Version information
This module has been deprecated by its author since Oct 27th 2017.
The author has suggested puppet-r10k as its replacement.
Start using this module
Documentation
r10k Configuration Module
This is the r10k setup module. It has a base class to configure r10k to synchronize dynamic environments. You can be simply used by declaring it:
class { 'r10k':
remote => 'git@github.com:someuser/puppet.git',
}
Installing into the puppet enterprise ruby stack
class { 'r10k':
remote => 'git@github.com:someuser/puppet.git',
provider => 'pe_gem',
}
Version chart
Module Version | r10k Version |
---|---|
v2.4.0 | 1.3.5 |
v2.3.1 | 1.3.4 |
v2.3.0 | 1.3.2 |
v2.2.8 | 1.3.1 |
v2.2.x | 1.1.0 |
This will configure /etc/r10k.yaml
and install the r10k gem after installing
ruby using the puppetlabs/ruby module.
Here is an example of deploying the ssh keys needed for r10k to connect to a repo called puppet/control on a gitlab server.
#https://docs.puppetlabs.com/references/latest/type.html#sshkey
sshkey { "your.internal.gitlab.server.com":
ensure => present,
type => "ssh-rsa",
target => "/root/.ssh/known_hosts",
key => "...+dffsfHQ=="
}
# https://github.com/abrader/abrader-gms
git_deploy_key { 'add_deploy_key_to_puppet_control':
ensure => present,
name => $::fqdn,
path => '/root/.ssh/id_dsa.pub',
token => hiera('gitlab_api_token'),
project_name => 'puppet/control',
server_url => 'http://your.internal.gitlab.server.com',
provider => 'gitlab.com',
}
Helper classes
It also has a few helper classes that do
some useful things. The following entry in Hiera will add a postrun_command
to puppet.conf.
r10k::include_postrun_command: true
The concept here is that this is declared on the puppet master(s) that have been configured with r10k. This will cause r10k to synchronize before each puppet run. Any errors synchronizing will be logged to the standard puppet run.
This module requires the puppetlabs-ruby module. In the event that your environment already includes
the module with some customization, you can use the manage_ruby_dependency
parameter to adjust how this module expresses that requirement.
The supported values are include
,declare
, or ignore
. The values' behavior
is outlined below:
-
declare default This will explicitly declare the ruby module. Additional declarations of the ruby module will result in an inability to compile a catalog.
-
include This will simply include the ruby module. When combined with class ordering, this will permit the user to manage the instantiation of the ruby module elsewhere, potentially with non-standard parameter values.
-
ignore This will assume that ruby is handled via some other mechanism than a puppet module named
ruby
. It is left to the user to insure the requirement be met.
symlink to r10k.yaml
These entries in Hiera will create a symlink at /etc/r10k.yaml
that points to the config file at /etc/puppet/r10k.yaml
r10k::configfile: /etc/puppet/r10k.yaml
r10k::manage_configfile_symlink: true
r10k::configfile_symlink: /etc/r10k.yaml
Alternative install
Installing using a proxy server
# Create a global gemrc for Puppet Enterprise to add the local gem source
# See http://projects.puppetlabs.com/issues/18053#note-12 for more information.
file { '/opt/puppet/etc':
ensure => 'directory',
owner => 'root',
group => '0',
mode => '0755',
}
file { 'gemrc':
ensure => 'file',
path => '/opt/puppet/etc/gemrc',
owner => 'root',
group => '0',
mode => '0644',
content => "---\ngem: --http-proxy=http://your.proxy.server:8080\n",
}
class { 'r10k':
remote => 'git@github.com:someuser/puppet.git',
provider => 'pe_gem',
require => File['gemrc'],
}
# The following will allow r10k to use Puppetfile via the proxy
file { '/root/.gitconfig':
ensure => 'file',
owner => 'root',
group => '0',
mode => '0600',
}
# https://forge.puppetlabs.com/puppetlabs/inifile
Ini_setting {
ensure => present,
path => '/root/.gitconfig',
value => 'http://proxy.your.company.com:8080',
}
file { '/root/.gitconfig':
ensure => 'file',
owner => 'root',
group => '0',
mode => '0600',
}
ini_setting { 'git http proxy setting':
section => 'http',
setting => 'proxy',
}
ini_setting { 'git https proxy setting':
