Commit Graph

44 Commits

Author SHA1 Message Date
Nick Walker
ad00dd7a9a Add an exec to create the Deploy Environments RBAC Role
Prior to this commit there was a requirement for the user of this
repo to create a RBAC role in order for code manager to work.

After this commit an exec statement will curl the RBAC API to
create the role one time and hopefully it works otherwise the exec
will not run again.
2015-12-28 16:42:40 -08:00
Nick Walker
ec7a8d81a6 Add functionality to disable the zack/r10k webhook
Prior to this commit, if you upgraded from a previous version of
the control-repo both code manager and zack/r10k webhook would
be running and ready to receive data.  This can present problems
if the webhook isn't disbled in the git management system is
sending data to both receivers.

This commit adds rudimentary ability to break the zack/r10k
webhook so it can't receive data.
2015-12-21 15:52:15 -08:00
Nick Walker
d2db275028 Create profile::git_webhook to abstract away the details
Prior to this commit there were two possible webhooks
 - zack/r10k webhook
 - code manager

I moved these two profiles under git_webhook and choose the correct
one based on the version of PE being used.

As a safety hatch, I provide the $force_zack_r10k_webhook param
on profile::git_webhook in case someone needs to continue using it
instead of code manager.
2015-12-21 15:19:38 -08:00
Nick Walker
b8d4980f86 Move hiera.yaml to avoid file-sync overwriting it
File sync appears to sync everything in the $codedir which
inlcudes hiera.yaml.  When managing hiera.yaml with puppet code
you don't want file sync to overwrite its contents.  So, I'm
moving it out of $codedir and removing the original hiera.yaml
to avoid confusion for users investigating later.
2015-12-18 09:24:27 -08:00
Nick Walker
cc34e25fd5 Final steps to make Code Manager work
- Moved ssh key generation and git deploy key out of the puppetmaster
profile and into zack_r10k and code_manager
- Swapped code manager into the all_in_one role
- Made a 2015.2 all_in_one role if users prefer to use it
- Conditionally move all existing code out of environmentpath
to allow file sync to sync files
- Update the README to compliment the new puppet code
2015-12-18 09:22:44 -08:00
Nick Walker
1b0f63be83 Chown files in codedir to pe-puppet 2015-12-09 09:46:56 -08:00
Nick Walker
6ac2b30b38 Allow disabling authentication on code manager webhook 2015-12-09 09:46:45 -08:00
Nick Walker
b71ab8d42e Allow code_manager profile to not error out on first run
Prior to this commit, the code manger profile could not complete
on the first run because the file function would error out

I implemented a new version of the file function that returns
nothing when the file does not exist instead of erroring out which
allows me to gate creating the webhook on whether there is content
in the file.

As a result this means that it takes 2 runs to get everything setup
but this is preferable over having to manually intervene in some
other way if the token file doesn't exist.
2015-12-09 09:44:50 -08:00
Nick Walker
2d7a9a72e1 Refactor puppetmaster and zack_r10k_webhook
Moved the webhook resource out of puppetmaster and into zack_r10k
to support exchaning code_manager in place of zack_r10k

As a result I cleaned up some unnecessary parameters.

Installing both the r10k webhook and the code_manager at this time
for testing
2015-12-09 09:44:50 -08:00
Nick Walker
4c2be74083 Add support for code manager which will replace zack r10k
Add pltraing-rbac module
Added a new profile for code_manager that:
 - creates a service users for code manager
 - creates a token for that service user
 - creates a hook on a git server using the token

Turns out that the file function in puppet cannot read files in
/root.  The pe-puppet user needs read permissions on the file
and traversal on the directory which giving to /root would
probably be a bad idea.  So, I just put the file containing
the token in /etc/puppetlabs/puppetserver since I'm not sure
where would be better.
2015-12-09 09:44:35 -08:00
Nick Walker
63429fe9ec Add custom functions for determining some PE settings
Added a function to find the hostname and port of the classifier

Added a fucntion to return all puppetdb hostnames
2015-11-25 16:06:28 -08:00
Nick Walker
afc9a358f3 Merge branch 'production' of https://github.com/npwalker/control-repo into merge_npwalker_control_repo 2015-11-24 11:16:51 -08:00
Nick Walker
7e40513c53 Change owner/group to pe-puppet for hiera module
When the owner / group was root this meant that enabling
hiera-eyaml wouldn't work properly as the keys couldn't
be read by puppetserver.

Changing to pe-puppet should resolve the issue.
2015-11-17 14:10:45 -08:00
Nick Walker
e5be3e2ddd fixing a bunch of puppet lint warnings 2015-10-30 13:50:10 -07:00
Nick Walker
3149d9707f Refactor webhook profiles into one profile with a parameter
Previously there was a mcollective and no_mcollective version of
the webhook profile.  They were almost identical so I merged them
and manage the difference with a "use_mcollective" parameter.

