3 files changed, 63 insertions, 32 deletions

diff --git a/site/profile/manifests/code_manager.pp b/site/profile/manifests/code_manager.pp
index db1d901..fc0eb8b 100644
--- a/site/profile/manifests/code_manager.pp
+++ b/site/profile/manifests/code_manager.pp
@@ -1,10 +1,10 @@
 class profile::code_manager {
 
-  $authenticate_webhook = hiera('puppet_enterprise::master::code_manager::authenticate_webhook', true) 
+  $authenticate_webhook = hiera('puppet_enterprise::master::code_manager::authenticate_webhook', true)
 
   $code_manager_service_user = 'code_manager_service_user'
   $code_manager_service_user_password = fqdn_rand_string(40, '', "${code_manager_service_user}_password")
-  
+
   #puppet_master_classifier_settings is a custom function
   $classifier_settings   = puppet_master_classifer_settings()
   $classifier_hostname   = $classifier_settings['server']
@@ -16,6 +16,19 @@ class profile::code_manager {
   $gms_api_token         = hiera('gms_api_token', undef)
   $git_management_system = hiera('git_management_system', undef)
 
+  $code_manager_ssh_key_file = '/etc/puppetlabs/puppetserver/code_manager.key'
+  exec { 'create code manager ssh key' :
+    command => "/usr/bin/ssh-keygen -t rsa -b 2048 -C 'code_manager' -f ${code_manager_ssh_key_file} -q -N ''",
+    creates => $code_manager_ssh_key_file,
+  }
+
+  file { $code_manager_ssh_key_file :
+    ensure  => file,
+    owner   => 'pe-puppet',
+    group   => 'pe-puppet',
+    require => Exec['create code manager ssh key'],
+  }
+
   #If files exist in the codedir code manager can't manage them unless pe-puppet can read them
   exec { 'chown all environments to pe-puppet' :
     command => "/bin/chown -R pe-puppet:pe-puppet ${::settings::codedir}",
@@ -49,12 +62,33 @@ class profile::code_manager {
     require => [ Rbac_user[$code_manager_service_user], File[$token_directory] ],
   }
 
-
   #this file cannont be read until the next run after the above exec
   #because the file function runs on the master not on the agent
   #so the file doesn't exist at the time the function is run
   $rbac_token_file_contents = no_fail_file($token_filename)
 
+  #Only mv code if this is at least the 2nd run of puppet
+  #Code manager needs to be enabled and puppet server restarted
+  #before this exec can complete.  Gating on the token file
+  #ensures at least one run has completed
+  if $::code_manager_mv_old_code and !empty($rbac_token_file_contents) {
+
+    $timestamp = chomp(generate('/bin/date', '+%Y%d%m_%H:%M:%S'))
+
+    exec { 'mv files out of $environmentpath' :
+      command    => "mkdir /etc/puppetlabs/env_back_${timestamp};
+                    mv ${::settings::codedir}/environments/* /etc/puppetlabs/env_back_${timestamp}/;
+                    rm /opt/puppetlabs/facter/facts.d/code_manager_mv_old_code.txt;
+                    TOKEN=`/opt/puppetlabs/puppet/bin/ruby -e \"require 'json'; puts JSON.parse(File.read('${token_filename}'))['token']\"`;
+                    /opt/puppetlabs/puppet/bin/curl -k -X POST -H 'Content-Type: application/json' \"https://${::trusted['certname']}:8170/code-manager/v1/deploys?token=\$TOKEN\" -d '{\"environments\": [\"${::environment}\"], \"wait\": true}';
+                    /opt/puppetlabs/puppet/bin/curl -k -X POST -H 'Content-Type: application/json' \"https://${::trusted['certname']}:8170/code-manager/v1/deploys?token=\$TOKEN\" -d '{\"deploy-all\": true, \"wait\": true}';
+                    sleep 15",
+      path       => $::path,
+      logoutput  => true,
+      require    => Exec["Generate Token for ${code_manager_service_user}"],
+    }
+  }
+
   if !empty($gms_api_token) {
     if $authenticate_webhook and !empty($rbac_token_file_contents) {
 
