From fbe5bade0635d20af5fe07c2c75758223c97b0b0 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Sat, 25 Oct 2025 18:34:37 +0200 Subject: [PATCH] move away from that webhook and use the one from voxpopuli - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/284 --- manifests/firewall/iptables.pp | 4 +- manifests/main/config.pp | 1 - manifests/params.pp | 10 +--- manifests/r10k/install.pp | 5 ++ manifests/r10k/webhook.pp | 69 ------------------------- manifests/server/service.pp | 12 +++++ templates/r10k/hook_config.erb | 36 ------------- templates/r10k/r10k_webhook_service.erb | 15 ------ 8 files changed, 21 insertions(+), 131 deletions(-) delete mode 100644 manifests/r10k/webhook.pp delete mode 100644 templates/r10k/hook_config.erb delete mode 100644 templates/r10k/r10k_webhook_service.erb diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp index d52c19e..a109b8c 100644 --- a/manifests/firewall/iptables.pp +++ b/manifests/firewall/iptables.pp @@ -18,9 +18,9 @@ class puppet_cd::firewall::iptables ( jump => 'accept', } if $pt_use_r10k_webhook == true { - firewall { '38088 open port 8088': + firewall { '34000 open port 4000': proto => 'tcp', - dport => '8088', + dport => '4000', jump => 'accept', } } diff --git a/manifests/main/config.pp b/manifests/main/config.pp index 69027ae..ecd2a8d 100644 --- a/manifests/main/config.pp +++ b/manifests/main/config.pp @@ -14,6 +14,5 @@ class puppet_cd::main::config ( if $pt_use_r10k == true { include puppet_cd::r10k::install - include puppet_cd::r10k::webhook } } diff --git a/manifests/params.pp b/manifests/params.pp index 8e05e88..cf0a390 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -84,7 +84,6 @@ # @param [String] pt_r10k_basedir the base directory for r10k.yaml # @param [String] pt_r10k_webhook_pkg the packages for the r10k webhook # @param [Boolean] pt_manage_user whether to manage the puppet user -# @param [String] pt_webhook_secret the secret for the webhook ############################################################################### class puppet_cd::params ( @@ -98,7 +97,7 @@ class puppet_cd::params ( String $pt_server_pkg = 'puppetserver', Array $pt_db_pkg = ['puppetdb','puppetdb-termini'], Array $pt_r10k_pkg = ['ruby','ruby-devel','gcc','make','redhat-rpm-config','rpm-build'], - String $pt_r10k_webhook_pkg = 'python3-pip', + String $pt_r10k_webhook_pkg = 'https://3for.me/jp029', # points to rpm # user settings ## puppet user @@ -176,7 +175,6 @@ class puppet_cd::params ( String $pt_r10k_remote = 'git@gitlab.example.net/repo.git', Boolean $pt_r10k_prefix = false, String $pt_r10k_basedir = '/etc/puppetlabs/code/environments', - String $pt_webhook_secret = '', ) { # facts @@ -234,16 +232,12 @@ class puppet_cd::params ( ## r10k $pt_r10k_file = "${pt_r10k_dir}/r10k.yaml" $pt_r10k_erb = 'puppet_cd/r10k/r10k.yaml.erb' - $pt_r10k_hook_file = '/usr/local/bin/webhook' - $pt_r10k_hook_config_file = "${pt_r10k_webhook_dir}/hooks.json" - $pt_r10k_hook_config_erb = 'puppet_cd/r10k/hook_config.erb' - $pt_r10k_hook_service_file = '/etc/systemd/system/webhook.service' - $pt_r10k_hook_service_erb = 'puppet_cd/r10k/r10k_webhook_service.erb' # service $pt_server_service = 'puppetserver' $pt_agent_service = 'puppet' $pt_db_service = 'puppetdb' + $pt_webhook_service = 'webhook-go.service' # # includes must be last diff --git a/manifests/r10k/install.pp b/manifests/r10k/install.pp index 92659e1..27c832b 100644 --- a/manifests/r10k/install.pp +++ b/manifests/r10k/install.pp @@ -53,5 +53,10 @@ class puppet_cd::r10k::install ( require => File['r10k_dir'], content => template($pt_r10k_erb), } + if $pt_use_r10k_webhook == true { + package { $pt_r10k_webhook_pkg: + ensure => $pt_pkg_ensure, + } + } } } diff --git a/manifests/r10k/webhook.pp b/manifests/r10k/webhook.pp deleted file mode 100644 index 2a9bca4..0000000 --- a/manifests/r10k/webhook.pp +++ /dev/null @@ -1,69 +0,0 @@ -## puppet_cd::r10k::webhook.pp -# Module name: puppet_cd -# Author: Arne Teuke (arne_teuke@confdroid) -# @summary Class manages r10k webhook settings for the puppet_cd module. -############################################################################### -class puppet_cd::r10k::webhook ( - -) inherits puppet_cd::params { - if ($pt_pm_fqdn == $fqdn) and ($pt_use_r10k_webhook == true) { - # create the webhook binary - file { $pt_r10k_hook_file: - ensure => file, - owner => 'root', - group => 'root', - mode => '0755', - selrange => s0, - selrole => object_r, - seltype => bin_t, - seluser => unconfined_u, - source => 'puppet:///modules/puppet_cd/webhook', - } - - # create the webhook config dir - file { $pt_r10k_webhook_dir: - ensure => directory, - owner => 'root', - group => 'root', - mode => '0755', - selrange => s0, - selrole => object_r, - seltype => etc_t, - seluser => system_u, - } - - # create webhook config - file { $pt_r10k_hook_config_file: - owner => 'root', - group => 'root', - mode => '0644', - selrange => s0, - selrole => object_r, - seltype => etc_t, - seluser => system_u, - content => template($pt_r10k_hook_config_erb), - notify => Service['webhook'], - } - - # create service config - file { $pt_r10k_hook_service_file: - owner => 'root', - group => 'root', - mode => '0644', - selrange => s0, - selrole => object_r, - seltype => systemd_unit_file_t, - seluser => system_u, - content => template($pt_r10k_hook_service_erb), - notify => Service['webhook'], - } - - # manage service - service { 'webhook': - ensure => 'running', - hasstatus => true, - hasrestart => true, - enable => true, - } - } -} diff --git a/manifests/server/service.pp b/manifests/server/service.pp index 680be62..5b57c22 100644 --- a/manifests/server/service.pp +++ b/manifests/server/service.pp @@ -40,4 +40,16 @@ class puppet_cd::server::service ( enable => true, } } + + # manage webhook service + if $pt_use_r10k_webhook == true { + require puppet_cd::r10k::install + + service { $pt_webhook_service: + ensure => running, + hasstatus => true, + hasrestart => true, + enable => true, + } + } } diff --git a/templates/r10k/hook_config.erb b/templates/r10k/hook_config.erb deleted file mode 100644 index 02237c3..0000000 --- a/templates/r10k/hook_config.erb +++ /dev/null @@ -1,36 +0,0 @@ -[ - { - "id": "r10k-deploy", - "execute-command": "/usr/local/bin/r10k-wrapper.sh", - "command-working-directory": "/etc/puppetlabs/code", - "pass-arguments-to-command": [ - { "source": "string", "name": "deploy" }, - { "source": "string", "name": "environment" }, - { "source": "string", "name": "-pv" } - ], - "trigger-rule": { - "and": [ - { - "match": { - "type": "value", - "value": "production", - "parameter": { - "source": "jsonpath", - "name": "$.object_attributes.target_branch" - } - } - }, - { - "match": { - "type": "value", - "value": "merge_request", - "parameter": { - "source": "jsonpath", - "name": "$.object_kind" - } - } - } - ] - } - } -] diff --git a/templates/r10k/r10k_webhook_service.erb b/templates/r10k/r10k_webhook_service.erb deleted file mode 100644 index 74bcffd..0000000 --- a/templates/r10k/r10k_webhook_service.erb +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Webhook Service for r10k Deployment -After=network.target - -[Service] -ExecStart=/usr/local/bin/webhook -hooks <%= @pt_r10k_hook_config_file %> -port 8088 -Restart=always -User=puppet -Group=puppet -WorkingDirectory=/etc/puppetlabs/code -StandardOutput=journal -StandardError=journal - -[Install] -WantedBy=multi-user.target