puppetlabs · CoMfUcIoS · Sep 18, 2024 · Sep 16, 2024 · Sep 16, 2024 · Sep 17, 2024
@@ -56,6 +56,7 @@
 * [`cert_data`](#cert_data): Return certificate data related to the Puppet agent
 * [`cert_valid_status`](#cert_valid_status): Check primary for valid state of a certificate
 * [`code_manager`](#code_manager): Perform various code manager actions
+* [`code_manager_enabled`](#code_manager_enabled): Run on a PE primary node to check if Code Manager is enabled.
 * [`code_sync_status`](#code_sync_status): A task to confirm code is in sync accross the cluster for clusters with code manager configured
 * [`divert_code_manager`](#divert_code_manager): Divert the code manager live-dir setting
 * [`download`](#download): Download a file using curl
@@ -1068,6 +1069,12 @@ Data type: `String`
 
 What code manager action to perform. For example: 'deploy production'; 'flush-environment-cache'; 'file-sync commit'
 
+### <a name="code_manager_enabled"></a>`code_manager_enabled`
+
+Run on a PE primary node to check if Code Manager is enabled.
+
+**Supports noop?** false
+
 ### <a name="code_sync_status"></a>`code_sync_status`
 
 A task to confirm code is in sync accross the cluster for clusters with code manager configured

@@ -22,6 +22,11 @@
   $replica_target             = peadm::get_targets($replica_host, 1)
   $replica_postgresql_target  = peadm::get_targets($replica_postgresql_host, 1)
 
+  $code_manager_enabled = run_task('peadm::code_manager_enabled', $primary_target).first.value['code_manager_enabled']
+  if $code_manager_enabled == false {
+    fail('Code Manager must be enabled to add a replica. Please refer to the docs for more information on enabling Code Manager.')
+  }
+
   run_command('systemctl stop puppet.service', peadm::flatten_compact([
         $primary_target,
         $replica_postgresql_target,

@@ -11,6 +11,7 @@ def allow_standard_non_returning_calls
   end
 
   describe 'basic functionality' do
+    let(:code_manager_enabled) { { 'code_manager_enabled' => true } }
     let(:params) { { 'primary_host' => 'primary', 'replica_host' => 'replica' } }
     let(:cfg) { { 'params' => { 'primary_host' => 'primary' } } }
     let(:certdata) do
@@ -30,6 +31,7 @@ def allow_standard_non_returning_calls
 
     it 'runs successfully when the primary does not have alt-names' do
       allow_standard_non_returning_calls
+      expect_task('peadm::code_manager_enabled').always_return(code_manager_enabled)
       expect_task('peadm::get_peadm_config').always_return(cfg)
       expect_task('peadm::cert_data').always_return(certdata).be_called_times(4)
       expect_task('peadm::cert_valid_status').always_return(certstatus)
@@ -50,6 +52,7 @@ def allow_standard_non_returning_calls
 
     it 'runs successfully when the primary has alt-names' do
       allow_standard_non_returning_calls
+      expect_task('peadm::code_manager_enabled').always_return(code_manager_enabled)
       expect_task('peadm::get_peadm_config').always_return(cfg)
       expect_task('peadm::cert_data').always_return(certdata.merge({ 'dns-alt-names' => ['primary', 'alt'] })).be_called_times(4)
       expect_task('peadm::cert_valid_status').always_return(certstatus)
@@ -67,5 +70,14 @@ def allow_standard_non_returning_calls
       expect_out_verbose.with_params('Updating classification to...')
       expect(run_plan('peadm::add_replica', params)).to be_ok
     end
+
+    it 'fails when code manager not enabled' do
+      allow_standard_non_returning_calls
+      expect_task('peadm::code_manager_enabled').always_return({ 'code_manager_enabled' => false })
+
+      result = run_plan('peadm::add_replica', params)
+      expect(result).not_to be_ok
+      expect(result.value.msg).to match(%r{Code Manager must be enabled})
+    end
   end
 end
@@ -0,0 +1,5 @@
+{
+  "description": "Run on a PE primary node to check if Code Manager is enabled.",
+  "parameters": { },
+  "input_method": "stdin"
+}
@@ -0,0 +1,75 @@
+#!/opt/puppetlabs/puppet/bin/ruby
+# frozen_string_literal: true
+
+require 'json'
+require 'uri'
+require 'net/http'
+require 'puppet'
+
+# GetPEAdmConfig task class
+class GetPEAdmConfig
+  def initialize(params); end
+
+  def execute!
+    code_manager_enabled = groups.dig('PE Master', 'classes', 'puppet_enterprise::profile::master', 'code_manager_auto_configure')
+
+    puts({"code_manager_enabled" => code_manager_enabled}.to_json)
+  end
+
+  # Returns a GetPEAdmConfig::NodeGroups object created from the /groups object
+  # returned by the classifier
+  def groups
+    @groups ||= begin
+      net = https(4433)
+      res = net.get('/classifier-api/v1/groups')
+      NodeGroup.new(JSON.parse(res.body))
+    end
+  end
+
+  def https(port)
+    https = Net::HTTP.new('localhost', port)
+    https.use_ssl = true
+    https.cert = @cert ||= OpenSSL::X509::Certificate.new(File.read(Puppet.settings[:hostcert]))
+    https.key = @key ||= OpenSSL::PKey::RSA.new(File.read(Puppet.settings[:hostprivkey]))
+    https.verify_mode = OpenSSL::SSL::VERIFY_NONE
+    https
+  end
+
+  def pdb_query(query)
+    pdb = https(8081)
+    pdb_request = Net::HTTP::Get.new('/pdb/query/v4')
+    pdb_request.set_form_data({ 'query' => query })
+    JSON.parse(pdb.request(pdb_request).body)
+  end
+
+  # Utility class to aid in retrieving useful information from the node group
+  # data
+  class NodeGroup
+    attr_reader :data
+
+    def initialize(data)
+      @data = data
+    end
+
+    # Aids in digging into node groups by name, rather than UUID
+    def dig(name, *args)
+      group = @data.find { |obj| obj['name'] == name }
+      if group.nil?
+        nil
+      elsif args.empty?
+        group
+      else
+        group.dig(*args)
+      end
+    end
+  end
+end
+
+# Run the task unless an environment flag has been set, signaling not to. The
+# environment flag is used to disable auto-execution and enable Ruby unit
+# testing of this task.
+unless ENV['RSPEC_UNIT_TEST_MODE']
+  Puppet.initialize_settings
+  task = GetPEAdmConfig.new(JSON.parse(STDIN.read))
+  task.execute!
+end