Enabling Code Manager

Enabling Code Manager across your architecture is easy in Puppet Enterprise, because it's prebundled in the system. The only artifact that must be generated on each master is the SSH key used to access the control repository and any other Git repositories in the Puppetfile. These SSH keys should be created with no password, and should be protected on the Puppet Master. Additionally, if you are using a Git service that supports it, enter this key as a deploy key, rather than a user key. Deploy keys only have the ability to check out code, and cannot submit code back to the Git server. For a single master, the following commands can be run as the root user or with sudo, to generate an SSH key:

# Create SSH Directory
$ sudo mkdir -p /etc/puppetlabs/puppetserver/ssh

# Generate SSH Key - With No Password
$ sudo ssh-keygen

Generating public/private rsa key pair.
Enter file in which to save the key (/var/root/.ssh/id_rsa): /etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa.
Your public key has been saved in /etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa.pub.
The key fingerprint is:
SHA256:Random key root@server
The key's randomart image is:
+---[RSA 2048]----+
Random Art
+----[SHA256]-----+

# Ensure pe-puppet owns the directory and the keys
$sudo chown -R pe-puppet:pe-puppet /etc/puppetlabs/puppetserver/ssh

The simplest way to enable Code Manager after the generation of a key is to enter the classification of a PE Master, underneath the PE Infrastructure in the Puppet Enterprise console. Add the following parameters under the puppet_enterprise::profile::master class:

  • r10k_private_key: Location of the private key generated and made available on the Puppet Master.
  • r10k_remote: Location of the control repository—should be a Git URL.
  • code_manager_auto_configure: Set to true. This lets Puppet set it up automatically.
  • r10k_proxy (Optional): Set the URL of a proxy to reach the Forge, if your master can only reach the internet via a proxy.

An example of this classification without a proxy is as follows:

Some organizations would prefer to store their changes to Puppet in code, rather than in the PE console. The following code is also representative of the preceding changes, but the Puppet Master will fail to compile catalogs until puppet_enterprise::profile::master is removed from the PE console. To enable Code Manager with a profile instead of through the console, apply the following to the master, after removing the same class from the console: 

class profile::pe_master {

  sshkey {'codemanager':
    ensure => present,
    key    => 'Long String of Private Key',
    target => '/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa',
    type   => 'ssh-rsa',
  }

  class puppet_enterprise::profile::master {
    code_manager_auto_configure => true,
    r10k_remote                 => '[email protected]:control-repo.git',
    r10k_private_key            => '/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa',
  }

}

Each of these methods enables Code Manager on the master, enabling remote PE client tools to deploy environments from a separate workstation.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.38.117