add config files - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/284

manifests/params.pp

@@ -203,6 +203,7 @@ class puppet_cd::params (
   $pt_puppetdb_var_dir              = '/opt/puppetlabs/server/data/puppetdb'
 ## r10k
   $pt_r10k_dir                      = "${pt_main_dir}/r10k"
+  $pt_r10k_webhook_dir              = */etc/r10k-webhook'
 
 # files
 ## puppet
@@ -232,6 +233,10 @@ class puppet_cd::params (
   $pt_r10k_file                     = "${pt_r10k_dir}/r10k.yaml"
   $pt_r10k_erb                      = 'puppet_cd/r10k/r10k.yaml.erb'
   $pt_r10k_hook_file                = '/usr/local/bin/webhook'
+  $pt_r10k_hook_config_file         = "${pt_r10k_webhook_dir}/hooks.json"
+  $pt_r10k_hook_config_erb          = 'puppet_cd/r10k/hook_config.erb'
+  $pt_r10k_hook_service_file        = '/etc/systemd/system/webhook.service'
+  $pt_r10k_hook_service_erb          = 'puppet_cd/r10k/r10k_webhook_service.erb'
 
 # service
   $pt_server_service                = 'puppetserver'

manifests/r10k/webhook.pp

@@ -20,11 +20,47 @@ class puppet_cd::r10k::webhook (
       source   => 'puppet:///modules/puppet_cd/webhook',
     }
 
-#    # manage service
+    # create the webhook config dir
-#    service { 'r10k-webhook':
+    file { $pt_r10k_webhook_dir:
-#      ensure    => 'running',
+      ensure   => directory,
-#      enable    => true,
+      owner    => 'root',
-#      subscribe => File[$pt_r10k_wh_config_file],
+      group    => 'root',
-#    }
+      mode     => '0755',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => etc_t,
+      seluser  => system_u,
+    }
+
+    # create webhook config
+    file { $pt_r10k_hook_config_file:
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => etc_t,
+      seluser  => system_u,
+      content  => template($pt_r10k_hook_config_erb),
+    }
+
+    # create service config
+    file { $pt_r10k_hook_config_file:
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => systemd_unit_file_t,
+      seluser  => system_u,
+      content  => template($pt_r10k_hook_service_erb),
+    }
+
+    # manage service
+    service { 'r10k-webhook':
+      ensure    => 'running',
+      enable    => true,
+      subscribe => File[$pt_r10k_hook_service_erb],
+    }
   }
 }

templates/r10k/hook_config.erb

@@ -0,0 +1,18 @@
+[
+  {
+    "id": "r10k-deploy",
+    "execute-command": "/usr/local/bin/r10k",
+    "command-working-directory": "/etc/puppetlabs/code",
+    "pass-arguments-to-command": [
+      { "source": "string", "name": "deploy" },
+      { "source": "string", "name": "environment" },
+      { "source": "string", "name": "-pv" }
+    ],
+    "trigger-rule": {
+      "match": {
+        "type": "payload-hash-sha1",
+        "secret": "your_webhook_secret"
+      }
+    }
+  }
+]

templates/r10k/r10k_webhook_service.erb

@@ -1,19 +1,15 @@
 [Unit]
-Description=r10k Webhook Server
+Description=Webhook Service for r10k Deployment
-After=network.target haproxy.service
+After=network.target
 
 [Service]
-Type=simple
+ExecStart=/usr/local/bin/webhook -hooks /etc/webhook/hooks.json -port 8088
+Restart=always
 User=puppet
 Group=puppet
-WorkingDirectory=/opt/r10k-webhook
+WorkingDirectory=/etc/puppetlabs/code
-ExecStart=/usr/bin/python3 /opt/r10k-webhook/webhook_server.py
+StandardOutput=syslog
-Restart=always
+StandardError=syslog
-RestartSec=5
-Environment=R10K_WEBHOOK_SECRET=YOUR_SECRET_HERE
-LimitNOFILE=65536
-StandardOutput=journal
-StandardError=journal
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target