Configure Code Manager
To configure Code Manager you must enable Code Manager in Puppet Enterprise (PE), set up authentication, and test the connection between the control repository and Code Manager.
- Create a control repo with a Puppetfile, as explained in Managing environments with a control repository.
- Upgrade from r10k to Code Manager, if applicable.
- Enable Code Manager.
- Set up authentication for Code Manager.
- Test the control repository.
- Test Code Manager.
Depending on your needs, you might need to configure additional Code Manager settings, enable Lockless code deploys, or Customize Code Manager configuration in Hiera.
Upgrade from r10k to Code Manager
To upgrade from r10k to Code Manager, you must disable the previous r10k installation.
- Disable your previous r10k installation.
- Disable any tools that automatically run r10k.
Usually this is the
zack-r10k
module.Note: When you upgrade to Code Manager, you can no longer manually use r10k or thezack-r10k
module.
After disabling r10k, configure Code Manager.
Enable Code Manager
Set parameters in the console to enable Code Manager and connect your primary server to your Git repository.
pe-puppet
user to
access your Git repositories. The SSH key must be:- Owned by the
pe-puppet
user. - Located on the primary server.
- Located in a directory the
pe-puppet
user has permission to view, such as/etc/puppetlabs/puppetserver/ssh/id-control_repo.ed25519
.
Set up authentication for Code Manager
To securely deploy environments, Code Manager needs an authentication token for both authentication and authorization.
Before requesting an authentication token, you must assign a user to the deployment role.
Request an authentication token for deployments
To securely deploy your code, request an authentication token for the deployment user.
The default lifetime for authentication tokens is one hour. You can use the Override
default expiry
permission set to change the token lifetime to a
duration better suited for a long-running, automated process.
Use the puppet-access
command to generate the authentication token.
The generated token is stored in a file for later use. The default token storage location is
~/.puppetlabs/token
. You can run puppet-access
show
to view the token.
Test the control repository
To make sure Code Manager can connect to the control repository, test the connection to the repository.
puppet-code deploy --dry-run
If the control repository is set up properly, this command fetches and displays a list of environments in the control repository as well as the total number of environments.
If an environment is not set up properly or causes an error, it does not appear in the returned list. Check the Puppet Server log for details about the errors.
Test Code Manager
Test Code Manager by deploying a single test environment.
puppet-code
deploy my_test_environment --wait
If Code Manager is configured correctly, this command deploys the test environment and returns deployment results with the SHA (a checksum for the content stored) for the control repository commit.
If the deployment does not work, review the Code Manager configuration steps, or refer to Troubleshooting for help.
Code Manager settings
After configuring Code Manager, you can adjust its settings
in the PE Master node group in the puppet_enterprise::profile::master
class.
puppet_enterprise::profile::master::code_manager_auto_configure
- Specifies whether to autoconfigure Code Manager and file sync.
puppet_enterprise::master::file_sync::chown_code_to_pe_puppet
- By leaving this enabled, users help ensure they do not hit a class of errors that can occur by committing Puppet code files with the wrong permissions (or at least have those errors resolved on the next Puppet run). However, some users have codedirs large enough and I/O throughput restrictive enough that they require disabling these executive resources in the compiler catalogs.
puppet_enterprise::master::file_sync::copy_method
- Specifies the implementation method used for copying versioned deploys to their location.
puppet_enterprise::master::file_sync::versioned_sync_pool
- Specifies the number of threads available for concurrent code deployments.
puppet_enterprise::profile::master::r10k_remote
- The location, as a valid URL, for your Git control repository.
puppet_enterprise::profile::master::r10k_private_key
- The path to the file containing the private key used to access all Git repositories. Required when using the SSH protocol, and optional in all other cases.
puppet_enterprise::profile::master::r10k_proxy
- Optional proxy used by r10k when
accessing the Forge. If empty, no proxy
settings are used.Restriction: If
r10k_proxy
is specified, you must use an HTTP URL for ther10k_remote
parameter and all Puppetfile module entries. puppet_enterprise::profile::master::r10k_trace
- Configuration option that includes the r10k stacktrace in the error output of failed deployments when the value
is
true
. puppet_enterprise::profile::master::versioned_deploys
- Setting for the lockless code deploys feature. Define the
parameter to specify whether code is updated in versioned code
directories instead of blocking requests and overwriting the live code
directory.Tip: Setting
versioned_deploys
tofalse
will cause the Puppet Server process to lock the JRuby pool for each deployment. This will cause the compiler to become unavailable every time Puppet code is updated. This is the older method for code deployment, if you experience issues with code deployments trying this method may work for you. This setting should only be set tofalse
in consultation with Puppet Support. puppet_enterprise::master::environment_timeout
- Specifies if and how long environments are cached, which can
significantly reduce your Puppet Server's CPU
usage. You can specify these values:
- No caching:
0
- Retain environment data caches indefinitely:
unlimited
- Cache environments for a specified length of time after their
last use: Any length of time, such as
5m
- No caching:
puppet_enterprise::master::file_sync::copy_method
- Specifies the implementation method used for copying versioned deploys to their location.
puppet_enterprise::master::file_sync::versioned_sync_pool
- Specifies the number of threads available for concurrent code deployments.
Customize Code Manager configuration in Hiera explains how you can use Hiera to further customize your Code Manager configuration.