To set up an integration between your Puppet Enterprise (PE) instance and Continuous Delivery for PE, you must first set up a dedicated PE user with appropriate permissions, then add your PE instance's credentials to Continuous Delivery for PE.
Create a Continuous Delivery user and user role in PE
Create a "Continuous Delivery" user and user role in PE. This allows you to view a centralized log of the activities Continuous Delivery for PE performs on your behalf. You'll also use this user account when generating the PE authentication token required by the setup process.
- To begin, create a new user. In the PE console, click > .
- Enter a full name (such as Continuous Delivery User) and a login name (such as cdpe_user) and click Add local user.
- Next, create a user role containing the permissions the Continuous Delivery User needs when operating Continuous Delivery for PE. In the PE console, click > .
- Enter a name and (optional) description for new role, such as CDPE User Role, then click Add role.
- Select the user role you've just created from the list on the User roles page.
Click Permissions. Assign the following permissions to the user
Type Permission Object Job orchestrator Start, stop, and view jobs - Node groups Create, edit, and delete child groups All Node groups View All Node groups Edit configuration data All Node groups Set environment All Nodes View node data from PuppetDB - Puppet agent Run Puppet on agent nodes - Puppet environment Deploy code All Puppet ServerNote: This permission is only available in PE 2019.1.x and newer versions. If you are using an older version of PE, you do not need to set this permission. Compile catalogs for remote nodes -
- Once all the permissions have been added, click Commit changes.
- Add your Continuous Delivery user to the user role. Click Member users. Select the name of the user you created earlier, and click Add user, then commit your change.
Your user is now set up and has been given the permissions needed to operate Continuous Delivery for PE. Before proceeding, create a password for the Continuous
- Return to the Users page.
- Find and click the full name of your newly created user, then click Generate password reset.
- Follow the link created and create a password for the user. You'll use this password when adding your PE credentials to Continuous Delivery for PE.
Add your Puppet Enterprise credentials
Establishing an integration with your Puppet Enterprise (PE) instance allows Continuous Delivery for PE to work with PE tools such as Code Manager and the orchestrator service to deploy Puppet code changes to your nodes.
- In the Continuous Delivery for PE web UI, click Settings.
- Click Puppet Enterprise. Click Add Credentials.
In the New Puppet Enterprise Credentials pane, enter a
unique friendly name for your Puppet Enterprise
If you need to work with multiple PE installations within Continuous Delivery for PE, these friendly names help you to differentiate which installation's resources you're managing, so choose them carefully.
Enter the web address you use to access the PE
console. This address must match the certname of your PE master or an alias included in the
dns_alt_namesentry in your
Select Basic Authorization or API
Token and enter the required information:
For Basic Authorization, enter the username and password for your "Continuous Delivery" user. Continuous Delivery for PE uses this information to generate an API token for you. The username and password are not saved. Optionally, change the token's lifetime by clicking Edit .
For API Token, generate a PE access token for your "Continuous Delivery" user using
puppet-accessor the RBAC v1 API, and paste it in the API Token field.
For instructions on generating an access token, see Token-based authentication.Tip: To avoid unintended service interruptions, create an access token with a multiyear lifespan.
- Click Save Changes.
Continuous Delivery for PE uses the information you provide to look up the endpoints for PuppetDB, Code Manager, orchestrator, and node classifier, and to access the master SSL certificate generated during PE installation. Once your credentials are successfully added, click Edit Credentials to view this information.
Your PE instance is now integrated with Continuous Delivery for PE.
If you're using a PE version in the 2019.x series, impact analysis was automatically configured for you during this integration. For users of all older PE versions: to enable impact analysis for this instance, see Configure impact analysis.