class profile::git_webhook::code_manager { $authenticate_webhook = hiera('puppet_enterprise::master::code_manager::authenticate_webhook', true) $code_manager_service_user = 'code_manager_service_user' $code_manager_service_user_password = fqdn_rand_string(40, '', "${code_manager_service_user}_password") #puppet_master_classifier_settings is a custom function $classifier_settings = puppet_master_classifer_settings() $classifier_hostname = $classifier_settings['server'] $classifier_port = $classifier_settings['port'] $token_directory = '/etc/puppetlabs/puppetserver/.puppetlabs' $token_filename = "${token_directory}/${code_manager_service_user}_token" $gms_api_token = hiera('gms_api_token', undef) $git_management_system = hiera('git_management_system', undef) $code_manager_ssh_key_file = '/etc/puppetlabs/puppetserver/code_manager.key' exec { 'create code manager ssh key' : command => "/usr/bin/ssh-keygen -t rsa -b 2048 -C 'code_manager' -f ${code_manager_ssh_key_file} -q -N ''", creates => $code_manager_ssh_key_file, } file { $code_manager_ssh_key_file : ensure => file, owner => 'pe-puppet', group => 'pe-puppet', require => Exec['create code manager ssh key'], } #If files exist in the codedir code manager can't manage them unless pe-puppet can read them exec { 'chown all environments to pe-puppet' : command => "/bin/chown -R pe-puppet:pe-puppet ${::settings::codedir}", unless => "/usr/bin/test \$(stat -c %U ${::settings::codedir}/environments/production) = 'pe-puppet'", } rbac_user { $code_manager_service_user : ensure => 'present', name => $code_manager_service_user, email => "${code_manager_service_user}@example.com", display_name => 'Code Manager Service Account', password => $code_manager_service_user_password, roles => [ 'Deploy Environments' ], } file { $token_directory : ensure => directory, owner => 'pe-puppet', group => 'pe-puppet', } exec { "Generate Token for ${code_manager_service_user}" : command => epp('profile/git_webhook/code_manager/create_rbac_token.epp', { 'code_manager_service_user' => $code_manager_service_user, 'code_manager_service_user_password' => $code_manager_service_user_password, 'classifier_hostname' => $classifier_hostname, 'classifier_port' => $classifier_port, 'token_filename' => $token_filename }), creates => $token_filename, require => [ Rbac_user[$code_manager_service_user], File[$token_directory] ], } #this file cannont be read until the next run after the above exec #because the file function runs on the master not on the agent #so the file doesn't exist at the time the function is run $rbac_token_file_contents = no_fail_file($token_filename) #Only mv code if this is at least the 2nd run of puppet #Code manager needs to be enabled and puppet server restarted #before this exec can complete. Gating on the token file #ensures at least one run has completed if $::code_manager_mv_old_code and !empty($rbac_token_file_contents) { $timestamp = chomp(generate('/bin/date', '+%Y%d%m_%H:%M:%S')) exec { 'mv files out of $environmentpath' : command => "mkdir /etc/puppetlabs/env_back_${timestamp}; mv ${::settings::codedir}/environments/* /etc/puppetlabs/env_back_${timestamp}/; rm /opt/puppetlabs/facter/facts.d/code_manager_mv_old_code.txt; TOKEN=`/opt/puppetlabs/puppet/bin/ruby -e \"require 'json'; puts JSON.parse(File.read('${token_filename}'))['token']\"`; /opt/puppetlabs/puppet/bin/curl -k -X POST -H 'Content-Type: application/json' \"https://${::trusted['certname']}:8170/code-manager/v1/deploys?token=\$TOKEN\" -d '{\"environments\": [\"${::environment}\"], \"wait\": true}'; /opt/puppetlabs/puppet/bin/curl -k -X POST -H 'Content-Type: application/json' \"https://${::trusted['certname']}:8170/code-manager/v1/deploys?token=\$TOKEN\" -d '{\"deploy-all\": true, \"wait\": true}'; sleep 15", path => $::path, logoutput => true, require => Exec["Generate Token for ${code_manager_service_user}"], } } if !empty($gms_api_token) { if $authenticate_webhook and !empty($rbac_token_file_contents) { $rbac_token = parsejson($rbac_token_file_contents)['token'] $token_info = "&token=${rbac_token}" } else { $token_info = '' } $code_manager_webhook_type = $git_management_system ? { 'gitlab' => 'github', default => $git_management_system, } git_deploy_key { "add_deploy_key_to_puppet_control-${::fqdn}": ensure => present, name => $::fqdn, path => "${code_manager_ssh_key_file}.pub", token => $gms_api_token, project_name => 'puppet/control-repo', server_url => hiera('gms_server_url'), provider => $git_management_system, } git_webhook { "code_manager_post_receive_webhook-${::fqdn}" : ensure => present, webhook_url => "https://${::fqdn}:8170/code-manager/v1/webhook?type=${code_manager_webhook_type}${token_info}", token => $gms_api_token, project_name => 'puppet/control-repo', server_url => hiera('gms_server_url'), provider => $git_management_system, disable_ssl_verify => true, } } } ul li {padding:0.2em 0 0.3em 2em;margin:0.1em 0 0.1em 0;width:19em;} #links ul li:nth-child(2n) {float:right;} #links ul li:nth-child(4n) {background:rgba(80,80,80,0.1);} #links ul li:nth-child(2n+1) {float:left;} #links ul li:nth-child(4n-1) {background:rgba(80,80,80,0.1);} #links:after {clear:both;content:" ";display:block;} #teamspeak_srv {background-color:rgba(225,245,220,0.7);} #teamspeak_srv>div.content {margin:0 auto;font-size:13px;width:29.5em;font-family:"Telex","Helvetica Neue",Helvetica,Arial,sans-serif;} #teamspeak_srv div.copy { display:none!important; } #teamspeak_srv .content:last-child { margin-bottom:2em; } aside#ts3remark {margin-top:4em;font-size:66%;text-align:center;font-style:italic;} #validate { transform: rotate(45deg); /*-webkit-transform: rotate(45deg); /*FUCK YOU CHROME, SAFARI AND OPERA*/ /*-ms-transform: rotate(45deg); /*FUCK YOU INTERNET EXPLORER 9 AND BELOW*/ position:fixed;bottom:0;left:0;text-align:center;text-transform:lowercase;width:100%;margin-left:-45.666%;margin-bottom:1.666em; } #validate > p {margin:0;font-weight:bold;} #validate a {text-decoration:none;} #validate a:hover{text-decoration:none;} #validate > p:first-child {/*background:#0092bf;*/color:white;border-top:1px solid;border-color:#058;background:rgba(0,126,178,.8);} #validate > p:nth-child(2) {/*background:#90c140;*/color:white;border-bottom:1px solid;border-color:#591;background:rgba(124,178,54,.8);} #validate > p a { color:white;display:inline-block;padding:0.3em 25px 0.3em 0.3em;box-sizing:content-box;height:100%; background-size:auto 24px; } #validate > p:first-child a { background:transparent url('/flags/html5.png') right center no-repeat scroll; } #validate > p:nth-child(2) a { background:transparent url('/flags/css3.png') right center no-repeat scroll; } #validate > p span:last-child {display:none;} /*#validate > p:last-child a {color:#3e7000;} #validate > p:last-child a:hover {color:#c9910e;}*/ /*#mail h2:before {content:"\2709\fe0f\000a";display:block;font-size:4em;}*/ #mail h2:before {content:"\2709";display:block;font-size:4em;} #mail,#philosophy,#hots {text-align:justify;} #mail h2:before, #philosophy h2:before,#hots h2:before { font-family:"Elusive