move to webrick webhook - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/284

.vscode/settings.json

@@ -21,11 +21,13 @@
         "refreshonly",
         "repolist",
         "requestlogging",
+        "rubygems",
         "springframework",
         "startswith",
         "Supress",
         "trapperkeeper",
         "utcnow",
-        "uvicorn"
+        "uvicorn",
+        "webrick"
     ]
 }

manifests/firewall/iptables.pp

@@ -18,9 +18,9 @@ class puppet_cd::firewall::iptables (
       jump  => 'accept',
     }
     if $pt_use_r10k_webhook == true {
-      firewall { '34000 open port 4000':
+      firewall { "3${pt_r10k_webhook_port} open port ${pt_r10k_webhook_port}":
         proto => 'tcp',
-        dport => '4000',
+        dport => $pt_r10k_webhook_port
         jump  => 'accept',
       }
     }

manifests/params.pp

@@ -82,8 +82,9 @@
 # @param [String] pt_r10k_remote the remote url for the r10k control repo
 # @param [Boolean] pt_r10k_prefix the r10k prefix. defaults to false
 # @param [String] pt_r10k_basedir the base directory for r10k.yaml
-# @param [String] pt_r10k_webhook_pkg the packages for the r10k webhook
+# @param [Array] pt_r10k_webhook_pkg the packages for the r10k webhook
 # @param [Boolean] pt_manage_user whether to manage the puppet user
+# @param [String] pt_r10k_webhook_port the port for the webhook listener
 ###############################################################################
 class puppet_cd::params (
 
@@ -96,8 +97,8 @@ class puppet_cd::params (
   String $pt_agent_pkg              = 'puppet-agent',
   String $pt_server_pkg             = 'puppetserver',
   Array $pt_db_pkg                  = ['puppetdb','puppetdb-termini'],
-  Array $pt_r10k_pkg                = ['ruby','ruby-devel','gcc','make','redhat-rpm-config','rpm-build'],
+  Array $pt_r10k_pkg                = ['ruby','ruby-devel','rubygems','gcc','make'],
-  String $pt_r10k_webhook_pkg       = '/tmp/webhook-go.rpm',
+  Array $pt_r10k_webhook_pkg        = ['webrick', 'r10k_gitlab_webhook'],
 
   # user settings
   ## puppet user
@@ -175,6 +176,7 @@ class puppet_cd::params (
   String $pt_r10k_remote            = 'git@gitlab.example.net/repo.git',
   Boolean $pt_r10k_prefix           = false,
   String $pt_r10k_basedir           = '/etc/puppetlabs/code/environments',
+  String $pt_r10k_webhook_port      = '8080'.
 
 ) {
 # facts
@@ -232,12 +234,15 @@ class puppet_cd::params (
 ## r10k
   $pt_r10k_file                     = "${pt_r10k_dir}/r10k.yaml"
   $pt_r10k_erb                      = 'puppet_cd/r10k/r10k.yaml.erb'
+  $pt_webhook_link                  = 'ln -sf  /usr/local/share/gems/gems/r10k_gitlab_webhook-0.1.3/bin/r10k_gitlab_webhook /usr/bin/'
+  $pt_webhook_service_file          = '/etc/systemd/system/r10k_gitlab_webhook.service'
+  $pt_webhook_service_erb           = 'puppet_cd/r10k/r10k_webhook_service.erb'
 
 # service
   $pt_server_service                = 'puppetserver'
   $pt_agent_service                 = 'puppet'
   $pt_db_service                    = 'puppetdb'
-  $pt_webhook_service               = 'webhook-go.service'
+  $pt_r10k_webhook_service          = 'r10k_gitlab_webhook'
 
 #
   # includes must be last

manifests/r10k/install.pp

@@ -25,6 +25,7 @@ class puppet_cd::r10k::install (
     package { 'r10k':
       ensure   => $pt_pkg_ensure,
       provider => gem,
+      require  => Package[$pt_r10k_pkg],
     }
 
     # create r10k dir
@@ -53,16 +54,37 @@ class puppet_cd::r10k::install (
       require  => File['r10k_dir'],
       content  => template($pt_r10k_erb),
     }
+
     if $pt_use_r10k_webhook == true {
-      file { $pt_r10k_webhook_pkg:
+      package { $pt_r10k_webhook_pkg:
-        ensure => file,
+        ensure   => present,
-        source => 'puppet:///modules/puppet_cd/webhook-go.rpm'
+        provider => gem,
+        require  => Package[$pt_r10k_pkg],
       }
 
-      exec { 'install rpm':
+      exec { 'create symlink':
-        command => "yum install -y ${pt_r10k_webhook_pkg}",
+        command => $pt_webhook_link,
-        unless  => 'rpm -qa | grep webhook-go',
+        creates => '/usr/bin/r10k_gitlab_webhook',
-        require => File[$pt_r10k_webhook_pkg],
+        path    => ['/bin', '/usr/bin'],
+        require => Package[$pt_r10k_webhook_pkg],
+      }
+
+      file { $pt_webhook_service_file:
+        ensure   => file,
+        owner    => 'root',
+        group    => 'root',
+        mode     => '0664',
+        selrange => s0,
+        selrole  => object_r,
+        seltype  => puppet_etc_t,
+        seluser  => unconfined_u,
+        content  => template($pt_webhook_service_erb),
+        notify   => [Service[$pt_r10k_webhook_service],Exec['systemctl-daemon-reload']],
+      }
+
+      exec { 'systemctl-daemon-reload':
+        command     => '/bin/systemctl daemon-reload',
+        refreshonly => true,
       }
     }
   }

manifests/server/service.pp

@@ -44,8 +44,7 @@ class puppet_cd::server::service (
   # manage webhook service
   if $pt_use_r10k_webhook == true {
     require puppet_cd::r10k::install
-
+    service { $pt_r10k_webhook_service:
-    service { $pt_webhook_service:
       ensure     => running,
       hasstatus  => true,
       hasrestart => true,

templates/r10k/r10k_webhook_service.erb

@@ -0,0 +1,12 @@
+[Unit]
+    Description=r10k GitLab Webhook
+    After=network.target
+
+    [Service]
+    ExecStart=/usr/bin/r10k_gitlab_webhook -p <%= @pt_r10k_webhook_port %>
+    Restart=always
+    User=root
+    WorkingDirectory=/etc/puppetlabs/code
+
+    [Install]
+    WantedBy=multi-user.target