CSI - Code Workflow

Most of the information on this site is intended for our customers' consumption. We do have some process notes intended to guide CSI technical staff through the environments' implementation. In general, these notes assume familiarity with our back-end processes and are not as "user friendly" as we hope to make the rest of the site.
We include these docs here so that they are available in the off chance that they might prove of interest.

Workflow Introduction

We use github to manage puppet code. To ease the process of getting the code into puppet we use a tool called r10k. This tool is triggered by a push from git, and deploys new code to the puppet server. From here, Foreman queries the Puppet API to pull in environments and classes.

Puppet Troubleshooting

The most common issue is a silent failure due to improper puppet code. The best way to prevent this is by validating your puppet code with puppet lint. You can check for errors in the logs on the puppet master, in /var/log/puppetlabs/puppetserver/puppetserver.log.

r10K Troubleshooting

r10k runs on the puppet master. The first thing to check is the webhook in github. You’ll need to be a repo owner to see this. You can easily verify that the last few pushes succeeded here.

You can also do a manual r10k deploy to check and see if code is flowing:

/opt/puppetlabs/puppet/bin/r10k deploy environment <branch> -pv

There is a script in /root/foreman/r10k.sh that is used to configure r10k initially that may help troubleshooting as well.

Foreman-Puppet Communications

Foreman communicates with Puppet via a Foreman-Proxy running on the puppet master. It makes api calls to pull in environment and class information. There is a script in roots home directory on the Foreman server to aid in troubleshooting these calls. The api calls are documented here. You can pass these calls to the script and it will make them for you.

[root@bld200 ~]# ./fake-pm-proxy /puppet/environments/production/classes | jq . | grep role
    "ncsu::role": {
      "name": "role",
    "ncsu::role::generic": {
      "name": "role::generic",
    "ncsu::role::no_role": {
      "name": "role::no_role",
        "roleparams": {}

If you’re able to see the latest puppet code in /etc/puppetlabs/code/environments//modules/ but unable to see the roles or environments with the above script restarting the `puppetserver` process on the Puppet Master will typically resolve the issue.

#!/bin/sh

puppet_proxy="https://pm00.oit.ncsu.edu:8443"
wget_options="
        -q
        --no-proxy
        --output-document=-
        --certificate=/etc/puppetlabs/puppet/ssl/certs/bld200.oit.ncsu.edu.pem
        --private-key=/etc/puppetlabs/puppet/ssl/private_keys/bld200.oit.ncsu.edu.pem
        --ca-certificate=/etc/puppetlabs/puppet/ssl/certs/ca.pem
        --remote-encoding=application/json
"
url=$1
shift

wget $wget_options "$@" $puppet_proxy$url
echo ''
Tags:
Edit me