summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/manifests/puppet_server.pp
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2020-06-21 16:08:12 +0200
committerJan Dittberner <jandd@cacert.org>2020-06-21 16:18:01 +0200
commit91cbd1922c4661cfb8a1badad2ffe28849d0ffea (patch)
treef48ae9e0b8942d8f42da10ca87af3f7747b75ca0 /sitemodules/profiles/manifests/puppet_server.pp
parent787cf90126543988554191c43391f2ac496c6124 (diff)
downloadcacert-puppet-91cbd1922c4661cfb8a1badad2ffe28849d0ffea.tar.gz
cacert-puppet-91cbd1922c4661cfb8a1badad2ffe28849d0ffea.tar.xz
cacert-puppet-91cbd1922c4661cfb8a1badad2ffe28849d0ffea.zip
Replace custom Python webhook with packaged webhook
This commit replaces the custom Python webhook for puppet environment deployment with the go based webhook from the Debian package with the same name. The puppet-deploy script only takes care of pulling from git and running r10k now. The web requests are now handled by webhook.
Diffstat (limited to 'sitemodules/profiles/manifests/puppet_server.pp')
-rw-r--r--sitemodules/profiles/manifests/puppet_server.pp87
1 files changed, 58 insertions, 29 deletions
diff --git a/sitemodules/profiles/manifests/puppet_server.pp b/sitemodules/profiles/manifests/puppet_server.pp
index eb7a4bb..f555193 100644
--- a/sitemodules/profiles/manifests/puppet_server.pp
+++ b/sitemodules/profiles/manifests/puppet_server.pp
@@ -8,10 +8,13 @@
#
# @param git_pull_ssh_passphrase passphrase to use for the ssh key to pull
# new code from the control repository
-# @param git_pull_directory directory where the puppet control repository
-# is checked out
-# @param git_pull_tokens list of tokens that are valid to trigger the
-# git pull hook
+# @param git_pull_branches array of branches to be pulled by the
+# puppet-deploy webhook
+# @param git_pull_directories branch to directory mapping where the puppet
+# control repository for a branch is checked
+# out
+# @param git_pull_token token that is valid to trigger the
+# puppet-deploy webhook
#
# Examples
# --------
@@ -29,59 +32,85 @@
# Copyright
# ---------
#
-# Copyright 2018 Jan Dittberner
+# Copyright 2018-2020 Jan Dittberner
class profiles::puppet_server (
String $git_pull_ssh_passphrase,
- String $git_pull_directory = '/etc/puppetlabs/code/environments/production',
- Array[String] $git_pull_tokens,
+ String $git_pull_token,
+ Array[String] $git_pull_branches = ["master"],
+ Hash[String, String] $git_pull_directories = {
+ 'master' => '/etc/puppetlabs/code/environments/production'
+ },
) {
- package { 'sshpass':
- ensure => installed,
- }
-
- package { 'git':
+ package { ['git', 'r10k', 'sshpass', 'webhook']:
ensure => installed,
}
file { '/usr/local/sbin/git-pull-hook':
- ensure => file,
+ ensure => absent,
+ }
+ file { '/usr/local/sbin/puppet-deploy':
owner => 'root',
group => 'root',
mode => '0750',
- source => 'puppet:///modules/profiles/puppet_server/git-pull-hook',
- require => [Package['sshpass'], Package['git']],
+ source => 'puppet:///modules/profiles/puppet_server/puppet-deploy',
+ require => [Package['sshpass'], Package['git'], Package['r10k'], Package['webhook']],
}
+ service { 'git-pull-hook':
+ ensure => stopped,
+ enable => false,
+ } ->
file { '/etc/init.d/git-pull-hook':
+ ensure => absent,
+ }
+ file { '/etc/git-pull-hook.ini':
+ ensure => absent,
+ }
+
+ file { '/etc/puppet-deploy.ini':
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0400',
+ content => epp(
+ 'profiles/puppet_server/puppet-deploy.ini.epp',
+ {
+ 'ssh_passphrase' => $git_pull_ssh_passphrase,
+ 'git_branches' => $git_pull_branches,
+ 'git_directories' => $git_pull_directories,
+ }
+ ),
+ }
+ file { '/etc/systemd/system/webhook.service':
ensure => file,
owner => 'root',
group => 'root',
- mode => '0755',
- source => 'puppet:///modules/profiles/puppet_server/git-pull-hook.init.sh'
+ mode => '0644',
+ source => 'puppet:///modules/profiles/puppet_server/webhook.service',
+ } ~>
+ exec { '/usr/bin/systemctl daemon reload':
+ refreshonly => true,
}
-
- file { '/etc/git-pull-hook.ini':
+ file { '/etc/webhook.conf':
ensure => file,
owner => 'root',
group => 'root',
mode => '0400',
content => epp(
- 'profiles/puppet_server/git-pull-hook.ini.epp',
- {
- 'ssh_passphrase' => $git_pull_ssh_passphrase,
- 'tokens' => $git_pull_tokens,
- 'git_directory' => $git_pull_directory,
+ 'profiles/puppet_server/webhook.conf.epp', {
+ 'token' => $git_pull_token,
+ 'branches' => $git_pull_branches,
}
- )
+ ),
}
- service { 'git-pull-hook':
+ service { 'webhook':
ensure => running,
enable => true,
- subscribe => [File['/etc/git-pull-hook.ini'], File['/usr/local/sbin/git-pull-hook']],
+ subscribe => [File['/etc/webhook.conf'], File['/usr/local/sbin/puppet-deploy']],
require => [
- File['/etc/init.d/git-pull-hook'], File['/usr/local/sbin/git-pull-hook'],
- File['/etc/git-pull-hook.ini'],
+ File['/etc/webhook.conf'], File['/usr/local/sbin/puppet-deploy'],
+ File['/etc/puppet-deploy.ini'], File['/etc/systemd/system/webhook.service'],
],
}
} \ No newline at end of file