If you need a customized Code Manager configuration, set parameters for the puppet_enterprise::master::code_manager class with Hiera.
To set these parameters, add them to your control repository hierarchy in the hieradata/common.yaml file in the format puppet_enterprise::master::code_manager::<parameter>. For example:
puppet_enterprise::master::code_manager::deploy_pool_size: 4
puppet_enterprise::master::code_manager::timeouts_deploy: 300
The first parameter increases the size of Code Manager’s default worker pool, and the second reduces the maximum time allowed for deploying a single environment.
Warning: Do not edit Code Manager’s configuration file manually. Puppet manages this configuration file automatically and will undo any manual changes you make.
After you add parameters to Hiera, run Puppet on the master to apply changes.
The following parameters are available for Code Manager. Parameters are optional unless otherwise stated.
remoteThe location of the Git control repository. Accepts a string that is a valid SSH URL for your Git remote. For example: 'git@<YOUR.GIT.SERVER.COM>:puppet/control.git'.
Either remote or sources must be specified. If remote is already specified in the master profile, that value is used here. If both the sources and remote keys are specified, the sources key overrides remote.
authenticate_webhookTurns on RBAC authentication for the /v1/webhook endpoint. Defaults to true.
cachedirThe path to the location where Code Manager caches Git repositories. Defaults to /opt/puppetlabs/server/data/code-manager/cache.
certnameThe certname of the Puppet signed certs to use for ssl. Defaults to $::clientcert.
datadirThe path to the directory where Code Manager should store internal file content. Defaults to: /opt/puppetlabs/server/data/code-manager.
deploy_pool_sizeSpecifies the number of threads in the worker pool; this dictates how many deploy processes can run in parallel. Accepts an integer. Defaults to 2.
file_sync_repo_idThe repo to which Code Manager should publish environments. Defaults to ‘puppet-code’.
file_sync_auto_commitWhether to automatically commit each environment to file-sync after deploying it. Setting this to false changes the default environmentdir to /etc/puppetlabs/code/environments. If you have already deployed code through Code Manager, you must delete the .git file from each environment before Code Manager can deploy new code. Defaults to true.
hostcrlThe path to the SSL CRL. Defaults to $puppet_enterprise::params::hostcrl.
localcacertThe path to the SSL CA cert. Defaults to $puppet_enterprise::params::localcacert.
post_environment_hooksA list of hooks to run after an environment has been deployed. This parameter accepts an array of hashes, such as:
#setup code_manager to update classes in the console after environment code deployment
puppet_enterprise::master::code_manager::post_environment_hooks:
- url: 'https://console.yourorg.com:4433/classifier-api/v1/update-classes'
use-client-ssl: true
Accepts the following keys:
An HTTP URL to send a request to, with the result of the environment deploy. The URL will receive a POST with a JSON body with the structure:
{
"deploy-signature":"482f8d3adc76b5197306c5d4c8aa32aa8315694b",
"file-sync":{
"environment-commit":"6939889b679fdb1449545c44f26aa06174d25c21",
"code-commit":"ce5f7158615759151f77391c7b2b8b497aaebce1"},
"environment":"production",
"id":3,
"status":"complete"
}
Whether the client SSL configuration should be used for HTTPS connections. If the hook destination is a server using the Puppet CA, then this should be set to true; otherwise, it should be set to false. Defaults to false.
timeouts_deployMaximum execution time (in seconds) for deploying a single environment. Accepts an integer. Defaults to 600.
timeouts_fetchMaximum execution time (in seconds) for updating the control repo state. Accepts an integer. Defaults to 30.
timeouts_hookMaximum time (in seconds) to wait for a single post-environment hook URL to respond. This timeout is used for both the socket connect timeout and the read timeout, so the longest total timeout would be twice the specified value. Accepts an integer. Defaults to 30.
timeouts_shutdownMaximum time (in seconds) to wait for in-progress deploys to complete when shutting down the service. Accepts an integer. Defaults to 610.
timeouts_waitMaximum time that a request sent with a wait parameter should wait for each environment before timing out. Accepts an integer. Defaults to 700.
webserver_ssl_hostThe host Code Manager listens on. Defaults to 0.0.0.0.
webserver_ssl_portThe port Code Manager listens on. Defaults to 8170. Note that this port must be open if you’re using Code Manager.
