Forge Home


A module for configuring Code Manager in Puppet Enterprise


14,370 latest version

4.3 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 2.0.1 (latest)
  • 2.0.0 (deleted)
  • 1.0.12
  • 1.0.11
  • 1.0.10
  • 1.0.9
  • 1.0.8
  • 1.0.7
  • 1.0.5
  • 1.0.4
  • 1.0.3
  • 1.0.2
  • 1.0.1
  • 1.0.0
released Dec 9th 2016
This version is compatible with:
  • Puppet Enterprise >= 2015.3.0
  • , , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'npwalker-pe_code_manager_webhook', '2.0.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add npwalker-pe_code_manager_webhook
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install npwalker-pe_code_manager_webhook --version 2.0.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



npwalker/pe_code_manager_webhook — version 2.0.1 Dec 9th 2016

Table of Contents


This module allows for easy setup and configuration of PE code manager in PE2015.3 and above. If you are using PE 2015.2 then the module will default to installing the zack/r10k webhook.

Upon upgrading to 2015.3 the module will uninstall zack/r10k and attempt to use code manager but this requires that you've set the correct parameters in the puppet_enterprise module for it to work.

This module was originally a very prescriptive profile in the puppetlabs-rampupprogram/control-repo but is now here as its own module to make it more widely available.

What Does This Module Provide You?

  1. A new RBAC role for deploying code ( Deploy Environments )
  2. A new RBAC user for deploying code ( code_manager_service_user )
  3. An infinite liftetime token from the RBAC user for use in a webhook
  4. A newly generated SSH key with the correct permissions to be used by code manager
  • And for you to setup in your Git server of choice as a deploy key
  1. Correctly chowns the $codedir so that code manager can deploy to it
  2. A file containing the webhook url to paste into your Git UI
  • Located at /etc/puppetlabs/puppetserver/.puppetlabs/webhook_url.txt by default

Easy Button Setup

  1. Login to the PE console
  2. Navigate to the Classification page
  • Click on the PE Master group
  • Click the Classes tab
    • Find the puppet_enterprise::profile::master class
      • Set the code_manager_auto_configure to true
      • Set the r10k_remote to the SSH url of your git repo
      • Set the r10k_private_key parameter to /etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa
    • Commit your changes
  1. Enable code mananger then install and run this module:

    puppet agent -t
    puppet module install npwalker-pe_code_manager_webhook
    chown -R pe-puppet:pe-puppet /etc/puppetlabs/code/
    puppet apply -e "include pe_code_manager_webhook::code_manager"
  2. Configure a deploy key in your Git server using the SSH key created by the module

  • You'll paste cat /etc/puppetlabs/puppetserver/ssh/
  1. Create a webhook on the control-repo repository in your Git server UI
  • The URL to connect to code manager is found at /etc/puppetlabs/puppetserver/.puppetlabs/webhook_url.txt
  1. Assuming this was a new install with no previous code in the code directory then everything worked. If not, try clearing all of the code and redeploying it with code manager
  • echo 'code_manager_mv_old_code=true' > /opt/puppetlabs/facter/facts.d/code_manager_mv_old_code.txt; puppet agent -t

Other Notes:

Disable Webhook Auth If Using Gitlab Version < 8.5

If you are using Gitlab < 8.5 as your git UI then you will also need to set the following hiera key to disable authentication to the code manager webhook. This is because gitlab currently does not allow for webhook urls that are longer than 255 characters while the RBAC token you need to place in the URL is, on its own, longer than 255 characters.

If you are using an older version of gitlab ( before version 8 ) then you will not have the ability to disable ssl verification either and would need to disable the webhook authentication on code manager.

puppet_enterprise::master::code_manager::authenticate_webhook: false

Relation to the puppetlabs-rampupprogram/control-repo

This module was created as a part of the puppetlabs-rampupprogram/control-repo and for the time being the documentation in that control-repo may also serve as a useful supplement to this module.

In fact if you are a new user of PE then you may consider using the puppetabs/control repo instead of trying to implement this module on its own.

The Zack/r10k functionality of the Module is Undocumented

The purpose of this module is mostly for configuring code manager but the zack/r10k functionality is left in place undocumented.