I renamed the webhook profile to zack_r10k_webhook.
2015-10-30 13:42:33 -07:00
Nick Walker
8e271e3043 Change the zack/r10k webhook to utilize username and password
To accomodate generating random usernames and passwords, I had
to parameterize the profiles which I didn't feel great about
but I also didn't want to have to put the username and pass in
hiera.
2015-10-30 13:19:33 -07:00
Nick Walker
e045f172bd enable SSL on the zack/r10k webhook 2015-10-29 09:53:53 -07:00
Nick Walker
b6351f9e5d Add $::fqdn to post receive hook title
Also, change other references of $fqdn to $::fqdn
2015-10-28 13:16:36 -07:00
Nick Walker
c2aeccd388 disable SSL on the zack/r10k webhook
The abrader/gms provider for gitlab doesn't support
disabling ssl verification but will soon.
2015-10-28 11:27:57 -07:00
Nick Walker
d6cb170a78 enable ssl on the webhook 2015-10-28 10:37:59 -07:00
Nick Walker
8fe670beb0 make environment timeout setting refresh the puppet master service 2015-10-26 16:32:24 -07:00
Nick Walker
4598483d0f Fix the update-classes script and set appropriate perms on it 2015-10-26 15:50:22 -07:00
Nick Walker
1cb89d981a Fix some embarassing typos 2015-10-26 15:12:39 -07:00
Nick Walker
92f8d2d251 Configure the MoM to update the classifier after deploying code
This entailed configring the classifier to never sync on a
schedule.

Changing environment_timeout to unlimited for all masters.

Setting a postrun command for r10k that would update the class
information in the classifier (the update-classes endpoint).
2015-10-26 14:59:20 -07:00
Nick Walker
ae3b7c7d4a fix whitespace 2015-10-21 08:47:57 -07:00
Nick Walker
65820675e5 Change the zack/r10k webhook to not authenticate 2015-10-20 21:24:44 -07:00
Nick Walker
1828e21623 Change to using the webhook without mcollective
In order to complete the change I refactered the webhook into
its own set of profiles, one with mcollective and the other
without.
2015-10-16 10:56:07 -07:00
Nick Walker
6ff5658a2a Add some notifies to pe services after making changes 2015-10-15 12:22:45 -07:00
Nick Walker
0c486e2fcc Ensure /etc/gitlab/ssl exists before putting certs in it 2015-09-24 14:59:39 -07:00
Nick Walker
04f3239514 add modules for stash and a profile 2015-08-25 16:51:42 -07:00
Nick Walker
3284233899 add example files to role and profile directories 2015-08-25 11:50:57 -07:00
Nick Walker
01baf7695a Update the repo name for deploy keys and webhook to match README 2015-08-18 16:11:25 -07:00
Nick Walker
0af9bbf52d Move some hieradata around for easier testing in vagrant
I now have a virtual hierarchy level for setting up my lower memory
settings when using vagrant/virtualbox.

The gms settings are in an example-puppet-master.yaml file in the
nodes directory which are needed for the instructions.
2015-08-18 14:01:20 -07:00
Nick Walker
246626e639 Copy agent certs into Gitlab directory for Gitlab SSL 2015-08-18 13:53:21 -07:00
Nick Walker
184cf7e80e Change default gitlab url to be https instead of http 2015-08-17 15:45:22 -07:00
Nick Walker
1525bf5954 Add webhook config to git management system 2015-08-17 14:09:29 -07:00
Nick Walker
0bf10aea97 Add a gitlab role 2015-08-14 16:21:43 -07:00
Nick Walker
ab679260c6 Add a gitlab profile / add ssh-keygen to puppetmaster profile 2015-08-14 16:17:25 -07:00
Nick Walker
6425d2bbe2 Remove extraneous slash from puppetmaster profile 2015-08-14 10:41:03 -07:00
Nick Walker
6a78949ca8 Fix some incorrect quoting in the hiera class
I thought I needed to double quote items that had interpolated
variables but it turns out I don't need to which is good
because I effectively can't due to .to_yaml not doing what I
wanted it to do.
2015-08-13 17:10:55 -07:00
Nick Walker
70690333ee Fix some quoting issues and add role:: to the include in site.pp 2015-08-13 15:41:11 -07:00
Nick Walker
9b50d5e31e Update the README, add an all_in_one_pe role
Updating README for instructions on how to use the control-repo
by putting it in your own git server and then using the r10k
answers during installation of PE.

Removing the manifest for configuring r10k using zack/r10k.

Added a role that can be used to bootstrap an all-in-one PE
installation.
2015-08-13 14:10:29 -07:00
Nick Walker
437433ff44 Remove hiera.yaml and instead manage it with puppet code
Added hunner/hiera to the Puppetfile and a manifest to use it
instead of placing a hiera.yaml in the repo.
2015-08-03 14:49:06 -07:00
Nick Walker
24aa475d20 Add a site directory with example role and profile module 2015-05-27 15:02:50 -07:00