From 437433ff44cd77915a4a7b1d61d7aa624c44b41a Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Mon, 3 Aug 2015 14:44:35 -0700
Subject: Remove hiera.yaml and instead manage it with puppet code

Added hunner/hiera to the Puppetfile and a manifest to use it
instead of placing a hiera.yaml in the repo.
---
 site/profile/manifests/puppetmaster.pp | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 site/profile/manifests/puppetmaster.pp

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
new file mode 100644
index 0000000..8242110
--- /dev/null
+++ b/site/profile/manifests/puppetmaster.pp
@@ -0,0 +1,14 @@
+class profile::puppetmaster {
+
+  class { 'hiera':
+    hierarchy  => [
+      "nodes/%{::trusted.certname}",
+      :common",
+    ],
+    hiera_yaml => '/etc/puppetlabs/code/hiera.yaml',
+    datadir    => "/etc/puppetlabs/code/environments/%{environment}/hieradata",
+    owner      => 'root',
+    group      => 'root',
+  }
+  
+}
-- 
cgit v1.2.3


From 70690333eedbb28b3f286912e6d9749b4a7e2618 Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Thu, 13 Aug 2015 15:41:11 -0700
Subject: Fix some quoting issues and add role:: to the include in site.pp

---
 manifests/site.pp                      | 2 +-
 site/profile/manifests/puppetmaster.pp | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/manifests/site.pp b/manifests/site.pp
index cc02727..5ba0af4 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -41,7 +41,7 @@ node default {
   #incude a role on any node that specifies it's role via a trusted fact at provision time
   #https://docs.puppetlabs.com/puppet/latest/reference/lang_facts_and_builtin_vars.html#trusted-facts
   #https://docs.puppetlabs.com/puppet/latest/reference/ssl_attributes_extensions.html#aws-attributes-and-extensions-population-example
-  include $trusted['extensions']['pp_role']
+  include "role::${trusted['extensions']['pp_role']}"
 
   # This is where you can declare classes for all nodes.
   # Example:
diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index 8242110..b22500c 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -2,11 +2,11 @@ class profile::puppetmaster {
 
   class { 'hiera':
     hierarchy  => [
-      "nodes/%{::trusted.certname}",
-      :common",
+      "\"nodes/%{::trusted.certname}\"",
+      "common",
     ],
     hiera_yaml => '/etc/puppetlabs/code/hiera.yaml',
-    datadir    => "/etc/puppetlabs/code/environments/%{environment}/hieradata",
+    datadir    => "\"/etc/puppetlabs/code/environments/%{environment}/hieradata\"",
     owner      => 'root',
     group      => 'root',
   }
-- 
cgit v1.2.3


From 6a78949ca8b24fd0e655b34cfc1406d967fe6e26 Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Thu, 13 Aug 2015 17:10:55 -0700
Subject: Fix some incorrect quoting in the hiera class

I thought I needed to double quote items that had interpolated
variables but it turns out I don't need to which is good
because I effectively can't due to .to_yaml not doing what I
wanted it to do.
---
 site/profile/manifests/puppetmaster.pp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index b22500c..2747d40 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -2,11 +2,11 @@ class profile::puppetmaster {
 
   class { 'hiera':
     hierarchy  => [
-      "\"nodes/%{::trusted.certname}\"",
-      "common",
+      'nodes/%{::trusted.certname}',
+      'common',
     ],
     hiera_yaml => '/etc/puppetlabs/code/hiera.yaml',
-    datadir    => "\"/etc/puppetlabs/code/environments/%{environment}/hieradata\"",
+    datadir    => '/etc/puppetlabs/code/environments/%{environment}/hieradata\',
     owner      => 'root',
     group      => 'root',
   }
-- 
cgit v1.2.3


From 6425d2bbe2759ba2bbbf75131f9abdd0a5e675df Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Fri, 14 Aug 2015 10:41:03 -0700
Subject: Remove extraneous slash from puppetmaster profile

---
 site/profile/manifests/puppetmaster.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index 2747d40..7bd9bea 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -6,7 +6,7 @@ class profile::puppetmaster {
       'common',
     ],
     hiera_yaml => '/etc/puppetlabs/code/hiera.yaml',
-    datadir    => '/etc/puppetlabs/code/environments/%{environment}/hieradata\',
+    datadir    => '/etc/puppetlabs/code/environments/%{environment}/hieradata',
     owner      => 'root',
     group      => 'root',
   }
-- 
cgit v1.2.3


From ab679260c6d04f08d70cda5b452c2accfeceac35 Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Fri, 14 Aug 2015 16:17:25 -0700
Subject: Add a gitlab profile / add ssh-keygen to puppetmaster profile

---
 site/profile/manifests/gitlab.pp       |  7 +++++++
 site/profile/manifests/puppetmaster.pp | 38 ++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 site/profile/manifests/gitlab.pp

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/site/profile/manifests/gitlab.pp b/site/profile/manifests/gitlab.pp
new file mode 100644
index 0000000..720ee7f
--- /dev/null
+++ b/site/profile/manifests/gitlab.pp
@@ -0,0 +1,7 @@
+class profile::gitlab {
+
+  class { 'gitlab':
+    external_url => hiera( 'gms_server_url', "http://${::fqdn}") ,
+  }
+
+}
diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index 7bd9bea..1b00bdf 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -11,4 +11,42 @@ class profile::puppetmaster {
     group      => 'root',
   }
   
