I had difficulties with the stock puppetdb entrypoint script. I wound up
changing it thusly:
#!/bin/bash
if [ ! -d "/etc/puppetlabs/puppetdb/ssl" ]; then
set -e
/opt/puppetlabs/bin/puppet config set certname ${HOSTNAME}
if [ ! -f "/etc/puppetlabs/puppet/ssl/certs/ca.pem" ]; then
while ! nc -z puppet 8140; do
sleep 1
done
/opt/puppetlabs/bin/puppet agent --verbose --onetime --no-daemonize
--waitforcert 120
fi
/opt/puppetlabs/server/bin/puppetdb ssl-setup -f
fi
exec /opt/puppetlabs/server/bin/puppetdb "$@"
And in case it helps, here's the docker-compose stanza for puppetdb:
puppetdb:
hostname: puppetdb
# image: puppet/puppetdb:4.4.0
build: builds/puppetdb
ports:
- 8080
- 8081
volumes:
- ./puppetdb/ssl:/etc/puppetlabs/puppet/ssl/
Note that I'm using a local build (I did the same for puppet itself, but
that's because we have a number of local customizations) instead of an
official image.
And the Dockerfile I used to build puppetdb:
FROM puppet/puppetdb:4.4.0
EXPOSE 8080
EXPOSE 8081
COPY docker-entrypoint.sh /
VOLUME /etc/puppetlabs/puppet/ssl
VOLUME /etc/puppetlabs/puppetdb
ENTRYPOINT ["/docker-entrypoint.sh", "foreground"]
So basically, I'm using the official image, but I'm overwriting the
docker-entrypoint.sh with my own version.
The important part is definitely the puppet config line to set the hostname
to match the container.
The filetest for ca.pem was something I put in to prevent a certain
condition that may have been unique to my environment-- apparently it was
possible to have a local certificate already, but not a (persistent)
puppetdb ssl configuration.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/9f0bddd4-8a61-4fe6-aa74-2a11bc5bd0ae%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
