This is the r10k setup module. It has a base class to configure r10k to synchronize dynamic environments. You can be simply used by declaring it:
class { 'r10k':
remote => '[email protected]:someuser/puppet.git',
}Installing into the puppet enterprise ruby stack
class { 'r10k':
remote => '[email protected]:someuser/puppet.git',
provider => 'pe_gem',
}Installing using prefixes for multiple control repos.
class { 'r10k':
sources => {
'webteam' => {
'remote' => 'ssh://[email protected]/webteam/somerepo.git',
'basedir' => "${::settings::confdir}/environments"
'prefix' => true,
},
'secteam' => {
'remote' => 'ssh://[email protected]/secteam/someotherrepo.git',
'basedir' => '/some/other/basedir'
'prefix' => true,
},
},
}| Module Version | r10k Version |
|---|---|
| v2.5.x | 1.4.0 |
| v2.4.4 | 1.3.5 |
| v2.3.1 | 1.3.4 |
| v2.3.0 | 1.3.2 |
| v2.2.8 | 1.3.1 |
| v2.2.x | 1.1.0 |
This will configure /etc/r10k.yaml and install the r10k gem after installing
ruby using the puppetlabs/ruby module.
Here is an example of deploying the ssh keys needed for r10k to connect to a repo called puppet/control on a gitlab server. This is helpful when you need to automatically deploy new masters
#https://docs.puppetlabs.com/references/latest/type.html#sshkey
sshkey { "your.internal.gitlab.server.com":
ensure => present,
type => "ssh-rsa",
target => "/root/.ssh/known_hosts",
key => "...+dffsfHQ=="
}
# https://github.com/abrader/abrader-gms
git_deploy_key { 'add_deploy_key_to_puppet_control':
ensure => present,
name => $::fqdn,
path => '/root/.ssh/id_dsa.pub',
token => hiera('gitlab_api_token'),
project_name => 'puppet/control',
server_url => 'http://your.internal.gitlab.server.com',
provider => 'gitlab',
}It also has a few helper classes that do
some useful things. The following entry in Hiera will add a postrun_command to puppet.conf.
r10k::include_postrun_command: true
The concept here is that this is declared on the puppet master(s) that have been configured with r10k. This will cause r10k to synchronize before each puppet run. Any errors synchronizing will be logged to the standard puppet run.
This module requires the puppetlabs-ruby module. In the event that your environment already includes
the module with some customization, you can use the manage_ruby_dependency
parameter to adjust how this module expresses that requirement.
The supported values are include,declare, or ignore. The values' behavior
is outlined below:
-
declare default This will explicitly declare the ruby module. Additional declarations of the ruby module will result in an inability to compile a catalog.
-
include This will simply include the ruby module. When combined with class ordering, this will permit the user to manage the instantiation of the ruby module elsewhere, potentially with non-standard parameter values.
-
ignore This will assume that ruby is handled via some other mechanism than a puppet module named
ruby. It is left to the user to insure the requirement be met.
These entries in Hiera will create a symlink at /etc/r10k.yaml that points to the config file at /etc/puppet/r10k.yaml
---
r10k::configfile: /etc/puppet/r10k.yaml
r10k::manage_configfile_symlink: true
r10k::configfile_symlink: /etc/r10k.yamlInstalling using a proxy server
# Create a global gemrc for Puppet Enterprise to add the local gem source
# See http://projects.puppetlabs.com/issues/18053#note-12 for more information.
file { '/opt/puppet/etc':
ensure => 'directory',
owner => 'root',
group => '0',
mode => '0755',
}
file { 'gemrc':
ensure => 'file',
path => '/opt/puppet/etc/gemrc',
owner => 'root',
group => '0',
mode => '0644',
content => "---\ngem: --http-proxy=http://your.proxy.server:8080\n",
}
class { 'r10k':
remote => '[email protected]:someuser/puppet.git',
provider => 'pe_gem',
require => File['gemrc'],
}
# The following will allow r10k to use Puppetfile via the proxy
file { '/root/.gitconfig':
ensure => 'file',
owner => 'root',
group => '0',
mode => '0600',
}
# https://forge.puppetlabs.com/puppetlabs/inifile
Ini_setting {
ensure => present,
path => '/root/.gitconfig',
value => 'http://proxy.your.company.com:8080',
}
ini_setting { 'git http proxy setting':
section => 'http',
setting => 'proxy',
}
ini_setting { 'git https proxy setting':
section => 'https',
setting => 'proxy',
}Using a internal gem server
# Create a global gemrc for Puppet Enterprise to add the local gem source
# See http://projects.puppetlabs.com/issues/18053#note-12 for more information.
file { '/opt/puppet/etc':
ensure => 'directory',
owner => 'root',
group => '0',
mode => '0755',
}
file { 'gemrc':
ensure => 'file',
path => '/opt/puppet/etc/gemrc',
owner => 'root',
group => '0',
mode => '0644',
content => "---\nupdate_sources: true\n:sources:\n- http://your.internal.gem.server.com/rubygems/\n",
}
class { 'r10k':
remote => '[email protected]:someuser/puppet.git',
provider => 'pe_gem',
require => File['gemrc'],
}
An mcollective agent is included in this module which can be used to do on demand synchronization. This mcollective application and agent can be installed on all masters using the following class
include r10k::mcollectiveUsing mco you can then trigger mcollective to call r10k using
mco r10k synchronizeYou can sync an individual environment using:
mco r10k deploy <environment>Note: This implies -p
You can sync an individual module using:
mco r10k deploy_module <module>An example post-receive hook is included in the files directory. This hook can automatically cause code to synchronize on your servers at time of push in git. More modern git systems use webhooks, for those see below.
