Final steps to make Code Manager work

- Moved ssh key generation and git deploy key out of the puppetmaster profile and into zack_r10k and code_manager - Swapped code manager into the all_in_one role - Made a 2015.2 all_in_one role if users prefer to use it - Conditionally move all existing code out of environmentpath to allow file sync to sync files - Update the README to compliment the new puppet code
author: mail_redacted_for_web 2015-12-07 07:55:32 -0800
committer: mail_redacted_for_web 2015-12-18 09:22:44 -0800
commit: cc34e25fd54e60caf744130d90c14f8d839c7823 (patch)
tree: af3f767b92ac48b17795fcadfe70e852a658b0df /site/profile/manifests/code_manager.pp
parent: 1b0f63be83464dc7bdc9561b3d5b3a937a4dfb39 (diff)
download: control-repo-template-cc34e25fd54e60caf744130d90c14f8d839c7823.tar.bz2
1 files changed, 47 insertions, 3 deletions
diff --git a/site/profile/manifests/code_manager.pp b/site/profile/manifests/code_manager.pp
index db1d901..fc0eb8b 100644
--- a/site/profile/manifests/code_manager.pp
+++ b/site/profile/manifests/code_manager.pp
@@ -1,10 +1,10 @@
 class profile::code_manager {
 
-  $authenticate_webhook = hiera('puppet_enterprise::master::code_manager::authenticate_webhook', true) 
+  $authenticate_webhook = hiera('puppet_enterprise::master::code_manager::authenticate_webhook', true)
 
   $code_manager_service_user = 'code_manager_service_user'
   $code_manager_service_user_password = fqdn_rand_string(40, '', "${code_manager_service_user}_password")
-  
+
   #puppet_master_classifier_settings is a custom function
   $classifier_settings   = puppet_master_classifer_settings()
   $classifier_hostname   = $classifier_settings['server']
@@ -16,6 +16,19 @@ class profile::code_manager {
   $gms_api_token         = hiera('gms_api_token', undef)
   $git_management_system = hiera('git_management_system', undef)
 
+  $code_manager_ssh_key_file = '/etc/puppetlabs/puppetserver/code_manager.key'
+  exec { 'create code manager ssh key' :
+    command => "/usr/bin/ssh-keygen -t rsa -b 2048 -C 'code_manager' -f ${code_manager_ssh_key_file} -q -N ''",
+    creates => $code_manager_ssh_key_file,
+  }
+
+  file { $code_manager_ssh_key_file :
+    ensure  => file,
+    owner   => 'pe-puppet',
+    group   => 'pe-puppet',
+    require => Exec['create code manager ssh key'],
+  }
+
   #If files exist in the codedir code manager can't manage them unless pe-puppet can read them
   exec { 'chown all environments to pe-puppet' :
     command => "/bin/chown -R pe-puppet:pe-puppet ${::settings::codedir}",
@@ -49,12 +62,33 @@ class profile::code_manager {
     require => [ Rbac_user[$code_manager_service_user], File[$token_directory] ],
   }
 
-
   #this file cannont be read until the next run after the above exec
   #because the file function runs on the master not on the agent
   #so the file doesn't exist at the time the function is run
   $rbac_token_file_contents = no_fail_file($token_filename)
 
+  #Only mv code if this is at least the 2nd run of puppet
+  #Code manager needs to be enabled and puppet server restarted
+  #before this exec can complete.  Gating on the token file
+  #ensures at least one run has completed
+  if $::code_manager_mv_old_code and !empty($rbac_token_file_contents) {
+
+    $timestamp = chomp(generate('/bin/date', '+%Y%d%m_%H:%M:%S'))
+
+    exec { 'mv files out of $environmentpath' :
+      command    => "mkdir /etc/puppetlabs/env_back_${timestamp};
+                    mv ${::settings::codedir}/environments/* /etc/puppetlabs/env_back_${timestamp}/;
+                    rm /opt/puppetlabs/facter/facts.d/code_manager_mv_old_code.txt;
+                    TOKEN=`/opt/puppetlabs/puppet/bin/ruby -e \"require 'json'; puts JSON.parse(File.read('${token_filename}'))['token']\"`;
+                    /opt/puppetlabs/puppet/bin/curl -k -X POST -H 'Content-Type: application/json' \"https://${::trusted['certname']}:8170/code-manager/v1/deploys?token=\$TOKEN\" -d '{\"environments\": [\"${::environment}\"], \"wait\": true}';
+                    /opt/puppetlabs/puppet/bin/curl -k -X POST -H 'Content-Type: application/json' \"https://${::trusted['certname']}:8170/code-manager/v1/deploys?token=\$TOKEN\" -d '{\"deploy-all\": true, \"wait\": true}';
+                    sleep 15",
+      path       => $::path,
+      logoutput  => true,
+      require    => Exec["Generate Token for ${code_manager_service_user}"],
+    }
+  }
+
   if !empty($gms_api_token) {
     if $authenticate_webhook and !empty($rbac_token_file_contents) {
 
@@ -71,6 +105,16 @@ class profile::code_manager {
                                    default  => $git_management_system,
     }
 
+    git_deploy_key { "add_deploy_key_to_puppet_control-${::fqdn}":
+      ensure       => present,
+      name         => $::fqdn,
+      path         => "${code_manager_ssh_key_file}.pub",
+      token        => $gms_api_token,
+      project_name => 'puppet/control-repo',
+      server_url   => hiera('gms_server_url'),
+      provider     => $git_management_system,
+    }
+
     git_webhook { "code_manager_post_receive_webhook-${::fqdn}" :
       ensure             => present,
       webhook_url        => "https://${::fqdn}:8170/code-manager/v1/webhook?type=${code_manager_webhook_type}${token_info}",
author	mail_redacted_for_web	2015-12-07 07:55:32 -0800
committer	mail_redacted_for_web	2015-12-18 09:22:44 -0800
commit	cc34e25fd54e60caf744130d90c14f8d839c7823 (patch)
tree	af3f767b92ac48b17795fcadfe70e852a658b0df /site/profile/manifests/code_manager.pp
parent	1b0f63be83464dc7bdc9561b3d5b3a937a4dfb39 (diff)
download	control-repo-template-cc34e25fd54e60caf744130d90c14f8d839c7823.tar.bz2