Merge pull request #170 from robbat2/master

Fix non-ssl, abilliy to customize templates, and run with less privileges (but call r10k/mco via sudo)

manifests/config.pp

@@ -58,6 +58,7 @@
   $r10k_basedir              = $r10k::params::r10k_basedir,
   $manage_configfile_symlink = $r10k::params::manage_configfile_symlink,
   $configfile_symlink        = '/etc/r10k.yaml',
+  $r10k_yaml_template        = 'r10k/r10k.yaml.erb'
 ) inherits r10k::params {
 
   validate_bool($manage_modulepath)
@@ -92,7 +93,7 @@
     group   => '0',
     mode    => '0644',
     path    => $configfile,
-    content => template('r10k/r10k.yaml.erb'),
+    content => template($r10k_yaml_template),
   }
 
   if $manage_configfile_symlink_real == true {

manifests/params.pp

@@ -48,6 +48,9 @@
   $webhook_r10k_deploy_arguments = '-pv'
   $webhook_public_key_path       = undef
   $webhook_private_key_path      = undef
+  $webhook_bin_template          = 'r10k/webhook.bin.erb'
+  $webhook_yaml_template         = 'r10k/webhook.yaml.erb'
+  $webhook_command_prefix        = '' # 'sudo' is the canonical example for this
 
   if $::osfamily == Debian {
     $functions_path     = '/lib/lsb/init-functions'

manifests/webhook.pp

@@ -3,6 +3,7 @@
   $user  = 'peadmin',
   $group = 'peadmin',
   $git_server = 'localhost',
+  $webhook_bin_template = $::r10k::params::webhook_bin_template,
 ) inherits r10k::params {
 
   File {
@@ -35,7 +36,7 @@
   }
 
   file { 'webhook_bin':
-    content => template('r10k/webhook.bin.erb'),
+    content => template($webhook_bin_template),
     path    => '/usr/local/bin/webhook',
     notify  => Service['webhook'],
   }

manifests/webhook/config.pp

@@ -27,6 +27,8 @@
   $r10k_deploy_arguments = $r10k::params::webhook_r10k_deploy_arguments,
   $public_key_path       = $r10k::params::webhook_public_key_path,
   $private_key_path      = $r10k::params::webhook_private_key_path,
+  $yaml_template         = $r10k::params::webhook_yaml_template,
+  $command_prefix        = $r10k::params::webhook_command_prefix,
   $configfile            = '/etc/webhook.yaml',
 ) inherits r10k::params {
 
@@ -53,6 +55,7 @@
       'r10k_deploy_arguments' => $r10k_deploy_arguments,
       'public_key_path'       => $public_key_path,
       'private_key_path'      => $private_key_path,
+      'command_prefix'        => $command_prefix,
     }
   } else {
     validate_hash($hash)
@@ -65,7 +68,7 @@
     group   => '0',
     mode    => '0644',
     path    => $configfile,
-    content => template('r10k/webhook.yaml.erb'),
+    content => template($yaml_template),
     notify  => Service['webhook'],
   }
 }

templates/webhook.bin.erb

@@ -42,16 +42,20 @@ $config['private_key_path'] = File.join("#{$config['certpath']}", "#{$config['ce
 <% end %>
 
 opts = {
-        :Host               => $config['bind_address'],
-        :Port               => $config['port'],
-        :Logger             => $logger,
-        :ServerType         => WEBrick::Daemon,
-        :SSLEnable          => $config['enable_ssl'],
-        :SSLVerifyClient    => OpenSSL::SSL::VERIFY_NONE,
-        :SSLCertificate     => OpenSSL::X509::Certificate.new(File.open("#{$config['public_key_path']}").read),
-        :SSLPrivateKey      => OpenSSL::PKey::RSA.new(File.open("#{$config['private_key_path']}").read),
-        :SSLCertName        => [ [ "CN",WEBrick::Utils::getservername ] ]
+  :Host       => $config['bind_address'],
+  :Port       => $config['port'],
+  :Logger     => $logger,
+  :ServerType => WEBrick::Daemon,
+  :SSLEnable  => $config['enable_ssl'],
 }
+if $config['enable_ssl'] then
+  opts[:SSLVerifyClient] = OpenSSL::SSL::VERIFY_NONE,
+  opts[:SSLCertificate]  = OpenSSL::X509::Certificate.new(File.open("#{$config['public_key_path']}").read),
+  opts[:SSLPrivateKey]   = OpenSSL::PKey::RSA.new(File.open("#{$config['private_key_path']}").read),
+  opts[:SSLCertName]     = [ [ "CN",WEBrick::Utils::getservername ] ]
+end
+
+$command_prefix = $config['command_prefix'] || ''
 
 class Server < Sinatra::Base
 
@@ -126,10 +130,10 @@ class Server < Sinatra::Base
     def deploy_module(module_name)
       begin
         if $config['use_mcollective']
-          command = "mco r10k deploy_module #{module_name} >> #{$config['mco_logfile']} 2>&1 &"
+          command = "#{$command_prefix} mco r10k deploy_module #{module_name} >> #{$config['mco_logfile']} 2>&1 &"
         else
           # If you don't use mcollective then this hook needs to be running as r10k's user i.e. root
-          command = "r10k deploy module #{module_name} >> #{$config['mco_logfile']} 2>&1 &"
+          command = "#{$command_prefix} r10k deploy module #{module_name} >> #{$config['mco_logfile']} 2>&1 &"
         end
         message = "triggered: #{command}"
         Process.detach(fork{ exec "#{command}"})
@@ -152,10 +156,10 @@ class Server < Sinatra::Base
           end
         else
           if $config['use_mcollective']
-              command = "mco r10k deploy #{branch} >> #{$config['mco_logfile']} 2>&1 &"
+              command = "#{$command_prefix} mco r10k deploy #{branch} >> #{$config['mco_logfile']} 2>&1 &"
           else
             # If you don't use mcollective then this hook needs to be running as r10k's user i.e. root
-            command = "r10k deploy environment #{branch} #{$config['r10k_deploy_arguments']} >> #{$config['mco_logfile']} 2>&1 &"
+            command = "#{$command_prefix} r10k deploy environment #{branch} #{$config['r10k_deploy_arguments']} >> #{$config['mco_logfile']} 2>&1 &"
           end
           message = "triggered: #{command}"
           Process.detach(fork{ exec "#{command}"})