section => 'https',
setting => 'proxy',
}
Using a internal gem server
# Create a global gemrc for Puppet Enterprise to add the local gem source
# See http://projects.puppetlabs.com/issues/18053#note-12 for more information.
file { '/opt/puppet/etc':
ensure => 'directory',
owner => 'root',
group => '0',
mode => '0755',
}
file { 'gemrc':
ensure => 'file',
path => '/opt/puppet/etc/gemrc',
owner => 'root',
group => '0',
mode => '0644',
content => "---\nupdate_sources: true\n:sources:\n- http://your.internal.gem.server.com/rubygems/\n",
}
class { 'r10k':
remote => 'git@github.com:someuser/puppet.git',
provider => 'pe_gem',
require => File['gemrc'],
}
Mcollective Support
An mcollective agent is included in this module which can be used to do on demand synchronization. This mcollective application and agent can be installed on all masters using the following class
include r10k::mcollective
Using mco you can then trigger mcollective to call r10k using
mco r10k synchronize
You can sync an individual environment using:
mco r10k deploy <environment>
An example post-recieve hook is included in the files directory. This hook can automatically cause code to synchronize on your servers at time of push in git.
###Install mcollective support for post recieve hooks
Install the mco
command from the puppet enterprise installation directory i.e.
cd ~/puppet-enterprise-3.0.1-el-6-x86_64/packages/el-6-x86_64
sudo rpm -i pe-mcollective-client-2.2.4-2.pe.el6.noarch.rpm
Copy the peadmin mcollective configuration and private keys from the certificate authority (puppet master)
/var/lib/peadmin/.mcollective
/var/lib/peadmin/.mcollective.d/mcollective-public.pem
/var/lib/peadmin/.mcollective.d/peadmin-cacert.pem
/var/lib/peadmin/.mcollective.d/peadmin-cert.pem
/var/lib/peadmin/.mcollective.d/peadmin-private.pem
/var/lib/peadmin/.mcollective.d/peadmin-public.pem
Ensure you update the paths in ~/.mcollective when copying to new users whose name is not peadmin. Ideally mcollective will be used with more then just the peadmin user's certificate in the future. That said, if your git user does not have a home diretory, you can rename .mcollective as /etc/client.cfg and copy the certs to somewhere that is readable by the respective user.
/home/gitolite/.mcollective
/home/gitolite/.mcollective.d/mcollective-public.pem
/home/gitolite/.mcollective.d/peadmin-cacert.pem
/home/gitolite/.mcollective.d/peadmin-cert.pem
/home/gitolite/.mcollective.d/peadmin-private.pem
/home/gitolite/.mcollective.d/peadmin-public.pem
Note: PE2 only requires the .mcollective file as the default auth was psk ##Support
Webhook Support
For version control systems that use web driven post-receive processes you can use the example webhook included in this module.
This webhook currently only runs on Puppet Enterprise and uses mcollective to automatically synchronize your environment across multiple masters.
The webhook must be configured on the respective "control" repository a master that has mco installed and can contact the other masters in your fleet.
Currently this is a feature Puppet Enterprise only.
