Intended audience

staff members with enough permissions to deploy


Deprecated documentation. Since we migrated to gitlab, the referenced script must be adapted to work with it.

How to manage Third-Party modules#

Integration of third party puppet modules#

We mirror external repositories to our own forge, to avoid having external dependencies in our deployment.

In the swh-site Puppetfile, we pin the installation of those modules to the highest version (that works with our current puppet/facter version), by using the :ref specifier.

Adding a new external puppet module#

Deprecation notice

This needs refactoring as the script mentioned in this section is not yet ported to use our new gitlab instance

In the puppet-environment repository, the bin/import-puppet-module takes care of the following tasks:

  • Getting metadata from the Puppet forge for the module (description, upstream git URL)

  • Cloning the repository

  • Creating a mirror repository on the Software Heritage forge, with the proper permissions and metadata (notably the Sync to GitHub flag)

  • Pushing the clone to the forge

  • Updating the .mrconfig and .gitignore files

To be able to use the script, you need:

  • Be a member of the System Administrators Phabricator group

  • Have the Arcanist API key setup

  • A pair of python dependencies: python3-phabricator and python3-requests (pull them from testing if needed).

Example usage to pull the elastic/elasticsearch module

bin/import-module elastic-elasticsearch
git diff # review changes
git add .mrconfig .gitignore
git commit -m "Add the elastic/elasticsearch module"
git push

Once the module is added, you need to register it in the swh-site Puppetfile.

You should also check in the module metadata whether any dependencies need importing as well, which you should do using the same procedure.

Updating external puppet modules#

There’s two sides of this coin:

Updating our git clone of external puppet modules#

The puppet-environment .mrconfig file has a pullup command which does the right thing.

To update all clones:

mr -j4 pullup

Upgrading external puppet modules#

Upgrading external puppet modules happens manually.

In the puppet-environment repository, the bin/check-module-updates script compares the Puppetfile and the local clones and lists the available updates. (depends on ruby r10k).

On a staging branch of the swh-site repository, update the :ref value for the module in the Puppetfile to the latest tag. You can then run octocatalog-diff on a few relevant servers and look for changes.