+  ##BEGIN - r10k webhook support
+  include r10k::mcollective
+
+  include r10k::webhook::config
+
+  class {'r10k::webhook':
+    user    => 'root',
+    group   => '0',
+    require => Class['r10k::webhook::config'],
+  }
+  ##END - r10k webhook support
+
+  #BEGIN - Generate an SSH key for r10k to connect to git
+  $r10k_ssh_key_file = '/root/.ssh/r10k_rsa'
+  exec { 'create r10k ssh key' :
+    command => "/usr/bin/ssh-keygen -t rsa -b 2048 -C 'r10k' -f ${r10k_ssh_key_file} -q -N ''",
+    creates => $r10k_ssh_key_file,
+  }
+  #END - Generate an SSH key for r10k to connect to git  
+ 
+  #BEGIN - Add deploy key to git management system
+  $git_management_system = hiera('git_management_system', '')
+
+  if $git_management_system in ['gitlab', 'github'] {
+   
+    git_deploy_key { "add_deploy_key_to_puppet_control-${fqdn}":
+      ensure       => present,
+      name         => $::fqdn,
+      path         => "${r10k_ssh_key_file}.pub",
+      token        => hiera('gms_api_token'),
+      project_name => 'puppet/control',
+      server_url   => hiera('gms_server_url'),
+      provider     => $git_management_system,
+    }
+  
+  }
+  #END - Add deploy key to git management system
+
 }
-- 
cgit v1.2.3


From 1525bf59548068834a897d54a1f84cee117676b8 Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Mon, 17 Aug 2015 14:00:21 -0700
Subject: Add webhook config to git management system

---
 site/profile/manifests/puppetmaster.pp | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index 1b00bdf..20a4416 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -31,7 +31,7 @@ class profile::puppetmaster {
   }
   #END - Generate an SSH key for r10k to connect to git  
  
-  #BEGIN - Add deploy key to git management system
+  #BEGIN - Add deploy key and webook to git management system
   $git_management_system = hiera('git_management_system', '')
 
   if $git_management_system in ['gitlab', 'github'] {
@@ -46,7 +46,16 @@ class profile::puppetmaster {
       provider     => $git_management_system,
     }
   
+    git_webhook { 'web_post_receive_webhook' :
+      ensure       => present,
+      webhook_url  => "http://${fqdn}:8088/payload",
+      token        => hiera('gms_api_token'),
+      project_name => 'puppet/control',
+      server_url   => hiera('gms_server_url'),
+      provider     => $git_management_system,
+    }
+
   }
-  #END - Add deploy key to git management system
+  #END - Add deploy key and webhook to git management system
 
 }
-- 
cgit v1.2.3


From 0af9bbf52d7283902141f05da3c642dcd2d64231 Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Tue, 18 Aug 2015 14:01:20 -0700
Subject: Move some hieradata around for easier testing in vagrant

I now have a virtual hierarchy level for setting up my lower memory
settings when using vagrant/virtualbox.

The gms settings are in an example-puppet-master.yaml file in the
nodes directory which are needed for the instructions.
---
 hieradata/nodes/example-puppet-master.yaml |  4 +++
 hieradata/nodes/puppet-master.yaml         | 42 ------------------------------
 hieradata/virtual/virtualbox.yaml          | 42 ++++++++++++++++++++++++++++++
 site/profile/manifests/puppetmaster.pp     |  1 +
 4 files changed, 47 insertions(+), 42 deletions(-)
 create mode 100644 hieradata/nodes/example-puppet-master.yaml
 delete mode 100644 hieradata/nodes/puppet-master.yaml
 create mode 100644 hieradata/virtual/virtualbox.yaml

