From a182cb6ceab238290ada65bc1ced40ac49a0c329 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 9 Aug 2024 17:25:03 +0200 Subject: [PATCH 01/11] build from tar Signed-off-by: Robert Waffen --- build/Dockerfile | 40 ++++++++++++++++++++++++++++++++++++++++ build/build.sh | 15 +++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 build/Dockerfile create mode 100755 build/build.sh diff --git a/build/Dockerfile b/build/Dockerfile new file mode 100644 index 00000000..d0912682 --- /dev/null +++ b/build/Dockerfile @@ -0,0 +1,40 @@ +FROM openjdk:24-bullseye + +ENV opt_dir=/opt/puppetlabs/server/apps/puppetserver +ENV etc_dir=/etc/puppetlabs/puppetserver + +WORKDIR $opt_dir + +COPY puppet-server-release.jar $opt_dir/puppet-server-release.jar + +COPY ext/cli $opt_dir/cli/apps +COPY ext/cli_defaults/cli-defaults.sh $opt_dir/cli/cli-defaults.sh +COPY ext/bin $opt_dir/bin +COPY ext/bin/puppetserver /opt/puppetlabs/bin/puppetserver +COPY ext/ezbake-functions.sh $opt_dir/ezbake-functions.sh +COPY install.sh $opt_dir/scripts/install.sh + +COPY ext/ezbake.manifest $opt_dir/ezbake.manifest +COPY ext/system-config/services.d/bootstrap.cfg $opt_dir/config/services.d/bootstrap.cfg +COPY ext/config/conf.d $etc_dir/conf.d +COPY ext/config/services.d $etc_dir/services.d +COPY ext/default /etc/default/puppetserver + +COPY ext/config/logback.xml \ + ext/config/request-logging.xml \ + ${etc_dir} + +RUN useradd --uid 1001 --home-dir ${opt_dir} --shell /usr/sbin/nologin --user-group puppet \ +&& chown -R puppet:puppet /opt/puppetlabs \ +&& chown -R puppet:puppet /etc/puppetlabs \ +&& chmod +x /opt/puppetlabs/bin/* \ +&& chmod +x ${opt_dir}/bin/* \ +&& chmod +x ${opt_dir}/cli/**/* \ +&& chmod +x ${opt_dir}/scripts/* \ +&& chmod +x ${opt_dir}/ezbake-functions.sh \ +&& ln -s /usr/local/openjdk-24/bin/java /usr/bin/java + +EXPOSE 8140 + +ENTRYPOINT ["/opt/puppetlabs/bin/puppetserver"] +CMD ["start"] diff --git a/build/build.sh b/build/build.sh new file mode 100755 index 00000000..70836ddf --- /dev/null +++ b/build/build.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +software_version=${1:-8.6.2} +container_version=${2:-1.0.0} + +curl -v https://downloads.puppet.com/puppet/puppetserver-${software_version}.tar.gz -o puppetserver-${software_version}.tar.gz +tar -xvf puppetserver-${software_version}.tar.gz + +cp Dockerfile puppetserver-${software_version}/ +cd puppetserver-${software_version} +docker build -t puppetserver:${software_version}-v${container_version} . + +cd - +rm -rf puppetserver-${software_version} +rm puppetserver-${software_version}.tar.gz From 594f01e92c1ad0c7e83b0ed15500e23b9b46ba3b Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Wed, 9 Oct 2024 13:00:56 +0200 Subject: [PATCH 02/11] feat: reverse engineer build from install.sh and Makefile Signed-off-by: Robert Waffen --- build/.gitignore | 2 ++ build/Dockerfile | 91 ++++++++++++++++++++++++++++++++---------------- build/build.sh | 32 +++++++++++------ 3 files changed, 85 insertions(+), 40 deletions(-) create mode 100644 build/.gitignore diff --git a/build/.gitignore b/build/.gitignore new file mode 100644 index 00000000..8e8de81d --- /dev/null +++ b/build/.gitignore @@ -0,0 +1,2 @@ +puppet-* +puppetserver-* diff --git a/build/Dockerfile b/build/Dockerfile index d0912682..4da4ae27 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,40 +1,71 @@ FROM openjdk:24-bullseye -ENV opt_dir=/opt/puppetlabs/server/apps/puppetserver -ENV etc_dir=/etc/puppetlabs/puppetserver +ADD puppetserver-8.6.3 /install -WORKDIR $opt_dir +ENV apps_dir=/opt/puppetlabs/server/apps +ENV app_logdir=/var/log/puppetlabs/puppetserver +ENV data_dir=/opt/puppetlabs/server/data +ENV etc_dir=/etc/puppetlabs +ENV rundir=/var/run/puppetlabs/puppetserver +ENV bindir=/opt/puppetlabs/server/apps/puppetserver/bin +ENV symbindir=/opt/puppetlabs/server/bin +ENV uxbindir=/opt/puppetlabs/bin -COPY puppet-server-release.jar $opt_dir/puppet-server-release.jar +RUN cd /install \ +&& install -d -m 0755 "${apps_dir}/puppetserver" \ +&& install -d -m 0770 "${data_dir}/puppetserver" \ +&& install -m 0644 puppet-server-release.jar "${apps_dir}/puppetserver" \ +&& install -m 0774 ext/ezbake-functions.sh "${apps_dir}/puppetserver" \ +&& install -m 0644 ext/ezbake.manifest "${apps_dir}/puppetserver" \ +&& install -d -m 0755 "${etc_dir}/puppetserver/conf.d" \ +&& install -d -m 0755 "${etc_dir}/puppetserver/services.d" \ +&& install -m 0644 ext/config/request-logging.xml "${etc_dir}/puppetserver/request-logging.xml" \ +&& install -m 0644 ext/config/conf.d/puppetserver.conf "${etc_dir}/puppetserver/conf.d/puppetserver.conf" \ +&& install -m 0644 ext/config/logback.xml "${etc_dir}/puppetserver/logback.xml" \ +&& install -m 0644 ext/config/services.d/ca.cfg "${etc_dir}/puppetserver/services.d/ca.cfg" \ +&& install -m 0644 ext/config/conf.d/global.conf "${etc_dir}/puppetserver/conf.d/global.conf" \ +&& install -m 0644 ext/config/conf.d/web-routes.conf "${etc_dir}/puppetserver/conf.d/web-routes.conf" \ +&& install -m 0644 ext/config/conf.d/auth.conf "${etc_dir}/puppetserver/conf.d/auth.conf" \ +&& install -m 0644 ext/config/conf.d/metrics.conf "${etc_dir}/puppetserver/conf.d/metrics.conf" \ +&& install -m 0644 ext/config/conf.d/ca.conf "${etc_dir}/puppetserver/conf.d/ca.conf" \ +&& install -m 0644 ext/config/conf.d/webserver.conf "${etc_dir}/puppetserver/conf.d/webserver.conf" \ +&& install -d -m 0755 "${apps_dir}/puppetserver/cli" \ +&& install -d -m 0755 "${apps_dir}/puppetserver/cli/apps" \ +&& install -d -m 0755 "${bindir}" \ +&& install -d -m 0755 "${symbindir}" \ +&& install -d -m 0755 "${uxbindir}" \ +&& install -m 0755 "ext/bin/puppetserver" "${bindir}/puppetserver" \ +&& ln -s "../apps/puppetserver/bin/puppetserver" "${symbindir}/puppetserver" \ +&& ln -s "../server/apps/puppetserver/bin/puppetserver" "${uxbindir}/puppetserver" \ +&& install -m 0755 ext/cli/foreground "${apps_dir}/puppetserver/cli/apps/foreground" \ +&& install -m 0755 ext/cli/dropsonde "${apps_dir}/puppetserver/cli/apps/dropsonde" \ +&& install -m 0755 ext/cli/ca "${apps_dir}/puppetserver/cli/apps/ca" \ +&& install -m 0755 ext/cli/irb "${apps_dir}/puppetserver/cli/apps/irb" \ +&& install -m 0755 ext/cli/gem "${apps_dir}/puppetserver/cli/apps/gem" \ +&& install -m 0755 ext/cli/reload "${apps_dir}/puppetserver/cli/apps/reload" \ +&& install -m 0755 ext/cli/ruby "${apps_dir}/puppetserver/cli/apps/ruby" \ +&& install -m 0755 ext/cli/stop "${apps_dir}/puppetserver/cli/apps/stop" \ +&& install -m 0755 ext/cli/start "${apps_dir}/puppetserver/cli/apps/start" \ +&& install -m 0644 puppet-server-release.jar "${apps_dir}/puppetserver" \ +&& install -d -m 0700 "${app_logdir}" \ +&& install -d -m 0755 "${rundir}" \ +&& install -d -m 700 "${data_dir}/puppetserver/jars" \ +&& install -d -m 700 "${data_dir}/puppetserver/yaml" -COPY ext/cli $opt_dir/cli/apps -COPY ext/cli_defaults/cli-defaults.sh $opt_dir/cli/cli-defaults.sh -COPY ext/bin $opt_dir/bin -COPY ext/bin/puppetserver /opt/puppetlabs/bin/puppetserver -COPY ext/ezbake-functions.sh $opt_dir/ezbake-functions.sh -COPY install.sh $opt_dir/scripts/install.sh +RUN echo 'alias ll="ls -la --color=auto"' >> ~/.bashrc -COPY ext/ezbake.manifest $opt_dir/ezbake.manifest -COPY ext/system-config/services.d/bootstrap.cfg $opt_dir/config/services.d/bootstrap.cfg -COPY ext/config/conf.d $etc_dir/conf.d -COPY ext/config/services.d $etc_dir/services.d -COPY ext/default /etc/default/puppetserver - -COPY ext/config/logback.xml \ - ext/config/request-logging.xml \ - ${etc_dir} - -RUN useradd --uid 1001 --home-dir ${opt_dir} --shell /usr/sbin/nologin --user-group puppet \ -&& chown -R puppet:puppet /opt/puppetlabs \ -&& chown -R puppet:puppet /etc/puppetlabs \ -&& chmod +x /opt/puppetlabs/bin/* \ -&& chmod +x ${opt_dir}/bin/* \ -&& chmod +x ${opt_dir}/cli/**/* \ -&& chmod +x ${opt_dir}/scripts/* \ -&& chmod +x ${opt_dir}/ezbake-functions.sh \ +RUN useradd --uid 1001 --home-dir ${data_dir}/puppetserver --shell /usr/sbin/nologin --user-group puppet \ +&& install --owner=puppet --group=puppet -d /opt/puppetlabs/server/data/puppetserver/jruby-gems \ +&& install --directory --owner=puppet --group=puppet --mode=775 /opt/puppetlabs/server/data \ +&& install --directory "${etc_dir}/puppet/ssl" \ +&& install --directory "${etc_dir}/puppetserver/ca" \ +&& chown -R puppet:puppet ${etc_dir}/puppet/ssl \ +&& chown -R puppet:puppet ${etc_dir}/puppetserver/ca \ +&& find /etc/puppetlabs/puppet/ssl -type d -print0 | xargs -0 chmod 770 \ && ln -s /usr/local/openjdk-24/bin/java /usr/bin/java +# && /opt/puppetlabs/bin/puppetserver gem install puppet EXPOSE 8140 -ENTRYPOINT ["/opt/puppetlabs/bin/puppetserver"] -CMD ["start"] +# ENTRYPOINT ["/opt/puppetlabs/bin/puppetserver"] +# CMD ["start"] diff --git a/build/build.sh b/build/build.sh index 70836ddf..9d2c590e 100755 --- a/build/build.sh +++ b/build/build.sh @@ -1,15 +1,27 @@ #!/bin/bash -software_version=${1:-8.6.2} -container_version=${2:-1.0.0} +pps_version=${1:-8.6.3} +pp_version=${2:-8.9.0} +container_version=${3:-1.0.1} -curl -v https://downloads.puppet.com/puppet/puppetserver-${software_version}.tar.gz -o puppetserver-${software_version}.tar.gz -tar -xvf puppetserver-${software_version}.tar.gz +if [ -d puppetserver-${pps_version} ]; then + rm -rf puppetserver-${pps_version} +fi -cp Dockerfile puppetserver-${software_version}/ -cd puppetserver-${software_version} -docker build -t puppetserver:${software_version}-v${container_version} . +if [ -d puppet-${pp_version} ]; then + rm -rf puppet-${pp_version} +fi -cd - -rm -rf puppetserver-${software_version} -rm puppetserver-${software_version}.tar.gz +if [ ! -f puppetserver-${pps_version}.tar.gz ]; then + curl -v https://downloads.puppet.com/puppet/puppetserver-${pps_version}.tar.gz -o puppetserver-${pps_version}.tar.gz +fi +if [ ! -f puppet-${pp_version}.tar.gz ]; then + curl -v https://downloads.puppet.com/puppet/puppet-${pp_version}.tar.gz -o puppet-${pp_version}.tar.gz +fi + +tar -xf puppetserver-${pps_version}.tar.gz +tar -xf puppet-${pp_version}.tar.gz + +# cp Dockerfile puppetserver-${pps_version}/ +# cd puppetserver-${pps_version} +docker build -t puppetserver:${pps_version}-v${container_version} . From e23fd78fb23e4909a269e1aea6753bf2abff38a6 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 11 Oct 2024 13:11:22 +0200 Subject: [PATCH 03/11] feat: add Docker.alpine file Signed-off-by: Robert Waffen --- build/Dockerfile | 71 ------------- build/build.sh | 27 ----- puppetserver/Dockerfile.alpine | 184 +++++++++++++++++++++++++++++++++ 3 files changed, 184 insertions(+), 98 deletions(-) delete mode 100644 build/Dockerfile delete mode 100755 build/build.sh create mode 100644 puppetserver/Dockerfile.alpine diff --git a/build/Dockerfile b/build/Dockerfile deleted file mode 100644 index 4da4ae27..00000000 --- a/build/Dockerfile +++ /dev/null @@ -1,71 +0,0 @@ -FROM openjdk:24-bullseye - -ADD puppetserver-8.6.3 /install - -ENV apps_dir=/opt/puppetlabs/server/apps -ENV app_logdir=/var/log/puppetlabs/puppetserver -ENV data_dir=/opt/puppetlabs/server/data -ENV etc_dir=/etc/puppetlabs -ENV rundir=/var/run/puppetlabs/puppetserver -ENV bindir=/opt/puppetlabs/server/apps/puppetserver/bin -ENV symbindir=/opt/puppetlabs/server/bin -ENV uxbindir=/opt/puppetlabs/bin - -RUN cd /install \ -&& install -d -m 0755 "${apps_dir}/puppetserver" \ -&& install -d -m 0770 "${data_dir}/puppetserver" \ -&& install -m 0644 puppet-server-release.jar "${apps_dir}/puppetserver" \ -&& install -m 0774 ext/ezbake-functions.sh "${apps_dir}/puppetserver" \ -&& install -m 0644 ext/ezbake.manifest "${apps_dir}/puppetserver" \ -&& install -d -m 0755 "${etc_dir}/puppetserver/conf.d" \ -&& install -d -m 0755 "${etc_dir}/puppetserver/services.d" \ -&& install -m 0644 ext/config/request-logging.xml "${etc_dir}/puppetserver/request-logging.xml" \ -&& install -m 0644 ext/config/conf.d/puppetserver.conf "${etc_dir}/puppetserver/conf.d/puppetserver.conf" \ -&& install -m 0644 ext/config/logback.xml "${etc_dir}/puppetserver/logback.xml" \ -&& install -m 0644 ext/config/services.d/ca.cfg "${etc_dir}/puppetserver/services.d/ca.cfg" \ -&& install -m 0644 ext/config/conf.d/global.conf "${etc_dir}/puppetserver/conf.d/global.conf" \ -&& install -m 0644 ext/config/conf.d/web-routes.conf "${etc_dir}/puppetserver/conf.d/web-routes.conf" \ -&& install -m 0644 ext/config/conf.d/auth.conf "${etc_dir}/puppetserver/conf.d/auth.conf" \ -&& install -m 0644 ext/config/conf.d/metrics.conf "${etc_dir}/puppetserver/conf.d/metrics.conf" \ -&& install -m 0644 ext/config/conf.d/ca.conf "${etc_dir}/puppetserver/conf.d/ca.conf" \ -&& install -m 0644 ext/config/conf.d/webserver.conf "${etc_dir}/puppetserver/conf.d/webserver.conf" \ -&& install -d -m 0755 "${apps_dir}/puppetserver/cli" \ -&& install -d -m 0755 "${apps_dir}/puppetserver/cli/apps" \ -&& install -d -m 0755 "${bindir}" \ -&& install -d -m 0755 "${symbindir}" \ -&& install -d -m 0755 "${uxbindir}" \ -&& install -m 0755 "ext/bin/puppetserver" "${bindir}/puppetserver" \ -&& ln -s "../apps/puppetserver/bin/puppetserver" "${symbindir}/puppetserver" \ -&& ln -s "../server/apps/puppetserver/bin/puppetserver" "${uxbindir}/puppetserver" \ -&& install -m 0755 ext/cli/foreground "${apps_dir}/puppetserver/cli/apps/foreground" \ -&& install -m 0755 ext/cli/dropsonde "${apps_dir}/puppetserver/cli/apps/dropsonde" \ -&& install -m 0755 ext/cli/ca "${apps_dir}/puppetserver/cli/apps/ca" \ -&& install -m 0755 ext/cli/irb "${apps_dir}/puppetserver/cli/apps/irb" \ -&& install -m 0755 ext/cli/gem "${apps_dir}/puppetserver/cli/apps/gem" \ -&& install -m 0755 ext/cli/reload "${apps_dir}/puppetserver/cli/apps/reload" \ -&& install -m 0755 ext/cli/ruby "${apps_dir}/puppetserver/cli/apps/ruby" \ -&& install -m 0755 ext/cli/stop "${apps_dir}/puppetserver/cli/apps/stop" \ -&& install -m 0755 ext/cli/start "${apps_dir}/puppetserver/cli/apps/start" \ -&& install -m 0644 puppet-server-release.jar "${apps_dir}/puppetserver" \ -&& install -d -m 0700 "${app_logdir}" \ -&& install -d -m 0755 "${rundir}" \ -&& install -d -m 700 "${data_dir}/puppetserver/jars" \ -&& install -d -m 700 "${data_dir}/puppetserver/yaml" - -RUN echo 'alias ll="ls -la --color=auto"' >> ~/.bashrc - -RUN useradd --uid 1001 --home-dir ${data_dir}/puppetserver --shell /usr/sbin/nologin --user-group puppet \ -&& install --owner=puppet --group=puppet -d /opt/puppetlabs/server/data/puppetserver/jruby-gems \ -&& install --directory --owner=puppet --group=puppet --mode=775 /opt/puppetlabs/server/data \ -&& install --directory "${etc_dir}/puppet/ssl" \ -&& install --directory "${etc_dir}/puppetserver/ca" \ -&& chown -R puppet:puppet ${etc_dir}/puppet/ssl \ -&& chown -R puppet:puppet ${etc_dir}/puppetserver/ca \ -&& find /etc/puppetlabs/puppet/ssl -type d -print0 | xargs -0 chmod 770 \ -&& ln -s /usr/local/openjdk-24/bin/java /usr/bin/java -# && /opt/puppetlabs/bin/puppetserver gem install puppet - -EXPOSE 8140 - -# ENTRYPOINT ["/opt/puppetlabs/bin/puppetserver"] -# CMD ["start"] diff --git a/build/build.sh b/build/build.sh deleted file mode 100755 index 9d2c590e..00000000 --- a/build/build.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -pps_version=${1:-8.6.3} -pp_version=${2:-8.9.0} -container_version=${3:-1.0.1} - -if [ -d puppetserver-${pps_version} ]; then - rm -rf puppetserver-${pps_version} -fi - -if [ -d puppet-${pp_version} ]; then - rm -rf puppet-${pp_version} -fi - -if [ ! -f puppetserver-${pps_version}.tar.gz ]; then - curl -v https://downloads.puppet.com/puppet/puppetserver-${pps_version}.tar.gz -o puppetserver-${pps_version}.tar.gz -fi -if [ ! -f puppet-${pp_version}.tar.gz ]; then - curl -v https://downloads.puppet.com/puppet/puppet-${pp_version}.tar.gz -o puppet-${pp_version}.tar.gz -fi - -tar -xf puppetserver-${pps_version}.tar.gz -tar -xf puppet-${pp_version}.tar.gz - -# cp Dockerfile puppetserver-${pps_version}/ -# cd puppetserver-${pps_version} -docker build -t puppetserver:${pps_version}-v${container_version} . diff --git a/puppetserver/Dockerfile.alpine b/puppetserver/Dockerfile.alpine new file mode 100644 index 00000000..814f70bd --- /dev/null +++ b/puppetserver/Dockerfile.alpine @@ -0,0 +1,184 @@ +FROM alpine:3.20 AS build + +ARG VERSION=8.6.3 +ADD https://downloads.puppet.com/puppet/puppetserver-${VERSION}.tar.gz / +RUN tar -xzf /puppetserver-${VERSION}.tar.gz && mv /puppetserver-${VERSION} /install + +ENV apps_dir=/opt/puppetlabs/server/apps +ENV app_logdir=/var/log/puppetlabs +ENV data_dir=/opt/puppetlabs/server/data +ENV etc_dir=/etc/puppetlabs +ENV run_dir=/var/run/puppetlabs +ENV bindir=/opt/puppetlabs/server/apps/puppetserver/bin +ENV symbindir=/opt/puppetlabs/server/bin +ENV uxbindir=/opt/puppetlabs/bin + +RUN apk update && apk upgrade \ +&& apk add --no-cache --update openjdk17-jre-headless \ +&& apk add --no-cache --update bash \ +&& cd /install \ +&& install -d -m 0755 "${apps_dir}/puppetserver" \ +&& install -d -m 0770 "${data_dir}/puppetserver" \ +&& install -m 0644 /install/puppet-server-release.jar "${apps_dir}/puppetserver" \ +&& install -m 0774 /install/ext/ezbake-functions.sh "${apps_dir}/puppetserver" \ +&& install -m 0644 /install/ext/ezbake.manifest "${apps_dir}/puppetserver" \ +&& install -d -m 0755 "${etc_dir}/puppetserver/conf.d" \ +&& install -d -m 0755 "${etc_dir}/puppetserver/services.d" \ +&& install -m 0644 /install/ext/config/request-logging.xml "${etc_dir}/puppetserver/request-logging.xml" \ +&& install -m 0644 /install/ext/config/conf.d/puppetserver.conf "${etc_dir}/puppetserver/conf.d/puppetserver.conf" \ +&& install -m 0644 /install/ext/config/logback.xml "${etc_dir}/puppetserver/logback.xml" \ +&& install -m 0644 /install/ext/config/services.d/ca.cfg "${etc_dir}/puppetserver/services.d/ca.cfg" \ +&& install -m 0644 /install/ext/config/conf.d/global.conf "${etc_dir}/puppetserver/conf.d/global.conf" \ +&& install -m 0644 /install/ext/config/conf.d/web-routes.conf "${etc_dir}/puppetserver/conf.d/web-routes.conf" \ +&& install -m 0644 /install/ext/config/conf.d/auth.conf "${etc_dir}/puppetserver/conf.d/auth.conf" \ +&& install -m 0644 /install/ext/config/conf.d/metrics.conf "${etc_dir}/puppetserver/conf.d/metrics.conf" \ +&& install -m 0644 /install/ext/config/conf.d/ca.conf "${etc_dir}/puppetserver/conf.d/ca.conf" \ +&& install -m 0644 /install/ext/config/conf.d/webserver.conf "${etc_dir}/puppetserver/conf.d/webserver.conf" \ +&& install -d -m 0755 "${apps_dir}/puppetserver/cli" \ +&& install -d -m 0755 "${apps_dir}/puppetserver/cli/apps" \ +&& install -d -m 0755 "${bindir}" \ +&& install -d -m 0755 "${symbindir}" \ +&& install -d -m 0755 "${uxbindir}" \ +&& install -m 