Try Puppet 
Search Puppet.com
Why Puppet

Puppet is the industry standard for IT automation.

Manage and automate more infrastructure and complex workflows in a simple, yet powerful way.

Customers
Open source
Cloud & Hybrid Automation

Accelerate your cloud journey with an enterprise automation platform for your hybrid estate.

Continuous Compliance

Enforce compliance across hybrid infrastructure with policy as code and model-driven automation.

Scaling DevOps

Modernize faster with Puppet DevOps consulting and infrastructure as code.

Use Cases
Integrations
ProductsEcosystem
Pricing & PackagingGet Puppet Enterprise

First 10 Nodes are free!

Custom consulting services

Get you up and running quickly with a custom solution that addresses your unique business goals and easily allows for growth as your needs evolve.

Professional services
TrainingOpen source
Support
Puppet Compass Logo
Puppet Compass

Puppet Compass is your source for learning best practices to address common business challenges.

Get started
Resource library
State of DevOps Report

Since launching our first DevOps survey in 2012, we’ve learned a lot about the power of DevOps to transform organizations.

Puppet Events
Join us for a Puppet event

It's our community that makes Puppet great. Connect with Puppet users and employees.

Virtual events
Puppet CommunityContribute content
Connect
Puppet Events
About Us

Puppet frees you to do what robots can’t. We make automation software because you’ve got better things to do.

Company
Press & news
Our voiceWorking at Puppet

Configure Code Manager

Puppet Enterprise2021.0
This release was removed from general availability due to upgrade issues.
Docs for the latest available release are here.
This version is out of date. For current versions, see Puppet Enterprise support lifecycle.
Sections

To configure Code Manager, first enable Code Manager in Puppet Enterprise (PE), then set up authentication, and test the communication between the control repository and Code Manager.

Complete the following steps to enable and configure Code Manager.

  1. Upgrade from r10k to Code Manager
  2. Enable Code Manager
  3. Set up authentication for Code Manager
  4. Test the control repo
  5. Test Code Manager

Upgrade from r10k to Code Manager

To upgrade from r10k to Code Manager, you must disable the previous r10k installation.

You must complete the following pre-requisites when you upgrade from r10k to Code Manager:

If you used any previous versions of r10k:

Disable any tools that may automatically run it. Most commonly, this is the zack-r10k module.
Important: Code Manager cannot properly install or update code when other tools are running r10k.

When you use Code Manager, it runs r10k in the background. You cannot directly interact with r10k or use the zack-r10k module.

Enable Code Manager

Enable Code Manager to connect your primary server to your Git repository.

Before you begin
You must have an SSH key without a passphrase and is saved on your primary server at /etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa.
  1. In the console, in the PE Master node group, set parameters for the puppet_enterprise::profile::master class.
    • code_manager_auto_configure - Specify true to enable Code Manager.
    • r10k_remote - Enter a string that is a valid SSH URL for your Git control repository. For example: "git@<YOUR.GIT.SERVER.COM>:puppet/control.git".
      Note: Some Git providers, such as Bitbucket, may have additional requirements for enabling SSH access. See your provider's documentation for information.
    • r10k_private_key - Enter "/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa". This is the path to the private key that permits the pe-puppet user access to your Git repositories.
  2. Run Puppet on your primary server and all compilers.
    Note:

    If you run Puppet for your primary server and all compilers at the same time, such as with Run Puppet in the console, the following errors might display in your compilers' logs:

    2015-11-20 08:14:38,308 ERROR [clojure-agent-send-off-pool-0]
[p.e.s.f.file-sync-client-core] File sync failure: Unable to get
latest-commits from server (https://primary.example.com:8140/file-sync/v1/latest-commits).
java.net.ConnectException: Connection refused

    Ignore these errors while the primary is starting. These errors display when Puppet Server restarts as the compilers poll for new code. These errors should stop when the Puppet Server on the primary server finishes restarting.

Set up authentication for Code Manager

To securely deploy environments, Code Manager needs an authentication token for both authentication and authorization.