@@ -71,6 +105,16 @@ class profile::code_manager {
                                    default  => $git_management_system,
     }
 
+    git_deploy_key { "add_deploy_key_to_puppet_control-${::fqdn}":
+      ensure       => present,
+      name         => $::fqdn,
+      path         => "${code_manager_ssh_key_file}.pub",
+      token        => $gms_api_token,
+      project_name => 'puppet/control-repo',
+      server_url   => hiera('gms_server_url'),
+      provider     => $git_management_system,
+    }
+
     git_webhook { "code_manager_post_receive_webhook-${::fqdn}" :
       ensure             => present,
       webhook_url        => "https://${::fqdn}:8170/code-manager/v1/webhook?type=${code_manager_webhook_type}${token_info}",
diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index d6a657f..28b3bdf 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -13,33 +13,6 @@ class profile::puppetmaster {
     notify     => Service['pe-puppetserver'],
   }
 
-  #BEGIN - Generate an SSH key for r10k to connect to git
-  $r10k_ssh_key_file = '/root/.ssh/r10k_rsa'
-  exec { 'create r10k ssh key' :
-    command => "/usr/bin/ssh-keygen -t rsa -b 2048 -C 'r10k' -f ${r10k_ssh_key_file} -q -N ''",
-    creates => $r10k_ssh_key_file,
-  }
-  #END - Generate an SSH key for r10k to connect to git  
-
-  #BEGIN - Add deploy key and webook to git management system
-  $git_management_system = hiera('git_management_system', undef)
-  $gms_api_token         = hiera('gms_api_token', undef)
-
-  if !empty($gms_api_token) {
-
-    git_deploy_key { "add_deploy_key_to_puppet_control-${::fqdn}":
-      ensure       => present,
-      name         => $::fqdn,
-      path         => "${r10k_ssh_key_file}.pub",
-      token        => $gms_api_token,
-      project_name => 'puppet/control-repo',
-      server_url   => hiera('gms_server_url'),
-      provider     => $git_management_system,
-    }
-  
-  }
-  #END - Add deploy key and webhook to git management system
-
   #Lay down update-classes.sh for use in r10k postrun_command
   #This is configured via the pe_r10k::postrun key in hiera
   file { '/usr/local/bin/update-classes.sh' :
diff --git a/site/profile/manifests/zack_r10k_webhook.pp b/site/profile/manifests/zack_r10k_webhook.pp
index f35f856..0ab4da2 100644
--- a/site/profile/manifests/zack_r10k_webhook.pp
+++ b/site/profile/manifests/zack_r10k_webhook.pp
@@ -9,11 +9,9 @@ class profile::zack_r10k_webhook (
   $git_management_system = hiera('git_management_system', undef)
 
   if $use_mcollective {
-  
     class { 'r10k::mcollective':
       notify  => Service['mcollective'],
     }
-
   }
 
   class {'r10k::webhook::config':
@@ -30,7 +28,23 @@ class profile::zack_r10k_webhook (
     require => Class['r10k::webhook::config'],
   }
 
+  $r10k_ssh_key_file = '/root/.ssh/r10k_rsa'
+  exec { 'create r10k ssh key' :
+    command => "/usr/bin/ssh-keygen -t rsa -b 2048 -C 'r10k' -f ${r10k_ssh_key_file} -q -N ''",
+    creates => $r10k_ssh_key_file,
+  }
+
   if !empty($gms_api_token)  {
+    git_deploy_key { "add_deploy_key_to_puppet_control-${::fqdn}":
+      ensure       => present,
+      name         => $::fqdn,
+      path         => "${r10k_ssh_key_file}.pub",
+      token        => $gms_api_token,
+      project_name => 'puppet/control-repo',
+      server_url   => hiera('gms_server_url'),
+      provider     => $git_management_system,
+    }
+
     git_webhook { "web_post_receive_webhook-${::fqdn}" :
       ensure             => present,
       webhook_url        => "https://${username}:${password}@${::fqdn}:8088/payload",