File sync appears to sync everything in the $codedir which
inlcudes hiera.yaml. When managing hiera.yaml with puppet code
you don't want file sync to overwrite its contents. So, I'm
moving it out of $codedir and removing the original hiera.yaml
to avoid confusion for users investigating later.
- Moved ssh key generation and git deploy key out of the puppetmaster
profile and into zack_r10k and code_manager
- Swapped code manager into the all_in_one role
- Made a 2015.2 all_in_one role if users prefer to use it
- Conditionally move all existing code out of environmentpath
to allow file sync to sync files
- Update the README to compliment the new puppet code
Moved the webhook resource out of puppetmaster and into zack_r10k
to support exchaning code_manager in place of zack_r10k
As a result I cleaned up some unnecessary parameters.
Installing both the r10k webhook and the code_manager at this time
for testing
Add pltraing-rbac module
Added a new profile for code_manager that:
- creates a service users for code manager
- creates a token for that service user
- creates a hook on a git server using the token
Turns out that the file function in puppet cannot read files in
/root. The pe-puppet user needs read permissions on the file
and traversal on the directory which giving to /root would
probably be a bad idea. So, I just put the file containing
the token in /etc/puppetlabs/puppetserver since I'm not sure
where would be better.
When the owner / group was root this meant that enabling
hiera-eyaml wouldn't work properly as the keys couldn't
be read by puppetserver.
Changing to pe-puppet should resolve the issue.
Previously there was a mcollective and no_mcollective version of
the webhook profile. They were almost identical so I merged them
and manage the difference with a "use_mcollective" parameter.
I renamed the webhook profile to zack_r10k_webhook.
To accomodate generating random usernames and passwords, I had
to parameterize the profiles which I didn't feel great about
but I also didn't want to have to put the username and pass in
hiera.
This entailed configring the classifier to never sync on a
schedule.
Changing environment_timeout to unlimited for all masters.
Setting a postrun command for r10k that would update the class
information in the classifier (the update-classes endpoint).
I now have a virtual hierarchy level for setting up my lower memory
settings when using vagrant/virtualbox.
The gms settings are in an example-puppet-master.yaml file in the
nodes directory which are needed for the instructions.
I thought I needed to double quote items that had interpolated
variables but it turns out I don't need to which is good
because I effectively can't due to .to_yaml not doing what I
wanted it to do.
