The `file()` function accepts a list of paths, and the contents of the
first one that exists will be returned. To get the same functionality
as the removed function, just pass '/dev/null' as the second path.
Shouldn't this be profile::git_webhook as in all_in_one_pe.pp since the abstraction logic is located there?
Either that or the profile::zack_r10k_webook is missing from the location specified?
Prior to the this commit, if you were using the code_manager
profile on a split install it would incorrectly try to curl the
NC api on the master node.
After this commit, it should correctly curl the hostname of the NC
This has no impact on the functionality of the code on a monolithic
PE installation.
Mostly reorganized the README to be 2015.3 first and then have some
extra info at the bottom about upgrading from 2015.2.
Added a blurb about what the control-repo provides.
Prior to this commit there was a requirement for the user of this
repo to create a RBAC role in order for code manager to work.
After this commit an exec statement will curl the RBAC API to
create the role one time and hopefully it works otherwise the exec
will not run again.
Prior to this commit, if you upgraded from a previous version of
the control-repo both code manager and zack/r10k webhook would
be running and ready to receive data. This can present problems
if the webhook isn't disbled in the git management system is
sending data to both receivers.
This commit adds rudimentary ability to break the zack/r10k
webhook so it can't receive data.
Prior to this commit there were two possible webhooks
- zack/r10k webhook
- code manager
I moved these two profiles under git_webhook and choose the correct
one based on the version of PE being used.
As a safety hatch, I provide the $force_zack_r10k_webhook param
on profile::git_webhook in case someone needs to continue using it
instead of code manager.
File sync appears to sync everything in the $codedir which
inlcudes hiera.yaml. When managing hiera.yaml with puppet code
you don't want file sync to overwrite its contents. So, I'm
moving it out of $codedir and removing the original hiera.yaml
to avoid confusion for users investigating later.
- Moved ssh key generation and git deploy key out of the puppetmaster
profile and into zack_r10k and code_manager
- Swapped code manager into the all_in_one role
- Made a 2015.2 all_in_one role if users prefer to use it
- Conditionally move all existing code out of environmentpath
to allow file sync to sync files
- Update the README to compliment the new puppet code
Prior to this commit, the code manger profile could not complete
on the first run because the file function would error out
I implemented a new version of the file function that returns
nothing when the file does not exist instead of erroring out which
allows me to gate creating the webhook on whether there is content
in the file.
As a result this means that it takes 2 runs to get everything setup
but this is preferable over having to manually intervene in some
other way if the token file doesn't exist.
Moved the webhook resource out of puppetmaster and into zack_r10k
to support exchaning code_manager in place of zack_r10k
As a result I cleaned up some unnecessary parameters.
Installing both the r10k webhook and the code_manager at this time
for testing
Add pltraing-rbac module
Added a new profile for code_manager that:
- creates a service users for code manager
- creates a token for that service user
- creates a hook on a git server using the token
Turns out that the file function in puppet cannot read files in
/root. The pe-puppet user needs read permissions on the file
and traversal on the directory which giving to /root would
probably be a bad idea. So, I just put the file containing
the token in /etc/puppetlabs/puppetserver since I'm not sure
where would be better.
When the owner / group was root this meant that enabling
hiera-eyaml wouldn't work properly as the keys couldn't
be read by puppetserver.
Changing to pe-puppet should resolve the issue.
Previously there was a mcollective and no_mcollective version of
the webhook profile. They were almost identical so I merged them
and manage the difference with a "use_mcollective" parameter.
I renamed the webhook profile to zack_r10k_webhook.
To accomodate generating random usernames and passwords, I had
to parameterize the profiles which I didn't feel great about
but I also didn't want to have to put the username and pass in
hiera.