Configuring r10k

To configure r10k:

  • During a clean PE installation, provide parameters to pe.conf, or
  • After installation or upgrade, set parameters in the master profile class in the PE console.

If you are upgrading from previous version of r10k, see Upgrading from previous versions of r10k, below.

Warning: Do not edit r10k’s configuration manually. Puppet manages this configuration file automatically and will undo any manual changes you make.

Before you begin, you should have already set up a [control repo][control_repo] and a Puppetfile.

Configure r10k during PE installation

During a fresh installation of Puppet Enterprise, you can provide parameters in pe.conf that automatically configure r10k. Note that these can only be used with text-mode installation, not with the web-based installation.

  1. Add the following two parameters to pe.conf before installation:

    • puppet_enterprise::profile::master::r10k_remote

    This setting specifies the location of the control repository. It accepts a string that is a valid URL for your Git control repository. For example:

    "puppet_enterprise::profile::master::r10k_remote": "git@<YOUR.GIT.SERVER.COM>:puppet/control.git"
    
  • puppet_enterprise::profile::master::r10k_private_key

This setting specifies the path to the file that contains the SSH private key used to access your Git repositories. The pe-puppet user must be able to access this location; we recommend /etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa.

This SSH private key file, which you created when you set up your control repository, must be located on the Puppet master and owned by the pe-puppet user. After PE installation is completed, place the key in the specified location. You’ll do this in step 3 below.

The setting accepts a string, such as:

"puppet_enterprise::profile::master::r10k_private_key": "/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa"

With the two answers above, the installer configures r10k for you. You can change the values for the remote and the private key as needed in the master profile settings in the PE console.

  1. Complete PE installation.

  2. After PE installation is complete, place the SSH private key you created when you set up your control repository in the r10k_private_key location.

Configure r10k after PE installation

To configure r10k after installing PE or in an existing PE installation, set parameters in the PE console. You can also adjust r10k’s settings here.

  1. In the console, set the following parameters in the puppet_enterprise::profile::master class in the PE Master node group:
    • r10k_remote: This is the location of your control repository. Enter a string that is a valid URL for your Git control repository. For example: "git@<YOUR.GIT.SERVER.COM>:puppet/control.git".
    • r10k_private_key: This is the path to the private key that permits the pe-puppet user to access your Git repositories. This file must be located on the Puppet master, owned by the pe-puppet user, and in a directory that the pe-puppet user has permission to view. We recommend /etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa. Enter a string, such as "/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa".
  2. Run Puppet on all of your masters.

Upgrading from previous versions of r10k

If you used r10k prior to PE 2015.3, you might have configured r10k in the PE console using the pe_r10k class. If so, you aren’t required to change that.

However, we suggest configuring r10k in the master profile class, and then customizing your configuration as needed in Hiera. This simplifies configuration, and makes it easier if you want to move to Code Manager in the future.

To switch, remove the pe_r10k class in the PE console, and then configure as described above. You can further customize your configuration in Hiera as needed.

Note: If you were using earlier versions of r10k with the zack-r10k module, switch to the master profile configuration as above.

Next steps

If you need to customize your r10k configuration, you can do so via Hiera.

After r10k is configured, you can run r10k. PE does not automatically run r10k at the end of installation.

↑ Back to top