diff --git a/doc/puppet_classes/puppet_cd_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/puppet_cd_3A_3Afirewall_3A_3Aiptables.html index e269b4f..93485cf 100644 --- a/doc/puppet_classes/puppet_cd_3A_3Afirewall_3A_3Aiptables.html +++ b/doc/puppet_classes/puppet_cd_3A_3Afirewall_3A_3Aiptables.html @@ -166,9 +166,9 @@ class puppet_cd::firewall::iptables ( jump => 'accept', } if $pt_use_r10k_webhook == true { - firewall { '38080 open port 8080': + firewall { '38088 open port 8088': proto => 'tcp', - dport => '8080', + dport => '8088', jump => 'accept', } } diff --git a/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Aconfig.html index 8c9b42d..00f8d54 100644 --- a/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Aconfig.html +++ b/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Aconfig.html @@ -128,10 +128,10 @@ class puppet_cd::main::config ( include puppet_cd::puppetdb::service } -# if $pt_use_r10k == true { -# include puppet_cd::r10k::install -# include puppet_cd::r10k::webhook -# } + if $pt_use_r10k == true { + include puppet_cd::r10k::install + include puppet_cd::r10k::webhook + } } diff --git a/doc/puppet_classes/puppet_cd_3A_3Aparams.html b/doc/puppet_classes/puppet_cd_3A_3Aparams.html index 5c6da7a..0b36cf0 100644 --- a/doc/puppet_classes/puppet_cd_3A_3Aparams.html +++ b/doc/puppet_classes/puppet_cd_3A_3Aparams.html @@ -1803,7 +1803,7 @@ class puppet_cd::params ( $pt_puppetdb_var_dir = '/opt/puppetlabs/server/data/puppetdb' ## r10k $pt_r10k_dir = "${pt_main_dir}/r10k" - $pt_r10k_webhook_dir = '/opt/r10k-webhook' + $pt_r10k_webhook_dir = '/etc/r10k-webhook' # files ## puppet @@ -1836,8 +1836,8 @@ class puppet_cd::params ( $pt_r10k_webhook_erb = 'puppet_cd/r10k/webhook.py.erb' $pt_r10k_req_file = "${pt_r10k_webhook_dir}/requirements.txt" $pt_r10k_req_erb = 'puppet_cd/r10k/requirements.txt.erb' - $pt_r10k_wh_service_file = '/etc/systemd/system/r10k-webhook.service' - $pt_r10k_wh_service_erb = 'puppet_cd/r10k/r10k_webhook_service.erb' + $pt_r10k_wh_config_file = "${pt_r10k_webhook_dir}/config.json" + $pt_r10k_wh_config_erb = 'puppet_cd/r10k/r10k_webhook_config.erb' # service $pt_server_service = 'puppetserver' diff --git a/doc/puppet_classes/puppet_cd_3A_3Ar10k_3A_3Awebhook.html b/doc/puppet_classes/puppet_cd_3A_3Ar10k_3A_3Awebhook.html index ac3c328..d51ba97 100644 --- a/doc/puppet_classes/puppet_cd_3A_3Ar10k_3A_3Awebhook.html +++ b/doc/puppet_classes/puppet_cd_3A_3Ar10k_3A_3Awebhook.html @@ -173,32 +173,7 @@ 75 76 77 -78 -79 -80 -81 -82 -83 -84 -85 -86 -87 -88 -89 -90 -91 -92 -93 -94 -95 -96 -97 -98 -99 -100 -101 -102 -103 +78 
# File 'manifests/r10k/webhook.pp', line 6
@@ -213,27 +188,17 @@ class puppet_cd::r10k::webhook (
     }
 
     # create the webhook dir
-    file { '/opt/r10k-webhook':
+    file { $pt_r10k_webhook_dir:
       ensure   => directory,
-      path     => $pt_r10k_webhook_dir,
-      owner    => 'puppet',
-      group    => 'puppet',
+      owner    => 'root',
+      group    => 'root',
       mode     => '0755',
       selrange => s0,
       selrole  => object_r,
-      seltype  => puppet_etc_t,
+      seltype  => etc_t,
       seluser  => system_u,
     }
 
