Container fun time lives here.
Run a container-based deployment of Puppet Infrastructure.
To get started, you will need an installation of Docker Compose on the host on which you will run your Puppet Infrastructure.
Running Puppet Infrastructure in Kubernetes is also a very viable option. To get started with that, you will need a running K8s cluster with Helm deployed.
We've been developing our own Helm chart which can get you up & running fast. You can find it here. It's hosted as a Helm chart here and published in the fantastic Helm Hub and Artifact Hub. The latter will allow you to make use of it by just adding the repo in your configured Helm repos.
version: '3'of the compose file format, which requires Docker Engine
1.13.0+. Full compatibility matrix
1.22
docker-compose version 1.26.0-rc3, build 46118bc5
docker-compose version 1.23.2, build 1110ad01
17.09.0-ce
17.09.0-ceusing API version
1.32(
Git commit: afdb6d4)
19.03.8using API version
1.40(
Git commit: afacb8b)
19.03.8using API version
1.40 (minimum version 1.12)(
Git commit: afacb8b) with
Experimental: true
Docker Engine - Communityedition
18.09.1using API version
1.39(
Git commit: 4c52b90)
18.09.1using API version
1.39 (minimum version 1.12)(
Git commit: 4c52b90)
Once you have Docker Compose installed, you can start the stack on Linux or OSX with:
DNS_ALT_NAMES=host.example.com docker-compose up -d
The value of
DNS_ALT_NAMESmust list all the names, as a comma-separated list, under which the Puppet server in the stack can be reached from agents. It will have
puppetprepended to it as that name is used by PuppetDB to communicate with the Puppet server. The value of
DNS_ALT_NAMESonly has an effect the first time you start the stack, as it is placed into the server's SSL certificate. If you need to change it after that, you will need to properly revoke the server's certificate and restart the stack with the changed
DNS_ALT_NAMESvalue.
When you first start the Puppet Infrastructure, the stack will create a number of Docker volumes to store the persistent data that should survive the restart of your infrastructure. The actual location on disk of these volumes may be examined with the
docker inspectcommand. The following volumes include:
puppetserver-code: the Puppet code directory.
puppetserver-config: Puppet configuration files, including
puppet/ssl/containing certificates for your infrastructure. This volume is populated with default configuration files if they are not present when the stack starts up.
puppetdb-ssl: certificates in use by the PuppetDB instance in the stack.
puppetdb-postgres: the data files for the PostgreSQL instance used by PuppetDB
puppetserver-data: persistent data for Puppet Server
By default, the puppetserver and puppetdb containers will use the
latesttag.
PUPPETSERVER_VERSIONand
PUPPETDB_VERSIONenvironment variables have been added to the compose file so you can pin versions if you need to by setting those on the command line, or in a
.envfile.
Complete instructions for provisiong a server with WSL2 support are in README-windows.md
Creating the stack from PowerShell is nearly identical to other platforms, aside from how environment variables are declared:
PS> $ENV:DNS_ALT_NAMES = 'host.example.com'PS> docker-compose up Creating network "pupperware_default" with the default driver Creating volume "pupperware_puppetserver-code" with default driver Creating volume "pupperware_puppetserver-config" with default driver Creating volume "pupperware_puppetserver-data" with default driver Creating volume "pupperware_puppetdb-ssl" with default driver Creating volume "pupperware_puppetdb-postgres" with default driver Creating pupperware_postgres_1 ...
Creating pupperware_puppet_1 ...
Creating pupperware_puppet_1 ... done
Creating pupperware_postgres_1 ... done
Creating pupperware_puppetdb_1 ...
Creating pupperware_puppetdb_1 ... done
...
To delete the stack:
PS> docker-compose down Removing network pupperware_default ...
The script
bin/puppet(or
bin\puppet.ps1on Windows) makes it easy to run
puppetcommands on the puppet master. For example,
./bin/puppet config print autosign --section masterprints the current setting for autosigning, which is
trueby default. In a similar manner, any other task that you would perform on a puppet master by running
puppet x y z ...can be achieved against the stack by running
./bin/puppet x y z ....
There is also a similar script providing easy access to
puppetservercommands. This is particularly useful for CA and cert management via the
casubcommand.
The postgresql instance uses password authentication for communication with the puppetdb instance. If you need to change the postgresql password, you'll need to do the following: * update the password in postgresql:
docker-compose exec postgres /bin/bash -c "psql -U \$POSTGRES_USER -c \"ALTER USER \$POSTGRES_USER PASSWORD '$dbpassword'\";"* update values for
PUPPETDB_PASSWORDand
POSTGRES_PASSWORDin docker-compose.yml * rebuild and restart containers affected by these changes:
docker-compose up --detach --build
This repo contains some simple tests that can be run with RSpec. To run these tests you need to have Ruby, Docker, and Docker Compose installed on the machine where you're running the tests. The tests depend on the 'rspec' and 'json' rubygems. The tests are known to run on at least ruby 1.9.3-p551 and as new as ruby 2.4.3p205.
NOTE These tests will start and stop the cluster running from the current checkout of Pupperware, so be careful where you run them from.
To run the tests: 1.
bundle install --with test2.
bundle exec rspec spec
The containers used in pupperware are generated based on dockerfiles in the repos for puppetserver and puppetdb. Published containers can be found on dockerhub.
The Puppet owned containers run in the pupperware stack collect usage data. You can opt out of providing this data.
We collect data to help us understand how the containers are used and make decisions about upcoming changes.
Create a
.envfile in this directory with the contents:
PUPPERWARE_ANALYTICS_ENABLED=false
This file is in the
.gitignorefile and will not be managed or changed by pupperware.
See LICENSE file.
Please report any issues as GitHub issues in this repo.
If you have questions or comments about pupperware, feel free to send a message to the puppet-users mailing list or reach out in the #puppet channel in the puppet community slack.