diff options
| author | Jan Dittberner <jandd@cacert.org> | 2020-06-21 16:08:12 +0200 |
|---|---|---|
| committer | Jan Dittberner <jandd@cacert.org> | 2020-06-21 16:18:01 +0200 |
| commit | 91cbd1922c4661cfb8a1badad2ffe28849d0ffea (patch) | |
| tree | f48ae9e0b8942d8f42da10ca87af3f7747b75ca0 /sitemodules/profiles/manifests/puppet_server.pp | |
| parent | 787cf90126543988554191c43391f2ac496c6124 (diff) | |
| download | cacert-puppet-91cbd1922c4661cfb8a1badad2ffe28849d0ffea.tar.gz cacert-puppet-91cbd1922c4661cfb8a1badad2ffe28849d0ffea.tar.xz cacert-puppet-91cbd1922c4661cfb8a1badad2ffe28849d0ffea.zip | |
Replace custom Python webhook with packaged webhook
This commit replaces the custom Python webhook for puppet environment
deployment with the go based webhook from the Debian package with the
same name.
The puppet-deploy script only takes care of pulling from git and running
r10k now. The web requests are now handled by webhook.
Diffstat (limited to 'sitemodules/profiles/manifests/puppet_server.pp')
| -rw-r--r-- | sitemodules/profiles/manifests/puppet_server.pp | 87 |
1 files changed, 58 insertions, 29 deletions
diff --git a/sitemodules/profiles/manifests/puppet_server.pp b/sitemodules/profiles/manifests/puppet_server.pp index eb7a4bb..f555193 100644 --- a/sitemodules/profiles/manifests/puppet_server.pp +++ b/sitemodules/profiles/manifests/puppet_server.pp @@ -8,10 +8,13 @@ # # @param git_pull_ssh_passphrase passphrase to use for the ssh key to pull # new code from the control repository -# @param git_pull_directory directory where the puppet control repository -# is checked out -# @param git_pull_tokens list of tokens that are valid to trigger the -# git pull hook +# @param git_pull_branches array of branches to be pulled by the +# puppet-deploy webhook +# @param git_pull_directories branch to directory mapping where the puppet +# control repository for a branch is checked +# out +# @param git_pull_token token that is valid to trigger the +# puppet-deploy webhook # # Examples # -------- @@ -29,59 +32,85 @@ # Copyright # --------- # -# Copyright 2018 Jan Dittberner +# Copyright 2018-2020 Jan Dittberner class profiles::puppet_server ( String $git_pull_ssh_passphrase, - String $git_pull_directory = '/etc/puppetlabs/code/environments/production', - Array[String] $git_pull_tokens, + String $git_pull_token, + Array[String] $git_pull_branches = ["master"], + Hash[String, String] $git_pull_directories = { + 'master' => '/etc/puppetlabs/code/environments/production' + }, ) { - package { 'sshpass': - ensure => installed, - } - - package { 'git': + package { ['git', 'r10k', 'sshpass', 'webhook']: ensure => installed, } file { '/usr/local/sbin/git-pull-hook': - ensure => file, + ensure => absent, + } + file { '/usr/local/sbin/puppet-deploy': owner => 'root', group => 'root', mode => '0750', - source => 'puppet:///modules/profiles/puppet_server/git-pull-hook', - require => [Package['sshpass'], Package['git']], + source => 'puppet:///modules/profiles/puppet_server/puppet-deploy', + require => [Package['sshpass'], Package['git'], Package['r10k'], Package['webhook']], } + service { 'git-pull-hook': + ensure => stopped, + enable => false, + } -> file { '/etc/init.d/git-pull-hook': + ensure => absent, + } + file { '/etc/git-pull-hook.ini': + ensure => absent, + } + + file { '/etc/puppet-deploy.ini': + ensure => file, + owner => 'root', + group => 'root', + mode => '0400', + content => epp( + 'profiles/puppet_server/puppet-deploy.ini.epp', + { + 'ssh_passphrase' => $git_pull_ssh_passphrase, + 'git_branches' => $git_pull_branches, + 'git_directories' => $git_pull_directories, + } + ), + } + file { '/etc/systemd/system/webhook.service': ensure => file, owner => 'root', group => 'root', - mode => '0755', - source => 'puppet:///modules/profiles/puppet_server/git-pull-hook.init.sh' + mode => '0644', + source => 'puppet:///modules/profiles/puppet_server/webhook.service', + } ~> + exec { '/usr/bin/systemctl daemon reload': + refreshonly => true, } - - file { '/etc/git-pull-hook.ini': + file { '/etc/webhook.conf': ensure => file, owner => 'root', group => 'root', mode => '0400', content => epp( - 'profiles/puppet_server/git-pull-hook.ini.epp', - { - 'ssh_passphrase' => $git_pull_ssh_passphrase, - 'tokens' => $git_pull_tokens, - 'git_directory' => $git_pull_directory, + 'profiles/puppet_server/webhook.conf.epp', { + 'token' => $git_pull_token, + 'branches' => $git_pull_branches, } - ) + ), } - service { 'git-pull-hook': + service { 'webhook': ensure => running, enable => true, - subscribe => [File['/etc/git-pull-hook.ini'], File['/usr/local/sbin/git-pull-hook']], + subscribe => [File['/etc/webhook.conf'], File['/usr/local/sbin/puppet-deploy']], require => [ - File['/etc/init.d/git-pull-hook'], File['/usr/local/sbin/git-pull-hook'], - File['/etc/git-pull-hook.ini'], + File['/etc/webhook.conf'], File['/usr/local/sbin/puppet-deploy'], + File['/etc/puppet-deploy.ini'], File['/etc/systemd/system/webhook.service'], ], } }
\ No newline at end of file |