I'm using Vagrant to provision a VM onto DigitalOcean using config from PUPHPET. I need to clone a private git repo. I've created an SSH key to be used to authenticate the request using the Puppet vcsrepo module but it seems my SSH key isn't being picked up properly.
I've set Vagrant config.ssh.forward_agent to true and config.ssh.private_key_path points to my local rsa file on my mac. This is also used for the DigitalOcean key.
I can see my key in ~/.ssh/authorized_keys on the VM.
The git clone fails if it's a private repo. I tried with a public repo and it is successful.
Here is the Puppet vcsrepo command:
vcsrepo { '/var/www/html':
ensure => present,
provider => git,
source => 'https://******#bitbucket.org/****.git',
require => '~/.ssh/authorized_keys',
}
This gives the error No title provided and "~/.ssh/authorized_keys" is not a valid resource reference at /tmp/vagrant-puppet/manifests-893fcd
I also tried with the identity property:
vcsrepo { '/var/www/html':
ensure => present,
provider => git,
source => 'https://******#bitbucket.org/****.git',
identity => '~/.ssh/authorized_keys',
force => true
}
This gives fatal: could not read Password for 'https://billyjones#bitbucket.org': No such device or address
Using Debian 7.
Related
I want to use the Gitlab Docker registry. I am using GitLab CE 15.7
I created my own CA and signed a certificate. GitLab UI and GitLab runners are working fine!
When it comes to the Docker Registry I have some issues. I configured the gitlab.rb like this:
registry_external_url 'https://198.18.133.100:5000'
registry['enable'] = true
registry['username'] = "registry"
registry['group'] = "registry"
registry['registry_http_addr'] = "127.0.0.1:5000"
registry['debug_addr'] = "localhost:5001"
registry['env'] = {
'SSL_CERT_DIR' => "/etc/gitlab/ssl/"
}
registry['rootcertbundle'] = "/etc/gitlab/ssl/198.18.133.100.crt"
Which also confuses me are the options for registry and registry_nginx.
I am not sure if I configured it correctly and the documentation doesn't help me a lot. I didn't spin up any docker container for the registry or anything. I believe that this comes in the binary of the GitLab (if I am not mistaken). I port 5000 is available and I can telnet.
However, while pushing the image to the registry I get the following error:
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get "https://198.18.133.100:5000/v2/": x509: certificate signed by unknown authority
Cleaning up project directory and file based variables
00:00
ERROR: Job failed: exit status 1
Any ideas? Thanks a lot!
I tried already quite a lot of different configs and reconfigured the gitlab server.
It has been fixed with copying the ca at the following path:
mkdir -p /etc/docker/certs.d/<your_registry_host_name>:<your_registry_host_port>
As well as the right config in the gitlab.rb
registry_nginx['enable'] = true
registry_nginx['listen_https'] = true
registry_nginx['redirect_http_to_https'] = true
registry_external_url 'https://registry.YOUR_DOMAIN.gtld'
Thanks all for your help!
I am new to Puppet and so I am totally confused about how to create a Manifest that can deploy any application on Windows Nodes. I have successfully configured the Open-source Puppet Server on Centos 7 Machine and I am using Windows 10 machine as a Puppet Client. I am also done with the certificate exchange between Server and Client.
So can you please suggest me some point so that I can create my manifest file to manage the windows Nodes.
The easiest way to start writing a new module is to use the pdk. It runs on Windows, Mac and Linux.
If you're on Windows then in powershell you'd run pdk new module <module name> and then cd <module name> and pdk new class <module name> . That will give you the basic construction of a module that you can push up to your git repo. It also contains an rspec testing framework etc.
The Puppet forge has some great examples of code.
You probably want to look at using Chocolatey it's a package manager similar to Yum.
Some example code for your manifest, in /manifests/init.pp
class <module name> {
require chocolatey # forge module
Package { provider => chocolatey, }
package { 'git':
ensure => installed,
}
user { 'testuser':
ensure => present,
groups => 'testgroup',
comment => 'Test user',
}
file { 'C:\Program Files\testuser':
ensure => directory,
owner => 'testuser',
group => 'testgroup',
}
acl { 'C:\Program Files\testuser':
permissions => [
{ identity => 'testuser', rights => ['full']},
{ identity => 'testgroup', rights => ['read']}
],
}
}
We have RedHat 7.2 Linux OS and use puppet to perform our tasks. I am using puppet to install some software, which has worked fine and now the final step is to create an OS level service. In earlier versions of RHEL, we used chkconfig but that has been replaced with systemctl. Of course, the recommended way of performing this task is using a service. Since this is a custom software, I have my own startup script that I usually copy over to /etc/init.d, run chkconfig and then startup the service. How do I perform these tasks via Puppet for RedHat 7.2 OS ? I only want to create the service (not start it up or anything). This way, when the server reboots, the service will startup the app.
