Updates to recovery.md to address PE-39730 #526
Conversation
https://perforce.atlassian.net/browse/PE-39730 outlines some required changes to the procedure for replacing a missing or failed replica Puppet server. This draft aims to address all issues raised in the ticket.
documentation/recovery.md
Outdated
| * _\<replacement-avail-group-letter\>_ - Either A or B; whichever of the two letter designations is appropriate for the server being replaced. It will be the opposite of the primary server. | ||
| * _\<old-replica-fqdn\>_ - The FQDN and certname of the old replica Puppet server that has failed or is missing | ||
| * _\<replacement-replica-fqdn\>_ - The FQDN and certname of the new replica Puppet server | ||
| * _\<failed-primary-server-fqdn\>_ - The FQDN and certname of the original primary server that the old replica had replaced |
There was a problem hiding this comment.
Suggest removing failed-primary-server-fqdn from this section altogether because steps about replacing a replica should just be in this section
There was a problem hiding this comment.
- Promote the replica (official docs)
- purge the failed primary server puppet node purge
- Replace missing replica server (same as Replace missing or failed replica Puppet server below)
documentation/recovery.md
Outdated
|
|
||
| 3. Install the Puppet agent on the replacement replica. | ||
|
|
||
| **Note**: When designating the availability group of the replacement, use the opposite group (A or B) of the server being replaced. This means that, if the old replica server replaced the original primary server, the new replica is assigned the same availability group as the original primary. |
There was a problem hiding this comment.
Suggest deleting this line. It won't always be the opposite of the server being replaced but it should be opposite of whatever is the primary which is already stated in the former line 18. I suggest leaving that line there <replacement-avail-group-letter>_ - Either A or B; whichever of the two letter designations is appropriate for the server being replaced. It will be the opposite of the primary server.
documentation/recovery.md
Outdated
| puppet agent -t | ||
|
|
||
| 3. On the PE-PostgreSQL server in the _\<replacement-avail-group-letter\>_ group | ||
| 4. Sign the certificate on the new primary server. |
There was a problem hiding this comment.
Change to 'Sign the certificate on the primary server.
puppetserver ca sign --certname '
(It is not always a new primary server if they did not promote a replica. They can be doing these steps to just replace a failed replica)
documentation/recovery.md
Outdated
|
|
||
| puppet resource service puppet ensure=stopped | ||
|
|
||
| 3. Add the following two lines to /opt/puppetlabs/server/data/postgresql/14/data/pg\_ident.conf |
There was a problem hiding this comment.
Add the following two lines to /opt/puppetlabs/server/data/postgresql/<postgres_version>/data/pg_ident.conf
In the latest PE release 2023.8.0 the PostgreSQL version is 14 /opt/puppetlabs/server/data/postgresql/14/data/pg_ident.confhttps://www.puppet.com/docs/pe/latest/component_versions_in_recent_pe_releases.html
documentation/recovery.md
Outdated
| @@ -102,11 +128,11 @@ On _\<working-postgres-server-fqdn\>_: | |||
|
|
|||
| systemctl stop puppet | |||
|
|
|||
| 2. Add this line to /opt/puppetlabs/server/data/postgresql/11/data/pg\_ident.conf | |||
| 2. Add this line to /opt/puppetlabs/server/data/postgresql/14/data/pg\_ident.conf | |||
There was a problem hiding this comment.
Add this line to /opt/puppetlabs/server/data/postgresql/<postgres_version>/data/pg_ident.conf
In the latest PE release 2023.8.0the PostgreSQL version is 14 /opt/puppetlabs/server/data/postgresql/14/data/pg_ident.confhttps://www.puppet.com/docs/pe/latest/component_versions_in_recent_pe_releases.html
Updates to draft following engineer review
##Summary
https://perforce.atlassian.net/browse/PE-39730 outlines some required changes to the procedure for replacing a missing or failed replica Puppet server. This draft attempts to address all issues raised in the ticket.