CHANGELOG

@@ -1,3 +1,5 @@
+2.8.1 - See Commit History
+  * Multiple Webhook updates for Centos 7 and Debian
 2.8.0 - Tom linkin
   * Support for systemd on EL7 for webhook
 2.7.4 - Rob Nelson

README.md

@@ -108,16 +108,16 @@ git_deploy_key { 'add_deploy_key_to_puppet_control':
   provider     => 'gitlab',
 }
 ```
-A simple example of creating a ssh private key would using an exec to call `yes y | ssh-keygen -t dsa -C "r10k" -f /root/.ssh/id_dsa -q -N ''`.
+A simple example of creating an ssh private key would use an exec to call `yes y | ssh-keygen -t dsa -C "r10k" -f /root/.ssh/id_dsa -q -N ''`.
 The example above shows using `git_deploy_key` which would deploy that key to the remote git server via its api. This is often required in the programtic creation of compile masters.
 
 Given r10k will likely be downloading your modules, often on the first server
-its ran on you will have to puppet apply this module to bootstrap this
+it's run on, you will have to `puppet apply` this module to bootstrap this
 configuration and allow for ongoing management from there.
 
 ### Beginning with r10k
 
-The simplest example of using it would to declare a single remote that would be written to r10k.yaml.
+The simplest example of using it would be to declare a single remote that would be written to r10k.yaml.
 
 ```puppet
 class { 'r10k':
@@ -240,6 +240,9 @@ on demand synchronization. This mcollective application and agent can be
 installed on all masters using the following class
 _Note: You must have mcollective already configured for this tool to work,
 Puppet Enterprise users will automatically have mcollective configured._
+This class does not restart the mcollective or pe-mcollective server on the
+nodes to which it is applied, so you may need to restart mcollective for it
+to see the newly installed r10k agent.
 ```puppet
 include r10k::mcollective
 ```
@@ -270,7 +273,7 @@ the `user` parameter:
 mco r10k synchronize user=r10k
 ```
 
-Too obtain the output of running the shell command, run the agent like this:
+To obtain the output of running the shell command, run the agent like this:
 
 ```shell
 mco rpc r10k synchronize -v
@@ -297,7 +300,7 @@ Copy the peadmin mcollective configuration and private keys from the certificate
 ~~~
 Ensure you update the paths in _~/.mcollective_ when copying to new users whose name is not peadmin.
 Ideally mcollective will be used with more then just the peadmin user's certificate
-in the future. That said, if your git user does not have a home diretory, you can rename .mcollective as /etc/client.cfg
+in the future. That said, if your git user does not have a home directory, you can rename .mcollective as /etc/client.cfg
 and copy the certs to somewhere that is readable by the respective user.
 ~~~
 /home/gitolite/.mcollective
@@ -317,8 +320,8 @@ This webhook currently only runs on Puppet Enterprise and uses mcollective to au
 The webhook must be configured on the respective "control" repository a master that has mco installed and can contact the other masters in your fleet.
 
 ### Webhook Github Enterprise - Non Authenticated 
-This is an example of using the webhook without authentication
-The `git_webhook` type will using the [api token](https://help.github.com/articles/creating-an-access-token-for-command-line-use/) to add the webhook to the "control" repo that contains your puppetfile. This is typically useful when you want all automate the addtion of the webhook to the repo.
+This is an example of using the webhook without authentication.
+The `git_webhook` type will use the [api token](https://help.github.com/articles/creating-an-access-token-for-command-line-use/) to add the webhook to the "control" repo that contains your puppetfile. This is typically useful when you want to automate the addtion of the webhook to the repo.
 
 ```puppet
 # Internal webhooks often don't need authentication and ssl
@@ -362,7 +365,7 @@ git_webhook { 'web_post_receive_webhook_for_module' :
 
 ### Webhook Github Example - Authenticated 
 This is an example of using the webhook with authentication
-The `git_webhook` type will using the [api token](https://help.github.com/articles/creating-an-access-token-for-command-line-use/) to add the webhook to the "control" repo that contains your puppetfile. This is typically useful when you want all automate the addtion of the webhook to the repo.
+The `git_webhook` type will use the [api token](https://help.github.com/articles/creating-an-access-token-for-command-line-use/) to add the webhook to the "control" repo that contains your puppetfile. This is typically useful when you want to automate the addtion of the webhook to the repo.
 
