Puppet code deployment can be done using the PE Client tools. The generic Puppet documentation is here.
Alternatively, an auto-deploy script can run as a scheduled job as needed, please contact the ITS Puppet Infrastructure team for details at its-puppet-infra@iowa.uiowa.edu.
We currently do not have a Continuous Integration/Continuous Delivery (CI/CD) offering. Customers are free to build their own CI/CD integrations or git webhooks as needed.
Instructions specific to UI for code deployment (Linux)
Assumptions
- The user name on the workstation is
<your HawkID>
- The user name with permissions to deploy an environment is
<your HawkID>
- The home directory on the Linux workstation is set correctly via the
$HOME
environment variable - The PE2021 server is named
<your PE server>
- The version of PE is
2021.x.xx
(you can log in to the console and see the version in the left sidebar at the bottom) - Configuration of the client tools is per-user rather than system wide
Install client tools
- Download from https://puppet.com/try-puppet/puppet-enterprise-client-tools/
- Follow links for 2021.x.x
- Scroll to the bottom - Puppet Enterprise 2021.x.xx Client Tools
- Download a version appropriate for your workstation and install it
Create config files (one time step)
HOMEDIR=$HOME
PE_SERVER=<your PE server
>
mkdir -p ~/.puppetlabs/client-tools/
mkdir -p ~/.puppetlabs/client-tools/ssl
curl -s -k -o ~/.puppetlabs/client-tools/ssl/ca.pem https://${PE_SERVER}:8140/puppet-ca/v1/certificate/ca
cat >~/.puppetlabs/client-tools/puppet-access.conf <<EOF
{
"service-url": "https://${PE_SERVER}:4433/rbac-api",
"token-file": "${HOMEDIR}/.puppetlabs/token",
"certificate-file": "${HOMEDIR}/.puppetlabs/client-tools/ssl/ca.pem"
}
EOF
# puppet-code does not expand ~ correctly
cat >~/.puppetlabs/client-tools/puppet-code.conf <<EOF
{
"cacert": "${HOMEDIR}/.puppetlabs/client-tools/ssl/ca.pem",
"token-file": "${HOMEDIR}/.puppetlabs/token",
"service-url": "https://${PE_SERVER}:8170/code-manager"
}
EOF
Test deployment connectivity
/opt/puppetlabs/bin/puppet-access login --lifetime 2h Username: <your HawkID> Password: Access token saved to: $HOME/.puppetlabs/token
/opt/puppetlabs/bin/puppet-code deploy --dry-run --dry-run implies --wait. --dry-run implies --all. Dry-run deploying all environments. You are not authorized to deploy one of the requested Puppet environments [ "You are not authorized to deploy Puppet environment 'production'" ]
The authorization warning is expected for non-admin users. This just tests whether or not you can connect appropriately.
Actual deployment (typically these steps will be repeated)
# re-run puppet-access command if it has been longer than the lifetime specified above # to deploy environment "<my environment>" /opt/puppetlabs/bin/puppet-code deploy <my environment> --wait Found 1 environments. [ { "deploy-signature": "fa12bd02bb6764eceddd74c486a2ea4c3d2e6a65", "environment": "<my environment>", "file-sync": { "code-commit": "3bbd7fd456e0a0ea029fbfcb2e565c5f58476899", "environment-commit": "741077e5d44d909e9d3de5dffc4defca22e8e730" }, "id": 72, "status": "complete" } ]
If you have any failures deploying your specific environment, please contact the puppet team.
Instructions specific to UI for code deployment (Windows)
Assumptions
- The user name on the workstation is
<your HawkID>
- The user name with permissions to deploy an environment is
<your HawkID>
- The value of %USERPROFILE% on your windows workstation is
C:\Users\<your HawkID>
- The PE2021 server is named
<your PE server>
- The version of PE is
2021.x.xx
(you can log in to the console and see the version in the left sidebar at the bottom) - Configuration of the client tools is per-user rather than system wide
Install client tools
- Download from https://puppet.com/misc/pe-files/previous-releases
- Follow links for 2021.x.xx
- Scroll to the bottom - Puppet Enterprise 2021.x.xx Client Tools
- Download a version appropriate for your workstation and install it
Create config files (one time step)
# CMD mkdir %USERPROFILE%\.puppetlabs\client-tools # PowerShell mkdir $env:userprofile\.puppetlabs\client-tools
Download https://<your PE server
>:8140/puppet-ca/v1/certificate/ca and save it to %USERPROFILE%\.puppetlabs\client-tools\ca.pem
Create %USERPROFILE%\.puppetlabs\client-tools\puppet-access.conf
with these contents (with appropriate substitutions):
{ "service-url": "https://<your PE server
>:4433/rbac-api", "token-file": "C:\\Users\\<HawkID
>\\.puppetlabs\\token", "certificate-file": "C:\\Users\\<HawkID
>\\.puppetlabs\\client-tools\\ca.pem" }
Create %USERPROFILE%\.puppetlabs\client-tools\puppet-code.conf
with these contents (with appropriate substitutions):
{ "service-url": "https://<your PE server
>:8170/code-manager", "token-file": "C:\\Users\\<HawkID
>\\.puppetlabs\\token", "cacert": "C:\\Users\\<HawkID
>\\.puppetlabs\\client-tools\\ca.pem" }
Test run
Run the PE ClientTools Console
app
C:\Program Files\Puppet Labs\Client\bin>puppet-access login --lifetime 2h Enter your Puppet Enterprise credentials. Username: <HawkID
> Password: Access token saved to: C:\Users\<yourHawkID
>\.puppetlabs\token C:\Program Files\Puppet Labs\Client\bin>puppet-code deploy --dry-run --dry-run implies --wait. --dry-run implies --all. Dry-run deploying all environments. You are not authorized to deploy one of the requested Puppet environments [ "You are not authorized to deploy Puppet environment 'production'" ]
The authorization warning is expected for non-admin users. This just tests whether or not you can connect appropriately.
Actual Deployment of <my environment>
environment (this step will be repeated)
C:\Program Files\Puppet Labs\Client\bin>puppet-code deploy <my environment> --wait Found 1 environments. [ { "deploy-signature": "fa12bd02bb6764eceddd74c486a2ea4c3d2e6a65", "environment": "<my environment>", "file-sync": { "code-commit": "8c987ac85f2d682018728595d8ee2eed7b9c7b06", "environment-commit": "5f351fee44c09c0a30a0b39bf76c2c7635cd1cd9" }, "id": 75, "status": "complete" } ]
If you have any failures deploying your specific environment, please contact the puppet team.