From 9b50d5e31ee4de65445b6a5bec39da590dedbe36 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Thu, 13 Aug 2015 14:10:29 -0700 Subject: Update the README, add an all_in_one_pe role Updating README for instructions on how to use the control-repo by putting it in your own git server and then using the r10k answers during installation of PE. Removing the manifest for configuring r10k using zack/r10k. Added a role that can be used to bootstrap an all-in-one PE installation. --- site/role/manifests/all_in_one_pe.pp | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 site/role/manifests/all_in_one_pe.pp (limited to 'site/role/manifests/all_in_one_pe.pp') diff --git a/site/role/manifests/all_in_one_pe.pp b/site/role/manifests/all_in_one_pe.pp new file mode 100644 index 0000000..ca99139 --- /dev/null +++ b/site/role/manifests/all_in_one_pe.pp @@ -0,0 +1,5 @@ +class role::all_in_one_pe { + + include profile::puppetmaster + +} -- cgit v1.2.3 From 1828e2162304d7d9a2e26743f175d76256b6e0c1 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 16 Oct 2015 10:53:16 -0700 Subject: Change to using the webhook without mcollective In order to complete the change I refactered the webhook into its own set of profiles, one with mcollective and the other without. --- README.md | 6 ++++-- site/profile/manifests/puppetmaster.pp | 13 ------------- site/profile/manifests/webhook_mcollective.pp | 15 +++++++++++++++ site/profile/manifests/webhook_no_mcollective.pp | 13 +++++++++++++ site/role/manifests/all_in_one_pe.pp | 1 + 5 files changed, 33 insertions(+), 15 deletions(-) create mode 100644 site/profile/manifests/webhook_mcollective.pp create mode 100644 site/profile/manifests/webhook_no_mcollective.pp (limited to 'site/role/manifests/all_in_one_pe.pp') diff --git a/README.md b/README.md index 97d5795..2125c09 100644 --- a/README.md +++ b/README.md @@ -46,16 +46,18 @@ http://docs.puppetlabs.com/pe/latest/regenerate_certs_master.html - http://doc.gitlab.com/ce/workflow/groups.html 6. Create a user called `r10k_api_user` and add them to the `puppet` group + - From the landing page, select groups + - Choose the puppet group + - In the left hand pane, select memembers + - Add the `r10k_api_user` with `master` permissions 7. Add your user to the `puppet` group as well 7. Create a project called `control-repo` and set the Namespace to be the `puppet` group - - TODO: Change permissions on the group? 8. Logout of root and login as the `r10k_api_user` - Go to profile settings -> account ( https:///profile/account ) - Copy the api token - - TODO: Change permissions for this user? 9. Clone this control repository to your laptop/workstation - `git clone https://github.com/npwalker/control-repo.git` diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index 4fc06f2..bc52d3b 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -12,19 +12,6 @@ class profile::puppetmaster { group => 'root', notify => Service['pe-puppetserver'], } - - ##BEGIN - r10k webhook support - include r10k::mcollective - - include r10k::webhook::config - - class {'r10k::webhook': - user => 'root', - group => '0', - require => Class['r10k::webhook::config'], - notify => Service['mcollective'], - } - ##END - r10k webhook support #BEGIN - Generate an SSH key for r10k to connect to git $r10k_ssh_key_file = '/root/.ssh/r10k_rsa' diff --git a/site/profile/manifests/webhook_mcollective.pp b/site/profile/manifests/webhook_mcollective.pp new file mode 100644 index 0000000..395cc7a --- /dev/null +++ b/site/profile/manifests/webhook_mcollective.pp @@ -0,0 +1,15 @@ +class profile::webhook_mcollective { + + class { 'r10k::mcollective': + notify => Service['mcollective'], + } + + include r10k::webhook::config + + class {'r10k::webhook': + user => 'root', + group => '0', + require => Class['r10k::webhook::config'], + } + +} diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp new file mode 100644 index 0000000..42c4954 --- /dev/null +++ b/site/profile/manifests/webhook_no_mcollective.pp @@ -0,0 +1,13 @@ +class profile::webhook_no_mcollective { + + class {'r10k::webhook::config': + use_mcollective => false, + } + + class {'r10k::webhook': + user => 'root', + group => '0', + require => Class['r10k::webhook::config'], + } + +} diff --git a/site/role/manifests/all_in_one_pe.pp b/site/role/manifests/all_in_one_pe.pp index ca99139..f34a261 100644 --- a/site/role/manifests/all_in_one_pe.pp +++ b/site/role/manifests/all_in_one_pe.pp @@ -1,5 +1,6 @@ class role::all_in_one_pe { + include profile::webhook_no_mcollective include profile::puppetmaster } -- cgit v1.2.3 From 8e271e3043fd55ce7c39f520360214e6844085af Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 30 Oct 2015 13:04:42 -0700 Subject: Change the zack/r10k webhook to utilize username and password To accomodate generating random usernames and passwords, I had to parameterize the profiles which I didn't feel great about but I also didn't want to have to put the username and pass in hiera. --- site/profile/manifests/puppetmaster.pp | 7 +++++-- site/profile/manifests/webhook_no_mcollective.pp | 9 +++++++-- site/role/manifests/all_in_one_pe.pp | 14 ++++++++++++-- 3 files changed, 24 insertions(+), 6 deletions(-) (limited to 'site/role/manifests/all_in_one_pe.pp') diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index d306ad5..d3f1a87 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -1,4 +1,7 @@ -class profile::puppetmaster { +class profile::puppetmaster ( + $webhook_username, + $webhook_password +) { class { 'hiera': hierarchy => [ @@ -38,7 +41,7 @@ class profile::puppetmaster { git_webhook { "web_post_receive_webhook-${::fqdn}" : ensure => present, - webhook_url => "https://${::fqdn}:8088/payload", + webhook_url => "https://${webhook_username}:${webhook_password}@${::fqdn}:8088/payload", token => hiera('gms_api_token'), project_name => 'puppet/control-repo', server_url => hiera('gms_server_url'), diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp index f4f50d7..dc7b1aa 100644 --- a/site/profile/manifests/webhook_no_mcollective.pp +++ b/site/profile/manifests/webhook_no_mcollective.pp @@ -1,8 +1,13 @@ -class profile::webhook_no_mcollective { +class profile::webhook_no_mcollective ( + $username, + $password +) { class {'r10k::webhook::config': enable_ssl => true, - protected => false, + protected => true, + user => $username, + pass => $password, use_mcollective => false, } diff --git a/site/role/manifests/all_in_one_pe.pp b/site/role/manifests/all_in_one_pe.pp index f34a261..3762325 100644 --- a/site/role/manifests/all_in_one_pe.pp +++ b/site/role/manifests/all_in_one_pe.pp @@ -1,6 +1,16 @@ class role::all_in_one_pe { - include profile::webhook_no_mcollective - include profile::puppetmaster + $webhook_username = hiera('webhook_username', fqdn_rand_string(10, '', 'username')) + $webhook_password = hiera('webhook_password', fqdn_rand_string(20, '', 'password')) + + class { 'profile::puppetmaster' : + webhook_username => $webhook_username, + webhook_password => $webhook_password, + } + + class { 'profile::webhook_no_mcollective' : + username => $webhook_username, + password => $webhook_password, + } } -- cgit v1.2.3 From 3149d9707f2882bdd4bc499a2bc65fb6dff36bf9 Mon Sep 17 00:00:00 2001 From: Nick Walker Date: Fri, 30 Oct 2015 13:42:33 -0700 Subject: Refactor webhook profiles into one profile with a parameter Previously there was a mcollective and no_mcollective version of the webhook profile. They were almost identical so I merged them and manage the difference with a "use_mcollective" parameter. I renamed the webhook profile to zack_r10k_webhook. --- site/profile/manifests/puppetmaster.pp | 22 +++++++++--------- site/profile/manifests/webhook_mcollective.pp | 15 ------------ site/profile/manifests/webhook_no_mcollective.pp | 20 ---------------- site/profile/manifests/zack_r10k_webhook.pp | 29 ++++++++++++++++++++++++ site/role/manifests/all_in_one_pe.pp | 2 +- 5 files changed, 41 insertions(+), 47 deletions(-) delete mode 100644 