 ```puppet
 # External webhooks often need authentication and ssl and authentication
@@ -554,6 +557,7 @@ The supported installation modes for this module
 * yum
 * bundle
 * pe_gem
+* puppet_gem
 * gem
 * zypper
 

files/stash_mco.rb

@@ -1,4 +1,4 @@
-#!/opt/puppet/bin/ruby
+#!/usr/bin/env ruby
 #
 # This script is meant to be used with the external hooks script for Stash:
 # https://marketplace.atlassian.com/plugins/com.ngs.stash.externalhooks.external-hooks
@@ -14,7 +14,7 @@
 opts = GetoptLong.new(
   [ '--target',   '-t', GetoptLong::REQUIRED_ARGUMENT ],
   [ '--insecure', '-k', GetoptLong::NO_ARGUMENT ],
-  [ '--help',     '-h', GetoptLong::NO_ARGUMENT ],
+  [ '--help',     '-h', GetoptLong::NO_ARGUMENT ]
 )
 
 target = nil

manifests/config.pp

@@ -10,9 +10,6 @@
 # * [*sources*]
 #   Hash containing data sources to be used by r10k to create dynamic Puppet
 #   environments. Default: {}
-# * [*purgedirs*]
-#   An Array of directory paths to purge of any subdirectories that do not
-#   correspond to a dynamic environment managed by r10k. Default: []
 # * [*manage_configfile_symlink*]
 #   Boolean to determine if a symlink to the r10k config file is to be managed.
 #   Default: false
@@ -32,10 +29,6 @@
 #        'basedir' => '/some/other/basedir'
 #      },
 #    },
-#    purgedirs => [
-#      "${::settings::confdir}/environments",
-#      '/some/other/basedir',
-#    ],
 #  }
 #
 # == Documentation
@@ -53,11 +46,11 @@
   $modulepath                = undef,
   $remote                    = '',
   $sources                   = 'UNSET',
-  $purgedirs                 = [],
   $puppetconf_path           = $r10k::params::puppetconf_path,
   $r10k_basedir              = $r10k::params::r10k_basedir,
   $manage_configfile_symlink = $r10k::params::manage_configfile_symlink,
   $configfile_symlink        = '/etc/r10k.yaml',
+  $r10k_yaml_template        = 'r10k/r10k.yaml.erb'
 ) inherits r10k::params {
 
   validate_bool($manage_modulepath)
@@ -92,7 +85,7 @@
     group   => '0',
     mode    => '0644',
     path    => $configfile,
-    content => template('r10k/r10k.yaml.erb'),
+    content => template($r10k_yaml_template),
   }
 
   if $manage_configfile_symlink_real == true {

manifests/init.pp

@@ -2,7 +2,6 @@
 class r10k (
   $remote                    = $r10k::params::remote,
   $sources                   = $r10k::params::sources,
-  $purgedirs                 = $r10k::params::r10k_purgedirs,
   $cachedir                  = $r10k::params::r10k_cache_dir,
   $configfile                = $r10k::params::r10k_config_file,
   $version                   = $r10k::params::version,
@@ -47,7 +46,6 @@
     cachedir                  => $cachedir,
     configfile                => $configfile,
     sources                   => $sources,
-    purgedirs                 => $purgedirs,
     modulepath                => $modulepath,
     remote                    => $remote,
     manage_modulepath         => $manage_modulepath,

manifests/install.pp

@@ -20,6 +20,7 @@
 
   if $package_name == '' {
     case $provider {
+      'openbsd': { $real_package_name = 'ruby21-r10k' }
       'portage': { $real_package_name = 'app-admin/r10k' }
       'yum':     { $real_package_name = 'rubygem-r10k' }
       default:   { $real_package_name = 'r10k' }
@@ -39,7 +40,7 @@
         version      => $version,
       }
     }
-    'pe_gem', 'gem', 'yum', 'zypper': {
+    'pe_gem', 'puppet_gem', 'gem', 'openbsd', 'yum', 'zypper': {
       if $provider == 'gem' {
         class { 'r10k::install::gem':
           manage_ruby_dependency => $manage_ruby_dependency,
@@ -56,22 +57,22 @@
       # empty to value to the gem,pe_gem providers. This code
       # converts an empty array to semi-standard gem options
       # This was previously undef but that caused strict var issues
-      if $provider in ['pe_gem','gem' ] and $install_options == [] {
+      if $provider in ['pe_gem', 'puppet_gem', 'gem' ] and $install_options == [] {
         $provider_install_options = ['--no-ri', '--no-rdoc']
       } else {
         $provider_install_options = $install_options
       }
 