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/hieradata/nodes/example-puppet-master.yaml b/hieradata/nodes/example-puppet-master.yaml
new file mode 100644
index 0000000..677e10d
--- /dev/null
+++ b/hieradata/nodes/example-puppet-master.yaml
@@ -0,0 +1,4 @@
+---
+git_management_system: 'gitlab'
+gms_server_url: 'https://gitlab-server'
+gms_api_token: 'BDkZfWWnk4LVTLHdAywd'
diff --git a/hieradata/nodes/puppet-master.yaml b/hieradata/nodes/puppet-master.yaml
deleted file mode 100644
index ba1a8ad..0000000
--- a/hieradata/nodes/puppet-master.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
-#These setting are intended for low memory testing VMs
-#Not intended for general usage
----
-#Drop puppetdb Java Heap Size
-#PE3.2 and above
-pe_puppetdb::pe::java_args:
-  -Xmx: '256m'
-  -Xms: '64m'
-#PE3.1 and below
-pe_puppetdb::java_args:
-  -Xmx: '256m'
-  -Xms: '64m'
-#Drop the activemq java heap size
-pe_mcollective::role::master::activemq_heap_mb: '96'
-#Allow access to the puppetdb performance dashboard from non-localhost
-#This is insecure and also allows access to all API endpoints without verification
-pe_puppetdb::pe::listen_address: '0.0.0.0'
-
-#PE3.7+
-#Allow access to the puppetdb performance dashboard from non-localhost
-#This is insecure and also allows access to all API endpoints without verification
-puppet_enterprise::profile::puppetdb::listen_address: '0.0.0.0'
-puppet_enterprise::profile::amq::broker::heap_mb: '96'
-puppet_enterprise::profile::master::java_args:
-  Xmx: '128m'
-  Xms: '128m'
-  'XX:MaxPermSize': '=96m'
-  'XX:PermSize': '=64m'
-puppet_enterprise::profile::puppetdb::java_args:
-  Xmx: '64m'
-  Xms: '64m'
-  'XX:MaxPermSize': '=96m'
-  'XX:PermSize': '=64m'
-puppet_enterprise::profile::console::java_args:
-  Xmx: '64m'
-  Xms: '64m'
-  'XX:MaxPermSize': '=96m'
-  'XX:PermSize': '=64m'
-puppet_enterprise::master::puppetserver::jruby_max_active_instances: 1  #PE3.7.2 only
-puppet_enterprise::profile::console::delayed_job_workers: 1
-#shared_buffers takes affect during install but is not managed after
-puppet_enterprise::profile::database::shared_buffers: '4MB'
diff --git a/hieradata/virtual/virtualbox.yaml b/hieradata/virtual/virtualbox.yaml
new file mode 100644
index 0000000..ba1a8ad
--- /dev/null
+++ b/hieradata/virtual/virtualbox.yaml
@@ -0,0 +1,42 @@
+#These setting are intended for low memory testing VMs
+#Not intended for general usage
+---
+#Drop puppetdb Java Heap Size
+#PE3.2 and above
+pe_puppetdb::pe::java_args:
+  -Xmx: '256m'
+  -Xms: '64m'
+#PE3.1 and below
+pe_puppetdb::java_args:
+  -Xmx: '256m'
+  -Xms: '64m'
+#Drop the activemq java heap size
+pe_mcollective::role::master::activemq_heap_mb: '96'
+#Allow access to the puppetdb performance dashboard from non-localhost
+#This is insecure and also allows access to all API endpoints without verification
+pe_puppetdb::pe::listen_address: '0.0.0.0'
+
+#PE3.7+
+#Allow access to the puppetdb performance dashboard from non-localhost
+#This is insecure and also allows access to all API endpoints without verification
+puppet_enterprise::profile::puppetdb::listen_address: '0.0.0.0'
+puppet_enterprise::profile::amq::broker::heap_mb: '96'
+puppet_enterprise::profile::master::java_args:
+  Xmx: '128m'
+  Xms: '128m'
+  'XX:MaxPermSize': '=96m'
+  'XX:PermSize': '=64m'
+puppet_enterprise::profile::puppetdb::java_args:
+  Xmx: '64m'
+  Xms: '64m'
+  'XX:MaxPermSize': '=96m'
+  'XX:PermSize': '=64m'
+puppet_enterprise::profile::console::java_args:
+  Xmx: '64m'
+  Xms: '64m'
+  'XX:MaxPermSize': '=96m'
+  'XX:PermSize': '=64m'
+puppet_enterprise::master::puppetserver::jruby_max_active_instances: 1  #PE3.7.2 only
+puppet_enterprise::profile::console::delayed_job_workers: 1
+#shared_buffers takes affect during install but is not managed after
+puppet_enterprise::profile::database::shared_buffers: '4MB'
diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index 20a4416..95a4408 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -2,6 +2,7 @@ class profile::puppetmaster {
 
   class { 'hiera':
     hierarchy  => [
+      'virtual/%{::virtual}',
       'nodes/%{::trusted.certname}',
       'common',
     ],
-- 
cgit v1.2.3


From 01baf7695aa63041d6639e9422d86ad28e902a90 Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Tue, 18 Aug 2015 16:11:25 -0700
Subject: Update the repo name for deploy keys and webhook to match README

---
 site/profile/manifests/puppetmaster.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index 95a4408..7ae8c18 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -42,7 +42,7 @@ class profile::puppetmaster {
       name         => $::fqdn,
       path         => "${r10k_ssh_key_file}.pub",
       token        => hiera('gms_api_token'),
-      project_name => 'puppet/control',
+      project_name => 'puppet/control-repo',
       server_url   => hiera('gms_server_url'),
       provider     => $git_management_system,
     }
@@ -51,7 +51,7 @@ class profile::puppetmaster {
       ensure       => present,
       webhook_url  => "http://${fqdn}:8088/payload",
       token        => hiera('gms_api_token'),
-      project_name => 'puppet/control',
+      project_name => 'puppet/control-repo',
       server_url   => hiera('gms_server_url'),
       provider     => $git_management_system,
     }
-- 
cgit v1.2.3


From 6ff5658a2a47cd3e6feaf20fa4083d33342e4b91 Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Thu, 15 Oct 2015 12:22:45 -0700
Subject: Add some notifies to pe services after making changes

---
 site/profile/manifests/puppetmaster.pp | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index 7ae8c18..4fc06f2 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -10,6 +10,7 @@ class profile::puppetmaster {
     datadir    => '/etc/puppetlabs/code/environments/%{environment}/hieradata',
     owner      => 'root',
     group      => 'root',
+    notify     => Service['pe-puppetserver'],
   }
   
   ##BEGIN - r10k webhook support
@@ -21,6 +22,7 @@ class profile::puppetmaster {
     user    => 'root',
     group   => '0',
     require => Class['r10k::webhook::config'],
+    notify  => Service['mcollective'],
   }
   ##END - r10k webhook support
 
-- 
cgit v1.2.3


From 1828e2162304d7d9a2e26743f175d76256b6e0c1 Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Fri, 16 Oct 2015 10:53:16 -0700
Subject: Change to using the webhook without mcollective

In order to complete the change I refactered the webhook into
its own set of profiles, one with mcollective and the other
without.
---
 README.md                                        |  6 ++++--
 site/profile/manifests/puppetmaster.pp           | 13 -------------
 site/profile/manifests/webhook_mcollective.pp    | 15 +++++++++++++++
 site/profile/manifests/webhook_no_mcollective.pp | 13 +++++++++++++
 site/role/manifests/all_in_one_pe.pp             |  1 +
 5 files changed, 33 insertions(+), 15 deletions(-)
 create mode 100644 site/profile/manifests/webhook_mcollective.pp
 create mode 100644 site/profile/manifests/webhook_no_mcollective.pp