site/profile/manifests/webhook_mcollective.pp delete mode 100644 site/profile/manifests/webhook_no_mcollective.pp create mode 100644 site/profile/manifests/zack_r10k_webhook.pp (limited to 'site/role/manifests/all_in_one_pe.pp') diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp index d3f1a87..1a199cd 100644 --- a/site/profile/manifests/puppetmaster.pp +++ b/site/profile/manifests/puppetmaster.pp @@ -23,20 +23,20 @@ class profile::puppetmaster ( creates => $r10k_ssh_key_file, } #END - Generate an SSH key for r10k to connect to git - + #BEGIN - Add deploy key and webook to git management system $git_management_system = hiera('git_management_system', '') if $git_management_system in ['gitlab', 'github'] { - + git_deploy_key { "add_deploy_key_to_puppet_control-${::fqdn}": - ensure => present, - name => $::fqdn, - path => "${r10k_ssh_key_file}.pub", - token => hiera('gms_api_token'), - project_name => 'puppet/control-repo', - server_url => hiera('gms_server_url'), - provider => $git_management_system, + ensure => present, + name => $::fqdn, + path => "${r10k_ssh_key_file}.pub", + token => hiera('gms_api_token'), + project_name => 'puppet/control-repo', + server_url => hiera('gms_server_url'), + provider => $git_management_system, } git_webhook { "web_post_receive_webhook-${::fqdn}" : @@ -57,11 +57,11 @@ class profile::puppetmaster ( file { '/usr/local/bin/update-classes.sh' : ensure => file, source => 'puppet:///modules/profile/puppetmaster/update-classes.sh', - mode => '755', + mode => '0755', } #https://docs.puppetlabs.com/puppet/latest/reference/config_file_environment.html#environmenttimeout - ini_setting { "environment_timeout = unlimited": + ini_setting { 'environment_timeout = unlimited': ensure => present, path => '/etc/puppetlabs/puppet/puppet.conf', section => 'main', diff --git a/site/profile/manifests/webhook_mcollective.pp b/site/profile/manifests/webhook_mcollective.pp deleted file mode 100644 index 395cc7a..0000000 --- a/site/profile/manifests/webhook_mcollective.pp +++ /dev/null @@ -1,15 +0,0 @@ -class profile::webhook_mcollective { - - class { 'r10k::mcollective': - notify => Service['mcollective'], - } - - include r10k::webhook::config - - class {'r10k::webhook': - user => 'root', - group => '0', - require => Class['r10k::webhook::config'], - } - -} diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp deleted file mode 100644 index dc7b1aa..0000000 --- a/site/profile/manifests/webhook_no_mcollective.pp +++ /dev/null @@ -1,20 +0,0 @@ -class profile::webhook_no_mcollective ( - $username, - $password -) { - - class {'r10k::webhook::config': - enable_ssl => true, - protected => true, - user => $username, - pass => $password, - use_mcollective => false, - } - - class {'r10k::webhook': - user => 'root', - group => '0', - require => Class['r10k::webhook::config'], - } - -} diff --git a/site/profile/manifests/zack_r10k_webhook.pp b/site/profile/manifests/zack_r10k_webhook.pp new file mode 100644 index 0000000..7e0bd40 --- /dev/null +++ b/site/profile/manifests/zack_r10k_webhook.pp @@ -0,0 +1,29 @@ +class profile::zack_r10k_webhook ( + $username, + $password, + $use_mcollective = false, +) { + + if $use_mcollective { + + class { 'r10k::mcollective': + notify => Service['mcollective'], + } + + } + + class {'r10k::webhook::config': + enable_ssl => true, + protected => true, + user => $username, + pass => $password, + use_mcollective => $use_mcollective, + } + + class {'r10k::webhook': + user => 'root', + group => '0', + require => Class['r10k::webhook::config'], + } + +} diff --git a/site/role/manifests/all_in_one_pe.pp b/site/role/manifests/all_in_one_pe.pp index 3762325..6bc2eb3 100644 --- a/site/role/manifests/all_in_one_pe.pp +++ b/site/role/manifests/all_in_one_pe.pp @@ -8,7 +8,7 @@ class role::all_in_one_pe { webhook_password => $webhook_password, } - class { 'profile::webhook_no_mcollective' : + class { 'profile::zack_r10k_webhook' : username => $webhook_username, password => $webhook_password, } -- cgit v1.2.3