File: providers.mkd

package info (click to toggle)
r10k 5.0.0-2
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 2,228 kB
  • sloc: ruby: 18,180; makefile: 10; sh: 1
file content (133 lines) | stat: -rw-r--r-- 4,446 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
 
Git Providers
=============

As of 1.5.0, r10k can interact with Git repositories using multiple Git
providers.

Shellgit
--------

The shellgit provider is the original Git provider that is based on shelling out
to the `git` binary. It relies on the standard set of Git userland executables
in order to work.

The shellgit provider is the default Git provider in order to maintain
compatibility with existing r10k installations.

### Requirements

The shellgit provider requires that `git` can be found on the `PATH` environment
variable. This can be done by installing the git package via the system package
manager.

### SSH Configuration

Because the shellgit provider relies on the `git` command which in turn uses the
`ssh` binary as the SSH transport layer, configuring access to Git repositories
over SSH is done by configuring the underlying `ssh` command.

Rugged
------

The rugged provider is based on the [libgit2](https://github.com/libgit2/libgit2)
library and the Ruby [rugged gem](https://github.com/libgit2/rugged).

### SSH Configuration

Since the rugged provider does not read ~/.ssh if using SSH based Git
repositories, the 'private_key' option must be provided. An optional 'username'
field can be provided when the Git remote URL does not provide a username.

```yaml
git:
  private_key: '/root/.ssh/id_rsa'
  username: 'git'
```

If you have per repository private keys you can add them with the repositories list.

```yaml
git:
  # default private key
  private_key: '/root/.ssh/id_rsa'
  repositories:
    - remote: "git@github.com:my_org/private_repo"
      # private key for this repo only
      private_key: '/root/.ssh/private_repo_id'
```

### HTTPS Configuration

Public HTTPS based Git repositories can be accessed with no additional settings.
For repos that do require authentication, the 'oauth_token' option may be provided.

```yaml
git:
  oauth_token: '/etc/puppetlabs/r10k/token'
```

If you have per repository access tokens you can add them with the repositories list.

```yaml
git:
  # default access token
  oauth_token: '/etc/puppetlabs/r10k/token'
  repositories:
    - remote: "https://github.com/my_org/private_repo.git"
      # access token for this repo only
      oauth_token: '/etc/puppetlabs/r10k/private_repo_token'
```

#### Supported transports with Rugged

Rugged compiles libgit2 and and the Ruby bindings when the gem is installed. You
may need libraries installed before you install the gem to use certain protocols
to access git remote repositories.

For ssh support, you need to have libssh2 installed (along with the relevant dev
package/headers) before you install the Rugged gem.

For https support on Linux, you need to have OpenSSL installed (along with the
relevant dev package/headers) before you install the Rugged gem. OS X and
Windows support should automatically include https support.

You can check whether https or ssh support is included in your Rugged
installation by using the following in irb and making sure the required feature
is listed:

```ruby
irb(main):001:0> require('rugged')
=> true
irb(main):002:0> Rugged.features
=> [:threads, :https, :ssh]
irb(main):003:0>
```
You will require the ':https' or ':ssh' features to use the respective protocols
in your Puppetfile module references or in r10k.yaml. R10K 2.0.0 and later will
automatically issue a warning if either feature is missing.

libssh2 on Debian and Ubuntu is compiled against libgcrypto instead of OpenSSL
[due to licensing reasons](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668271), and
unfortunately libgcrypto does not support a number of required operations,
including reading from a private key file. You will need to either use shellgit
or recompile your own libssh2-1 package to use OpenSSL on these distributions.
If you see the following error message, this is the likely cause:

    Failed to authenticate SSH session: Unable to extract public key from private key file: Method unimplemented in libgcrypt backend at /var/cache/r10k/ssh---git@git.example.com-sys-puppet.git

Configuration
-------------

R10K will attempt to use the shellgit provider, then fall back to the rugged
provider, and then hard fail if no Git provider is available.

The Git provider in use can be manually specified by specifying the desired
provider in r10k.yaml.

```yaml
git:
  provider: 'rugged'
```

Valid values are 'rugged' and 'shellgit'. If an invalid value is used r10k will
raise an error.