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/README.md b/README.md
index 97d5795..2125c09 100644
--- a/README.md
+++ b/README.md
@@ -46,16 +46,18 @@ http://docs.puppetlabs.com/pe/latest/regenerate_certs_master.html
  - http://doc.gitlab.com/ce/workflow/groups.html
 
 6. Create a user called `r10k_api_user` and add them to the `puppet` group
+ - From the landing page, select groups
+ - Choose the puppet group
+ - In the left hand pane, select memembers
+ - Add the `r10k_api_user` with `master` permissions
 
 7. Add your user to the `puppet` group as well 
 
 7. Create a project called `control-repo` and set the Namespace to be the `puppet` group
- - TODO: Change permissions on the group?
 
 8.  Logout of root and login as the `r10k_api_user` 
  - Go to profile settings -> account ( https://<your_gitlab_server>/profile/account )
  - Copy the api token
- - TODO: Change permissions for this user?
 	
 9. Clone this control repository to your laptop/workstation 
  - `git clone https://github.com/npwalker/control-repo.git`
diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index 4fc06f2..bc52d3b 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -12,19 +12,6 @@ class profile::puppetmaster {
     group      => 'root',
     notify     => Service['pe-puppetserver'],
   }
-  
-  ##BEGIN - r10k webhook support
-  include r10k::mcollective
-
-  include r10k::webhook::config
-
-  class {'r10k::webhook':
-    user    => 'root',
-    group   => '0',
-    require => Class['r10k::webhook::config'],
-    notify  => Service['mcollective'],
-  }
-  ##END - r10k webhook support
 
   #BEGIN - Generate an SSH key for r10k to connect to git
   $r10k_ssh_key_file = '/root/.ssh/r10k_rsa'
diff --git a/site/profile/manifests/webhook_mcollective.pp b/site/profile/manifests/webhook_mcollective.pp
new file mode 100644
index 0000000..395cc7a
--- /dev/null
+++ b/site/profile/manifests/webhook_mcollective.pp
@@ -0,0 +1,15 @@
+class profile::webhook_mcollective {
+
+  class { 'r10k::mcollective':
+    notify  => Service['mcollective'],
+  }
+
+  include r10k::webhook::config
+
+  class {'r10k::webhook':
+    user    => 'root',
+    group   => '0',
+    require => Class['r10k::webhook::config'],
+  }
+ 
+}
diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp
new file mode 100644
index 0000000..42c4954
--- /dev/null
+++ b/site/profile/manifests/webhook_no_mcollective.pp
@@ -0,0 +1,13 @@
+class profile::webhook_no_mcollective {
+
+  class {'r10k::webhook::config':
+    use_mcollective => false,
+  }
+
+  class {'r10k::webhook':
+    user    => 'root',
+    group   => '0',
+    require => Class['r10k::webhook::config'],
+  }
+
+}
diff --git a/site/role/manifests/all_in_one_pe.pp b/site/role/manifests/all_in_one_pe.pp
index ca99139..f34a261 100644
--- a/site/role/manifests/all_in_one_pe.pp
+++ b/site/role/manifests/all_in_one_pe.pp
@@ -1,5 +1,6 @@
 class role::all_in_one_pe {
 
+  include profile::webhook_no_mcollective
   include profile::puppetmaster
 
 }
-- 
cgit v1.2.3


From 92f8d2d251d9e6fde5c124cb9a6974b1455269f7 Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Mon, 26 Oct 2015 14:59:20 -0700
Subject: Configure the MoM to update the classifier after deploying code

This entailed configring the classifier to never sync on a
schedule.

Changing environment_timeout to unlimited for all masters.

Setting a postrun command for r10k that would update the class
information in the classifier (the update-classes endpoint).
---
 hieradata/common.yaml                             |  5 +++++
 hieradata/nodes/example-puppet-master.yaml        |  4 ++++
 site/profile/files/puppetmaster/update-classes.sh | 11 +++++++++++
 site/profile/manifests/puppetmaster.pp            | 16 ++++++++++++++++
 4 files changed, 36 insertions(+)
 create mode 100644 site/profile/files/puppetmaster/update-classes.sh

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 07fbd80..f3fb25a 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -3,3 +3,8 @@ message: "This node is using common data"
 