       # Puppet Enterprise 3.8 and ships an embedded r10k so thats all thats supported
-      # This conditional should not effect FOSS customers based on the fact
-      unless versioncmp($::pe_version, '3.8.0') >= 0 {
+      # This conditional should not effect FOSS customers based on the fact 
+      unless ($::is_pe == 'true' or $::is_pe == true) and versioncmp($::pe_version, '3.8.0') >= 0 {
         package { $real_package_name:
           ensure          => $version,
           provider        => $provider,
           install_options => $provider_install_options
         }
       }
     }
-    default: { fail("${provider} is not supported. Valid values are: 'gem', 'pe_gem', 'bundle', 'portage', 'yum', 'zypper'") }
+    default: { fail("${module_name}: ${provider} is not supported. Valid values are: 'gem', 'pe_gem', 'puppet_gem', 'bundle', 'openbsd', 'portage', 'yum', 'zypper'") }
   }
 }

manifests/mcollective.pp

@@ -7,14 +7,23 @@
   $app_path          = $r10k::params::mc_application_path,
   $mc_service        = $r10k::params::mc_service_name,
   $http_proxy        = $r10k::params::mc_http_proxy,
-  $git_ssl_verify    = $r10k::params::mc_git_ssl_verify,
+  $git_ssl_verify    = $r10k::params::mc_git_ssl_verify, # Deprecated
+  $git_ssl_no_verify = $r10k::params::mc_git_ssl_no_verify,
 ) inherits r10k::params {
   File {
     ensure => present,
     owner  => 'root',
     group  => '0',
     mode   => '0644',
   }
+
+  if $git_ssl_verify {
+    warning('$git_ssl_verify parameter is deprecated, please use $git_ssl_no_verify instead')
+    $agent_no_verify = $git_ssl_verify
+  } else {
+    $agent_no_verify = $git_ssl_no_verify
+  }
+
   # Install the agent and its ddl file
   file { "${app_path}/${app_name}":
     source => "puppet:///modules/${module_name}/application/${agent_name}",

manifests/params.pp

@@ -12,7 +12,6 @@
   $r10k_config_file          = '/etc/r10k.yaml'
   $r10k_cache_dir            = '/var/cache/r10k'
   $r10k_basedir              = "${::settings::confdir}/environments"
-  $r10k_purgedirs            = $r10k_basedir
   $manage_configfile_symlink = false
   $configfile_symlink        = '/etc/r10k.yaml'
 
@@ -21,22 +20,16 @@
   $repo_path  = '/var/repos'
   $remote     = "ssh://${git_server}${repo_path}/modules.git"
 
-  # prerun_command in puppet.conf
-  $pre_postrun_command = 'r10k deploy environment -p'
-
   # Gentoo specific values
   $gentoo_keywords = ''
 
   # Include the mcollective agent
   $mcollective = false
 
   # Webhook configuration information
-  $webhook_user                  = 'puppet'
-  $webhook_pass                  = 'puppet'
   $webhook_bind_address          = '0.0.0.0'
   $webhook_port                  = '8088'
   $webhook_access_logfile        = '/var/log/webhook/access.log'
-  $webhook_mco_logfile           = '/var/log/webhook/mco_output.log'
   $webhook_certname              = 'peadmin'
   $webhook_certpath              = '/var/lib/peadmin/.mcollective.d'
   $webhook_client_cfg            = '/var/lib/peadmin/.mcollective'
@@ -51,12 +44,16 @@
   $webhook_r10k_deploy_arguments = '-pv'
   $webhook_public_key_path       = undef
   $webhook_private_key_path      = undef
+  $webhook_bin_template          = 'r10k/webhook.bin.erb'
+  $webhook_yaml_template         = 'r10k/webhook.yaml.erb'
+  $webhook_command_prefix        = '' # 'sudo' is the canonical example for this
 
