A docker stack for Puppet, using Foreman as the external node classifier, R10K for version control, and PuppetDB.
luksi1/foreman
luksi1/puppet-foreman
luksi1/r10k
luksi1/puppet-smart-proxy
Foreman is a free open source project used to automate tasks, deploy applications, and manage a server's life cycle, either bare-metal, virtual, or in the cloud.
Puppet is a configuration management tool provided by PuppetLabs, allowing system administrators to use "Infrastructure as Code" to define a server's state.
PuppetDB is a backend, providing an easy way to query your infrastructure's operating systems, versions, network cards, and other meta information.
R10K is a Ruby gem that allows you to pull Puppet modules directly into your configuration management stack from a version control system.
PostgreSQL is used as a backend for PuppetDB and Foreman.
This stack binds these components together in a seamless and easy way. All you need to do is input your infrastructure's parameters in an .env file, K8s cluster, or simply run an image on the side.
- docker
- docker-compose
A functional control repo. See the following urls if you are unsure about this:
- https://docs.puppet.com/pe/latest/r10k.html
- https://docs.puppet.com/pe/latest/cmgmt_control_repo.html
- https://github.com/puppetlabs/control-repo
Add a webhook for each repository you want to trigger a pull when pushing to. Go to the settings for your repository you want to use as a trigger and add a webhook. Something like:
https://puppet:[email protected]:8088/payload
Use the following three commands to create a Puppet certificate (puppet.dummy.test) and Foreman certificate for your web frontend.
scripts/utilities/create.certificates.sh
cd examples/docker-compose
docker-compose up
Go through the following to setup your environment:
- Setup your .env file
- Copy in SSL certificates and import your database if you are migrating from an existing instance
- Run
Your domain
domain=domain.com
The location of your R10K control repo
control_repo=https://github.com/myname/control-repo
Foreman's hostname (do not include the domain name)
foreman_hostname=foreman
Puppetserver's hostname (do not include the domain name)
puppet_hostname=puppet
R10K's hostname (do not include the domain name)
r10k_hostname=r10k
Puppet smartproxy's hostname (do not include the domain name)
puppet_smartproxy_hostname: puppet-smart-proxy
Path to Foreman's public certificate This is the public facing web server public certificate.
foreman_server_cert_file=../../volumes/certificates/certs/foreman.dummy.test.crt
Path to Foreman's private certificate This is the public facing web server certificate's private key.
foreman_server_cert_key_file=../../volumes/certificates/private/foreman.dummy.test.key
Path to Foreman's certificate authority chain
foreman_server_cert_chain_file=../../volumes/certificates/certs/ca-chain.crt
One tip if you need to create certificates signed by your Puppet CA is simply to boot up your environment without puppet:
docker-compose up puppetserver
and then proceed to create your server certificates, for instance, this would create a puppet-smart-proxy:
docker run -it -v $(pwd)/volumes/puppet/ssl:/etc/puppetlabs/puppet/ssl --hostname puppet-smart-proxy.dummy.test puppet/puppet-agent
Java heap for Puppetserver
PUPPETSERVER_JAVA_ARGS=-Xms1024m -Xmx1024m
Autosigning certificates (default true)
AUTOSIGN="false"
Copy SSL certificates to /opt/docker-foreman/volumes/puppet/ssl/
- Dump your PostgreSQL database and place the dump file in /opt/foreman/volumes/postgres/data/
- Change the PostgreSQL docker image to match your PostgreSQL database that you are migrating from.
- Start up your entire docker stack with:
docker-compose up
- Log in to your Postgres image with:
docker exec -it $(docker ps | grep postgres | awk '{print $1}') /bin/bash
- Perform your import. You dump file will be located under /var/postgres/data
cd examples/docker-compose/
docker-compose up -d
Edit your host's crontab accordingly
@reboot cd YOUR_ROOT_DIRECTORY && /usr/local/bin/docker-compose up -d
- Start/Stop docker-compose
- Puppet agent run
- Access Foreman API
- Starting up this stack can take some time. Approx. 1 minute.
- Startup time is partly due to the fact that R10K will perform a pull of all of it's modules. To speed up the time, there is a volume under
/opt/foreman/volumes/puppet/code
so that a fresh clone does not need to occur for each run. - Postgres only listens locally on the docker network by default. You will not be able access it remotely.