-
Notifications
You must be signed in to change notification settings - Fork 165
Using r10k
R10k can be configured for automatic deployment of Razor tags, hooks, etc. that are stored in git. This allows custom code to be shared between multiple Razor servers (most likely test and production), as well as enables version control for Razor custom code.
In general, the process is quite similar to configuring r10k for Puppet masters (see the r10k documentation), with a few caveats:
Since r10k is bundled with Puppet Enterprise 3.8+ on the masters, it is necessary when running PE to instruct the r10k puppet module that this is not a PE master, so that it fully installs r10k on the Razor server (puppet_master => false).
If configuring the r10k webhook, it is necessary to specify that mcollective should not be used if the Razor server is not also a MCollective broker or hub (use_mcollective => false).
Other Notes:
- This example is for Puppet Enterprise. If using FOSS, on the r10k class you may need to remove puppet_master=false (it may be fine to leave it) and change the provider type away from pe_gem.
- This example is for gitlab. Modify as necessary if using github, etc.
- Modules used in the code example:
In a local (non-module) manifest, e.g. profile/manifest/razor.pp:
$gitlab_server = hiera('gitlab_server')
$gitlab_api_token = hiera('gitlab_api_token')
$gitlab_proj_id = hiera('gitlab_proj_id')
$gitlab_host_key = hiera('gitlab_host_key')
$gitlab_server
$control_repo_address = hiera('r10k_razor', 'http://gitlab.company.com/puppet/razor.git')
## host key for r10k to talk to gitlab server
sshkey { $gitlab_server :
ensure => present,
type => 'ssh-rsa',
target => '/root/.ssh/known_hosts',
key => $gitlab_host_key,
before => Class['r10k'],
}
## Set up git deploy keys
sshkeys::create_ssh_key {'root':
ssh_keytype => 'rsa',
ssh_bitlength => '4096',
before => Git_deploy_key['add_deploy_key_to_razor'],
}
git_deploy_key { 'add_deploy_key_to_razor':
ensure => 'present',
name => $::fqdn,
path => '/root/.ssh/id_rsa.pub',
token => $gitlab_api_token,
project_id => $gitlab_proj_id,
project_name => 'Puppet/razor',
server_url => $gitlab_server,
provider => 'gitlab',
before => Class['r10k'],
}
## Configure r10k
class { 'r10k':
puppet_master => false,
provider => 'pe_gem',
sources => {
'razor' => {
'remote' => $control_repo_address,
'basedir' => '/etc/puppetlabs/razor/environments',
'prefix' => false,
},
},
}
class {'r10k::webhook::config':
user => 'pe-razor',
pass => 'pe-razor',
protected => false,
enable_ssl => false,
use_mcollective => false,
command_prefix => 'umask 0022;',
}
class {'r10k::webhook':
user => 'root',
group => '0',
use_mcollective => false,
require => Class['r10k::webhook::config'],
}
git_webhook {'web_post_receive_webhook_razor':
ensure => 'present',
webhook_url => "http://${::fqdn}:8088/payload",
token => hiera('gitlab_api_token'),
project_name => 'puppet/razor',
server_url => $gitlab_server,
merge_request_events => true,
provider => 'gitlab',
require => Git_deploy_key['add_deploy_key_to_razor'],
}
With r10k is configured, it's also necessary to configure the razor config file to use the new environment path for tasks (and hooks, etc. as desired), e.g. in profile/manifest/razor.pp:
$task_path = hiera('razor::task_path','/etc/puppetlabs/razor/environments/release/tasks:/opt/puppet/share/razor-server/tasks:tasks')
## Set task_path in config.yaml
file_line { 'razorconfig_task_path':
path => '/etc/puppetlabs/razor/config.yaml',
line => " task_path: ${task_path}",
match => '^ task_path:',
}