0755 "/install/ext/bin/puppetserver" "${bindir}/puppetserver" \ +&& ln -s "../apps/puppetserver/bin/puppetserver" "${symbindir}/puppetserver" \ +&& ln -s "../server/apps/puppetserver/bin/puppetserver" "${uxbindir}/puppetserver" \ +&& install -m 0755 /install/ext/cli/foreground "${apps_dir}/puppetserver/cli/apps/foreground" \ +&& install -m 0755 /install/ext/cli/dropsonde "${apps_dir}/puppetserver/cli/apps/dropsonde" \ +&& install -m 0755 /install/ext/cli/ca "${apps_dir}/puppetserver/cli/apps/ca" \ +&& install -m 0755 /install/ext/cli/irb "${apps_dir}/puppetserver/cli/apps/irb" \ +&& install -m 0755 /install/ext/cli/gem "${apps_dir}/puppetserver/cli/apps/gem" \ +&& install -m 0755 /install/ext/cli/reload "${apps_dir}/puppetserver/cli/apps/reload" \ +&& install -m 0755 /install/ext/cli/ruby "${apps_dir}/puppetserver/cli/apps/ruby" \ +&& install -m 0755 /install/ext/cli/stop "${apps_dir}/puppetserver/cli/apps/stop" \ +&& install -m 0755 /install/ext/cli/start "${apps_dir}/puppetserver/cli/apps/start" \ +&& install -d -m 0700 "${app_logdir}/puppetserver" \ +&& install -d -m 0755 "${run_dir}/puppetserver" \ +&& install -d -m 700 "${data_dir}/puppetserver/jars" \ +&& install -d -m 700 "${data_dir}/puppetserver/yaml" \ +&& install -d /opt/puppetlabs/server/data/puppetserver/jruby-gems \ +&& install -d -m=775 /opt/puppetlabs/server/data \ +&& install -d "${etc_dir}/puppet/ssl" \ +&& install -d "${etc_dir}/puppetserver/ca" \ +&& bash /install/ext/build-scripts/install-vendored-gems.sh + +################################################################################ + +FROM alpine:3.20 AS final + +ARG vcs_ref +ARG build_date + +LABEL \ + org.label-schema.build-date="$build_date" \ + org.label-schema.dockerfile="/Dockerfile" \ + org.label-schema.license="Apache-2.0" \ + org.label-schema.maintainer="Voxpupuli Team " \ + org.label-schema.schema-version="1.0" \ + org.label-schema.url="https://github.com/voxpupuli/container-puppetserver" \ + org.label-schema.vcs-ref="$vcs_ref" \ + org.label-schema.vcs-url="https://github.com/voxpupuli/container-puppetserver" \ + org.label-schema.vendor="Voxpupuli" + +ENV PUPPETSERVER_JAVA_ARGS="-Xms1024m -Xmx1024m" \ + JAVA_ARGS=${PUPPETSERVER_JAVA_ARGS} \ + PATH=$PATH:/opt/puppetlabs/server/bin:/opt/puppetlabs/puppet/bin:/opt/puppetlabs/bin \ + SSLDIR=/etc/puppetlabs/puppet/ssl \ + LOGDIR=/var/log/puppetlabs/puppetserver \ + PUPPETSERVER_HOSTNAME="" \ + CERTNAME="" \ + DNS_ALT_NAMES="" \ + PUPPETSERVER_PORT=8140 \ + AUTOSIGN=true \ + PUPPETSERVER_MAX_ACTIVE_INSTANCES=1 \ + PUPPETSERVER_MAX_REQUESTS_PER_INSTANCE=0 \ + CA_ENABLED=true \ + CA_HOSTNAME=puppet \ + CA_PORT=8140 \ + CA_ALLOW_SUBJECT_ALT_NAMES=false \ + INTERMEDIATE_CA=false \ + INTERMEDIATE_CA_BUNDLE=/etc/puppetlabs/intermediate/ca.pem \ + INTERMEDIATE_CRL_CHAIN=/etc/puppetlabs/intermediate/crl.pem \ + INTERMEDIATE_CA_KEY=/etc/puppetlabs/intermediate/key.pem \ + USE_PUPPETDB=false \ + PUPPETDB_SERVER_URLS=https://puppetdb:8081 \ + PUPPET_STORECONFIGS_BACKEND="puppetdb" \ + PUPPET_STORECONFIGS=true \ + PUPPET_REPORTS="puppetdb" \ + PUPPETSERVER_GRAPHITE_EXPORTER_ENABLED=false \ + PUPPETSERVER_GRAPHITE_PORT=9109 \ + PUPPETSERVER_GRAPHITE_HOST=exporter \ + PUPPETSERVER_ENVIRONMENT_TIMEOUT=unlimited \ + PUPPETSERVER_ENABLE_ENV_CACHE_DEL_API=true \ + ENVIRONMENTPATH=/etc/puppetlabs/code/environments \ + HIERACONFIG='$confdir/hiera.yaml' \ + CSR_ATTRIBUTES='{}' + +ENV apps_dir=/opt/puppetlabs/server/apps \ + app_logdir=/var/log/puppetlabs \ + data_dir=/opt/puppetlabs/server/data \ + etc_dir=/etc/puppetlabs \ + run_dir=/var/run/puppetlabs \ + bindir=/opt/puppetlabs/server/apps/puppetserver/bin \ + symbindir=/opt/puppetlabs/server/bin \ + uxbindir=/opt/puppetlabs/bin + +# old /etc/default/puppetserver +# how where do i put this in the new world? 🤔 +# +# ENV \ +# USER="puppet" \ +# GROUP="puppet" \ +# INSTALL_DIR="/opt/puppetlabs/server/apps/puppetserver" \ +# CONFIG="/etc/puppetlabs/puppetserver/conf.d" \ +# BOOTSTRAP_CONFIG="/etc/puppetlabs/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/" \ +# SERVICE_STOP_RETRIES=60 + +COPY --from=build /opt/puppetlabs /opt/puppetlabs +COPY --from=build /etc/puppetlabs /etc/puppetlabs +COPY --from=build /var/log/puppetlabs /var/log/puppetlabs +COPY --from=build /var/run/puppetlabs /var/run/puppetlabs + +COPY docker-entrypoint.sh / +COPY healthcheck.sh / +COPY docker-entrypoint.d /docker-entrypoint.d +COPY metrics.conf.tmpl /metrics.conf.tmpl +COPY add_cache_del_api_auth_rules.rb /add_cache_del_api_auth_rules.rb +COPY logback.xml /etc/puppetlabs/puppetserver/ +COPY request-logging.xml /etc/puppetlabs/puppetserver/ +COPY conf.d/puppetserver.conf /etc/puppetlabs/puppetserver/conf.d/ +COPY conf.d/product.conf /etc/puppetlabs/puppetserver/conf.d/ +COPY puppetdb.conf /var/tmp/puppet/ +COPY Dockerfile / + +RUN apk update && apk upgrade \ +&& apk add --no-cache --update openjdk17-jre-headless \ +&& apk add --no-cache --update bash \ +&& apk add --no-cache --update dumb-init \ +&& apk add --no-cache --update openssh-client \ +&& apk add --no-cache --update libssh2 \ +&& addgroup -g 1001 puppet \ +&& adduser -G puppet -u 1001 -h ${data_dir}/puppetserver -H -D -s /sbin/nologin puppet \ +&& chown -R puppet:puppet ${etc_dir}/puppet/ssl \ +&& chown -R puppet:puppet ${etc_dir}/puppetserver/ca \ +&& chown -R puppet:puppet ${app_logdir}/puppetserver \ +&& chown -R puppet:puppet ${run_dir}/puppetserver \ +&& chown -R puppet:puppet ${data_dir}/puppetserver \ +&& chmod 700 ${app_logdir}/puppetserver \ +&& chmod 770 ${data_dir}/puppetserver \ +&& chmod 750 ${etc_dir}/puppetserver \ +&& chmod 700 ${data_dir}/puppetserver/jars \ +&& chmod 700 ${data_dir}/puppetserver/yaml \ +&& find /etc/puppetlabs/puppet/ssl -type d -print0 | xargs -0 chmod 770 \ +&& echo 'alias ll="ls -la --color=auto"' >> ~/.bashrc \ +&& chmod +x /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d/*.sh + +# gem install --no-doc r10k -v $R10K_VERSION && \ +# gem install --no-doc rugged -v $RUGGED_VERSION -- --with-ssh && \ + +# k8s uses livenessProbe, startupProbe, readinessProbe and ignores HEALTHCHECK +HEALTHCHECK --interval=20s --timeout=15s --retries=12 --start-period=3m CMD ["/healthcheck.sh"] + +EXPOSE 