{"id":32129585,"url":"https://github.com/adobe/spinnaker-puppet","last_synced_at":"2026-02-23T04:32:47.997Z","repository":{"id":57634873,"uuid":"178004746","full_name":"adobe/spinnaker-puppet","owner":"adobe","description":"Spinnaker puppet module","archived":false,"fork":false,"pushed_at":"2024-06-02T23:58:47.000Z","size":33,"stargazers_count":5,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2026-02-20T19:03:17.385Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Puppet","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/adobe.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-03-27T13:54:09.000Z","updated_at":"2020-11-15T03:27:55.000Z","dependencies_parsed_at":"2022-09-13T04:24:04.302Z","dependency_job_id":null,"html_url":"https://github.com/adobe/spinnaker-puppet","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/adobe/spinnaker-puppet","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adobe%2Fspinnaker-puppet","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adobe%2Fspinnaker-puppet/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adobe%2Fspinnaker-puppet/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adobe%2Fspinnaker-puppet/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/adobe","download_url":"https://codeload.github.com/adobe/spinnaker-puppet/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adobe%2Fspinnaker-puppet/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29738079,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-23T02:24:00.660Z","status":"ssl_error","status_checked_at":"2026-02-23T02:22:56.087Z","response_time":90,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-10-21T01:20:09.631Z","updated_at":"2026-02-23T04:32:47.989Z","avatar_url":"https://github.com/adobe.png","language":"Puppet","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Spinnaker module\n\n#### Table of Contents\n- [Overview](#overview)  \n- [Features](#features)  \n- [Usage](#usage)  \n- [Variables](#variables)\n- [Spinnaker RPMs](#spinnaker-rpms)\n- [Baking with Rosco](#baking-with-rosco)\n- [Environment variables](#environment-variables)\n- [Using secrets during Bake](#using-secrets-during-bake)\n- [Supported Platforms](#supported-platforms)\n- [Known missing features](#known-missing-features)\n- [Support](#support)\n\n\u003ca name=\"overview\"/\u003e\n\n#### Overview\n\nInstall Spinnaker and all of its dependencies for a fully functional deployment using Puppet on Virtual or Physical machines.\n\n\u003ca name=\"features\"/\u003e\n\n#### Features\n\nThe module will install and configure all Spinnaker microservices (others may be added in the future).\n\nFor now the module can configure Spinnaker to deploy in AWS and Kubernetes; more can be added\n\nUses a single Redis endpoint (Elasticache)\n\nUses LDAP for authentication; can be further expanded to include OKTA and others\n\nUses Rosco for baking AMIs, the current supported Operating Systems for bake are:\n* CentOS6\n* CentOS7\n* Amazon Linux 2014\n* Amazon Linux 2017\n* Amazon Linux 2\n\nThe aws-ebs.json Packer file is used to bake all Operating Systems; the baked platform is dictated by the source AMI ID used in Spinnaker when baking\n\nThe install_packages.sh script is used during the baking process, it handles all aspects of the instance creation (installation and configuration of packages). Note that this may be the most problematic part since it covers our scenarios for the moment. You can further expand on this script and add new features.\n\n\u003ca name=\"usage\"/\u003e\n\n#### Usage\n\nThe Puppet module can be invoked as seen in the following example:\n```puppet\n  class {'spinnaker':\n    deck_baseurl               =\u003e my_deck_url,\n    deck_gateurl               =\u003e my_gate_url,\n    aws_default_region         =\u003e region,\n    aws_default_storage_bucket =\u003e s3_bucket_name,\n    redis_server               =\u003e endpoint_of_redis,\n    gate_ldap_url              =\u003e ldap_url,\n    fiat_ldap_url              =\u003e ldap_url\n  }\n\n```\n\n\u003ca name=\"variables\"/\u003e\n\n#### Variables:\n\nBellow you will find all variables part of this module that have been used and tested, note that there may be others defined but not currently used.\n\n##### `spinnaker_timezone`\nThe Spinnaker timezone, defaults to UTC\n\n##### `spinnaker_version`\nThe Spinnaker app version, defaults to ``installed``\n\n##### `clouddriver_version`\nThe Clouddriver app version, defaults to ``installed``\n\n##### `deck_version`\nThe Deck app version, defaults to ``installed``\n\n##### `echo_version`\nThe Echo app version, defaults to ``installed``\n\n##### `fiat_version`\nThe Fiat app version, defaults to ``installed``\n\n##### `front50_version`\nThe Front50 app version, defaults to ``installed``\n\n##### `igor_version`\nThe Igor app version, defaults to ``installed``\n\n##### `orca_version`\nThe Orca app version, defaults to ``installed``\n\n##### `rosco_version`\nThe Rosco app version, defaults to ``installed``\n\n##### `monitoring_daemon_version`\nThe Monitoring_daemon app version, defaults to ``installed``\n\n##### `clouddriver_aws_accounts`\nAWS accounts used by clouddriver, you can have one or more accounts listed as follows:\n```yaml\n  - name: default\n    accountId: account_id\n    regions:\n      - us-east-1 // region_1\n      - us-west-2 // region_2\n    lifecycleHooks: // if lifecycle hooks are used\n      - defaultResult: 'CONTINUE'\n        heartbeatTimeout: 7200\n        lifecycleTransition: 'autoscaling:EC2_INSTANCE_TERMINATING' // during the EC2 terminating phase\n        notificationTargetARN: 'sns_arn' // SNS topic used for ASG lifecycle hook notifications\n        roleARN: 'role_arn' // lifecycle hook assumed role\n      - defaultResult: 'CONTINUE'\n        heartbeatTimeout: 1200\n        lifecycleTransition: 'autoscaling:EC2_INSTANCE_LAUNCHING' // during the EC2 launching phase\n        notificationTargetARN: 'sns_arn'\n        roleARN: 'role_arn'\n  - name: account_2\n    ...\n```\n\n##### `aws_ami`\nThe bake template used by Rosco. Once this is configured, the template will be seen in the Spinnaker UI in the ``Base OS`` section of the Bake stage \n```yaml\n  - id: Bake-AMI\n    shortDescription: \"Bake what AMI you want\"\n    packageType: rpm // what artifacts will be installed during the bake process\n    templateFile: aws-ebs.json // the Packer config file, defaults to aws-ebs.json\n    regions:\n      - region: us-east-1 // AWS region where the bake instance will be deployed\n        sourceAmi: ami-id // default AWS source AMI used\n```\n\n##### `clouddriver_assumerole`\nThe default AWS IAM role assumed by Clouddriver\n\n##### `runas_user`\nThe user under which Spinnaker runs, defaults to ``root``\n\n##### `runas_group`\nThe group under which Spinnaker runs, defaults to ``root``\n\n##### `aws_enabled`\nWeather or not the Spinnaker setup is done in AWS\n\n##### `aws_default_region`\nDefault AWS region, defaults to ``us-east-1``\n\n##### `aws_primary_credentials`\nDefault credentials used by Spinnaker, defaults to ``default``\n\n##### `aws_default_iam_role`\nDefault AWS IAM role used by Spinnaker instances\n\n##### `aws_default_storage_bucket`\nDefault S3 bucket used by Spinnaker\n\n##### `docker_enabled`\nIf Docker registries are enabled or not\n\n##### `clouddriver_docker_registries`\nDocker registries used by Clouddriver:\n```yaml\n  - name: docker-test // the name of the Docker registry as will be seen in the Spinnaker UI\n    address: docker-test-url // URL endpoint of the Docker registry\n    username: username // username used to fetch images from the registry\n    password: ENC[password] // password for the username\n    repositories:\n  - name: docker-production\n    address: docker-production-url\n    username: username\n    password: ENC[password]\n    repositories:\n```\n##### `kubernetes_enabled`\nIf Spinnaker will be used to deploy charts on Kubernetes\n\n##### `kubernetes_cluster_name`\nKubernetes cluster name as will appear in the Spinnaker UI\n\n##### `kubernetes_api_address`\nKubernetes API endpoint\n\n##### `kubernetes_api_certificate`\nKubernetes API