 #Puppet Server Tuning
 puppet_enterprise::master::puppetserver::jruby_max_requests_per_instance: 10000
+
+#pe-console-services tuning
+#https://docs.puppetlabs.com/pe/latest/console_config.html#tuning-the-classifier-synchronization-period
+#disable classifier scheduled sync and rely on r10k postrun command to sync the classes
+puppet_enterprise::profile::consolei::classifier_synchronization_period: 0
diff --git a/hieradata/nodes/example-puppet-master.yaml b/hieradata/nodes/example-puppet-master.yaml
index 677e10d..584faac 100644
--- a/hieradata/nodes/example-puppet-master.yaml
+++ b/hieradata/nodes/example-puppet-master.yaml
@@ -2,3 +2,7 @@
 git_management_system: 'gitlab'
 gms_server_url: 'https://gitlab-server'
 gms_api_token: 'BDkZfWWnk4LVTLHdAywd'
+
+#setup r10k to update classes in the console after code deploy
+pe_r10k::postrun:
+ - '/usr/local/bin/update-classes.sh'
diff --git a/site/profile/files/puppetmaster/update-classes.sh b/site/profile/files/puppetmaster/update-classes.sh
new file mode 100644
index 0000000..dea10a9
--- /dev/null
+++ b/site/profile/files/puppetmaster/update-classes.sh
@@ -0,0 +1,11 @@
+#https://docs.puppetlabs.com/pe/latest/nc_update_classes.html#post-v1update-classes
+
+CONFDIR=$(puppet master --configprint confdir)
+
+CERT=$(puppet master   --confdir ${CONFDIR} --configprint hostcert)
+CACERT=$(puppet master --confdir ${CONFDIR} --configprint localcacert)
+PRVKEY=$(puppet master --confdir ${CONFDIR} --configprint hostprivkey)
+OPTIONS="--cert ${CERT} --cacert ${CACERT} --key ${PRVKEY}"
+CONSOLE=$(awk '/server =/{print $NF}' ${CONFDIR}/console.conf)
+
+curl -k -X POST ${OPTIONS} "https://${CONSOLE}:4433/classifier-api/v1/update-classes"
diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index bc52d3b..687b957 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -48,4 +48,20 @@ class profile::puppetmaster {
   }
   #END - Add deploy key and webhook to git management system
 
+  #Lay down update-classes.sh for use in r10k postrun_command
+  #This is configured via the pe_r10k::postrun key in hiera
+  file { '/usr/local/bin/update-classes.sh' :
+    ensure => file,
+    source => 'puppet::///modules/profile/puppetmaster/update-classes.sh',
+  }
+
+  #https://docs.puppetlabs.com/puppet/latest/reference/config_file_environment.html#environmenttimeout
+  ini_setting { "environment_timeout = unlimited":
+    ensure  => present,
+    path    => '/etc/puppetlabs/puppet/puppet.conf',
+    section => 'main',
+    setting => 'environment_timeout',
+    value   => 'unlimited',
+  }
+
 }
-- 
cgit v1.2.3


From 1cb89d981a7845453529a3a86ac9a9b1254fe61f Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Mon, 26 Oct 2015 15:12:39 -0700
Subject: Fix some embarassing typos

---
 hieradata/common.yaml                  | 2 +-
 site/profile/manifests/puppetmaster.pp | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index f3fb25a..191061c 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -7,4 +7,4 @@ puppet_enterprise::master::puppetserver::jruby_max_requests_per_instance: 10000
 #pe-console-services tuning
 #https://docs.puppetlabs.com/pe/latest/console_config.html#tuning-the-classifier-synchronization-period
 #disable classifier scheduled sync and rely on r10k postrun command to sync the classes
-puppet_enterprise::profile::consolei::classifier_synchronization_period: 0
+puppet_enterprise::profile::console::classifier_synchronization_period: 0
diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index 687b957..ec85155 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -52,7 +52,7 @@ class profile::puppetmaster {
   #This is configured via the pe_r10k::postrun key in hiera
   file { '/usr/local/bin/update-classes.sh' :
     ensure => file,
-    source => 'puppet::///modules/profile/puppetmaster/update-classes.sh',
+    source => 'puppet:///modules/profile/puppetmaster/update-classes.sh',
   }
 
   #https://docs.puppetlabs.com/puppet/latest/reference/config_file_environment.html#environmenttimeout
-- 
cgit v1.2.3


From 4598483d0f7faf357c443e12816a45cd0f975e50 Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Mon, 26 Oct 2015 15:50:22 -0700
Subject: Fix the update-classes script and set appropriate perms on it

---
 site/profile/files/puppetmaster/update-classes.sh | 2 +-
 site/profile/manifests/puppetmaster.pp            | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/site/profile/files/puppetmaster/update-classes.sh b/site/profile/files/puppetmaster/update-classes.sh
index dea10a9..fc33026 100644
--- a/site/profile/files/puppetmaster/update-classes.sh
+++ b/site/profile/files/puppetmaster/update-classes.sh
@@ -6,6 +6,6 @@ CERT=$(puppet master   --confdir ${CONFDIR} --configprint hostcert)
 CACERT=$(puppet master --confdir ${CONFDIR} --configprint localcacert)
 PRVKEY=$(puppet master --confdir ${CONFDIR} --configprint hostprivkey)
 OPTIONS="--cert ${CERT} --cacert ${CACERT} --key ${PRVKEY}"
-CONSOLE=$(awk '/server =/{print $NF}' ${CONFDIR}/console.conf)
+CONSOLE=$(awk '/server: /{print $NF}' ${CONFDIR}/classifier.yaml)
 
 curl -k -X POST ${OPTIONS} "https://${CONSOLE}:4433/classifier-api/v1/update-classes"
diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index ec85155..193f0ca 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -53,6 +53,7 @@ class profile::puppetmaster {
   file { '/usr/local/bin/update-classes.sh' :
     ensure => file,
     source => 'puppet:///modules/profile/puppetmaster/update-classes.sh',
+    mode   => '755',
   }
 
   #https://docs.puppetlabs.com/puppet/latest/reference/config_file_environment.html#environmenttimeout
-- 
cgit v1.2.3


From 8fe670beb09ffa086c5c8937bfc12d64d3296578 Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Mon, 26 Oct 2015 16:32:24 -0700
Subject: make environment timeout setting refresh the puppet master service

---
 site/profile/manifests/puppetmaster.pp | 1 +
 1 file changed, 1 insertion(+)

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index 193f0ca..1c618a2 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -63,6 +63,7 @@ class profile::puppetmaster {
     section => 'main',
     setting => 'environment_timeout',
     value   => 'unlimited',
+    notify     => Service['pe-puppetserver'],
   }
 