To generate a token for Code Manager:

  1. Assign a user to the deployment role.
  2. In the console, create a deployment user.
    Tip: Create a dedicated deployment user for Code Manager use.
  3. Add the deployment user to the Code Deployers role.
    Note: This role is automatically created on install, with default permissions for code deployment and token lifetime management.
  4. Create a password by clicking Generate Password.
  5. Request an authentication token for deployments

Request an authentication token for deployments

Request an authentication token for the deployment user to enable secure deployment of your code.

By default, authentication tokens have a one-hour lifetime. With the Override default expiry permission set, you can change the lifetime of the token to a duration better suited for a long-running, automated process.

Generate the authentication token using the puppet-access command.

  1. From the command line on the primary server, run puppet-access login --lifetime 180d. This command both requests the token and sets the token lifetime to 180 days.
    Tip: You can add flags to the request specifying additional settings such as the token file's location or the URL for your RBAC API. See Configuration file settings for puppet-access.
  2. Enter the username and password of the deployment user when prompted.
Results

The generated token is stored in a file for later use. The default location for storing the token is ~/.puppetlabs/token. To view the token, run puppet-access show.

What to do next
Test the connection to the control repo.

Test the control repo

To make sure that Code Manager can connect to the control repo, test the connection to the repository.

From the command line, run puppet-code deploy --dry-run.
Results

  • If the control repo is set up properly, this command fetches and displays the number of environments in the control repo.

  • If an environment is not set up properly or causes an error, it does not appear in the returned list. Check the Puppet Server log for details about the errors.

Test Code Manager

Test Code Manager by deploying a single test environment.

Deploy a single test environment to test Code Manager:
From the command line, deploy one environment by running puppet-code deploy my_test_environment --wait

This deploys the test environment, and then returns deployment results with the SHA (a checksum for the content stored) for the control repository commit.

If the environment deploys and returns the deployment results, Code Manager is correctly configured.

If the deployment does not work, review the configuration steps, or refer to troubleshooting.ditamap for help.

Results

After Code Manager is fully enabled and configured, you can trigger Code Manager to deploy your environments.

There are several ways to trigger deployments, depending on your needs.

Code Manager settings

After Code Manager is configured, you can adjust its settings in the PE Master node group, in the puppet_enterprise::profile::master class.

These options are required for Code Manager to work, unless otherwise noted.

puppet_enterprise::profile::master::code_manager_auto_configure
Specifies whether to autoconfigure Code Manager and file sync.
Default: false
puppet_enterprise::profile::master::r10k_remote
The location, as a valid URL, for your Git control repository.
Example: 'git@<YOUR.GIT.SERVER.COM>:puppet/control.git'
puppet_enterprise::profile::master::r10k_private_key
The path to the file containing the private key used to access all Git repositories. Required when using the SSH protocol; optional in all other cases.
Example: '/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa'
puppet_enterprise::profile::master::r10k_proxy
Optional proxy used by r10k when accessing the Forge. If empty, no proxy settings are used.
Example: 'http://proxy.example.com:3128'
puppet_enterprise::profile::master::r10k_trace
Configuration option that includes the r10k stacktrace in the error output of failed deployments when the value is true.
Default: false
puppet_enterprise::profile::master::versioned_deploys
Optional setting that specifies whether code is updated in versioned code directories instead of blocking requests and overwriting the live code directory.
Default: false
Note: For more information, see Deploying Code without blocking requests to Puppet Server
puppet_enterprise::master::environment_timeout
Specifies whether and how long environments are cached, which can significantly reduce CPU usage of your Puppet Server. You can specify any of these values:
  • 0 – no caching
  • unlimited – all environments are cached forever
  • a length of time for environments to be cached, for example 30m
Default when Code Manager is enabled: unlimited
Default when Code Manager is not enabled: 0
puppet_enterprise::master::environment_timeout_mode
Indicates whether a length of time specified by the environment_timeout begins when the environment is created (from_created) or when it's last used (from_last_used).
Default: from_created
Note: For optimal balance of performance and memory use, we recommend setting environment_timeout_mode to from_last_used and environment_timeout to 30m.

To further customize your Code Manager configuration with Hiera, see Customize Code Manager configuration in Hiera.

See an issue? Please file a JIRA ticket in our [DOCUMENTATION] project.
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.