Icons"; display:block;font-size:3em;font-weight:normal; } #mail h2:before {content:"\e6e1";} #mail .remark,#philosophy .remark,#hots .remark {font-size:80%;margin-top:2em;font-style:italic;} #mail strong,#philosophy strong {color:#a00;} /*#philosophy h2:before {content:"\262f\fe0f\000a";display:block;font-size:4em;}*/ #philosophy h2:before {content:"\262f";} #hots h2:before { content:" "; background:transparent url('//lirion.de/heroes-of-the-storm.svg') center center; background-size:1.5em 1.5em; width:1.5em;height:1.5em;text-align:center;margin:0 auto;padding:0;display:block; } #hots p#hotslogs {text-align:center; margin:0 auto;margin-bottom:1em;} #rebuild {text-decoration:blink;color:#30c000;} #os-releases {/*width:66.6%;*/margin-left:2em;} #os-releases th {text-align:left;} #os-releases tr:nth-child(2n-1) td {background-color:#bcd1c1;} #os-releases tr td,#os-releases tr th {padding:0 0.75em;} #os-releases tr td.hash {font-family:"DejaVu Sans Mono",Monospace,monospace,serif;font-size:90%;} #nowww { position:fixed;top:4em;right:1em;margin:0;padding:0; background:transparent url('/assets/no_www.png') bottom right no-repeat; background-size:80px auto;width:80px;height:80px; } #nowww a { display:block;margin:0;padding:0; width:80px;height:80px; } #nowww a span {display:none;} div.markdown-body p:last-child { padding-bottom:1.5em; } div#cgit {margin-bottom:2em;} @keyframes fadeDown { 0% { opacity: 0; transform: translateY(-20px); } 100% { opacity: 1; transform: translateY(0); } } .fadeDown, header { animation:fadeDown 1s ease; } /* jekyll */ header.post-header { margin-top: 0.1337em; } .post h1 { font-size:2.1337em; text-align: left; } .post h1+p { text-align: left; } ul.post-list { background: #f0f0f0; list-style: none; padding-inline-start: 0; padding: 0.8em; } ul.post-list li { padding:0.4em; } ul.post-list li:nth-child(2n-1) { background-color:#ffffff; } ul.post-list li span.post-meta { font-weight: bold;font-style: oblique;font-size:100%; } ul.post-list li span.post-meta:after { content: ':'; } ul.post-list li h3 { font-size: 100%;font-weight: normal; display: inline; margin-left: 1em; font-family: "Telex","Helvetica Neue",Helvetica,Arial,sans-serif; border-bottom: none; } ul.post-list li h3 a { text-decoration: none; } nav.blog-nav { background: transparent; position: static; border: none; } .blog-nav .nav-trigger { display:none; } .blog-nav .menu-icon { display:none; } .post-content table { margin-bottom: 30px; width: 100%; text-align: left; color: #3f3f3f; border-collapse: collapse; border: 1px solid #d0d0d0; } .post-content table tr:nth-child(odd) { background-color: #e0e0e0; } .post-content table tr:nth-child(even) { background-color: #f0f0f0; } .post-content table th, table td { padding: 10px 15px; } .post-content table th { background-color: #f0f0f0; border: 1px solid #dedede; border-bottom-color: #c9c9c9; } .post-content table td { border: 1px solid #e8e8e8; } .blog-nav a.page-link { text-decoration: none; font-size:110%; border-left: 1px solid; border-right: 1px solid; margin-left: 0.1em;margin-right:0.1em; padding-left:0.7331em;padding-right: 0.7331em; display: inline-block; } .blog-nav a.page-link:first-child { margin-left: 0; border-left: 0; } .blog-nav a.page-link:last-child { margin-right: 0; border-right: 0; } figure.highlight { margin: 0 auto; margin-left: 1em; padding: 0.666em; } figure.highlight pre { margin-top: 0; margin-bottom: 0; overflow-x: auto; overflow-y: hidden; } figure.highlight pre code, code.highlighter-rouge { font-size: 0.8em; } article.post div.post-content, #tocw { background: rgba(251,255,253,0.6); padding: 0.666em; } main.page-content a, footer.site-footer a { text-decoration: none; color: #169b62; font-weight: 550; } main.page-content a:hover, footer.site-footer a:hover, main.page-content a:active, footer.site-footer a:active { color: #ff883e; } .highlight { background: #e8fff0; } #tocw ol { list-style-type: decimal; counter-reset: item; padding-left: 10px; } #tocw ol li { display: block; } #tocw > ol > li { padding-left: 0.5em; } #tocw > ol > li > ol > li { padding-left: 0.666em; } #tocw > ol > li > ol > li > ol > li { padding-left: 1.337em; } #tocw ol li:before { content: counters(item, ".") ". "; counter-increment: item } /*main.page-content h2:before { content: counter(heading)". "; counter-increment: heading; } main.page-content h2 { counter-reset: subheading; } main.page-content h3:before { content: counter(heading)"." counter(subheading)". "; counter-increment: subheading; }*/ /** * Syntax highlighting styles */ .highlight { background: #fff; } .highlighter-rouge .highlight { background: #eef; } .highlight .c { color: #998; font-style: italic; } .highlight .err { color: #a61717; background-color: #e3d2d2; } .highlight .k { font-weight: bold; } .highlight .o { font-weight: bold; } .highlight .cm { color: #998; font-style: italic; } .highlight .cp { color: #999; font-weight: bold; } .highlight .c1 { color: #998; font-style: italic; } .highlight .cs { color: #999; font-weight: bold; font-style: italic; } .highlight .gd { color: #000; background-color: #fdd; } .highlight .gd .x { color: #000; background-color: #faa; } .highlight .ge { font-style: italic; } .highlight .gr { color: #a00; } .highlight .gh { color: #999; } .highlight .gi { color: #000; background-color: #dfd; } .highlight .gi .x { color: #000; background-color: #afa; } .highlight .go { color: #888; } .highlight .gp { color: #555; } .highlight .gs { font-weight: bold; } .highlight .gu { color: #aaa; } .highlight .gt { color: #a00; } .highlight .kc { font-weight: bold; } .highlight .kd { font-weight: bold; } .highlight .kp { font-weight: bold; } .highlight .kr { font-weight: bold; } .highlight .kt { color: #458; font-weight: bold; } .highlight .m { color: #099; } .highlight .s { color: #d14; } .highlight .na { color: #008080; } .highlight .nb { color: #0086B3; } .highlight .nc { color: #458; font-weight: bold; } .highlight .no { color: #008080; } .highlight .ni { color: #800080; } .highlight .ne { color: #900; font-weight: bold; } .highlight .nf { color: #900; font-weight: bold; } .highlight .nn { color: #555; } .highlight .nt { color: #000080; } .highlight .nv { color: #008080; } .highlight .ow { font-weight: bold; } .highlight .w { color: #bbb; } .highlight .mf { color: #099; } .highlight .mh { color: #099; } .highlight .mi { color: #099; } .highlight .mo { color: #099; } .highlight .sb { color: #d14; } .highlight .sc { color: #d14; } .highlight .sd { color: #d14; } .highlight .s2 { color: #d14; } .highlight .se { color: #d14; } .highlight .sh { color: #d14; } .highlight .si { color: #d14; } .highlight .sx { color: #d14; } .highlight .sr { color: #009926; } .highlight .s1 { color: #d14; } .highlight .ss { color: #990073; } .highlight .bp { color: #999; } .highlight .vc { color: #008080; } .highlight .vg { color: #008080; } .highlight .vi { color: #008080; } .highlight .il { color: #099; }

git.lirion.de

Of git, get, and gud

aboutsummaryrefslogtreecommitdiffstats
path: root/Puppetfile
blob: 6bc31f89a6e565c4aa6ea3879ecef35bd53f89b6 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40