Fattening the workflow, part 2: r10k

December 1, 2020

In the previous post I discussed the control repository structure. In this post I'll talk about r10k. That tool is used for deploying control repository branches into matching Puppet environments on the Puppet server. Installing r10k is very straightforward with the bundled gem:

$ /opt/puppetlabs/puppet/bin/gem install r10k

After this you'll need a settings file for r10k, /etc/puppetlabs/r10k/r10k.yaml:

--- 
 :cachedir: /opt/puppetlabs/puppet/cache/r10k 
 :sources: 
 control: 
 basedir: /etc/puppetlabs/code/environments 
 prefix: false 
 remote: [email protected]:myorg/control-repo.git

Several requirements must be met before the configuration above will work:

The control repo (remote) must exist at the Git provider side
A private SSH key must be installed for the root user - assuming you run r10k as root
The public part of the SSH key must be added and given read-only access to the control repo. These keys are often called "deployment keys" at the Git provider side.
Similarly the deployment key must be added to all private Puppet module repositories at the Git provider side

Finally you need to let r10k know which SSK key it should use. This can be done by editing the SSH settings for root in the file /root/.ssh/config:

Host gitlab.com 
  StrictHostKeyChecking no 
  RSAAuthentication yes 
  IdentityFile /etc/puppetlabs/r10k/ssh/id_rsa 
  User git

The private part of the SSH key (for example id_rsa) will need to be at the above path (/etc/puppetlabs/r10k/ssh/id_rsa) and its file permissions need to be sufficiently limited (for example 0400).

At the end, if all goes well, you can turn all control repo branches into Puppet environments with r10k:

$ r10k deploy environment -vp

The parameter -p (alias --puppetfile) makes r10k update all modules listen in the Puppetfile. If that parameter is omitted only the control repo itself will be updated. I recommend locking the module versions in the Puppetfile: this avoids the -p switch from accidentally upgrading the Puppet modules to incompatible versions. Detailed instructions are available in the official documentation for r10k.

Most often you will be deploying a single environment, be it "production" or a feature environment. This can be done by defining the environment on the command-line:

$ r10k deploy environment my_feature -vp

Fattening the workflow series:

Read more on Puppet in our article What is Puppet and how does it work

#gitlab #puppet #ssh

What Is Puppet and How Does It Work

Puppet Starter Package

Samuli Seppänen

Author archive

Did you like the article?

Share it with others

Privacy policy

Puppeteers Oy, c/o LOV co-working space, Uudenmaankatu 1, 20500 Turku, Finland. Y-tunnus: 2919313-3 / VAT ID: FI29193133

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.