Anyone currently using Puppet environments, gitolite and the Puppet post-receive hook?

[Alex Scoble]

Hi All,

I'm trying to use gitolite to control who has access to our puppet code in git and running into problems with the Puppet Labs semi-official post-receive hook https://github.com/adrienthebo/puppet-git-hooks/blob/master/post-receive/dynamic-environments

I have gitolite working to where I can do all of the usual git commands on my repos, but the post-receive hook isn't working.

I get the following errors when doing a push:

remote: /usr/lib/ruby/1.8/fileutils.rb:1231:in `chown': Operation not permitted

- /etc/puppetlabs/puppet/environments/hieratest (Errno::EPERM)

remote:         from /usr/lib/ruby/1.8/fileutils.rb:1231:in `chown'

remote:         from /usr/lib/ruby/1.8/fileutils.rb:967:in `chown_R'

remote:         from /usr/lib/ruby/1.8/fileutils.rb:1331:in `traverse'

remote:         from /usr/lib/ruby/1.8/fileutils.rb:965:in `chown_R'

remote:         from /usr/lib/ruby/1.8/fileutils.rb:964:in `each'

remote:         from /usr/lib/ruby/1.8/fileutils.rb:964:in `chown_R'

remote:         from hooks/post-receive:95

remote:         from hooks/post-receive:39:in `each_line'

remote:         from hooks/post-receive:39

Does anyone have any ideas on how I can get the post-receive hook to work? Otherwise we won't be able to use gitolite and that would be a shame.

Regards,

Alex

[Alex Scoble]

My current solution is to have the post-receive hook put the pushed branch to /var/staging/environments and then have a cron job run every minute or so that rsyncs all of the environments (except for production, which will have to be synced manually) to /etc/puppetlabs/puppet/environments and manage the permissions (chown, chmod) with rsync as well.

It would be nicer to be able to do the rsync whenever a git push is done, but the mechanics of that are more complicated and a project for a later date.

Any thoughts?

--Alex

[Brendan]

Here's what I'm using.  Gitolite and puppet master run on the same box but don't have to.  

Note that master is mapped to production.  I also had some issues w/ ssh key so the post-receive is starting and killing ssh-agent.  it's not set up for pushing multiple branches at the same time but it should be an easy change

#!/bin/sh

read oldrev newrev refname

REPO="git@myhost:puppet-environments.git"

BRANCH=`echo $refname | sed -n 's/^refs\/heads\///p'`

BRANCH_DIR="/etc/puppet/environments"

SSH_ARGS="-i /home/git/.ssh/id_rsa"

SSH_DEST="puppet@myhost"

if [ "$BRANCH" == "master" ]

then

   BRANCHDEST="production"

else

   BRANCHDEST=$BRANCH

fi

if [ "$newrev" -eq 0 ] 2> /dev/null ; then

  # branch is being deleted

  echo "Deleting remote branch $BRANCH_DIR/$BRANCHDEST"

  ssh $SSH_ARGS $SSH_DEST /bin/sh <<-EOF

    cd $BRANCH_DIR && rm -rf $BRANCHDEST

EOF

else

  # branch is being updated

  echo "Updating remote branch $BRANCH_DIR/$BRANCHDEST"

  ssh  $SSH_ARGS $SSH_DEST /bin/sh <<-EOF

    { cd $BRANCH_DIR/$BRANCHDEST && git pull origin $BRANCH && ssh-agent -k; } \

    || { mkdir -p $BRANCH_DIR && cd $BRANCH_DIR \

         && git clone $REPO $BRANCHDEST && cd $BRANCHDEST \

         && git checkout -b $BRANCH origin/$BRANCH \

         && ssh-agent -k; }

EOF

fi