voxpupuli/container-puppetdb
will be deprecated in 2025-02 and might be removed in the future. Please use voxpupuli/puppetdb
instead.
This project hosts the Dockerfile and the required scripts to build a PuppetDB container image.
For compose file see: CRAFTY
The PuppetDB container requires a working postgres container or other suitably configured PostgreSQL database. For a Compose example see the CRAFTY OSS Demo compose.yaml
You can change configuration settings by mounting volumes containing configuration files or by using this image as a base image. For the defaults, see the Dockerfile and supporting folders.
For more details about PuppetDB, see the official documentation.
The new version schema has the following layout:
<puppet.major>.<puppet.minor>.<puppet.patch>-v<container.major>.<container.minor>.<container.patch>
Example usage:
docker pull ghcr.io/voxpupuli/puppetdb:7.13.0-v1.2.1
Name | Description |
---|---|
puppet.major | Describes the contained major Puppet version (7 or 8) |
puppet.minor | Describes the contained minor Puppet version |
puppet.patch | Describes the contained patchlevel Puppet version |
container.major | Describes the major version of the base container (Ubunutu 22.04) or incompatible changes |
container.minor | Describes new features or refactoring with backward compatibility |
container.patch | Describes if minor changes or bugfixes have been implemented |
Name | Usage / Default |
---|---|
CERTNAME | The DNS name used on this services SSL certificatepuppetdb |
DNS_ALT_NAMES | Additional DNS names to add to the services SSL certificate Unset |
WAITFORCERT | Number of seconds to wait for certificate to be signed120 |
USE_PUPPETSERVER | Set to false to skip acquiring SSL certificates from a Puppet Server.true |
PUPPETSERVER_HOSTNAME | The DNS hostname of the puppet serverpuppet |
PUPPETSERVER_PORT | The port of the puppet server8140 |
PUPPETDB_POSTGRES_HOSTNAME | The DNS hostname of the postgres servicepostgres |
PUPPETDB_POSTGRES_PORT | The port for postgres5432 |
PUPPETDB_POSTGRES_DATABASE | The name of the puppetdb database in postgrespuppetdb |
PUPPETDB_USER | The puppetdb database userpuppetdb |
PUPPETDB_PASSWORD | The puppetdb database passwordpuppetdb |
PUPPETDB_NODE_TTL | Mark as ‘expired’ nodes that haven’t seen any activity (no new catalogs, facts, or reports) in the specified amount of time7d |
PUPPETDB_NODE_PURGE_TTL | Automatically delete nodes that have been deactivated or expired for the specified amount of time14d |
PUPPETDB_REPORT_TTL | Automatically delete reports that are older than the specified amount of time14d |
PUPPETDB_JAVA_ARGS | Arguments passed directly to the JVM when starting the service-Djava.net.preferIPv4Stack=true -Xms256m -Xmx256m -XX:+UseParallelGC -Xlog:gc*:file=$LOGDIR/puppetdb_gc.log -Djdk.tls.ephemeralDHKeySize=2048 |
PUPPETDB_CERTIFICATE_ALLOWLIST | Comma separated list of certnames. No whitespaces! example: certname1,certname2,certname3 , default: empty string |
LOGDIR | Path of the log directory/opt/puppetlabs/server/data/puppetdb/logs |
SSLDIR | Path of the SSL directory/opt/puppetlabs/server/data/puppetdb/certs |
The directory structure follows the following conventions. The full path is always available inside the container as the environment variable $SSLDIR
-
'ssl-ca-cert'
/opt/puppetlabs/server/data/puppetdb/certs/certs/ca.pem
-
'ssl-cert'
/opt/puppetlabs/server/data/puppetdb/certs/certs/<certname>.pem
-
'ssl-key'
/opt/puppetlabs/server/data/puppetdb/certs/private_keys/<certname>.pem
If you would like to do additional initialization, add a directory called /docker-custom-entrypoint.d/
and fill it with .sh
scripts.
These scripts will be executed at the end of the entrypoint script, before the service is ran.
This project was originally authored by Puppet. The maintainer preferred that Vox Pupuli take ownership of the project for future improvement and maintenance. Existing pull requests and issues were transferred over, please fork and continue to contribute here.