-    # create the log file
-    file { '/var/log/r10k-webhook.log':
-      ensure  => file,
-      owner   => 'puppet',
-      group   => 'puppet',
-      mode    => '0644',
-      require => File['/opt/r10k-webhook'],
-    }
-
     # create the requirements file
     file { $pt_r10k_req_file:
       ensure   => file,
@@ -242,26 +207,26 @@ class puppet_cd::r10k::webhook (
       mode     => '0644',
       selrange => s0,
       selrole  => object_r,
-      seltype  => puppet_etc_t,
+      seltype  => etc_t,
       seluser  => system_u,
       content  => template($pt_r10k_req_erb),
-      require  => File['/var/log/r10k-webhook.log'],
     }
 
-    # create the binary file
-    file { $pt_r10k_webhook_file:
+    # create the webhook config file
+    file { $pt_r10k_wh_config_file:
       ensure   => file,
-      owner    => 'puppet',
-      group    => 'puppet',
+      owner    => 'root',
+      group    => 'root',
       mode     => '0644',
       selrange => s0,
       selrole  => object_r,
-      seltype  => puppet_etc_t,
+      seltype  => etc_t,
       seluser  => system_u,
-      content  => template($pt_r10k_webhook_erb),
-      require  => File['/opt/r10k-webhook'],
+      content  => template($pt_r10k_wh_config_erb),
+      require  => File[$pt_r10k_webhook_dir],
     }
 
+
     # install pip dependencies
     exec { 'pip_install_r10k_webhook':
       command => 'pip3 install --user -r /opt/r10k-webhook/requirements.txt',
@@ -278,26 +243,11 @@ class puppet_cd::r10k::webhook (
       refreshonly => true,
     }
 