8140 + +ENTRYPOINT ["dumb-init", "/docker-entrypoint.sh"] +CMD ["foreground"] From 4632858c344b09477e82679653d40428e95c285a Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Sat, 12 Oct 2024 01:46:56 +0200 Subject: [PATCH 04/11] feat: add ruby and some gems to installation Signed-off-by: Robert Waffen --- puppetserver/Dockerfile.alpine | 111 ++++++++++-------- .../docker-entrypoint.d/55-set-masterport.sh | 2 +- puppetserver/docker-entrypoint.d/90-ca.sh | 2 +- 3 files changed, 64 insertions(+), 51 deletions(-) diff --git a/puppetserver/Dockerfile.alpine b/puppetserver/Dockerfile.alpine index 814f70bd..d454179b 100644 --- a/puppetserver/Dockerfile.alpine +++ b/puppetserver/Dockerfile.alpine @@ -1,4 +1,14 @@ -FROM alpine:3.20 AS build +FROM alpine:3.20 AS base + +# Install JDK +RUN apk update && apk upgrade \ + && apk add openjdk17-jre-headless \ + && apk add --no-cache --update bash \ + && rm -rf /var/cache/apk/* + +################################################################################ + +FROM base AS build ARG VERSION=8.6.3 ADD https://downloads.puppet.com/puppet/puppetserver-${VERSION}.tar.gz / @@ -13,44 +23,41 @@ ENV bindir=/opt/puppetlabs/server/apps/puppetserver/bin ENV symbindir=/opt/puppetlabs/server/bin ENV uxbindir=/opt/puppetlabs/bin -RUN apk update && apk upgrade \ -&& apk add --no-cache --update openjdk17-jre-headless \ -&& apk add --no-cache --update bash \ -&& cd /install \ +RUN apk update && cd /install \ && install -d -m 0755 "${apps_dir}/puppetserver" \ && install -d -m 0770 "${data_dir}/puppetserver" \ -&& install -m 0644 /install/puppet-server-release.jar "${apps_dir}/puppetserver" \ -&& install -m 0774 /install/ext/ezbake-functions.sh "${apps_dir}/puppetserver" \ -&& install -m 0644 /install/ext/ezbake.manifest "${apps_dir}/puppetserver" \ +&& install -m 0644 puppet-server-release.jar "${apps_dir}/puppetserver" \ +&& install -m 0774 ext/ezbake-functions.sh "${apps_dir}/puppetserver" \ +&& install -m 0644 ext/ezbake.manifest "${apps_dir}/puppetserver" \ && install -d -m 0755 "${etc_dir}/puppetserver/conf.d" \ && install -d -m 0755 "${etc_dir}/puppetserver/services.d" \ -&& install -m 0644 /install/ext/config/request-logging.xml "${etc_dir}/puppetserver/request-logging.xml" \ -&& install -m 0644 /install/ext/config/conf.d/puppetserver.conf "${etc_dir}/puppetserver/conf.d/puppetserver.conf" \ -&& install -m 0644 /install/ext/config/logback.xml "${etc_dir}/puppetserver/logback.xml" \ -&& install -m 0644 /install/ext/config/services.d/ca.cfg "${etc_dir}/puppetserver/services.d/ca.cfg" \ -&& install -m 0644 /install/ext/config/conf.d/global.conf "${etc_dir}/puppetserver/conf.d/global.conf" \ -&& install -m 0644 /install/ext/config/conf.d/web-routes.conf "${etc_dir}/puppetserver/conf.d/web-routes.conf" \ -&& install -m 0644 /install/ext/config/conf.d/auth.conf "${etc_dir}/puppetserver/conf.d/auth.conf" \ -&& install -m 0644 /install/ext/config/conf.d/metrics.conf "${etc_dir}/puppetserver/conf.d/metrics.conf" \ -&& install -m 0644 /install/ext/config/conf.d/ca.conf "${etc_dir}/puppetserver/conf.d/ca.conf" \ -&& install -m 0644 /install/ext/config/conf.d/webserver.conf "${etc_dir}/puppetserver/conf.d/webserver.conf" \ +&& install -m 0644 ext/config/request-logging.xml "${etc_dir}/puppetserver/request-logging.xml" \ +&& install -m 0644 ext/config/conf.d/puppetserver.conf "${etc_dir}/puppetserver/conf.d/puppetserver.conf" \ +&& install -m 0644 ext/config/logback.xml "${etc_dir}/puppetserver/logback.xml" \ +&& install -m 0644 ext/config/services.d/ca.cfg "${etc_dir}/puppetserver/services.d/ca.cfg" \ +&& install -m 0644 ext/config/conf.d/global.conf "${etc_dir}/puppetserver/conf.d/global.conf" \ +&& install -m 0644 ext/config/conf.d/web-routes.conf "${etc_dir}/puppetserver/conf.d/web-routes.conf" \ +&& install -m 0644 ext/config/conf.d/auth.conf "${etc_dir}/puppetserver/conf.d/auth.conf" \ +&& install -m 0644 ext/config/conf.d/metrics.conf "${etc_dir}/puppetserver/conf.d/metrics.conf" \ +&& install -m 0644 ext/config/conf.d/ca.conf "${etc_dir}/puppetserver/conf.d/ca.conf" \ +&& install -m 0644 ext/config/conf.d/webserver.conf "${etc_dir}/puppetserver/conf.d/webserver.conf" \ && install -d -m 0755 "${apps_dir}/puppetserver/cli" \ && install -d -m 0755 "${apps_dir}/puppetserver/cli/apps" \ && install -d -m 0755 "${bindir}" \ && install -d -m 0755 "${symbindir}" \ && install -d -m 0755 "${uxbindir}" \ -&& install -m 0755 "/install/ext/bin/puppetserver" "${bindir}/puppetserver" \ +&& install -m 0755 "ext/bin/puppetserver" "${bindir}/puppetserver" \ && ln -s "../apps/puppetserver/bin/puppetserver" "${symbindir}/puppetserver" \ && ln -s "../server/apps/puppetserver/bin/puppetserver" "${uxbindir}/puppetserver" \ -&& install -m 0755 /install/ext/cli/foreground "${apps_dir}/puppetserver/cli/apps/foreground" \ -&& install -m 0755 /install/ext/cli/dropsonde "${apps_dir}/puppetserver/cli/apps/dropsonde" \ -&& install -m 0755 /install/ext/cli/ca "${apps_dir}/puppetserver/cli/apps/ca" \ -&& install -m 0755 /install/ext/cli/irb "${apps_dir}/puppetserver/cli/apps/irb" \ -&& install -m 0755 /install/ext/cli/gem "${apps_dir}/puppetserver/cli/apps/gem" \ -&& install -m 0755 /install/ext/cli/reload "${apps_dir}/puppetserver/cli/apps/reload" \ -&& install -m 0755 /install/ext/cli/ruby "${apps_dir}/puppetserver/cli/apps/ruby" \ -&& install -m 0755 /install/ext/cli/stop "${apps_dir}/puppetserver/cli/apps/stop" \ -&& install -m 0755 /install/ext/cli/start "${apps_dir}/puppetserver/cli/apps/start" \ +&& install -m 0755 ext/cli/foreground "${apps_dir}/puppetserver/cli/apps/foreground" \ +&& install -m 0755 ext/cli/dropsonde "${apps_dir}/puppetserver/cli/apps/dropsonde" \ +&& install -m 0755 ext/cli/ca "${apps_dir}/puppetserver/cli/apps/ca" \ +&& install -m 0755 ext/cli/irb "${apps_dir}/puppetserver/cli/apps/irb" \ +&& install -m 0755 ext/cli/gem "${apps_dir}/puppetserver/cli/apps/gem" \ +&& install -m 0755 ext/cli/reload "${apps_dir}/puppetserver/cli/apps/reload" \ +&& install -m 0755 ext/cli/ruby "${apps_dir}/puppetserver/cli/apps/ruby" \ +&& install -m 0755 ext/cli/stop "${apps_dir}/puppetserver/cli/apps/stop" \ +&& install -m 0755 ext/cli/start "${apps_dir}/puppetserver/cli/apps/start" \ && install -d -m 0700 "${app_logdir}/puppetserver" \ && install -d -m 0755 "${run_dir}/puppetserver" \ && install -d -m 700 "${data_dir}/puppetserver/jars" \ @@ -59,11 +66,11 @@ RUN apk update && apk upgrade \ && install -d -m=775 /opt/puppetlabs/server/data \ && install -d "${etc_dir}/puppet/ssl" \ && install -d "${etc_dir}/puppetserver/ca" \ -&& bash /install/ext/build-scripts/install-vendored-gems.sh +&& bash ext/build-scripts/install-vendored-gems.sh ################################################################################ -FROM alpine:3.20 AS final +FROM base AS final ARG vcs_ref ARG build_date @@ -80,12 +87,11 @@ LABEL \ org.label-schema.vendor="Voxpupuli" ENV PUPPETSERVER_JAVA_ARGS="-Xms1024m -Xmx1024m" \ - JAVA_ARGS=${PUPPETSERVER_JAVA_ARGS} \ PATH=$PATH:/opt/puppetlabs/server/bin:/opt/puppetlabs/puppet/bin:/opt/puppetlabs/bin \ SSLDIR=/etc/puppetlabs/puppet/ssl \ LOGDIR=/var/log/puppetlabs/puppetserver \ - PUPPETSERVER_HOSTNAME="" \ - CERTNAME="" \ + PUPPETSERVER_HOSTNAME="puppet" \ + CERTNAME="puppet" \ DNS_ALT_NAMES="" \ PUPPETSERVER_PORT=8140 \ AUTOSIGN=true \ @@ -122,17 +128,6 @@ ENV apps_dir=/opt/puppetlabs/server/apps \ symbindir=/opt/puppetlabs/server/bin \ uxbindir=/opt/puppetlabs/bin -# old /etc/default/puppetserver -# how where do i put this in the new world? 🤔 -# -# ENV \ -# USER="puppet" \ -# GROUP="puppet" \ -# INSTALL_DIR="/opt/puppetlabs/server/apps/puppetserver" \ -# CONFIG="/etc/puppetlabs/puppetserver/conf.d" \ -# BOOTSTRAP_CONFIG="/etc/puppetlabs/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/" \ -# SERVICE_STOP_RETRIES=60 - COPY --from=build /opt/puppetlabs /opt/puppetlabs COPY --from=build /etc/puppetlabs /etc/puppetlabs COPY --from=build /var/log/puppetlabs /var/log/puppetlabs @@ -149,13 +144,23 @@ COPY conf.d/puppetserver.conf /etc/puppetlabs/puppetserver/conf.d/ COPY conf.d/product.conf /etc/puppetlabs/puppetserver/conf.d/ COPY puppetdb.conf /var/tmp/puppet/ COPY Dockerfile / +COPY puppetserver /etc/default/puppetserver -RUN apk update && apk upgrade \ -&& apk add --no-cache --update openjdk17-jre-headless \ -&& apk add --no-cache --update bash \ +RUN apk update \ && apk add --no-cache --update dumb-init \ && apk add --no-cache --update openssh-client \ && apk add --no-cache --update libssh2 \ +&& apk add --no-cache --update ruby=3.3.3-r1 \ +&& apk add --no-cache --update ruby-dev=3.3.3-r1 \ +&& apk add --no-cache --update alpine-sdk=1.0-r1 \ +&& apk add --no-cache --update openssl=3.3.2-r0 \ +&& gem install --no-doc puppet -v 8.9.0 \ +&& gem install --no-doc hocon -v 1.4.0 \ +&& gem install --no-doc racc -v 1.8.1 \ +&& gem install --no-doc r10k -v 4.1.0 \ +&& gem install --no-doc hiera-eyaml -v 4.1.0 \ +&& gem install --no-doc puppetserver-ca -v 2.6.0 \ +&& apk del --no-cache --purge alpine-sdk \ && addgroup -g 1001 puppet \ && adduser -G puppet -u 1001 -h ${data_dir}/puppetserver -H -D -s /sbin/nologin puppet \ && chown -R puppet:puppet ${etc_dir}/puppet/ssl \ @@ -170,9 +175,17 @@ RUN apk update && apk upgrade \ && chmod 700 ${data_dir}/puppetserver/yaml \ && find /etc/puppetlabs/puppet/ssl -type d -print0 | xargs -0 chmod 770 \ && echo 'alias ll="ls -la --color=auto"' >> ~/.bashrc \ -&& chmod +x /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d/*.sh +&& chmod +x /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d/*.sh \ +&& mkdir -p /opt/puppetlabs/puppet/bin \ +&& ln -s /usr/bin/puppet /opt/puppetlabs/puppet/bin/puppet \ +&& ln -s /usr/bin/facter /opt/puppetlabs/puppet/bin/facter \ +&& ln -s /usr/bin/ruby /opt/puppetlabs/puppet/bin/ruby \ +&& ln -s /usr/bin/gem /opt/puppetlabs/puppet/bin/gem \ +&& ln -s /usr/bin/irb /opt/puppetlabs/puppet/bin/irb \ +&& ln -s /usr/bin/erb /opt/puppetlabs/puppet/bin/erb \ +&& ln -s /usr/bin/r10k /opt/puppetlabs/puppet/bin/r10k \ +&& ln -s /usr/bin/hiera-eyaml /opt/puppetlabs/puppet/bin/hiera-eyaml -# gem install --no-doc r10k -v $R10K_VERSION && \ # gem install --no-doc rugged -v $RUGGED_VERSION -- --with-ssh && \ # k8s uses livenessProbe, startupProbe, readinessProbe and ignores HEALTHCHECK diff --git a/puppetserver/docker-entrypoint.d/55-set-masterport.sh b/puppetserver/docker-entrypoint.d/55-set-masterport.sh index 88a5d73b..d39385b9 100755 --- a/puppetserver/docker-entrypoint.d/55-set-masterport.sh +++ b/puppetserver/docker-entrypoint.d/55-set-masterport.sh @@ -3,7 +3,7 @@ set -e hocon() { - /opt/puppetlabs/puppet/lib/ruby/vendor_gems/bin/hocon "$@" + /usr/bin/hocon "$@" } if test -n "$PUPPETSERVER_PORT"; then diff --git a/puppetserver/docker-entrypoint.d/90-ca.sh b/puppetserver/docker-entrypoint.d/90-ca.sh index 90acf8dc..e7c43562 100755 --- a/puppetserver/docker-entrypoint.d/90-ca.sh +++ b/puppetserver/docker-entrypoint.d/90-ca.sh @@ -8,7 +8,7 @@ ca_running() { } hocon() { - /opt/puppetlabs/puppet/lib/ruby/vendor_gems/bin/hocon "$@" + /usr/bin/hocon "$@" } if [[ "$CA_ENABLED" != "true" ]]; then From 126bf903bf6f969b71796e7e059bc0d246b9a53a Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 8 Nov 2024 14:19:21 +0100 Subject: [PATCH 05/11] fix: use relative command path --- puppetserver/docker-entrypoint.d/50-set-certname.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/puppetserver/docker-entrypoint.d/50-set-certname.sh b/puppetserver/docker-entrypoint.d/50-set-certname.sh index c86f32d7..054fe1a9 100755 --- a/puppetserver/docker-entrypoint.d/50-set-certname.sh +++ b/puppetserver/docker-entrypoint.d/50-set-certname.sh @@ -3,9 +3,9 @@ set -e if [ -n "${PUPPETSERVER_HOSTNAME}" ]; then - /opt/puppetlabs/bin/puppet config set server "$PUPPETSERVER_HOSTNAME" + puppet config set server "$PUPPETSERVER_HOSTNAME" fi if [ -n "${CERTNAME}" ]; then - /opt/puppetlabs/bin/puppet config set certname "$CERTNAME" + puppet config set certname "$CERTNAME" fi From 0f5c2e333a779af8d80fb158508fd6f7326a0b60 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 8 Nov 2024 14:19:38 +0100 Subject: [PATCH 06/11] fix: remove version from apks --- puppetserver/Dockerfile.alpine | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/puppetserver/Dockerfile.alpine b/puppetserver/Dockerfile.alpine index d454179b..3cc686ae 100644 --- a/puppetserver/Dockerfile.alpine +++ b/puppetserver/Dockerfile.alpine @@ -148,12 +148,12 @@ COPY puppetserver /etc/default/puppetserver RUN apk update \ && apk add --no-cache --update dumb-init \ +&& apk add --no-cache --update alpine-sdk \ && apk add --no-cache --update openssh-client \ +&& apk add --no-cache --update openssl \ && apk add --no-cache --update libssh2 \ && apk add --no-cache --update ruby=3.3.3-r1 \ && apk add --no-cache --update ruby-dev=3.3.3-r1 \ -&& apk add --no-cache --update alpine-sdk=1.0-r1 \ -&& apk add --no-cache --update openssl=3.3.2-r0 \ && gem install --no-doc puppet -v 8.9.0 \ && gem install --no-doc hocon -v 1.4.0 \ && gem install --no-doc racc -v 1.8.1 \ From e484cad687c3849d418e9de4c7c213af851a600e Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 8 Nov 2024 16:42:29 +0100 Subject: [PATCH 07/11] fix: add bootstrap and update build --- puppetserver/Dockerfile.alpine | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/puppetserver/Dockerfile.alpine b/puppetserver/Dockerfile.alpine index 3cc686ae..58dd8867 100644 --- a/puppetserver/Dockerfile.alpine +++ b/puppetserver/Dockerfile.alpine @@ -10,9 +10,8 @@ RUN apk update && apk upgrade \ FROM base AS build -ARG VERSION=8.6.3 -ADD https://downloads.puppet.com/puppet/puppetserver-${VERSION}.tar.gz / -RUN tar -xzf /puppetserver-${VERSION}.tar.gz && mv /puppetserver-${VERSION} /install +ARG SERVER_VERSION=8.7.0 +ADD https://downloads.puppet.com/puppet/puppetserver-${SERVER_VERSION}.tar.gz / ENV apps_dir=/opt/puppetlabs/server/apps ENV app_logdir=/var/log/puppetlabs @@ -23,7 +22,9 @@ ENV bindir=/opt/puppetlabs/server/apps/puppetserver/bin ENV symbindir=/opt/puppetlabs/server/bin ENV uxbindir=/opt/puppetlabs/bin -RUN apk update && cd /install \ +RUN apk update \ +&& tar -xzf /puppetserver-${SERVER_VERSION}.tar.gz \ +&& cd /puppetserver-${SERVER_VERSION} \ && install -d -m 0755 "${apps_dir}/puppetserver" \ && install -d -m 0770 "${data_dir}/puppetserver" \ && install -m 0644 puppet-server-release.jar "${apps_dir}/puppetserver" \ @@ -31,6 +32,8 @@ RUN apk update && cd /install \ && install -m 0644 ext/ezbake.manifest "${apps_dir}/puppetserver" \ && install -d -m 0755 "${etc_dir}/puppetserver/conf.d" \ && install -d -m 0755 "${etc_dir}/puppetserver/services.d" \ +&& install -d -m 0755 "${apps_dir}/puppetserver/config/services.d" \ +&& install -m 0644 ext/system-config/services.d/bootstrap.cfg "${apps_dir}/puppetserver/config/services.d/bootstrap.cfg" \ && install -m 0644 ext/config/request-logging.xml "${etc_dir}/puppetserver/request-logging.xml" \ && install -m 0644 ext/config/conf.d/puppetserver.conf "${etc_dir}/puppetserver/conf.d/puppetserver.conf" \ && install -m 0644 ext/config/logback.xml "${etc_dir}/puppetserver/logback.xml" \ @@ -58,6 +61,7 @@ RUN apk update && cd /install \ && install -m 0755 ext/cli/ruby "${apps_dir}/puppetserver/cli/apps/ruby" \ && install -m 0755 ext/cli/stop "${apps_dir}/puppetserver/cli/apps/stop" \ && install -m 0755 ext/cli/start "${apps_dir}/puppetserver/cli/apps/start" \ +&& install -m 0755 ext/cli_defaults/cli-defaults.sh "${apps_dir}/puppetserver/cli" \ && install -d -m 0700 "${app_logdir}/puppetserver" \ && install -d -m 0755 "${run_dir}/puppetserver" \ && install -d -m 700 "${data_dir}/puppetserver/jars" \ From 883e0a725b9213c875d87ec6791d370b536be81b Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Wed, 20 Nov 2024 14:43:05 +0100 Subject: [PATCH 08/11] fix: add puppet gem to server loadpath and add code dir --- puppetserver/Dockerfile.alpine | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/puppetserver/Dockerfile.alpine b/puppetserver/Dockerfile.alpine index 58dd8867..be378aa3 100644 --- a/puppetserver/Dockerfile.alpine +++ b/puppetserver/Dockerfile.alpine @@ -69,6 +69,7 @@ RUN apk update \ && install -d /opt/puppetlabs/server/data/puppetserver/jruby-gems \ && install -d -m=775 /opt/puppetlabs/server/data \ && install -d "${etc_dir}/puppet/ssl" \ +&& install -d -m=755 "${etc_dir}/code" \ && install -d "${etc_dir}/puppetserver/ca" \ && bash ext/build-scripts/install-vendored-gems.sh @@ -156,17 +157,21 @@ RUN apk update \ && apk add --no-cache --update openssh-client \ && apk add --no-cache --update openssl \ && apk add --no-cache --update libssh2 \ -&& apk add --no-cache --update ruby=3.3.3-r1 \ -&& apk add --no-cache --update ruby-dev=3.3.3-r1 \ -&& gem install --no-doc puppet -v 8.9.0 \ +&& apk add --no-cache --update ruby \ +&& apk add --no-cache --update ruby-dev \ +# && apk add --no-cache --update cmake \ +# install puppet gem as agent into system ruby +&& gem install --no-doc puppet -v 8.10.0 \ && gem install --no-doc hocon -v 1.4.0 \ && gem install --no-doc racc -v 1.8.1 \ && gem install --no-doc r10k -v 4.1.0 \ && gem install --no-doc hiera-eyaml -v 4.1.0 \ && gem install --no-doc puppetserver-ca -v 2.6.0 \ +# && gem install --no-doc rugged -- --with-ssh \ && apk del --no-cache --purge alpine-sdk \ && addgroup -g 1001 puppet \ && adduser -G puppet -u 1001 -h ${data_dir}/puppetserver -H -D -s /sbin/nologin puppet \ +&& chown -R puppet:puppet ${etc_dir}/code \ && chown -R puppet:puppet ${etc_dir}/puppet/ssl \ && chown -R puppet:puppet ${etc_dir}/puppetserver/ca \ && chown -R puppet:puppet ${app_logdir}/puppetserver \ @@ -188,9 +193,9 @@ RUN apk update \ && ln -s /usr/bin/irb /opt/puppetlabs/puppet/bin/irb \ && ln -s /usr/bin/erb /opt/puppetlabs/puppet/bin/erb \ && ln -s /usr/bin/r10k /opt/puppetlabs/puppet/bin/r10k \ -&& ln -s /usr/bin/hiera-eyaml /opt/puppetlabs/puppet/bin/hiera-eyaml - -# gem install --no-doc rugged -v $RUGGED_VERSION -- --with-ssh && \ +&& ln -s /usr/bin/hiera-eyaml /opt/puppetlabs/puppet/bin/hiera-eyaml \ +# install puppet gem as library into jruby loadpath +&& puppetserver gem install puppet # k8s uses livenessProbe, startupProbe, readinessProbe and ignores HEALTHCHECK HEALTHCHECK --interval=20s --timeout=15s --retries=12 --start-period=3m CMD ["/healthcheck.sh"] From 73b617581487ddde4102bbc79663ce31720076cf Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Wed, 20 Nov 2024 14:48:07 +0100 Subject: [PATCH 09/11] fix: set path to puppet bin --- puppetserver/docker-entrypoint.d/50-set-certname.