' spec/fixtures/litmus_inventory.yaml)
compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | head -n 1)
legacy_compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | sed -n 2p)
replica=$(yq '.groups[].targets[] | select(.vars.role == "replica") | .name' spec/fixtures/litmus_inventory.yaml)
echo -n '{ "primary_host": "'$primary'", "replica_host": "'$replica'", "compiler_hosts": ["'$compiler'", "'$legacy_compiler'"], "version": "2023.8.0"}' > upgrade_params.json
- name: Upgrade PE with legacy compilers
run: |
echo ::group::upgrade_params.json
cat upgrade_params.json
echo ::endgroup::
echo ::group::upgrade
bundle exec bolt plan run peadm::upgrade \
--inventoryfile spec/fixtures/litmus_inventory.yaml \
--modulepath spec/fixtures/modules \
--no-host-key-check \
--params @upgrade_params.json
echo ::endgroup::
- name: Check if we still have legacy compilers configured
timeout-minutes: 120
run: |
echo ::group::inventory
sed -e 's/password: .*/password: "[redacted]"/' < spec/fixtures/litmus_inventory.yaml || true
echo ::endgroup::
echo ::group::get_peadm_config
primary=$(yq '.groups[].targets[] | select(.vars.role == "primary") | .name' spec/fixtures/litmus_inventory.yaml)
compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | head -n 1)
legacy_compiler=$(yq '.groups[].targets[] | select(.vars.role == "compiler") | .name' spec/fixtures/litmus_inventory.yaml | sed -n 2p)
bundle exec bolt task run peadm::get_peadm_config \
--targets $primary \
--inventoryfile spec/fixtures/litmus_inventory.yaml \
--modulepath spec/fixtures/modules \
--no-host-key-check \
--format json > peadm_config.json
cat peadm_config.json
echo ::endgroup::
echo ::group::smoke_test
configured_legacy_compiler=$(yq '.items[0].value.params.legacy_compilers[0]' peadm_config.json)
configured_compiler=$(yq '.items[0].value.params.compiler_hosts[0]' peadm_config.json)
if [ "$configured_legacy_compiler" != "$legacy_compiler" ] && [ "$configured_compiler" != "$compiler" ]; then
echo "Compilers are not configured, expected $legacy_compiler and $compiler, got $configured_legacy_compiler and $configured_compiler"
exit 1
fi
echo ::endgroup::
- name: Tear down test cluster
if: ${{ always() }}
continue-on-error: true
run: |-
if [ -f spec/fixtures/litmus_inventory.yaml ]; then
echo ::group::tear_down
bundle exec rake 'litmus:tear_down'
echo ::endgroup::
echo ::group::info:request
cat request.json || true; echo
echo ::endgroup::
fi