Ask Your Question
3

Can you use R10K to deploy from a private repo?

asked 2015-01-06 05:43:01 -0500

davideagle gravatar image

updated 2015-01-07 03:35:22 -0500

I've got a internal gitlab server containing a repo that I need to be private, when I try to run r10k on the Puppetfile I get the following error stating that it could not read Username, but I can not find how to define a username in the docs for R10K

Task # failed while running: Couldn't update git cache for https://git.comp.com/puppet/repo.git: "fatal: could not read Username for 'https://git.comp.com': No such device or address"

I've also tried to use the ssh protocol as follows:

mod "mymodule",
  :git => "ssh://git@git.comp.com:puppet/mymodule.git"

which results in an error: failed while running: Couldn't update git cache for ssh://git@git.comp.com:puppet/mymodule.git: "fatal: Could not read from remote repos

while git clone git@git.comp.com:puppet/mymodule.git works like a charm

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
2

answered 2015-01-06 12:54:40 -0500

cbarbour gravatar image

R10k simply invokes GIT in order to clone the repositories defined in your Puppetfile. If you wish to configure authentication, you may do so using any of GIT's builtin authentication methods.

The simplest form of authentication is to use SSH authorized keys. With this approach, you would create a public/private SSH keypair for the user that invokes R10k (typically root, but may be site-specific,) and authorize that public key to connect to your repository.

You may also use HTTP authentication, of course by embedding the username and password in the repository URL.

Here's a Puppetfile example for each:

mod 'myfirstmodule',
  :git => 'https://myusername:mypassword@git.comp.com/mymodule'

mod 'mysecondmodule',
  :git => 'ssh://myusername@git.comp.com/mymodule'

For a bit more information on GIT urls, see this stack overflow article: How to provide username and password when run “git clone git@remote.git”?

Best practices in this case is to define a special read-only account for your puppetmasters. The credentials for your Puppetfile must be stored in plain text in order for the R10k automation to work.

edit flag offensive delete link more

Comments

I tried mod "mymodule", :git => "ssh://git@git.comp.com:puppet/mymodule.git" with no luck but git clone git@git.comp.com:puppet/mymodule.git works like a charm

davideagle gravatar imagedavideagle ( 2015-01-07 05:50:35 -0500 )edit

Look at the difference between those two URIs. You should able to take the value for :git and, as the r10k user (typically root), call "git clone <uri>". If you receive errors, diagnose and repeat till it works. Then r10k should be able to clone it as well.

rnelson0 gravatar imagernelson0 ( 2015-01-07 14:55:43 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

4 followers

Stats

Asked: 2015-01-06 05:43:01 -0500

Seen: 2,762 times

Last updated: Jan 07 '15