-    # install systemd service file
-    file { $pt_r10k_wh_service_file:
-      ensure   => file,
-      owner    => 'root',
-      group    => 'root',
-      mode     => '0644',
-      selrange => s0,
-      selrole  => object_r,
-      seltype  => systemd_unit_file_t,
-      seluser  => system_u,
-      content  => template($pt_r10k_wh_service_erb),
-      notify   => Exec['systemctl_daemon_reload'],
-    }
-
     # manage service
     service { 'r10k-webhook':
       ensure    => 'running',
       enable    => true,
-      require   => File[$pt_r10k_wh_service_file],
-      subscribe => File[$pt_r10k_webhook_file],
+      subscribe => File[$pt_r10k_wh_config_file],
     }
   }
 }
diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp index 7f4b8b0..d52c19e 100644 --- a/manifests/firewall/iptables.pp +++ b/manifests/firewall/iptables.pp @@ -18,9 +18,9 @@ class puppet_cd::firewall::iptables ( jump => 'accept', } if $pt_use_r10k_webhook == true { - firewall { '38080 open port 8080': + firewall { '38088 open port 8088': proto => 'tcp', - dport => '8080', + dport => '8088', jump => 'accept', } } diff --git a/manifests/main/config.pp b/manifests/main/config.pp index 68ce0df..69027ae 100644 --- a/manifests/main/config.pp +++ b/manifests/main/config.pp @@ -12,8 +12,8 @@ class puppet_cd::main::config ( include puppet_cd::puppetdb::service } -# if $pt_use_r10k == true { -# include puppet_cd::r10k::install -# include puppet_cd::r10k::webhook -# } + if $pt_use_r10k == true { + include puppet_cd::r10k::install + include puppet_cd::r10k::webhook + } } diff --git a/manifests/params.pp b/manifests/params.pp index 3027126..de0641c 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -203,7 +203,7 @@ class puppet_cd::params ( $pt_puppetdb_var_dir = '/opt/puppetlabs/server/data/puppetdb' ## r10k $pt_r10k_dir = "${pt_main_dir}/r10k" - $pt_r10k_webhook_dir = '/opt/r10k-webhook' + $pt_r10k_webhook_dir = '/etc/r10k-webhook' # files ## puppet @@ -236,8 +236,8 @@ class puppet_cd::params ( $pt_r10k_webhook_erb = 'puppet_cd/r10k/webhook.py.erb' $pt_r10k_req_file = "${pt_r10k_webhook_dir}/requirements.txt" $pt_r10k_req_erb = 'puppet_cd/r10k/requirements.txt.erb' - $pt_r10k_wh_service_file = '/etc/systemd/system/r10k-webhook.service' - $pt_r10k_wh_service_erb = 'puppet_cd/r10k/r10k_webhook_service.erb' + $pt_r10k_wh_config_file = "${pt_r10k_webhook_dir}/config.json" + $pt_r10k_wh_config_erb = 'puppet_cd/r10k/r10k_webhook_config.erb' # service $pt_server_service = 'puppetserver' diff --git a/manifests/r10k/webhook.pp b/manifests/r10k/webhook.pp index be78c05..3a5e9ef 100644 --- a/manifests/r10k/webhook.pp +++ b/manifests/r10k/webhook.pp @@ -13,27 +13,17 @@ class puppet_cd::r10k::webhook ( } # create the webhook dir - file { '/opt/r10k-webhook': + file { $pt_r10k_webhook_dir: ensure => directory, - path => $pt_r10k_webhook_dir, - owner => 'puppet', - group => 'puppet', + owner => 'root', + group => 'root', mode => '0755', selrange => s0, selrole => object_r, - seltype => puppet_etc_t, + seltype => etc_t, seluser => system_u, } - # create the log file - file { '/var/log/r10k-webhook.log': - ensure => file, - owner => 'puppet', - group => 'puppet', - mode => '0644', - require => File['/opt/r10k-webhook'], - } - # create the requirements file file { $pt_r10k_req_file: ensure => file, @@ -42,26 +32,26 @@ class puppet_cd::r10k::webhook ( mode => '0644', selrange => s0, selrole => object_r, - seltype => puppet_etc_t, + seltype => etc_t, seluser => system_u, content => template($pt_r10k_req_erb), - require => File['/var/log/r10k-webhook.log'], } - # create the binary file - file { $pt_r10k_webhook_file: + # create the webhook config file + file { $pt_r10k_wh_config_file: ensure => file, - owner => 'puppet', - group => 'puppet', + owner => 'root', + group => 'root', mode => '0644', selrange => s0, selrole => object_r, - seltype => puppet_etc_t, + seltype => etc_t, seluser => system_u, - content => template($pt_r10k_webhook_erb), - require => File['/opt/r10k-webhook'], + content => template($pt_r10k_wh_config_erb), + require => File[$pt_r10k_webhook_dir], } + # install pip dependencies exec { 'pip_install_r10k_webhook': command => 'pip3 install --user -r /opt/r10k-webhook/requirements.txt', @@ -78,26 +68,11 @@ class puppet_cd::r10k::webhook ( refreshonly => true, } - # install systemd service file - file { $pt_r10k_wh_service_file: - ensure => file, - owner => 'root', - group => 'root', - mode => '0644', - selrange => s0, - selrole => object_r, - seltype => systemd_unit_file_t, - seluser => system_u, - content => template($pt_r10k_wh_service_erb), - notify => Exec['systemctl_daemon_reload'], - } - # manage service service { 'r10k-webhook': ensure => 'running', enable => true, - require => File[$pt_r10k_wh_service_file], - subscribe => File[$pt_r10k_webhook_file], + subscribe => File[$pt_r10k_wh_config_file], } } } diff --git a/templates/r10k/r10k_webhook_config.erb b/templates/r10k/r10k_webhook_config.erb new file mode 100644 index 0000000..7028563 --- /dev/null +++ b/templates/r10k/r10k_webhook_config.erb @@ -0,0 +1,8 @@ +{ + "flush_env_cache": false, + "branch_to_env_map": { + "master": "production", + "^env_(.*)$": "\g<1>" + }, + "allowed_branches": "^(env_[\w]+|master)$" +} \ No newline at end of file diff --git a/templates/r10k/requirements.txt.erb b/templates/r10k/requirements.txt.erb index 992201c..4d50e5b 100644 --- a/templates/r10k/requirements.txt.erb +++ b/templates/r10k/requirements.txt.erb @@ -1,3 +1,4 @@ -fastapi==0.115.0 -uvicorn==0.30.6 -pydantic==2.8.2 \ No newline at end of file +#fastapi==0.115.0 +#uvicorn==0.30.6 +#pydantic==2.8.2 +r10k-webhook \ No newline at end of file