Ask Your Question
0

zack/r10k environment webhook ok, but module hook not - with gitlab

asked 2015-04-20 16:47:32 -0600

oznah gravatar image

With the following code, the environmental webook in the zack/r10k forge module works without issue. I am having problems getting the webhook working for an individual module. See the last git_webhook resource. The code creates the webhook url in gitlab via the api as expected and testing the hook is successful, but when I tail -f /var/log/webhook/access.log all I see is this:

[2015-04-20 17:13:13] DEBUG accept: (src ip here):35108
[2015-04-20 17:13:13] DEBUG Rack::Handler::WEBrick is invoked.
[2015-04-20 17:13:13] DEBUG close: (dest ip here):35108

I would expect to see an r10k run like I see when control repo hook runs. like this:

[2015-04-20 17:21:12] DEBUG accept: (src ip here):35114
[2015-04-20 17:21:12] DEBUG Rack::Handler::WEBrick is invoked.
[2015-04-20 17:21:12] INFO  authenticated: puppet
[2015-04-20 17:21:12] INFO  message: triggered: /opt/puppet/bin/mco r10k deploy production >> /var/log/webhook/mco_output.log 2>&1 & branch: production
[2015-04-20 17:21:12] DEBUG close:  (dest ip here):35114

What am I missing? I feel like I must be close. I just can't figure out why it's not causing an r10k run.

      class {'::r10k::webhook':
          require => Class['r10k::webhook::config'],
      }

      git_webhook { 'web_post_receive_webhook' :
          ensure             => present,
          webhook_url        => 'https://puppet:puppet@puppetmaster.fqdn.here:8088/payload',
          token              =>  hiera('gitlab_api_token'),
          project_name       => 'puppet/control',
          server_url         => 'https://git_server.fqdn.here',
          disable_ssl_verify => true,
          provider           => 'gitlab',
      }

      git_webhook { 'web_post_receive_webhook_for_profiles' :
          ensure             => present,
          webhook_url        => 'https://puppet:puppet@puppetmaster.fqdn.here:8088/profiles',
          token              => hiera('gitlab_api_token'),
          project_name       => 'puppet/profiles',
          server_url         => 'https://git_server.fqdn.here',
          disable_ssl_verify => true,
          provider           => 'gitlab',
      }

Finally, the /var/log/webhook/mc_output.log is useless. All I see is this.

1 / 1

puppetmaster.fqdn.here:


Finished processing 1 / 1 hosts in 12349.54 ms
edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
1

answered 2015-04-23 12:21:17 -0600

acidprime gravatar image
      webhook_url        => 'https://puppet:puppet@puppetmaster.fqdn.here:8088/profiles',

The URL above is incorrect, you need to have it be https://puppet:puppet@puppetmaster.fqdn.here:8088/module not the name of the module.

This is because there is one single end point in the hook https://github.com/acidprime/r10k/blob/master/templates/webhook.bin.erb#L68 for this purpose not a dynamic on for every module. It determine the module name from the name of the repo. Which in your case should work just fine i.e.

      project_name       => 'puppet/profiles',

will result it finding the name "profiles" and construct a resultant command with that name.

edit flag offensive delete link more

Comments

Thanks so much. I was just over thinking it. That's exactly what it was. I really appreciate the help.

oznah gravatar imageoznah ( 2015-04-23 21:02:14 -0600 )edit
0

answered 2015-04-23 09:52:10 -0600

Jeremiah Powell gravatar image

If you review the gitlab type and provider you will notice that the disablesslverify is ignored.

However, there is an explicit check for the Port in the Gitlab provider to turn HTTPS off is the port is not 443.

For example, check https://github.com/abrader/abrader-gm...

Can you use unprotected HTTP connections to your Gitlab server?

If not, you need to import your SSL certificates into your platform's certificate store. The RailsApp team provides a comprehensive guide for this:

http://railsapps.github.io/openssl-ce...

If you are using signed SSL certificates you will need to include the CA cert and all intermediary certificates. This applies even if you used Puppet's CA to sign the certificates used by Gitlab.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2015-04-20 16:47:32 -0600

Seen: 1,093 times

Last updated: Apr 23 '15