diff --git a/.vscode/settings.json b/.vscode/settings.json
index e842291..2aa5b11 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -14,9 +14,11 @@
"kahadb",
"levelname",
"logappender",
+ "NOFILE",
"pydantic",
"pylint",
"pytest",
+ "refreshonly",
"repolist",
"requestlogging",
"springframework",
diff --git a/doc/puppet_classes/puppet_cd_3A_3Afirewall_3A_3Aiptables.html b/doc/puppet_classes/puppet_cd_3A_3Afirewall_3A_3Aiptables.html
index 86bc85d..e269b4f 100644
--- a/doc/puppet_classes/puppet_cd_3A_3Afirewall_3A_3Aiptables.html
+++ b/doc/puppet_classes/puppet_cd_3A_3Afirewall_3A_3Aiptables.html
@@ -139,7 +139,14 @@
41
42
43
-44
+44
+45
+46
+47
+48
+49
+50
+51
# File 'manifests/firewall/iptables.pp', line 6
@@ -158,6 +165,13 @@ class puppet_cd::firewall::iptables (
dport => '8443',
jump => 'accept',
}
+ if $pt_use_r10k_webhook == true {
+ firewall { '38080 open port 8080':
+ proto => 'tcp',
+ dport => '8080',
+ jump => 'accept',
+ }
+ }
}
if $fqdn == $pt_db_fqdn {
diff --git a/doc/puppet_classes/puppet_cd_3A_3Aparams.html b/doc/puppet_classes/puppet_cd_3A_3Aparams.html
index 88afd11..5c6da7a 100644
--- a/doc/puppet_classes/puppet_cd_3A_3Aparams.html
+++ b/doc/puppet_classes/puppet_cd_3A_3Aparams.html
@@ -1677,7 +1677,10 @@
245
246
247
-248
+248
+249
+250
+251
|
# File 'manifests/params.pp', line 88
@@ -1833,11 +1836,14 @@ class puppet_cd::params (
$pt_r10k_webhook_erb = 'puppet_cd/r10k/webhook.py.erb'
$pt_r10k_req_file = "${pt_r10k_webhook_dir}/requirements.txt"
$pt_r10k_req_erb = 'puppet_cd/r10k/requirements.txt.erb'
+ $pt_r10k_wh_service_file = '/etc/systemd/system/r10k-webhook.service'
+ $pt_r10k_wh_service_erb = 'puppet_cd/r10k/r10k_webhook_service.erb'
# service
$pt_server_service = 'puppetserver'
$pt_agent_service = 'puppet'
$pt_db_service = 'puppetdb'
+ $pt_r10k_wb_service = 'r10k-webhook'
#
# includes must be last
diff --git a/doc/puppet_classes/puppet_cd_3A_3Ar10k_3A_3Awebhook.html b/doc/puppet_classes/puppet_cd_3A_3Ar10k_3A_3Awebhook.html
index 00efc32..74d9a53 100644
--- a/doc/puppet_classes/puppet_cd_3A_3Ar10k_3A_3Awebhook.html
+++ b/doc/puppet_classes/puppet_cd_3A_3Ar10k_3A_3Awebhook.html
@@ -159,7 +159,38 @@
61
62
63
-64
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+74
+75
+76
+77
+78
+79
+80
+81
+82
+83
+84
+85
+86
+87
+88
+89
+90
+91
+92
+93
+94
+95
|
# File 'manifests/r10k/webhook.pp', line 6
@@ -221,6 +252,37 @@ class puppet_cd::r10k::webhook (
require => [Package[$pt_r10k_webhook_pkg],File[$pt_r10k_req_file]],
unless => 'pip3 show fastapi', # Idempotent check
}
+
+ # establish exec systemd reload
+ exec { 'systemctl_daemon_reload':
+ command => 'systemctl daemon-reload',
+ path => ['/bin', '/usr/bin'],
+ require => Exec['pip_install_r10k_webhook'],
+ refreshonly => true,
+ }
+
+ # install systemd service file
+ file { $pt_r10k_wh_service_file:
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ selrange => s0,
+ selrole => object_r,
+ seltype => systemd_unit_file_t,
+ seluser => system_u,
+ content => template($pt_r10k_wh_service_erb),
+ require => Exec['systemctl_daemon_reload'],