EDIT :
#redstonemercury for RHEL 7 I would think the following would be required. But your suggestion definitely helps as I was thinking along the same lines.
https://serverfault.com/questions/814611/puppet-generated-systemd-unit-files
file { '/lib/systemd/system/myservice.service':
mode => '0644',
owner => 'root',
group => 'root',
content => template('modulename/myservice.systemd.erb'),
}~>
exec { 'myservice-systemd-reload':
command => 'systemctl daemon-reload',
path => [ '/usr/bin', '/bin', '/usr/sbin' ],
refreshonly => true,
}
In puppet, use a package resource to install the package (assuming it's in repos that you're declaring already), then use a file resource to declare the /etc/init.d file, and put require => Package[<package_resource_name>] as a parameter in the file declaration to ensure the custom file gets created after the package has installed (so doesn't potentially get overwritten by the package's /etc/init.d file). E.g.:
package { 'mypackage':
ensure => present,
}
file { '/etc/init.d/mypackage':
ensure => present,
content => template('mypackage/myinitd'),
require => Package['mypackage'],
}
This is if you want to use a template. For a file, instead of content use source: source => puppet://modules/mypackage/myinitd
After install gitolite in a GCP compute engine and added a new ssh public key in gitolite-admin/keydir/charley_rsa.pub and add a new repo for charley:
conf/gitolite.conf:
repo test
RW+ = charley
Then: git clone gitolite-admin in GCP local console is ok.
When we do git clone in remote local pc, it shows 'DENIED by fallthru' error
git clone ssh://git#serverip/test
Cloning into 'test'...
FATAL: R any test charley_rsa DENIED by fallthru
(or you mis-spelled the reponame)
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
( clone testing (#all) in remote local pc is ok )
finally, it's resolved after updating the public key filename
I used the id: charley in the conf file: gitolite.conf
repo test
RW+ = charley
after change the public ssh key filename
from "charley_rsa.pub" to "charley.pub"
ssh -i ~/.ssh/id_rsa git#serverip info
hello charley, this is git#serverip running gitolite3 v3.6.6-13-g8bde76d on git 1.8.3.1
R W gitolite-admin
R W test
R W testing
The way you add new keys is by first cloning gitolite_admin repo, modifying it and pushing back: that triggers the recompilation of the ~/.gitolite/ configuration files.
If you do anything directly on the server, then follow "administering gitolite directly on the server"
You would need at least
gitolite compile; gitolite trigger POST_COMPILE
I am following the pluralsight's tutorial for puppet fundamentals by Ben Piper.
When installing the "vcsrepo" module in agents and downloading the repository the puppet agent run hangs.
Below is the excerpt from my puppet master "init.pp" file
I changed my puppetmaster init.pp file to use the ssh instead.
`file { '/home/vagrant/.ssh/id_rsa':
ensure => 'present',
}
vcsrepo { '/var/www/html':
ensure => 'present',
provider => 'git',
source => 'git#github.com:wikimedia/mediawiki.git',
user => 'vagrant',
revision => 'REL1_23',
require => File['/home/vagrant/.ssh/id_rsa'],
}
file { '/var/www/html/index.html':
ensure => 'absent',
}
File['/var/www/html/index.html'] -> Vcsrepo['/var/www/html']`
It now throws the below error
Notice: /Stage[main]/Linux/File[/info.txt]/content: content changed '{md5}dd4735ab73567a89caba62c6607e44b5' to '{md5}e30fa7cc7448a09071a0e4d33efa5986'
Notice: /Stage[main]/Mediawiki/Vcsrepo[/var/www/html]/ensure: Creating repository from present
Error: Execution of 'git clone git#github.com:wikimedia/mediawiki.git /var/www/html' returned 1:
Error: /Stage[main]/Mediawiki/Vcsrepo[/var/www/html]/ensure: change from absent to present failed: Execution of 'git clone git#github.com:wikimedia/mediawiki.git /var/www/html' returned 1:
I have shared my system's public key in github account
On Linux
Execute the following in the command line before executing the Git command:
export GIT_TRACE_PACKET=1
export GIT_TRACE=1
export GIT_CURL_VERBOSE=1
On Windows
Execute the following in the command line before executing the Git command:
set GIT_TRACE_PACKET=1
set GIT_TRACE=1
set GIT_CURL_VERBOSE=1
Cause
Error code 56 indicates a curl receive error of CURLE_RECV_ERROR which means there was some issue that prevented the data from being received during the clone process. Typically this is caused by a network setting, firewall, VPN client, or anti-virus that is terminating the connection before all data has been transferred.
Workaround
Switch to using SSH to perform the clone.