summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/templates
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2020-06-21 16:08:12 +0200
committerJan Dittberner <jandd@cacert.org>2020-06-21 16:18:01 +0200
commit91cbd1922c4661cfb8a1badad2ffe28849d0ffea (patch)
treef48ae9e0b8942d8f42da10ca87af3f7747b75ca0 /sitemodules/profiles/templates
parent787cf90126543988554191c43391f2ac496c6124 (diff)
downloadcacert-puppet-91cbd1922c4661cfb8a1badad2ffe28849d0ffea.tar.gz
cacert-puppet-91cbd1922c4661cfb8a1badad2ffe28849d0ffea.tar.xz
cacert-puppet-91cbd1922c4661cfb8a1badad2ffe28849d0ffea.zip
Replace custom Python webhook with packaged webhook
This commit replaces the custom Python webhook for puppet environment deployment with the go based webhook from the Debian package with the same name. The puppet-deploy script only takes care of pulling from git and running r10k now. The web requests are now handled by webhook.
Diffstat (limited to 'sitemodules/profiles/templates')
-rw-r--r--sitemodules/profiles/templates/puppet_server/git-pull-hook.ini.epp9
-rw-r--r--sitemodules/profiles/templates/puppet_server/puppet-deploy.ini.epp14
-rw-r--r--sitemodules/profiles/templates/puppet_server/webhook.conf.epp40
3 files changed, 54 insertions, 9 deletions
diff --git a/sitemodules/profiles/templates/puppet_server/git-pull-hook.ini.epp b/sitemodules/profiles/templates/puppet_server/git-pull-hook.ini.epp
deleted file mode 100644
index 2876c16..0000000
--- a/sitemodules/profiles/templates/puppet_server/git-pull-hook.ini.epp
+++ /dev/null
@@ -1,9 +0,0 @@
-<%- | String $ssh_passphrase = undef, String $git_directory = undef, Array[String] $tokens = undef | -%>
-# THIS FILE IS MANAGED BY PUPPET, MANUAL CHANGES WILL BE OVERWRITTEN AT THE
-# NEXT PUPPET RUN.
-
-[git-pull-hook]
-ssh_passphrase=<%= $ssh_passphrase %>
-tokens=<%= $tokens.join(',') %>
-git_directory=<%= $git_directory %>
-logfile=/var/log/git-pull-hook.log
diff --git a/sitemodules/profiles/templates/puppet_server/puppet-deploy.ini.epp b/sitemodules/profiles/templates/puppet_server/puppet-deploy.ini.epp
new file mode 100644
index 0000000..fb23fea
--- /dev/null
+++ b/sitemodules/profiles/templates/puppet_server/puppet-deploy.ini.epp
@@ -0,0 +1,14 @@
+<%- |
+String $ssh_passphrase = undef, Array[String] $git_branches = undef, Hash[String, String] $git_directories = undef
+| -%>
+# THIS FILE IS MANAGED BY PUPPET, MANUAL CHANGES WILL BE OVERWRITTEN AT THE
+# NEXT PUPPET RUN.
+
+[puppet-deploy]
+ssh_passphrase=<%= $ssh_passphrase %>
+branches=<%= $git_branches.join(",") %>
+
+[branch-directories]
+<% $git_directories.each |String $branch, String $directory| { -%>
+<%= $branch %>=<%= $directory %>
+<% } -%> \ No newline at end of file
diff --git a/sitemodules/profiles/templates/puppet_server/webhook.conf.epp b/sitemodules/profiles/templates/puppet_server/webhook.conf.epp
new file mode 100644
index 0000000..6db1062
--- /dev/null
+++ b/sitemodules/profiles/templates/puppet_server/webhook.conf.epp
@@ -0,0 +1,40 @@
+<%- | String $token = undef, Array[String] $branches = undef | -%>
+[
+ {
+ "id": "puppet-deploy",
+ "execute-command": "/usr/local/sbin/puppet-deploy",
+ "command-working-directory": "/etc/puppetlabs/code/environments",
+ "include-command-output-in-response": true,
+ "include-command-output-in-response-on-error": true,
+ "pass-arguments-to-command": [
+ {
+ "source": "payload",
+ "name": "ref"
+ }
+ ],
+ "trigger-rule": {
+ "and": [
+ {
+ "match": {
+ "type": "value",
+ "value": "<%= $token %>",
+ "parameter": {
+ "source": "header",
+ "name": "Authentication"
+ }
+ }
+ },
+ {
+ "match": {
+ "type": "regex",
+ "regex": "^refs/heads/(<%= $branches.join("|") %>)$",
+ "parameter": {
+ "source": "payload",
+ "name": "ref"
+ }
+ }
+ }
+ ]
+ }
+ }
+] \ No newline at end of file