Changeset View
Changeset View
Standalone View
Standalone View
sysadm/puppet/howto-manage-third-party-modules.rst
.. _puppet_third_party: | .. _puppet_integration_of_third_party_puppet_modules: | ||||
How to manage Third-Party modules | How to manage Third-Party modules | ||||
================================= | ================================= | ||||
.. todo:: | Integration of third party puppet modules | ||||
This page is a work in progress. Please refer to the `existing documentation | ----------------------------------------- | ||||
<https://forge.softwareheritage.org/source/puppet-environment/>`_ and `the | |||||
wiki page <https://wiki.softwareheritage.org/wiki/Puppet_setup>`_. | We mirror external repositories to our own forge, to avoid having external dependencies | ||||
in our deployment. | |||||
In the *swh-site* ``Puppetfile``, we pin the installation of those modules to the | |||||
highest version (that works with our current puppet/facter version), by using the *:ref* | |||||
specifier. | |||||
.. _adding_a_new_external_puppet_module: | |||||
Adding a new external puppet module | |||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |||||
In the *puppet-environment* repository, the ``bin/import-puppet-module`` takes care of | |||||
the following tasks: | |||||
- Getting metadata from the `Puppet forge <https://forge.puppetlabs.com/>`_ for the | |||||
module (description, upstream git URL) | |||||
- Cloning the repository | |||||
- Creating a mirror repository on the Software Heritage forge, with the proper | |||||
permissions and metadata (notably the *Sync to GitHub* flag) | |||||
- Pushing the clone to the forge | |||||
- Updating the .mrconfig and .gitignore files | |||||
To be able to use the script, you need: | |||||
- Be a member of the `System Administrators | |||||
<https://forge.softwareheritage.org/project/members/7/>`_ Phabricator group | |||||
- Have the :ref:`Arcanist <swh-devel:arcanist-configuration>` API key setup | |||||
- A pair of python dependencies: ``python3-phabricator`` and ``python3-requests`` (pull | |||||
them from testing if needed). | |||||
Example usage to pull the `elastic/elasticsearch | |||||
<https://forge.puppetlabs.com/elastic/elasticsearch>`_ module | |||||
:: | |||||
bin/import-module elastic-elasticsearch | |||||
git diff # review changes | |||||
git add .mrconfig .gitignore | |||||
git commit -m "Add the elastic/elasticsearch module" | |||||
git push | |||||
Once the module is added, you need to register it in the *swh-site* `Puppetfile | |||||
<https://forge.softwareheritage.org/source/puppet-swh-site/browse/production/Puppetfile>`_. | |||||
You should also check in the module metadata whether any dependencies need importing as | |||||
well, which you should do using the same procedure. | |||||
.. _updating_external_puppet_modules: | |||||
Updating external puppet modules | |||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |||||
There's two sides of this coin: | |||||
.. _updating_our_git_clone_of_external_puppet_modules: | |||||
Updating our git clone of external puppet modules | |||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |||||
The *puppet-environment* ``.mrconfig`` file has a ``pullup`` command which does the | |||||
right thing. | |||||
To update all clones: | |||||
:: | |||||
mr -j4 pullup | |||||
.. _upgrading_external_puppet_modules: | |||||
Upgrading external puppet modules | |||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |||||
Upgrading external puppet modules happens manually. | |||||
In the *puppet-environment* repository, the ``bin/check-module-updates`` script compares | |||||
the Puppetfile and the local clones and lists the available updates. (depends on ``ruby | |||||
r10k``). | |||||
On a staging branch of the *swh-site* repository, update the ``:ref`` value for the | |||||
module in the ``Puppetfile`` to the latest tag. You can then run ``octocatalog-diff`` on | |||||
a few relevant servers and look for changes. |