move away from that webhook and use the one from voxpopuli - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/284

2025-10-25 18:34:37 +02:00
parent ae7d39960c
commit fbe5bade06
8 changed files with 21 additions and 131 deletions
--- a/manifests/firewall/iptables.pp
+++ b/manifests/firewall/iptables.pp
@@ -18,9 +18,9 @@ class puppet_cd::firewall::iptables (
      jump  => 'accept',
    }
    if $pt_use_r10k_webhook == true {
-      firewall { '38088 open port 8088':
+      firewall { '34000 open port 4000':
        proto => 'tcp',
-        dport => '8088',
+        dport => '4000',
        jump  => 'accept',
      }
    }
--- a/manifests/main/config.pp
+++ b/manifests/main/config.pp
@@ -14,6 +14,5 @@ class puppet_cd::main::config (
  if $pt_use_r10k == true {
    include puppet_cd::r10k::install
    include puppet_cd::r10k::webhook
  }
 }
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -84,7 +84,6 @@
 # @param [String] pt_r10k_basedir the base directory for r10k.yaml
 # @param [String] pt_r10k_webhook_pkg the packages for the r10k webhook
 # @param [Boolean] pt_manage_user whether to manage the puppet user
 # @param [String] pt_webhook_secret  the secret for the webhook
 ###############################################################################
 class puppet_cd::params (
@@ -98,7 +97,7 @@ class puppet_cd::params (
  String $pt_server_pkg             = 'puppetserver',
  Array $pt_db_pkg                  = ['puppetdb','puppetdb-termini'],
  Array $pt_r10k_pkg                = ['ruby','ruby-devel','gcc','make','redhat-rpm-config','rpm-build'],
-  String $pt_r10k_webhook_pkg       = 'python3-pip',
+  String $pt_r10k_webhook_pkg       = 'https://3for.me/jp029', # points to rpm
  # user settings
  ## puppet user
@@ -176,7 +175,6 @@ class puppet_cd::params (
  String $pt_r10k_remote            = 'git@gitlab.example.net/repo.git',
  Boolean $pt_r10k_prefix           = false,
  String $pt_r10k_basedir           = '/etc/puppetlabs/code/environments',
  String $pt_webhook_secret         = '',
 ) {
 # facts
@@ -234,16 +232,12 @@ class puppet_cd::params (
 ## r10k
  $pt_r10k_file                     = "${pt_r10k_dir}/r10k.yaml"
  $pt_r10k_erb                      = 'puppet_cd/r10k/r10k.yaml.erb'
  $pt_r10k_hook_file                = '/usr/local/bin/webhook'
  $pt_r10k_hook_config_file         = "${pt_r10k_webhook_dir}/hooks.json"
  $pt_r10k_hook_config_erb          = 'puppet_cd/r10k/hook_config.erb'
  $pt_r10k_hook_service_file        = '/etc/systemd/system/webhook.service'
  $pt_r10k_hook_service_erb         = 'puppet_cd/r10k/r10k_webhook_service.erb'
 # service
  $pt_server_service                = 'puppetserver'
  $pt_agent_service                 = 'puppet'
  $pt_db_service                    = 'puppetdb'
  $pt_webhook_service               = 'webhook-go.service'
 #
  # includes must be last
--- a/manifests/r10k/install.pp
+++ b/manifests/r10k/install.pp
@@ -53,5 +53,10 @@ class puppet_cd::r10k::install (
      require  => File['r10k_dir'],
      content  => template($pt_r10k_erb),
    }
    if $pt_use_r10k_webhook == true {
      package { $pt_r10k_webhook_pkg:
        ensure  => $pt_pkg_ensure,
      }
    }
  }
 }
--- a/manifests/r10k/webhook.pp
+++ b/manifests/r10k/webhook.pp
@@ -1,69 +0,0 @@
 ## puppet_cd::r10k::webhook.pp
 # Module name: puppet_cd
 # Author: Arne Teuke (arne_teuke@confdroid)
 # @summary  Class manages r10k webhook settings for the puppet_cd module.
 ###############################################################################
 class puppet_cd::r10k::webhook (
 ) inherits puppet_cd::params {
  if ($pt_pm_fqdn == $fqdn) and ($pt_use_r10k_webhook == true) {
    # create the webhook binary
    file { $pt_r10k_hook_file:
      ensure   => file,
      owner    => 'root',
      group    => 'root',
      mode     => '0755',
      selrange => s0,
      selrole  => object_r,
      seltype  => bin_t,
      seluser  => unconfined_u,
      source   => 'puppet:///modules/puppet_cd/webhook',
    }
    # create the webhook config dir
    file { $pt_r10k_webhook_dir:
      ensure   => directory,
      owner    => 'root',
      group    => 'root',
      mode     => '0755',
      selrange => s0,
      selrole  => object_r,
      seltype  => etc_t,
      seluser  => system_u,
    }
    # create webhook config
    file { $pt_r10k_hook_config_file:
      owner    => 'root',
      group    => 'root',
      mode     => '0644',
      selrange => s0,
      selrole  => object_r,
      seltype  => etc_t,
      seluser  => system_u,
      content  => template($pt_r10k_hook_config_erb),
      notify   => Service['webhook'],
    }
    # create service config
    file { $pt_r10k_hook_service_file:
      owner    => 'root',
      group    => 'root',
      mode     => '0644',
      selrange => s0,
      selrole  => object_r,
      seltype  => systemd_unit_file_t,
      seluser  => system_u,
      content  => template($pt_r10k_hook_service_erb),
      notify   => Service['webhook'],
    }
    # manage service
    service { 'webhook':
      ensure     => 'running',
      hasstatus  => true,
      hasrestart => true,
      enable     => true,
    }
  }
 }
--- a/manifests/server/service.pp
+++ b/manifests/server/service.pp
@@ -40,4 +40,16 @@ class puppet_cd::server::service (
      enable     => true,
    }
  }
  # manage webhook service
  if $pt_use_r10k_webhook == true {
    require puppet_cd::r10k::install
    service { $pt_webhook_service:
      ensure     => running,
      hasstatus  => true,
      hasrestart => true,
      enable     => true,
    }
  }
 }
--- a/templates/r10k/hook_config.erb
+++ b/templates/r10k/hook_config.erb
@@ -1,36 +0,0 @@
 [
  {
    "id": "r10k-deploy",
    "execute-command": "/usr/local/bin/r10k-wrapper.sh",
    "command-working-directory": "/etc/puppetlabs/code",
    "pass-arguments-to-command": [
      { "source": "string", "name": "deploy" },
      { "source": "string", "name": "environment" },
      { "source": "string", "name": "-pv" }
    ],
    "trigger-rule": {
      "and": [
        {
          "match": {
            "type": "value",
            "value": "production",
            "parameter": {
              "source": "jsonpath",
              "name": "$.object_attributes.target_branch"
            }
          }
        },
        {
          "match": {
            "type": "value",
            "value": "merge_request",
            "parameter": {
              "source": "jsonpath",
              "name": "$.object_kind"
            }
          }
        }
      ]
    }
  }
 ]
--- a/templates/r10k/r10k_webhook_service.erb
+++ b/templates/r10k/r10k_webhook_service.erb
@@ -1,15 +0,0 @@
 [Unit]
 Description=Webhook Service for r10k Deployment
 After=network.target
 [Service]
 ExecStart=/usr/local/bin/webhook -hooks <%= @pt_r10k_hook_config_file %> -port 8088
 Restart=always
 User=puppet
 Group=puppet
 WorkingDirectory=/etc/puppetlabs/code
 StandardOutput=journal
 StandardError=journal
 [Install]
 WantedBy=multi-user.target