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/puppetserver/docker-entrypoint.d/50-set-certname.sh b/puppetserver/docker-entrypoint.d/50-set-certname.sh index 054fe1a9..440e11e5 100755 --- a/puppetserver/docker-entrypoint.d/50-set-certname.sh +++ b/puppetserver/docker-entrypoint.d/50-set-certname.sh @@ -3,9 +3,9 @@ set -e if [ -n "${PUPPETSERVER_HOSTNAME}" ]; then - puppet config set server "$PUPPETSERVER_HOSTNAME" + /usr/bin/puppet config set server "$PUPPETSERVER_HOSTNAME" fi if [ -n "${CERTNAME}" ]; then - puppet config set certname "$CERTNAME" + /usr/bin/puppet config set certname "$CERTNAME" fi From 4ac413298676192a525d76f6c94f8ed1e801006d Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Thu, 21 Nov 2024 13:49:12 +0100 Subject: [PATCH 10/11] feat: add puppetdb-terminus --- build/.gitignore | 1 + puppetserver/Dockerfile.alpine | 24 +++++++++++++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/build/.gitignore b/build/.gitignore index 8e8de81d..c819f874 100644 --- a/build/.gitignore +++ b/build/.gitignore @@ -1,2 +1,3 @@ puppet-* +puppetdb-* puppetserver-* diff --git a/puppetserver/Dockerfile.alpine b/puppetserver/Dockerfile.alpine index be378aa3..cf90fdf1 100644 --- a/puppetserver/Dockerfile.alpine +++ b/puppetserver/Dockerfile.alpine @@ -11,7 +11,9 @@ RUN apk update && apk upgrade \ FROM base AS build ARG SERVER_VERSION=8.7.0 +ARG DB_VERSION=8.8.1 ADD https://downloads.puppet.com/puppet/puppetserver-${SERVER_VERSION}.tar.gz / +ADD https://downloads.puppet.com/puppetdb/puppetdb-${DB_VERSION}.tar.gz / ENV apps_dir=/opt/puppetlabs/server/apps ENV app_logdir=/var/log/puppetlabs @@ -21,9 +23,11 @@ ENV run_dir=/var/run/puppetlabs ENV bindir=/opt/puppetlabs/server/apps/puppetserver/bin ENV symbindir=/opt/puppetlabs/server/bin ENV uxbindir=/opt/puppetlabs/bin +ENV rubylibdir=/opt/puppetlabs/puppet/lib/ruby/vendor_ruby RUN apk update \ && tar -xzf /puppetserver-${SERVER_VERSION}.tar.gz \ +&& tar -xzf /puppetdb-${DB_VERSION}.tar.gz \ && cd /puppetserver-${SERVER_VERSION} \ && install -d -m 0755 "${apps_dir}/puppetserver" \ && install -d -m 0770 "${data_dir}/puppetserver" \ @@ -71,7 +75,25 @@ RUN apk update \ && install -d "${etc_dir}/puppet/ssl" \ && install -d -m=755 "${etc_dir}/code" \ && install -d "${etc_dir}/puppetserver/ca" \ -&& bash ext/build-scripts/install-vendored-gems.sh +&& bash ext/build-scripts/install-vendored-gems.sh \ +### puppetdb-termini +&& cd /puppetdb-${DB_VERSION} \ +&& install -Dm 0644 puppet/face/node/deactivate.rb "${rubylibdir}/puppet/face/node/deactivate.rb" \ +&& install -Dm 0644 puppet/face/node/status.rb "${rubylibdir}/puppet/face/node/status.rb" \ +&& install -Dm 0644 puppet/functions/puppetdb_query.rb "${rubylibdir}/puppet/functions/puppetdb_query.rb" \ +&& install -Dm 0644 puppet/indirector/catalog/puppetdb.rb "${rubylibdir}/puppet/indirector/catalog/puppetdb.rb" \ +&& install -Dm 0644 puppet/indirector/facts/puppetdb_apply.rb "${rubylibdir}/puppet/indirector/facts/puppetdb_apply.rb" \ +&& install -Dm 0644 puppet/indirector/facts/puppetdb.rb "${rubylibdir}/puppet/indirector/facts/puppetdb.rb" \ +&& install -Dm 0644 puppet/indirector/node/puppetdb.rb "${rubylibdir}/puppet/indirector/node/puppetdb.rb" \ +&& install -Dm 0644 puppet/indirector/resource/puppetdb.rb "${rubylibdir}/puppet/indirector/resource/puppetdb.rb" \ +&& install -Dm 0644 puppet/reports/puppetdb.rb "${rubylibdir}/puppet/reports/puppetdb.rb" \ +&& install -Dm 0644 puppet/util/puppetdb.rb "${rubylibdir}/puppet/util/puppetdb.rb" \ +&& install -Dm 0644 puppet/util/puppetdb/atom.rb "${rubylibdir}/puppet/util/puppetdb/atom.rb" \ +&& install -Dm 0644 puppet/util/puppetdb/char_encoding.rb "${rubylibdir}/puppet/util/puppetdb/char_encoding.rb" \ +&& install -Dm 0644 puppet/util/puppetdb/command_names.rb "${rubylibdir}/puppet/util/puppetdb/command_names.rb" \ +&& install -Dm 0644 puppet/util/puppetdb/command.rb "${rubylibdir}/puppet/util/puppetdb/command.rb" \ +&& install -Dm 0644 puppet/util/puppetdb/config.rb "${rubylibdir}/puppet/util/puppetdb/config.rb" \ +&& install -Dm 0644 puppet/util/puppetdb/http.rb "${rubylibdir}/puppet/util/puppetdb/http.rb" ################################################################################ From 8b1edd61bf1ef4166c110a1b55d4ff33d9e9c46a Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 6 Dec 2024 13:18:47 +0100 Subject: [PATCH 11/11] fix: update Dockerfile to include additional files and improve build variables Signed-off-by: Robert Waffen --- puppetserver/Dockerfile.alpine | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/puppetserver/Dockerfile.alpine b/puppetserver/Dockerfile.alpine index cf90fdf1..e1bcc560 100644 --- a/puppetserver/Dockerfile.alpine +++ b/puppetserver/Dockerfile.alpine @@ -12,6 +12,7 @@ FROM base AS build ARG SERVER_VERSION=8.7.0 ARG DB_VERSION=8.8.1 + ADD https://downloads.puppet.com/puppet/puppetserver-${SERVER_VERSION}.tar.gz / ADD https://downloads.puppet.com/puppetdb/puppetdb-${DB_VERSION}.tar.gz / @@ -144,9 +145,9 @@ ENV PUPPETSERVER_JAVA_ARGS="-Xms1024m -Xmx1024m" \ PUPPETSERVER_ENABLE_ENV_CACHE_DEL_API=true \ ENVIRONMENTPATH=/etc/puppetlabs/code/environments \ HIERACONFIG='$confdir/hiera.yaml' \ - CSR_ATTRIBUTES='{}' - -ENV apps_dir=/opt/puppetlabs/server/apps \ + CSR_ATTRIBUTES='{}' \ + ### build variables + apps_dir=/opt/puppetlabs/server/apps \ app_logdir=/var/log/puppetlabs \ data_dir=/opt/puppetlabs/server/data \ etc_dir=/etc/puppetlabs \ @@ -160,17 +161,19 @@ COPY --from=build /etc/puppetlabs /etc/puppetlabs COPY --from=build /var/log/puppetlabs /var/log/puppetlabs COPY --from=build /var/run/puppetlabs /var/run/puppetlabs -COPY docker-entrypoint.sh / -COPY healthcheck.sh / +COPY docker-entrypoint.sh \ + healthcheck.sh \ + Dockerfile \ + metrics.conf.tmpl \ + add_cache_del_api_auth_rules.rb \ + / + COPY docker-entrypoint.d /docker-entrypoint.d -COPY metrics.conf.tmpl /metrics.conf.tmpl -COPY add_cache_del_api_auth_rules.rb /add_cache_del_api_auth_rules.rb COPY logback.xml /etc/puppetlabs/puppetserver/ COPY request-logging.xml /etc/puppetlabs/puppetserver/ COPY conf.d/puppetserver.conf /etc/puppetlabs/puppetserver/conf.d/ COPY conf.d/product.conf /etc/puppetlabs/puppetserver/conf.d/ COPY puppetdb.conf /var/tmp/puppet/ -COPY Dockerfile / COPY puppetserver /etc/default/puppetserver RUN apk update \