 }
-- 
cgit v1.2.3


From d6cb170a787da4ca4c0d830c5002893f7ae72bb3 Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Wed, 28 Oct 2015 10:37:59 -0700
Subject: enable ssl on the webhook

---
 site/profile/manifests/puppetmaster.pp           | 30 +++++++++++++-----------
 site/profile/manifests/webhook_no_mcollective.pp |  2 +-
 2 files changed, 17 insertions(+), 15 deletions(-)

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index 1c618a2..3085300 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -27,22 +27,24 @@ class profile::puppetmaster {
   if $git_management_system in ['gitlab', 'github'] {
    
     git_deploy_key { "add_deploy_key_to_puppet_control-${fqdn}":
-      ensure       => present,
-      name         => $::fqdn,
-      path         => "${r10k_ssh_key_file}.pub",
-      token        => hiera('gms_api_token'),
-      project_name => 'puppet/control-repo',
-      server_url   => hiera('gms_server_url'),
-      provider     => $git_management_system,
+      ensure             => present,
+      name               => $::fqdn,
+      path               => "${r10k_ssh_key_file}.pub",
+      token              => hiera('gms_api_token'),
+      project_name       => 'puppet/control-repo',
+      server_url         => hiera('gms_server_url'),
+      provider           => $git_management_system,
+      disable_ssl_verify => true,
     }
   
     git_webhook { 'web_post_receive_webhook' :
-      ensure       => present,
-      webhook_url  => "http://${fqdn}:8088/payload",
-      token        => hiera('gms_api_token'),
-      project_name => 'puppet/control-repo',
-      server_url   => hiera('gms_server_url'),
-      provider     => $git_management_system,
+      ensure             => present,
+      webhook_url        => "http://${fqdn}:8088/payload",
+      token              => hiera('gms_api_token'),
+      project_name       => 'puppet/control-repo',
+      server_url         => hiera('gms_server_url'),
+      provider           => $git_management_system,
+      disable_ssl_verify => true,
     }
 
   }
@@ -63,7 +65,7 @@ class profile::puppetmaster {
     section => 'main',
     setting => 'environment_timeout',
     value   => 'unlimited',
-    notify     => Service['pe-puppetserver'],
+    notify  => Service['pe-puppetserver'],
   }
 
 }
diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp
index 9f4b7fa..f4f50d7 100644
--- a/site/profile/manifests/webhook_no_mcollective.pp
+++ b/site/profile/manifests/webhook_no_mcollective.pp
@@ -1,7 +1,7 @@
 class profile::webhook_no_mcollective {
 
   class {'r10k::webhook::config':
-    enable_ssl      => false,
+    enable_ssl      => true,
     protected       => false,
     use_mcollective => false,
   }
-- 
cgit v1.2.3


From c2aeccd388fb56fdb7b02d4796ab5e140bce00e8 Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Wed, 28 Oct 2015 11:27:57 -0700
Subject: disable SSL on the zack/r10k webhook

The abrader/gms provider for gitlab doesn't support
disabling ssl verification but will soon.
---
 site/profile/manifests/puppetmaster.pp           | 1 -
 site/profile/manifests/webhook_no_mcollective.pp | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index 3085300..8e0817c 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -34,7 +34,6 @@ class profile::puppetmaster {
       project_name       => 'puppet/control-repo',
       server_url         => hiera('gms_server_url'),
       provider           => $git_management_system,
-      disable_ssl_verify => true,
     }
   
     git_webhook { 'web_post_receive_webhook' :
diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp
index f4f50d7..9f4b7fa 100644
--- a/site/profile/manifests/webhook_no_mcollective.pp
+++ b/site/profile/manifests/webhook_no_mcollective.pp
@@ -1,7 +1,7 @@
 class profile::webhook_no_mcollective {
 
   class {'r10k::webhook::config':
-    enable_ssl      => true,
+    enable_ssl      => false,
     protected       => false,
     use_mcollective => false,
   }
-- 
cgit v1.2.3


From b6351f9e5d80bbf93374575591e8a95ad07c255d Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Wed, 28 Oct 2015 13:16:36 -0700
Subject: Add $::fqdn to post receive hook title

Also, change other references of $fqdn to $::fqdn
---
 site/profile/manifests/puppetmaster.pp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index 8e0817c..5c9b59a 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -26,7 +26,7 @@ class profile::puppetmaster {
 
   if $git_management_system in ['gitlab', 'github'] {
    
-    git_deploy_key { "add_deploy_key_to_puppet_control-${fqdn}":
+    git_deploy_key { "add_deploy_key_to_puppet_control-${::fqdn}":
       ensure             => present,
       name               => $::fqdn,
       path               => "${r10k_ssh_key_file}.pub",
@@ -36,9 +36,9 @@ class profile::puppetmaster {
       provider           => $git_management_system,
     }
   
-    git_webhook { 'web_post_receive_webhook' :
+    git_webhook { "web_post_receive_webhook-${::fqdn}" :
       ensure             => present,
-      webhook_url        => "http://${fqdn}:8088/payload",
+      webhook_url        => "http://${::fqdn}:8088/payload",
       token              => hiera('gms_api_token'),
       project_name       => 'puppet/control-repo',
       server_url         => hiera('gms_server_url'),
-- 
cgit v1.2.3


From e045f172bd5d1b14873bf323fe83230f7cc1aa2c Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Thu, 29 Oct 2015 09:44:01 -0700
Subject: enable SSL on the zack/r10k webhook

