Configuring Git settings

To configure Code Manager to use a private key, a proxy, or multiple Git source repositories, specify the following Git parameters on the puppet_enterprise::master::code_management class in Hiera (not the puppet_enterprise::master::code_manager class.

You can't use these parameters with the default Code Managerr10k_private_key settings. To avoid errors, remove the r10k_private_key parameter from the puppet_enterprise::profile::master class. The older puppet_enterprise::master::code_manager::git_settings parameter also conflicts with these Git parameters. The new code_managementclass parameters overrides the older code_manager git_settings parameter. To avoid errors, remove the old git_settings parameter from the puppet_enterprise::master::code_manager class.

git_private-key

The git_private-key is required if using the SSH protocol for Git remotes, this value is overridden if the puppet_enterprise::profile::master::r10k_private_key parameter is set.

Use git_private-key to specify the path to the file containing the default private key that you want Code Manager to use to access control repos, for example:

puppet_enterprise::master::code_management::git_private_key: ‘/etc/puppetlabs/puppetserver/ssh/id-control_repo.ed25519’
The pe-puppet user must have read permissions for the private key file, and the SSH key can't require a password.

git_proxy

The git_proxy parameter sets a proxy specifically for Git operations that use an HTTP(S) transport. This setting overrides the global proxy setting but only for Git operations (For more information, refer to the global proxy setting). You can set an unauthenticated proxy or an authenticated proxy with either Basic or Digest authentication. For example:

puppet_enterprise::master::code_management::git_proxy: 'http://proxy.example.com:3128'

To set a proxy for only one specific Git repository (or when you have multiple control repos), set proxy within the repositories key.

If you set a global proxy, but you don't want Git operations to use a proxy, set git_proxy to an empty string.

git_provider

The git_provider parameter value is overridden if the puppet_enterprise::profile::master::r10k_git_provider parameter is set. The git_provider must be one of rugged or shellgit, for example:

puppet_enterprise::master::code_management::git_provider: ‘rugged’

git_oauth_token

The git_oauth_token parameter is required if using OAuth authenticated Git remotes over the HTTPS protocol. Use git_oauth_token to specify the path to the file containing the token that you want Code Manager to use to access control repos, for example: 

puppet_enterprise::master::code_management::git_oauth_token: ‘/etc/puppetlabs/puppetserver/security/github-oauth’
pe-puppet users must have read permissions for the OAuth token file.

git_default_ref

Use git_default_ref to specify the ref R10K to use if no ref is specified for a module declaration in a Puppetfile, for example:

puppet_enterprise::master::code_management::git_default_ref: ‘main’

repositories

The repositories key specifies a list of repositories and their respective private keys or proxies. Use repositories if:

  • You need to configure different proxy settings for specific repos, instead of all Git operations.
If you have multiple control repos, the sources setting and the repositories setting must match.