In a previous post, I took you through leveraging r10k to automatically trigger and deploy code into you environment.
In this post, I will go through a similar process, but use Puppet Enterprise’s native (and recommended) helper, code manager. Now it should be noted that Code manager basically uses r10k under the covers, but much of the config and management are now abstracted from the user.
Create a deploy user in PE
First up, the deploy user. This user will be the effective user that connects to the git repositories and deploy the code on the PE server.
To create the user, log into the console, and select ‘Access Control’ from the left navbar. Fill in the detail, for this demo, the user will be called puppet_deploy.
Click on the newly created user, and then on the ‘Generate password reset’ button.
After this, still under ‘Access Control’, click on ‘User roles’ -> ‘Code Deployers’, and add the deploy user to this group.
Create an SSH keypair to connect to your git repo
Depending on how you access your remote repos, you may need to create an SSH key pair to authenticate to the remote. If you use a PAT, this is not necessary. In my instance, we do use keypairs, so I will create them.
Create a directory for the SSH keys
mkdir -p /etc/puppetlabs/puppetserver/sshGenerate the key pair
ssh-keygen -t rsa -b 2048 -P '' -f /etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa
PE now contains the ability to setup the internals for you automatically.
# puppet infrastructure configureAdd the newly created public key as a valid key against your control repository. If you do not have a control repository yet, you can clone the example one from Puppet, https://github.com/puppetlabs/control-repo.git
Make sure you have a branch for each environment in your installation inside the control repo, and that you’ve added (and tested), access to the repo based on the key.
Configure PE to use the key pair
In the console, head over to Node groups (previous versions had this as Classification).
Navigate to PE Infrastructure -> PE Master. For the puppet_enterprise::profile::master class, set the following parameters:
* code_manager_auto_configure to true: This enables and configures both Code Manager and file sync.
* r10k_remote: This is the location of your control repository. Enter a string that is a valid URL for your Git control repository. For example: "git@<YOUR.GIT.SERVER.COM>:puppet/control.git".
* r10k_private_key: Enter a string specifying the path to the SSH private key that permits the pe-puppet user to access your Git repositories. This file must be located on the master, owned by the pe-puppet user, and located in a directory that the pe-puppet user has permission to view. We recommend /etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa.It should then look something like this
Commit the changes and run the puppet agent on the master until all changes are affected. This will typically be 2 – 3 runs.
Test the integrations
Internally, the process will run as the pe-puppet user. If you use a webhook, so don’t need a local user, but if you choose to trigger a deployment via a user or ssh, you will need a user with a valid token. I will be using a webhook but will show the process for using a local user, in this case, pe-puppet. The auth works via a token, and that token contains the detail of the puppet_deploy user, so any user can use the token.
It is also well worth noting, that you can even trigger puppet-code from a remote machine using the puppet client tools! Should you choose to do so, create a token on the client node, and you can trigger it via curl https://$(puppet config print server):8170/code-manager/v1/webhook?type=github&token=<TOKEN>
But, to test using a local user (pe-puppet in this instance):
# su - pe-puppet -s /bin/bash
$ /opt/puppetlabs/bin/puppet-access login --lifetime 180d
All that is left is to do a dry run of the setup:
That’s it! You now have a working Code Manger instance!
You can trigger code manager to do the actual deployment, by running one of the following:
For a specific environment only: puppet-code deploy {environment_name} --wait
For all environments:puppet-code deploy --all --wait
Next steps will be to either trigger the command via a CI tool, or to set up a web hook to do the trigger depending on your preference. I’ll cover those in a future post.
Happy deploying!!