Skip to content

voxpupuli/container-puppetdb

Voxpupuli PuppetDB container

CI License Donated by Puppet Sponsored by betadots GmbH



⚠️ Attention ⚠️: the container name voxpupuli/container-puppetdb will be deprecated in 2025-02 and might be removed in the future. Please use voxpupuli/puppetdb instead.


This project hosts the Dockerfile and the required scripts to build a PuppetDB container image.

For compose file see: CRAFTY

The PuppetDB container requires a working postgres container or other suitably configured PostgreSQL database. For a Compose example see the CRAFTY OSS Demo compose.yaml

You can change configuration settings by mounting volumes containing configuration files or by using this image as a base image. For the defaults, see the Dockerfile and supporting folders.

For more details about PuppetDB, see the official documentation.

New version schema

The new version schema has the following layout:

<puppet.major>.<puppet.minor>.<puppet.patch>-v<container.major>.<container.minor>.<container.patch>

Example usage:

docker pull ghcr.io/voxpupuli/puppetdb:7.13.0-v1.2.1
Name Description
puppet.major Describes the contained major Puppet version (7 or 8)
puppet.minor Describes the contained minor Puppet version
puppet.patch Describes the contained patchlevel Puppet version
container.major Describes the major version of the base container (Ubunutu 22.04) or incompatible changes
container.minor Describes new features or refactoring with backward compatibility
container.patch Describes if minor changes or bugfixes have been implemented

Configuration

Name Usage / Default
CERTNAME The DNS name used on this services SSL certificate

puppetdb
DNS_ALT_NAMES Additional DNS names to add to the services SSL certificate

Unset
WAITFORCERT Number of seconds to wait for certificate to be signed

120
USE_PUPPETSERVER Set to false to skip acquiring SSL certificates from a Puppet Server.

true
PUPPETSERVER_HOSTNAME The DNS hostname of the puppet server

puppet
PUPPETSERVER_PORT The port of the puppet server

8140
PUPPETDB_POSTGRES_HOSTNAME The DNS hostname of the postgres service

postgres
PUPPETDB_POSTGRES_PORT The port for postgres

5432
PUPPETDB_POSTGRES_DATABASE The name of the puppetdb database in postgres

puppetdb
PUPPETDB_USER The puppetdb database user

puppetdb
PUPPETDB_PASSWORD The puppetdb database password

puppetdb
PUPPETDB_NODE_TTL Mark as ‘expired’ nodes that haven’t seen any activity (no new catalogs, facts, or reports) in the specified amount of time

7d
PUPPETDB_NODE_PURGE_TTL Automatically delete nodes that have been deactivated or expired for the specified amount of time

14d
PUPPETDB_REPORT_TTL Automatically delete reports that are older than the specified amount of time

14d
PUPPETDB_JAVA_ARGS Arguments passed directly to the JVM when starting the service

-Djava.net.preferIPv4Stack=true -Xms256m -Xmx256m -XX:+UseParallelGC -Xlog:gc*:file=$LOGDIR/puppetdb_gc.log -Djdk.tls.ephemeralDHKeySize=2048
PUPPETDB_CERTIFICATE_ALLOWLIST Comma separated list of certnames. No whitespaces!

example: certname1,certname2,certname3, default: empty string
LOGDIR Path of the log directory

/opt/puppetlabs/server/data/puppetdb/logs
SSLDIR Path of the SSL directory

/opt/puppetlabs/server/data/puppetdb/certs

Cert File Locations

The directory structure follows the following conventions. The full path is always available inside the container as the environment variable $SSLDIR

  • 'ssl-ca-cert' /opt/puppetlabs/server/data/puppetdb/certs/certs/ca.pem

  • 'ssl-cert' /opt/puppetlabs/server/data/puppetdb/certs/certs/<certname>.pem

  • 'ssl-key' /opt/puppetlabs/server/data/puppetdb/certs/private_keys/<certname>.pem

Initialization Scripts

If you would like to do additional initialization, add a directory called /docker-custom-entrypoint.d/ and fill it with .sh scripts. These scripts will be executed at the end of the entrypoint script, before the service is ran.

How to Release the container

see here

How to contribute

see here

Transfer Notice

This project was originally authored by Puppet. The maintainer preferred that Vox Pupuli take ownership of the project for future improvement and maintenance. Existing pull requests and issues were transferred over, please fork and continue to contribute here.