###Install mcollective support for post receive hooks
Install the mco command from the puppet enterprise installation directory i.e.
cd ~/puppet-enterprise-3.0.1-el-6-x86_64/packages/el-6-x86_64
sudo rpm -i pe-mcollective-client-2.2.4-2.pe.el6.noarch.rpmCopy the peadmin mcollective configuration and private keys from the certificate authority (puppet master)
/var/lib/peadmin/.mcollective
/var/lib/peadmin/.mcollective.d/mcollective-public.pem
/var/lib/peadmin/.mcollective.d/peadmin-cacert.pem
/var/lib/peadmin/.mcollective.d/peadmin-cert.pem
/var/lib/peadmin/.mcollective.d/peadmin-private.pem
/var/lib/peadmin/.mcollective.d/peadmin-public.pem
Ensure you update the paths in ~/.mcollective when copying to new users whose name is not peadmin. Ideally mcollective will be used with more then just the peadmin user's certificate in the future. That said, if your git user does not have a home diretory, you can rename .mcollective as /etc/client.cfg and copy the certs to somewhere that is readable by the respective user.
/home/gitolite/.mcollective
/home/gitolite/.mcollective.d/mcollective-public.pem
/home/gitolite/.mcollective.d/peadmin-cacert.pem
/home/gitolite/.mcollective.d/peadmin-cert.pem
/home/gitolite/.mcollective.d/peadmin-private.pem
/home/gitolite/.mcollective.d/peadmin-public.pem
Note: PE2 only requires the .mcollective file as the default auth was psk
For version control systems that use web driven post-receive processes you can use the example webhook included in this module.
This webhook currently only runs on Puppet Enterprise and uses mcollective to automatically synchronize your environment across multiple masters.
The webhook must be configured on the respective "control" repository a master that has mco installed and can contact the other masters in your fleet.
Currently this is a feature Puppet Enterprise only.
The following is an example of declaring the webhook when r10k prefixing are enabled.
This script is fed the github/gitlab payload in via stdin. This script is meant to return the prefix as its output. This is needed as the payload does not contain the r10k prefix. The simplest way to determine the prefix is to use the remote url in the payload and find the respective key in r10k.yaml. An example prefix command is located in this repo here. Note that you may need to modify this script depending on your remote configuration to use one of the various remote styles.
file {'/usr/local/bin/prefix_command.rb':
ensure => file,
mode => '0755',
owner => 'root',
group => '0',
source => 'puppet:///modules/r10k/prefix_command.rb',
}
class {'r10k::webhook::config':
prefix => true,
prefix_command => '/usr/local/bin/prefix_command.rb',
require => File['/usr/local/bin/prefix_command.rb'],
}
class {'r10k::webhook':
require => Class['r10k::webhook::config'],
}
# Deploy this webhook to your local gitlab server for the puppet/control repo.
# https://github.com/abrader/abrader-gms
git_webhook { 'web_post_receive_webhook' :
ensure => present,
webhook_url => 'https://puppet:[email protected]:8088/payload',
token => hiera('gitlab_api_token'),
project_name => 'puppet/control',
server_url => 'http://your.internal.gitlab.com',
provider => 'gitlab',
}
This is an example of using the webhok without authentication
The git_webhook type will using the api token to add the webhook to the "control" repo that contains your puppetfile. This is typically useful when you want all automate the addtion of the webhook to the repo.
class {'r10k::webhook::config':
enable_ssl => false,
protected => false,
}
class {'r10k::webhook':
require => Class['r10k::webhook::config'],
}
# https://github.com/abrader/abrader-gms
# Add webhook to control repository ( the repo where the Puppetfile lives )
git_webhook { 'web_post_receive_webhook' :
ensure => present,
webhook_url => 'http://master.of.masters:8088/payload',
token => hiera('github_api_token'),
project_name => 'organization/control',
server_url => 'http://github.com',
provider => 'github',
}
# Add webhook to module repo if we are tacking branch in Puppetfile i.e.
# mod 'module_name',
# :git => 'http://github.com/organization/puppet-module_name',
# :branch => 'master'
git_webhook { 'web_post_receive_webhook_for_module' :
ensure => present,
webhook_url => 'http://master.of.masters:8088/module',
token => hiera('github_api_token'),
project_name => 'organization/puppet-module_name',
server_url => 'http://github.com',
provider => 'github',
}##Support
Please log tickets and issues at our Projects site
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent