Re: [Puppet Users] Re: Puppet Certificate Issues

[Rohit]

Thanks for the response, I did try those changes to see if it helps but 
unfortunately the issue still exists

On Wednesday, November 21, 2018 at 8:43:16 AM UTC-8, John Gelnaw wrote:
>
>
> I had difficulties with the stock puppetdb entrypoint script.  I wound up 
> changing it thusly:
>
> #!/bin/bash 
>  
> if [ ! -d "/etc/puppetlabs/puppetdb/ssl" ]; then 
>     set -e 
>     /opt/puppetlabs/bin/puppet config set certname ${HOSTNAME} 
>     if [ ! -f "/etc/puppetlabs/puppet/ssl/certs/ca.pem" ]; then 
>         while ! nc -z puppet 8140; do 
>             sleep 1 
>         done 
>         /opt/puppetlabs/bin/puppet agent --verbose --onetime --no-daemonize 
> --waitforcert 120 
>     fi 
>     /opt/puppetlabs/server/bin/puppetdb ssl-setup -f 
> fi 
>
> exec /opt/puppetlabs/server/bin/puppetdb "$@"
>
> And in case it helps, here's the docker-compose stanza for puppetdb:
>
>   puppetdb: 
>     hostname: puppetdb 
> #    image: puppet/puppetdb:4.4.0 
>     build: builds/puppetdb 
>     ports: 
>       - 8080 
>       - 8081 
>     volumes: 
>       - ./puppetdb/ssl:/etc/puppetlabs/puppet/ssl/
>
> Note that I'm using a local build (I did the same for puppet itself, but 
> that's because we have a number of local customizations) instead of an 
> official image.
>
> And the Dockerfile I used to build puppetdb:
>
> FROM puppet/puppetdb:4.4.0
>  
> EXPOSE 8080 
> EXPOSE 8081 
>  
> COPY docker-entrypoint.sh / 
>  
> VOLUME /etc/puppetlabs/puppet/ssl 
> VOLUME /etc/puppetlabs/puppetdb 
>  
> ENTRYPOINT ["/docker-entrypoint.sh", "foreground"]
>
> So basically, I'm using the official image, but I'm overwriting the 
> docker-entrypoint.sh with my own version.
>
> The important part is definitely the puppet config line to set the 
> hostname to match the container.  
>
> The filetest for ca.pem was something I put in to prevent a certain 
> condition that may have been unique to my environment-- apparently it was 
> possible to have a local certificate already, but not a (persistent) 
> puppetdb ssl configuration.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/16bed3bf-e065-44f0-920b-00c7a96885a8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.