readd r10k webhook - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/284

2025-10-23 18:56:22 +02:00
parent 61fedb63a8
commit fe12537dda
6 changed files with 35 additions and 51 deletions
--- a/manifests/firewall/iptables.pp
+++ b/manifests/firewall/iptables.pp
@@ -18,9 +18,9 @@ class puppet_cd::firewall::iptables (
      jump  => 'accept',
    }
    if $pt_use_r10k_webhook == true {
-      firewall { '38080 open port 8080':
+      firewall { '38088 open port 8088':
        proto => 'tcp',
-        dport => '8080',
+        dport => '8088',
        jump  => 'accept',
      }
    }
--- a/manifests/main/config.pp
+++ b/manifests/main/config.pp
@@ -12,8 +12,8 @@ class puppet_cd::main::config (
    include puppet_cd::puppetdb::service
  }
-#  if $pt_use_r10k == true {
+  if $pt_use_r10k == true {
-#    include puppet_cd::r10k::install
+    include puppet_cd::r10k::install
-#    include puppet_cd::r10k::webhook
+    include puppet_cd::r10k::webhook
-#  }
+  }
 }
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -203,7 +203,7 @@ class puppet_cd::params (
  $pt_puppetdb_var_dir              = '/opt/puppetlabs/server/data/puppetdb'
 ## r10k
  $pt_r10k_dir                      = "${pt_main_dir}/r10k"
-  $pt_r10k_webhook_dir              = '/opt/r10k-webhook'
+  $pt_r10k_webhook_dir              = '/etc/r10k-webhook'
 # files
 ## puppet
@@ -236,8 +236,8 @@ class puppet_cd::params (
  $pt_r10k_webhook_erb              = 'puppet_cd/r10k/webhook.py.erb'
  $pt_r10k_req_file                 = "${pt_r10k_webhook_dir}/requirements.txt"
  $pt_r10k_req_erb                  = 'puppet_cd/r10k/requirements.txt.erb'
-  $pt_r10k_wh_service_file          = '/etc/systemd/system/r10k-webhook.service'
+  $pt_r10k_wh_config_file           =  "${pt_r10k_webhook_dir}/config.json"
-  $pt_r10k_wh_service_erb           = 'puppet_cd/r10k/r10k_webhook_service.erb'
+  $pt_r10k_wh_config_erb            = 'puppet_cd/r10k/r10k_webhook_config.erb'
 # service
  $pt_server_service                = 'puppetserver'
--- a/manifests/r10k/webhook.pp
+++ b/manifests/r10k/webhook.pp
@@ -13,27 +13,17 @@ class puppet_cd::r10k::webhook (
    }
    # create the webhook dir
-    file { '/opt/r10k-webhook':
+    file { $pt_r10k_webhook_dir:
      ensure   => directory,
-      path     => $pt_r10k_webhook_dir,
+      owner    => 'root',
-      owner    => 'puppet',
+      group    => 'root',
      group    => 'puppet',
      mode     => '0755',
      selrange => s0,
      selrole  => object_r,
-      seltype  => puppet_etc_t,
+      seltype  => etc_t,
      seluser  => system_u,
    }
    # create the log file
    file { '/var/log/r10k-webhook.log':
      ensure  => file,
      owner   => 'puppet',
      group   => 'puppet',
      mode    => '0644',
      require => File['/opt/r10k-webhook'],
    }
    # create the requirements file
    file { $pt_r10k_req_file:
      ensure   => file,
@@ -42,26 +32,26 @@ class puppet_cd::r10k::webhook (
      mode     => '0644',
      selrange => s0,
      selrole  => object_r,
-      seltype  => puppet_etc_t,
+      seltype  => etc_t,
      seluser  => system_u,
      content  => template($pt_r10k_req_erb),
      require  => File['/var/log/r10k-webhook.log'],
    }
-    # create the binary file
+    # create the webhook config file
-    file { $pt_r10k_webhook_file:
+    file { $pt_r10k_wh_config_file:
      ensure   => file,
-      owner    => 'puppet',
+      owner    => 'root',
-      group    => 'puppet',
+      group    => 'root',
      mode     => '0644',
      selrange => s0,
      selrole  => object_r,
-      seltype  => puppet_etc_t,
+      seltype  => etc_t,
      seluser  => system_u,
-      content  => template($pt_r10k_webhook_erb),
+      content  => template($pt_r10k_wh_config_erb),
-      require  => File['/opt/r10k-webhook'],
+      require  => File[$pt_r10k_webhook_dir],
    }
    # install pip dependencies
    exec { 'pip_install_r10k_webhook':
      command => 'pip3 install --user -r /opt/r10k-webhook/requirements.txt',
@@ -78,26 +68,11 @@ class puppet_cd::r10k::webhook (
      refreshonly => true,
    }
    # install systemd service file
    file { $pt_r10k_wh_service_file:
      ensure   => file,
      owner    => 'root',
      group    => 'root',
      mode     => '0644',
      selrange => s0,
      selrole  => object_r,
      seltype  => systemd_unit_file_t,
      seluser  => system_u,
      content  => template($pt_r10k_wh_service_erb),
      notify   => Exec['systemctl_daemon_reload'],
    }
    # manage service
    service { 'r10k-webhook':
      ensure    => 'running',
      enable    => true,
-      require   => File[$pt_r10k_wh_service_file],
+      subscribe => File[$pt_r10k_wh_config_file],
      subscribe => File[$pt_r10k_webhook_file],
    }
  }
 }
--- a/templates/r10k/r10k_webhook_config.erb
+++ b/templates/r10k/r10k_webhook_config.erb
@@ -0,0 +1,8 @@
 {
  "flush_env_cache": false,
  "branch_to_env_map": {
    "master": "production",
    "^env_(.*)$": "\g<1>"
  },
  "allowed_branches": "^(env_[\w]+|master)$"
 }
--- a/templates/r10k/requirements.txt.erb
+++ b/templates/r10k/requirements.txt.erb
@@ -1,3 +1,4 @@
-fastapi==0.115.0
+#fastapi==0.115.0
-uvicorn==0.30.6
+#uvicorn==0.30.6
-pydantic==2.8.2
+#pydantic==2.8.2
 r10k-webhook