certificate\n\n##### `kubernetes_service_account_name`\nKubernetes service account name\n\n##### `kubernetes_service_account_token`\nKubernetes service account token\n\n##### `clouddriver_kubernetes_accounts`\nAccounts used by Clouddriver\n```yaml\n  - name: kubernetes-account // account name\n    docker_registries: // docker registries used by this account\n      - docker-test\n      - docker-production \n```\n\n##### `kubectl_version`\nKubectl version used by Spinnaker\n\n##### `front50_redis_enabled`\nIf Front50 uses Redis or not, defaults to ``true``\n\n##### `front50_s3_enabled`\nIf Front50 uses S3 or not\n\n##### `igor_enabled`\nIf Igor is enabled or not, defaults to ``false``\n  \n##### `jenkins_enabled`\nIf Jenkins is enabled or not, defaults to ``false``\n\n##### `deck_baseurl`\nSpinnaker UI url\n\n##### `deck_gateurl`\nSpinnaker API url \n\n##### `deck_domain`\nDeck URL domain name\n\n##### `deck_auth_enabled`\nIf Deck authentication is enabled\n\n##### `echo_port`\nDefault echo port, defaults to ``8009``\n\n##### `echo_cassandra_enabled`\nIf Cassandra is enabled or not\n\n##### `echo_inMemory_enabled`\nEcho inMemory trigger \n\n##### `echo_cron_enabled`\nIf Echo crons are enabled or not\n\n##### `echo_mail_enabled`\nIf Echo mails are enabled or not\n\n##### `echo_mail_host`\nEcho mail sending host\n\n##### `echo_mail_fromAddress`\nEcho mail from to address\n\n##### `echo_hipchat_enabled`\nEcho hipchat trigger\n\n##### `echo_hipchat_url`\nEcho hipchat endpoint\n\n##### `echo_hipchat_token`\nEcho hipchat API token\n\n##### `echo_hipchat_botName`\nEcho hipchat bot name\n\n##### `echo_sms_enabled`\nEcho sms trigger\n\n##### `echo_sms_account`\nEcho sms account name\n\n##### `echo_sms_token`\nEcho sms token\n\n##### `echo_sms_from`\nEcho sms from to entity\n\n##### `echo_slack_enabled`\nEcho Slack trigger\n\n##### `echo_slack_token`\nEcho Slack token\n\n##### `echo_slack_botname`\nEcho Slack bot name\n\n##### `default_protocol`\nSpinnaker default protocol\n\n##### `default_host`\nSpinnaker default host\n\n##### `redis_server`\nRedis server hostname\n\n##### `redis_port`\nRedis server port\n\n##### `redis_configuration_secure`\nRedis trigger secure config\n\n##### `docker_targetRepository`\nDocker repository\n\n##### `gate_ldap_url`\nGate LDAP endpoint\n\n##### `gate_ldap_userDnPattern`\nGate LDAP user pattern\n\n##### `gate_port`\nGate port\n\n##### `gate_host`\nGate hostname\n\n##### `gate_ldap_enabled`\nGate LDAP integration trigger\n\n##### `fiat_enabled`\nFiat trigger\n\n##### `fiat_ldap_url`\nEcho LDAP endpoint\n\n##### `fiat_userDnPattern`\nFiat LDAP user filtering \n\n##### `fiat_managerDn`\nFiat LDAP service account\n\n##### `fiat_managerPassword`\nFiat LDAP service account password\n\n##### `fiat_groupSearchBase`\nFiat LDAP group filtering\n\n##### `fiat_groupSearchFilter`\nFiat LDAP group search filter\n\n##### `fiat_groupRoleAttributes`\nFiat LDAP group role attributes\n\n##### `chaos_enabled`\nChaos trigger\n\n##### `rosco_configDir`\nRosco configuration directory\n\n##### `monitoring_gateUser`\nRosco monitoring username\n\n##### `monitoring_gatePassword`\nRosco monitoring password\n\n##### `packer_ssh_interface`\nPacker interface used for ssh, defaults to ``private_ip ``\n\n##### `packer_vpc_id`\nRosco VPC id where the Packer instance will be bootstrapped\n\n##### `packer_subnet_id`\nRosco subnet ID where the Packer instance will be bootstrapped\n\n##### `packer_temporary_security_group_source_cidr`\nRosco the source CIDR block from where ssh connections will be allowed, defaults to ``172.16.0.0/12``\n\n\u003ca name=\"spinnaker-rpms\"/\u003e\n\n#### Spinnaker RPMs\n\nWe are currently creating our own Spinnaker RPMs which will be published (hopefully) soon on a public repository.\n\n\u003ca name=\"baking-with-rosco\"/\u003e\n\n#### Baking with Rosco\n\nYou can use Spinnaker to bake AMIs for different Operating Systems, you can perform such operation during the \"Bake\" stage of your pipeline.