-  if $::osfamily == Debian {
+  if $::osfamily == 'Debian' {
     $functions_path     = '/lib/lsb/init-functions'
     $start_pidfile_args = '--pidfile=$pidfile'
-  }
-  else {
+  } elsif $::osfamily == 'SUSE' {
+    $functions_path     = '/etc/rc.status'
+  } else {
     $functions_path     = '/etc/rc.d/init.d/functions'
     $start_pidfile_args = '--pidfile $pidfile'
   }
@@ -70,47 +67,82 @@
     $plugins_dir     = '/opt/puppet/libexec/mcollective/mcollective'
     $modulepath      = "${r10k_basedir}/\$environment/modules:${pe_module_path}"
     $provider        = 'pe_gem'
+    $r10k_binary     = 'r10k'
+
+    # webhook
+    $webhook_user    = 'peadmin'
+    $webhook_pass    = 'peadmin'
+    $webhook_group   = 'peadmin'
   } else {
     # Getting ready for FOSS support in this module
     $puppetconf_path = '/etc/puppet'
 
     # Mcollective configuration dynamic
-    $mc_service_name = 'mcollective'
     $modulepath = "${r10k_basedir}/\$environment/modules"
 
+    # webhook
+    $webhook_user    = 'puppet'
+    $webhook_pass    = 'puppet'
+    $webhook_group   = 'puppet'
+
     case $::osfamily {
       'debian': {
-        $plugins_dir = '/usr/share/mcollective/plugins/mcollective'
-        $provider    = 'gem'
+        $plugins_dir     = '/usr/share/mcollective/plugins/mcollective'
+        $provider        = 'gem'
+        $r10k_binary     = 'r10k'
+        $mc_service_name = 'mcollective'
       }
       'gentoo': {
-        $plugins_dir = '/usr/libexec/mcollective/mcollective'
-        $provider    = 'portage'
+        $plugins_dir     = '/usr/libexec/mcollective/mcollective'
+        $provider        = 'portage'
+        $r10k_binary     = 'r10k'
+        $mc_service_name = 'mcollective'
       }
       'suse': {
-        $plugins_dir = '/usr/share/mcollective/plugins/mcollective'
-        $provider    = 'zypper'
+        $plugins_dir     = '/usr/share/mcollective/plugins/mcollective'
+        $provider        = 'zypper'
+        $r10k_binary     = 'r10k'
+        $mc_service_name = 'mcollective'
+      }
+      'openbsd': {
+        $plugins_dir     = '/usr/local/libexec/mcollective/mcollective'
+        $provider        = 'openbsd'
+        $r10k_binary     = 'r10k21'
+        $mc_service_name = 'mcollectived'
       }
       default: {
-        $plugins_dir = '/usr/libexec/mcollective/mcollective'
-        $provider    = 'gem'
+        $plugins_dir     = '/usr/libexec/mcollective/mcollective'
+        $provider        = 'gem'
+        $r10k_binary     = 'r10k'
+        $mc_service_name = 'mcollective'
       }
     }
   }
 
+  # prerun_command in puppet.conf
+  $pre_postrun_command = "${r10k_binary} deploy environment -p"
+
+
   # Mcollective configuration static
   $mc_agent_name       = "${module_name}.rb"
   $mc_agent_ddl_name   = "${module_name}.ddl"
   $mc_app_name         = "${module_name}.rb"
   $mc_agent_path       = "${plugins_dir}/agent"
   $mc_application_path = "${plugins_dir}/application"
   $mc_http_proxy       = undef
-  $mc_git_ssl_verify   = 0
+  $mc_git_ssl_verify    = undef # Deprecated parameter - Renamed to $mc_git_ssl_no_verify for clarity
+  $mc_git_ssl_no_verify = 0
 
   # Service Settings for SystemD in EL7
   if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7' {
     $webhook_service_file     = '/usr/lib/systemd/system/webhook.service'
     $webhook_service_template = 'webhook.service.erb'
+  } elsif $::osfamily == 'Gentoo' {
+    $webhook_service_file     = '/etc/init.d/webhook'
+    $webhook_service_template = 'webhook.init.gentoo.erb'
+  } elsif $::osfamily == 'SUSE' and $::operatingsystemmajrelease >= '12' {
+    $webhook_service_file     = '/etc/systemd/system/webhook.service'
+    $webhook_service_template = 'webhook.service.erb'
   } else {
     $webhook_service_file     = '/etc/init.d/webhook'
     $webhook_service_template = 'webhook.init.erb'