On Thu, Mar 4, 2021 at 11:44 PM Bart-Jan Vrielink <[email protected]> wrote:
> Hello, > > > It would be nice if Puppet's Pupperware is also updated for this new CA > location... > Is it not? I don't actually work on that team, but I pulled the latest puppet/puppetserver image and saw this in the log: pupperware (master<>) :: docker run -it puppet/puppetserver Running /docker-entrypoint.d/10-analytics.sh (/docker-entrypoint.d/10-analytics.sh) Pupperware analytics disabled; skipping metric submission Running /docker-entrypoint.d/20-use-templates-initially.sh Upgrading /opt/puppetlabs/server/data/puppetserver/vendored-jruby-gems Running /docker-entrypoint.d/30-set-permissions.sh Running /docker-entrypoint.d/40-update-puppetdb-conf.sh Running /docker-entrypoint.d/50-set-certname.sh Running /docker-entrypoint.d/55-set-masterport.sh Running /docker-entrypoint.d/60-setup-autosign.sh Running /docker-entrypoint.d/70-set-dns-alt-names.sh Running /docker-entrypoint.d/80-ca.sh Generation succeeded. Find your files in /etc/puppetlabs/puppetserver/ca Running /docker-entrypoint.d/85-setup-storeconfigs.sh Running /docker-entrypoint.d/90-log-config.sh System configuration values: .... That "Generation succeeded. Find your files in /etc/puppetlabs/puppetserver/ca" line should be coming from the "puppetserver ca" cli generating the CA files in the new location.... > > -----Original message----- > *From:* Justin Stoller <[email protected]> > *Sent:* Thursday 4th March 2021 18:11 > *To:* [email protected] > *Subject:* Re: [Puppet Users] Puppetserver ca migrate > > Hi! > > If you've mounted external volumes for your cadir like: > > --mount source=ca-volume,destination=/etc/puppetlabs/puppet/ssl/ca > > You should instead mount the destination as > /etc/puppetlabs/puppetserver/ca > > If you have a Dockerfile that pre-populates your cadir you'll need to > update your script to the destination above. > > Also, make sure your build process is running puppetserver ca setup as > part of the process (that should ensure new installs have the right > directory structure). > > If you're using this container as a lightweight vm and you've upgraded > your server inside it, you'll need to somehow override the entrypoint to be > a shell for you to work in (but you should look into using the container as > an ephemeral thing with persistent mounts to save data between containers). > > If you're using this in a dev setup and are fine with your certs not > persisting outside the life of the container you can effectively ignore the > warning for now (but hopefully one of the ideas above will help you find > the root cause of it). > > > Also, you're the second person to mention having to pass the --config > flag. That should only be necessary if you have a custom puppet.conf for > some advanced purposes. I'm wondering if it was the help output to the CA > tool that led you in that direction? I could see the current text being > confusing, just wondering if we should change: > > > Use the currently configured puppet.conf file in your installation, or > supply one using the `--config` flag. > > to something like > > > Uses the default puppet.conf in your installation, override by supplying > the --config flag. > > ? > > > Hope that helps, > Justin > > > > > On Thu, Mar 4, 2021 at 8:05 AM Gwen Clayde <[email protected]> wrote: > >> Hi, >> >> I want to solve this issue " The cadir is currently configured to be >> inside the /etc/puppetlabs/puppet/ssl directory" >> >> The first step is : >> puppetserver ca migrate --config >> >> After this , I got this message : "Puppetserver service is running. >> Please stop it before attempting to run this command" >> >> i use puppet inside a docker container, if i stop it , i couldn't execute >> the command of the first step. >> >> Is there another way to solve this problem? >> >> Thanks. >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/CACWwVtOMfy16NxMxZtNqLV1VR-ei6DaEihzF11M1v3ut9VbSJA%40mail.gmail.com >> <https://groups.google.com/d/msgid/puppet-users/CACWwVtOMfy16NxMxZtNqLV1VR-ei6DaEihzF11M1v3ut9VbSJA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/CA%2B%3DBEqUKBsBfQ1FQ5sP5n%2BsM9RBqW7uMkB_3f%2BhFVPi9J-72%3DQ%40mail.gmail.com > <https://groups.google.com/d/msgid/puppet-users/CA%2B%3DBEqUKBsBfQ1FQ5sP5n%2BsM9RBqW7uMkB_3f%2BhFVPi9J-72%3DQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/zarafa.6041e157.124f.16489cbc0b82ef82%40anjie.dontpanic.nl > <https://groups.google.com/d/msgid/puppet-users/zarafa.6041e157.124f.16489cbc0b82ef82%40anjie.dontpanic.nl?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CA%2B%3DBEqVTC6gB11yoKx_NHMNcitpnWdY_hbiBRLw8Go6gnz0D8A%40mail.gmail.com.