Webhook Prefix Example
The following is an example of declaring the webhook when r10k prefixing is enabled
file {'/usr/local/bin/prefix_command.rb':
ensure => file,
mode => '0755',
owner => 'root',
group => '0',
source => 'puppet:///modules/r10k/prefix_command.rb',
}
class {'r10k::webhook::config':
prefix => true,
prefix_command => '/usr/local/bin/prefix_command.rb',
notify => Service['webhook'],
require => File['/usr/local/bin/prefix_command.rb'],
}
class {'r10k::webhook':
require => Class['r10k::webhook::config'],
}
# https://github.com/abrader/abrader-gms
git_webhook { 'web_post_receive_webhook' :
ensure => present,
webhook_url => 'https://puppet:puppet@master.of.masters:8088/payload',
token => hiera('gitlab_api_token'),
project_name => 'puppet/controle',
server_url => 'http://github.com',
provider => 'gitlab',
}
Webhook Non authenticated example
class {'r10k::webhook::config':
enable_ssl => false,
protected => false,
notify => Service['webhook'],
}
class {'r10k::webhook':
require => Class['r10k::webhook::config'],
}
# https://github.com/abrader/abrader-gms
git_webhook { 'web_post_receive_webhook' :
ensure => present,
webhook_url => 'http://master.of.masters:8088/payload',
token => hiera('github_api_token'),
project_name => 'puppet/controle',
server_url => 'http://github.com',
provider => 'github',
}
Please log tickets and issues at our Projects site
2.4.1 - Zack Smith
- Documentation Updates 2.4.0 - Zack Smith
- Bump r10k version 2.3.4 - Eli Young
- Webhook fixes for reboots + refreshes 2.3.2 - Zach Leslie + misterdom
- Fix for #97 2.3.2 - Zach Leslie + misterdom
- Fix for #96 2.3.1 - Ben Ford
- Fix for #87 2.3.0 - Zack Smith
- Fold in #78, #75 and #73 2.2.7 - Zack Smith
- Bugfix for mcollective during puppet apply and webhook as non mco 2.2.7 - Zack Smith
- forge cut 2.2.6 - Zack Smith
- Fix scoping issues with new logfile 2.2.4 - Adam Crews
- Fix for invalid webhook typo syntax and updates for using stash 2.2.3 - Zack Smith
- Functional prefix support for webhook 2.2.3 - Zack Smith
- Remove PID file creation from webhook 2.1.2 - Garrett Honeycutt & Zack Smith
- Fix quoting issue created by #24 with booleans with #54
- Intial commit of functionally tested github authenticated webhook 2.1.1 - Zack Smith
- Add SSL and auth support to webhook 2.1.0 - Zack Smith
- Intial branch support for mco 2.0.0 - Tim Hartmann
- Fixes for r10k.yaml #24 but caused #54 so use 2.1.2+ 1.0.2 - James Sweeny
- Fix issue with module working on PE 1.0.1 - Justin Lambert & welterde
- Minor fix for basedir and rspec-puppet updates 0.0.9 - Zack Smith zack@puppetlabs.com
- Final params list for version 1.0.0 set & Bugfixes 0.0.8 - Theo Chatzimichos
- Add gentoo support , refactor install class 0.0.5 - Zack Smith zack@puppetlabs.vom
- Lint and Syntax updates + Forge Release 0.0.4 - Zack Smith zack@puppetlabs.com
- RC1 of new sources code 0.0.3 - Zack Smith zack@puppetlabs.com
- Allow for multiple sources 0.0.2 - Zack Smith zack@puppetlabs.com
- Restrict installed version of r10k to 0.0.1 - Zack Smith zack@puppetlabs.com - 0.0.1
- Initial Release
Dependencies
- puppetlabs/stdlib (>= 3.2.0)
- puppetlabs/ruby (>= 0.0.2)
- puppetlabs/gcc (>= 0.0.3)
- puppetlabs/pe_gem (>= 0.0.1)
- mhuffnagle/make (>= 0.0.1)
- puppetlabs/inifile (>= 1.0.0)
- puppetlabs/vcsrepo (>= 0.1.2)
- puppetlabs/git (>= 0.0.3)
- gentoo/portage (>= 2.0.0)
Copyright (C) 2012 Puppet Labs Inc Puppet Labs can be contacted at: info@puppetlabs.com Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.