Advanced configuration settings for Continuous Delivery for PE help you fine-tune aspects of the software that can impact runtime and operation speed.
Improve job performance by caching Git repositories
If you have large Git repositories, you can enable Git repository caching to improve job performance. By default, repository caching is disabled.
The cached repository's files and data are stored on the container running Continuous Delivery for PE at
/<DEFAULT_ROOT_STORAGE_DIRECTORY>/repos. The entire repository is
cloned from source control, including branches; therefore, caching requires space
equivalent to the size of the uncompressed repository.
Cached repositories are not automatically deleted. When attempting to read from the cached repository, if the cached version is missing object ID references, or if the previous cache attempt failed, then the cached version is deleted and re-cloned.
Enable repository caching, as outlined in the Configuration reference, using:
.git directory in cached
The .git directory is automatically omitted when copying cached Git repositories to job hardware. This means that the job cannot perform Git actions on the code. If needed, you can adjust this setting so that the .git directory is included in the cached repository.
Include the .git directory in copies of cached Git repositories sent to job hardware, as outlined in the Configuration reference, using:
Use custom TLS certificates
By default, Continuous Delivery for Puppet Enterprise (PE) uses automatically generated certificates. Your organization's security policies might require using custom certificates or adding additional certificates. Use these steps to configure custom TLS certificates for the Continuous Delivery for PE web UI connection.
Obtain a custom certificate and accompanying key pair. You need the entire
certificate, including the header and footer, and the private key. Most
configurations also need a CA certificate chain.
Make sure you have configured the DNS names you want to use for Continuous Delivery for PE. When you generate and sign the CSR, make sure it includes subject alternative names for all DNS names used to connect to the Continuous Delivery for PE host.
- Edit the Hiera section in the data/common.yaml file.
Combine your certificate and CA to create a cert chain and add this to
Hiera for the
Add your CRL that the provided CA is associated with in the
ssl_crlsetting in Hiera.
Copy your private key to a file called
bolt secret encrypt -- "$(<key.txt)"
This generates an encrypted string.
Copy the encrypted string from the previous step to the
ssl_private_keysetting in Hiera.
Update the configuration with the Hiera changes:
bolt plan run cd4peadm::apply_configuration
- Optional: Use OpenSSL or curl commands to verify your certificates.
To use a custom certificate for your Continuous Delivery for PE SAML SSO configuration, refer to Configure SAML.
Enable compiler maintenance mode
You can tell Continuous Delivery for Puppet Enterprise (PE) to skip offline or unavailable compilers and replicas when deploying code.
You must manually monitor the status of your compilers and replicas to ensure they're in sync with the primary server. If a compiler or replica is out of sync, you'll need to manually deploy code to that compiler or replica.
- In the Continuous Delivery for PE web UI, navigate to .
- Locate the PE instance you want to configure and click .
- In the Compiler maintenance mode section, enable Ignore unavailable compilers or replicas when deploying code.
- Click Save changes.
Use the Code Manager API GET /v1/deploys/status
endpoint to make sure your compilers and replicas are in sync with the
primary server. The
file-sync-client-status portion of
the response contains all servers with code synced. In the
deployed array for each server, compare the
date for each
deploy-signature is the hash of the git
commit that was last synced to the server. If a compiler or replica has a different hash
that the primary, you must Deploy code manually to the
desynchronized compiler or replica.