The following parameters are specific to Code Manager’s use of r10k:
environmentdirThe single directory to which Code Manager deploys all sources. If file_sync_auto_commit is set to true, this defaults to/etc/puppetlabs/code-staging/environments. See file_sync_auto_commit.
forge_settingsContains settings for downloading modules from the Puppet Forge. Accepts a hash of the following values:
Indicates where Forge modules should be installed from. Defaults to https://forgeapi.puppetlabs.com.
puppet_enterprise::master::code_manager::forge_settings:
baseurl: 'https://private-forge.mysite'
invalid_branchesSpecifies, for all sources, how branch names that cannot be cleanly mapped to Puppet environments are handled. This option accepts two values:
Sets or overrides the global proxy setting for all Forge interactions. See the global proxy setting below for more information and examples.
git_settingsContains Git-specific settings. Accepts a hash of the following settings:
Required, but can be supplied by the master profile. Specifies the file containing the default private key used to access control repositories, such as /etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa. This file must have read permissions for the pe-puppet user. The SSH key cannot require a password.
Sets or overrides the global proxy setting specifically for Git operations that use an HTTP(S) transport. To See the global proxy setting below for more information and examples.
A list of repositories and their respective private keys. Use this setting if you want to use multiple control repos. To use multiple control repos, the sources setting and the repositories setting must match. Accepts the following settings:
remote: The repository these settings should apply to.private-key: The file containing the private key to use for this repository. This file must have read permissions for the pe-puppet user.proxy: The proxy setting allows you to set or override the global proxy setting for a single, specific repository. See the global proxy setting below for more information and examples.The repositories setting accepts a hash in the following format:
repositories:
- remote: "ssh://jfkennedy@gitserver.puppetlabs.net/repositories/repo_one.git"
private-key: "/test_keys/jfkennedy"
- remote: "ssh://whtaft@gitserver.puppetlabs.net/repositories/repo_two.git"
private-key: "/test_keys/whtaft"
- remote: "https://git.example.com/git_repos/environments.git"
proxy: "https://proxy.example.com:3128"
private_keyDeprecated. Set the private-key in the git_settings parameter instead.
proxyConfigures a proxy server to use for all operations that occur over an HTTP(S) transport. To override this setting for Git or Forge operations only, set the proxy parameter under git_settings or forge_settings. To override for a specific Git repository, set a proxy in the repositories list of git_settings. To override this setting with no proxy for Git, Forge, or a particular repository, set that specific proxy setting to an empty string.
proxy: 'http://proxy.example.com:3128'
Code Manager also supports authenticated proxies with either Basic or Digest authentication:
proxy: 'http://user:password@proxy.example.com:3128'
sourcesSpecifies a map of sources to be passed to r10k. This setting is used if you are managing more than just Puppet environments, such as when you are also managing Hiera data in its own control repository. To use multiple control repos, the sources setting and the repositories setting must match. Note that if sources is set, you cannot use the global remote and r10k_basedir settings above.
The sources setting can include the following subsettings:
This setting accepts a hash such as:
myorg:
remote: "git://git-server.site/myorg/main-modules"
prefix: true
mysource:
remote: "git://git-server.site/mysource/main-modules"
prefix: "testing"
Note that r10k raises an error if different sources collide in a single base directory. If you are using multiple sources, use the prefix option to prevent collisions.
Specifies where the source repository should be fetched from. The remote must be able to be fetched without any interactive input. That is, you cannot be prompted for usernames or passwords in order to fetch the remote.
Accepts a string that is any valid URL that r10k can clone, such as:
git://git-server.site/my-org/main-modules
Allows environment names to be prefixed with this string. Alternatively, if prefix is set to true, the source’s name will be used. This prevents collisions when multiple sources are deployed into the same directory.
In the sources example above, two “main-modules” environments are set up in the same base directory. The prefix setting is used to differentiate the environments: the first will be named “myorg-main-modules”, and the second will be “testing-main-modules”. This setting accepts a hash such as:
myorg:
remote: "git://git-server.site/myorg/main-modules"
prefix: true
mysource:
remote: "git://git-server.site/mysource/main-modules"
prefix: "testing"
After you’ve got Code Manager configured, you can deploy environments with Code Manager from the command line, or set up a deployment trigger for Code Manager with a webhook or a custom script.