In my previous post about automating Gitlab with python I showed you how you can add a webhook to Gitlabs repos dynamically. The other side of this configuration in Puppet Enterprise is configuring r10k to point towards that repo. While Gitlab has a nice python library the Puppet Enterprise classifier libraries are written in Ruby. In this quick how to I will show you the code required to configure Puppet Enterprise’s code manager. I actually was the one who wrote this code in Puppet enterprise back in the day and reason was all about automating your PE installations end to end.

Versions tested
Software Version OS
puppet 6.19.1 Centos
Puppet Enterprise 2019 Centos
Centos 7.9.2009 Centos


This script requires the puppetclassify gem which can be installed via

gem install puppetclassify

This gem is an API wrapper around the rest calls used with the Puppet Enterprise classifier.

Once installed you can modify this script to add your own Github/Gitlab/etc control repo URL.


#!/usr/bin/env ruby
require 'puppetclassify'


@classifier_url =  "https://#{ARGV[0]}:4433/classifier-api"

def load_classifier()
  auth_info = {
    'ca_certificate_path' => '/dev/null',
    'token'               => ARGV[1],
  unless @classifier
    @classifier =, auth_info)

def update_pe_master_r10k_remote()
  groups    = @classifier.groups
  pe_master = { |group| group['name'] == 'PE Master'}.first
  classes   = pe_master['classes']

  puppet_enterprise_profile_master = classes['puppet_enterprise::profile::master']

      'code_manager_auto_configure' => true,
      'r10k_remote'      => '',
      'r10k_private_key' => '/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa',
      'replication_mode' => 'none'
  # I feel like this composition is overkill if this is truly a delta
  pe_master['classes']['puppet_enterprise::profile::master'] = puppet_enterprise_profile_master


You can run this script with the first argument being the node classifier and the second being an RBAC Token. See automating Gitlab with python for an example of using the RBAC API via Python. (it does not currently have a ruby gem)

Note: that you need to ensure the Puppet server has the private key deployed at the location specified. Also: Sorry of the use of master here, its what the Puppet classes are named unfortunately in PE