I had difficulties with the stock puppetdb entrypoint script. I wound up
changing it thusly:
#!/bin/bash
if [ ! -d "/etc/puppetlabs/puppetdb/ssl" ]; then
set -e
/opt/puppetlabs/bin/puppet config set certname ${HOSTNAME}
if [ ! -f "/etc/puppetlabs/puppet/ssl/certs/ca.pem" ]; then
while ! nc -z puppet 8140; do
sleep 1
done
/opt/puppetlabs/bin/puppet agent --verbose --onetime --no-daemonize
--waitforcert 120
fi
/opt/puppetlabs/server/bin/puppetdb ssl-setup -f
fi
exec /opt/puppetlabs/server/bin/puppetdb "$@"
And in case it helps, here's the docker-compose stanza for puppetdb:
puppetdb:
hostname: puppetdb
# image: puppet/puppetdb:4.4.0
build: builds/puppetdb
ports:
- 8080
- 8081
volumes:
- ./puppetdb/ssl:/etc/puppetlabs/puppet/ssl/
Note that I'm using a local build (I did the same for puppet itself, but
that's because we have a number of local customizations) instead of an
official image.
And the Dockerfile I used to build puppetdb:
FROM puppet/puppetdb:4.4.0
EXPOSE 8080
EXPOSE 8081
COPY docker-entrypoint.sh /
VOLUME /etc/puppetlabs/puppet/ssl
VOLUME /etc/puppetlabs/puppetdb
ENTRYPOINT ["/docker-entrypoint.sh", "foreground"]
So basically, I'm using the official image, but I'm overwriting the
docker-entrypoint.sh with my own version.
The important part is definitely the puppet config line to set the hostname
to match the container.
The filetest for ca.pem was something I put in to prevent a certain
condition that may have been unique to my environment-- apparently it was
possible to have a local certificate already, but not a (persistent)
puppetdb ssl configuration.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/9f0bddd4-8a61-4fe6-aa74-2a11bc5bd0ae%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