\n\nBehind the scenes, Rosco uses Packer for baking any AMI. A multi-layered approach can be used in which you bake a \"Base\" AMI then build other \"Application specific\" AMIs on top. \n\nThis deployment uses a single Packer configuration file (`aws-ebs.json`) for baking.\n```bash\nbootstrap_env_1..10 # environment variables used during the bootstrap process\nbootstrap_secrets_1..10 # secrets extracted during the bake process\nbake_env_1 .. 10 # environment variables used during the bake process\naws_iam_instance_profile # the instance profile used by the Packer machine\nami_os # the OS of the baked instance\nami_name # the name of the AMI\nupgrade # if yum upgrade is needed before baking\npackages # list of packages in the order of install\n\n```\n\nThe `install_packages.sh` script uses all the logic for baking an AMI. There is a brief description of the script's purpose in its header.\n\n\u003ca name=\"environment-variables\"/\u003e\n\n#### Environment variables\n\nAre passed in the \"Bake\" stage as key/value entries in the \"Extended Attributes\" section.\n\nYou are probably wondering why there are `bootstrap_env_*`, `bootstrap_secrets_*` and `bake_env_*` variables used in the install_packages script. \n\nWhat's important to note is that by default, the `bootstrap_env` and `bootstrap_secrets` variables are persisted on disk after the AMI has been created. \n\nThese variables can be used by applications running on the actual production instance once deployed. \n\nThis is our way of creating semi-immutable EC2 instances. Every change in the instance results in a new bake and deploy operation.\n\nYou can decide to stop these variables from being written on the disk by using the `persist_variables` trigger.\n\nThe `bake_env` variables are only used during the bake process and are never persisted to disk.\n\nAll these environment variables are treated as lists and each one can have multiple values separated by the comma character, as follows:\n```bash\nbootstrap_env_1 = script_variable1=test\nbootstrap_env_2 = script_variable2=test2,script_variable3=test3\n\nbake_env_1 = var1=false,var2=test\n\nbootstrap_secrets_1 = mysecret1=ssm://MY_SECRET1,mysecret1=ssm://MY_SECRET2\nbootstrap_secrets_2 = mysecret3=ssm://MY_SECRET3\n```\n\n\u003ca name=\"using-secrets-during-bake\"/\u003e\n\n#### Using secrets during Bake\n\nThe bootstrap_secrets_* variables values are prefixed by the \"secret provider\" (e.g. ssm, vault). \n\nThe install_packages script will try to fetch those secrets and use them (if needed) during the bake or the startup phase (if secrets are persisted on disk).\n\nIn the following example, a variable named repository_password is defined in the \"Extended Attributes\" section of the bake stage:\n```bash\n  repository_password=ssm://REPOSITORY_PASSWORD\n```\n\n\u003ca name=\"supported-platforms\"/\u003e\n\n#### Supported Platforms\n\nThe setup has been deployed so far in AWS on EC2 instances.\nThe module has been tested on the following operating systems.\n\n* CentOS 6\n* CentOS 7\n\nTesting and patches for other platforms are welcomed.\n\n\u003ca name=\"known-missing-features\"/\u003e\n\n#### Known missing features\n\nThere are currently no initd or systemd files for starting the Spinnaker daemons, this is why the service.pp file is empty.\n\nSpinnaker microservices are started by a script located in `/opt/spinnaker/bin/start_spinnaker.sh` and has been removed\ncompletely in newer versions.\n\nNo other cloud providers have been added nor tested in the module.\n\nExtracting secrets from Vault has not been implemented yet.\n\n\u003ca name=\"support\"/\u003e\n\n### Contributing\n\nContributions are welcomed! Read the [Contributing Guide](./.github/CONTRIBUTING.md) for more information.\nGitHub [repository](https://github.com/adobe/spinnaker-puppet) \n\n### Licensing\n\nThis project is licensed under the Apache V2 License. See [LICENSE](LICENSE) for more information.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadobe%2Fspinnaker-puppet","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadobe%2Fspinnaker-puppet","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadobe%2Fspinnaker-puppet/lists"}