---
 site/profile/manifests/puppetmaster.pp           | 2 +-
 site/profile/manifests/webhook_no_mcollective.pp | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index 5c9b59a..d306ad5 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -38,7 +38,7 @@ class profile::puppetmaster {
   
     git_webhook { "web_post_receive_webhook-${::fqdn}" :
       ensure             => present,
-      webhook_url        => "http://${::fqdn}:8088/payload",
+      webhook_url        => "https://${::fqdn}:8088/payload",
       token              => hiera('gms_api_token'),
       project_name       => 'puppet/control-repo',
       server_url         => hiera('gms_server_url'),
diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp
index 9f4b7fa..f4f50d7 100644
--- a/site/profile/manifests/webhook_no_mcollective.pp
+++ b/site/profile/manifests/webhook_no_mcollective.pp
@@ -1,7 +1,7 @@
 class profile::webhook_no_mcollective {
 
   class {'r10k::webhook::config':
-    enable_ssl      => false,
+    enable_ssl      => true,
     protected       => false,
     use_mcollective => false,
   }
-- 
cgit v1.2.3


From 8e271e3043fd55ce7c39f520360214e6844085af Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Fri, 30 Oct 2015 13:04:42 -0700
Subject: Change the zack/r10k webhook to utilize username and password

To accomodate generating random usernames and passwords, I had
to parameterize the profiles which I didn't feel great about
but I also didn't want to have to put the username and pass in
hiera.
---
 site/profile/manifests/puppetmaster.pp           |  7 +++++--
 site/profile/manifests/webhook_no_mcollective.pp |  9 +++++++--
 site/role/manifests/all_in_one_pe.pp             | 14 ++++++++++++--
 3 files changed, 24 insertions(+), 6 deletions(-)

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index d306ad5..d3f1a87 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -1,4 +1,7 @@
-class profile::puppetmaster {
+class profile::puppetmaster (
+  $webhook_username,
+  $webhook_password
+) {
 
   class { 'hiera':
     hierarchy  => [
@@ -38,7 +41,7 @@ class profile::puppetmaster {
   
     git_webhook { "web_post_receive_webhook-${::fqdn}" :
       ensure             => present,
-      webhook_url        => "https://${::fqdn}:8088/payload",
+      webhook_url        => "https://${webhook_username}:${webhook_password}@${::fqdn}:8088/payload",
       token              => hiera('gms_api_token'),
       project_name       => 'puppet/control-repo',
       server_url         => hiera('gms_server_url'),
diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp
index f4f50d7..dc7b1aa 100644
--- a/site/profile/manifests/webhook_no_mcollective.pp
+++ b/site/profile/manifests/webhook_no_mcollective.pp
@@ -1,8 +1,13 @@
-class profile::webhook_no_mcollective {
+class profile::webhook_no_mcollective (
+  $username,
+  $password
+) {
 
   class {'r10k::webhook::config':
     enable_ssl      => true,
-    protected       => false,
+    protected       => true,
+    user            => $username,
+    pass            => $password,
     use_mcollective => false,
   }
 
diff --git a/site/role/manifests/all_in_one_pe.pp b/site/role/manifests/all_in_one_pe.pp
index f34a261..3762325 100644
--- a/site/role/manifests/all_in_one_pe.pp
+++ b/site/role/manifests/all_in_one_pe.pp
@@ -1,6 +1,16 @@
 class role::all_in_one_pe {
 
-  include profile::webhook_no_mcollective
-  include profile::puppetmaster
+  $webhook_username = hiera('webhook_username', fqdn_rand_string(10, '', 'username'))
+  $webhook_password = hiera('webhook_password', fqdn_rand_string(20, '', 'password'))
+
+  class { 'profile::puppetmaster' :
+    webhook_username => $webhook_username,
+    webhook_password => $webhook_password,
+  }
+
+  class { 'profile::webhook_no_mcollective' :
+    username => $webhook_username,
+    password => $webhook_password,
+  }
 
 }
-- 
cgit v1.2.3


From 3149d9707f2882bdd4bc499a2bc65fb6dff36bf9 Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Fri, 30 Oct 2015 13:42:33 -0700
Subject: Refactor webhook profiles into one profile with a parameter

Previously there was a mcollective and no_mcollective version of
the webhook profile.  They were almost identical so I merged them
and manage the difference with a "use_mcollective" parameter.

I renamed the webhook profile to zack_r10k_webhook.
---
 site/profile/manifests/puppetmaster.pp           | 22 +++++++++---------
 site/profile/manifests/webhook_mcollective.pp    | 15 ------------
 site/profile/manifests/webhook_no_mcollective.pp | 20 ----------------
 site/profile/manifests/zack_r10k_webhook.pp      | 29 ++++++++++++++++++++++++
 site/role/manifests/all_in_one_pe.pp             |  2 +-
 5 files changed, 41 insertions(+), 47 deletions(-)
 delete mode 100644 site/profile/manifests/webhook_mcollective.pp
 delete mode 100644 site/profile/manifests/webhook_no_mcollective.pp
 create mode 100644 site/profile/manifests/zack_r10k_webhook.pp