+ notify => Exec['systemctl_daemon_reload'],
+ }
+
+ # manage service
+ service { 'r10k-webhook':
+ ensure => 'running',
+ enable => true,
+ require => File[$pt_r10k_wh_service_file],
+ subscribe => File[$pt_r10k_webhook_file],
+ }
}
}
|
diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp
index daba168..7f4b8b0 100644
--- a/manifests/firewall/iptables.pp
+++ b/manifests/firewall/iptables.pp
@@ -17,6 +17,13 @@ class puppet_cd::firewall::iptables (
dport => '8443',
jump => 'accept',
}
+ if $pt_use_r10k_webhook == true {
+ firewall { '38080 open port 8080':
+ proto => 'tcp',
+ dport => '8080',
+ jump => 'accept',
+ }
+ }
}
if $fqdn == $pt_db_fqdn {
diff --git a/manifests/params.pp b/manifests/params.pp
index d125443..3027126 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -236,11 +236,14 @@ class puppet_cd::params (
$pt_r10k_webhook_erb = 'puppet_cd/r10k/webhook.py.erb'
$pt_r10k_req_file = "${pt_r10k_webhook_dir}/requirements.txt"
$pt_r10k_req_erb = 'puppet_cd/r10k/requirements.txt.erb'
+ $pt_r10k_wh_service_file = '/etc/systemd/system/r10k-webhook.service'
+ $pt_r10k_wh_service_erb = 'puppet_cd/r10k/r10k_webhook_service.erb'
# service
$pt_server_service = 'puppetserver'
$pt_agent_service = 'puppet'
$pt_db_service = 'puppetdb'
+ $pt_r10k_wb_service = 'r10k-webhook'
#
# includes must be last
diff --git a/manifests/r10k/webhook.pp b/manifests/r10k/webhook.pp
index 21ef888..cbce3e5 100644
--- a/manifests/r10k/webhook.pp
+++ b/manifests/r10k/webhook.pp
@@ -60,5 +60,36 @@ class puppet_cd::r10k::webhook (
require => [Package[$pt_r10k_webhook_pkg],File[$pt_r10k_req_file]],
unless => 'pip3 show fastapi', # Idempotent check
}
+
+ # establish exec systemd reload
+ exec { 'systemctl_daemon_reload':
+ command => 'systemctl daemon-reload',
+ path => ['/bin', '/usr/bin'],
+ require => Exec['pip_install_r10k_webhook'],
+ refreshonly => true,
+ }
+
+ # install systemd service file
+ file { $pt_r10k_wh_service_file:
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ selrange => s0,
+ selrole => object_r,
+ seltype => systemd_unit_file_t,
+ seluser => system_u,
+ content => template($pt_r10k_wh_service_erb),
+ require => Exec['systemctl_daemon_reload'],
+ notify => Exec['systemctl_daemon_reload'],
+ }
+
+ # manage service
+ service { 'r10k-webhook':
+ ensure => 'running',
+ enable => true,
+ require => File[$pt_r10k_wh_service_file],
+ subscribe => File[$pt_r10k_webhook_file],
+ }
}
}
diff --git a/templates/r10k/r10k_webhook_service.erb b/templates/r10k/r10k_webhook_service.erb
new file mode 100644
index 0000000..821f0de
--- /dev/null
+++ b/templates/r10k/r10k_webhook_service.erb
@@ -0,0 +1,19 @@
+[Unit]
+Description=r10k Webhook Server
+After=network.target haproxy.service
+
+[Service]
+Type=simple
+User=puppet
+Group=puppet
+WorkingDirectory=/opt/r10k-webhook
+ExecStart=/usr/bin/python3 /opt/r10k-webhook/webhook_server.py
+Restart=always
+RestartSec=5
+Environment=R10K_WEBHOOK_SECRET=YOUR_SECRET_HERE
+LimitNOFILE=65536
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file