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index d3f1a87..1a199cd 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -23,20 +23,20 @@ class profile::puppetmaster (
     creates => $r10k_ssh_key_file,
   }
   #END - Generate an SSH key for r10k to connect to git  
- 
+
   #BEGIN - Add deploy key and webook to git management system
   $git_management_system = hiera('git_management_system', '')
 
   if $git_management_system in ['gitlab', 'github'] {
-   
+
     git_deploy_key { "add_deploy_key_to_puppet_control-${::fqdn}":
-      ensure             => present,
-      name               => $::fqdn,
-      path               => "${r10k_ssh_key_file}.pub",
-      token              => hiera('gms_api_token'),
-      project_name       => 'puppet/control-repo',
-      server_url         => hiera('gms_server_url'),
-      provider           => $git_management_system,
+      ensure       => present,
+      name         => $::fqdn,
+      path         => "${r10k_ssh_key_file}.pub",
+      token        => hiera('gms_api_token'),
+      project_name => 'puppet/control-repo',
+      server_url   => hiera('gms_server_url'),
+      provider     => $git_management_system,
     }
   
     git_webhook { "web_post_receive_webhook-${::fqdn}" :
@@ -57,11 +57,11 @@ class profile::puppetmaster (
   file { '/usr/local/bin/update-classes.sh' :
     ensure => file,
     source => 'puppet:///modules/profile/puppetmaster/update-classes.sh',
-    mode   => '755',
+    mode   => '0755',
   }
 
   #https://docs.puppetlabs.com/puppet/latest/reference/config_file_environment.html#environmenttimeout
-  ini_setting { "environment_timeout = unlimited":
+  ini_setting { 'environment_timeout = unlimited':
     ensure  => present,
     path    => '/etc/puppetlabs/puppet/puppet.conf',
     section => 'main',
diff --git a/site/profile/manifests/webhook_mcollective.pp b/site/profile/manifests/webhook_mcollective.pp
deleted file mode 100644
index 395cc7a..0000000
--- a/site/profile/manifests/webhook_mcollective.pp
+++ /dev/null
@@ -1,15 +0,0 @@
-class profile::webhook_mcollective {
-
-  class { 'r10k::mcollective':
-    notify  => Service['mcollective'],
-  }
-
-  include r10k::webhook::config
-
-  class {'r10k::webhook':
-    user    => 'root',
-    group   => '0',
-    require => Class['r10k::webhook::config'],
-  }
- 
-}
diff --git a/site/profile/manifests/webhook_no_mcollective.pp b/site/profile/manifests/webhook_no_mcollective.pp
deleted file mode 100644
index dc7b1aa..0000000
--- a/site/profile/manifests/webhook_no_mcollective.pp
+++ /dev/null
@@ -1,20 +0,0 @@
-class profile::webhook_no_mcollective (
-  $username,
-  $password
-) {
-
-  class {'r10k::webhook::config':
-    enable_ssl      => true,
-    protected       => true,
-    user            => $username,
-    pass            => $password,
-    use_mcollective => false,
-  }
-
-  class {'r10k::webhook':
-    user    => 'root',
-    group   => '0',
-    require => Class['r10k::webhook::config'],
-  }
-
-}
diff --git a/site/profile/manifests/zack_r10k_webhook.pp b/site/profile/manifests/zack_r10k_webhook.pp
new file mode 100644
index 0000000..7e0bd40
--- /dev/null
+++ b/site/profile/manifests/zack_r10k_webhook.pp
@@ -0,0 +1,29 @@
+class profile::zack_r10k_webhook (
+  $username,
+  $password,
+  $use_mcollective = false,
+) {
+
+  if $use_mcollective {
+  
+    class { 'r10k::mcollective':
+      notify  => Service['mcollective'],
+    }
+
+  }
+
+  class {'r10k::webhook::config':
+    enable_ssl      => true,
+    protected       => true,
+    user            => $username,
+    pass            => $password,
+    use_mcollective => $use_mcollective,
+  }
+
+  class {'r10k::webhook':
+    user    => 'root',
+    group   => '0',
+    require => Class['r10k::webhook::config'],
+  }
+
+}
diff --git a/site/role/manifests/all_in_one_pe.pp b/site/role/manifests/all_in_one_pe.pp
index 3762325..6bc2eb3 100644
--- a/site/role/manifests/all_in_one_pe.pp
+++ b/site/role/manifests/all_in_one_pe.pp
@@ -8,7 +8,7 @@ class role::all_in_one_pe {
     webhook_password => $webhook_password,
   }
 
-  class { 'profile::webhook_no_mcollective' :
+  class { 'profile::zack_r10k_webhook' :
     username => $webhook_username,
     password => $webhook_password,
   }
-- 
cgit v1.2.3


From 7e40513c531d98015101367baf5d480d7ea6d2e3 Mon Sep 17 00:00:00 2001
From: Nick Walker <nick.walker@puppetlabs.com>
Date: Tue, 17 Nov 2015 14:10:45 -0800
Subject: Change owner/group to pe-puppet for hiera module

When the owner / group was root this meant that enabling
hiera-eyaml wouldn't work properly as the keys couldn't
be read by puppetserver.

Changing to pe-puppet should resolve the issue.
---
 site/profile/manifests/puppetmaster.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'site/profile/manifests/puppetmaster.pp')

diff --git a/site/profile/manifests/puppetmaster.pp b/site/profile/manifests/puppetmaster.pp
index 1a199cd..0954807 100644
--- a/site/profile/manifests/puppetmaster.pp
+++ b/site/profile/manifests/puppetmaster.pp
@@ -11,8 +11,8 @@ class profile::puppetmaster (
     ],
     hiera_yaml => '/etc/puppetlabs/code/hiera.yaml',
     datadir    => '/etc/puppetlabs/code/environments/%{environment}/hieradata',
-    owner      => 'root',
-    group      => 'root',
+    owner      => 'pe-puppet',
+    group      => 'pe-puppet',
     notify     => Service['pe-puppetserver'],
   }
 
-- 
cgit v1.2.3