Open stahnma opened 4 years ago
Another option here would be to just have an allow rule for the puppetserver container's cert to refresh envs int he default auth.conf setup.
For the auth.conf
issue specifically, ENV vars are immutable once the container launches, so if it's something you think you want to change for a running container (rather than tearing down the container and starting up a new one), then the disk based solution is better. That said, a lot of the config is fairly opinionated at this point and not really designed to be modified by end users (partly b/c of a desire to interface with config in the Docker way and because we don't know all the additional things users really need to modify w/out feedback to tell us what those things are). I think your allow rule idea sounds like the right approach at the moment.
Related - I've been meaning to rework the VOLUME definitions in puppetserver to match the 4 volume setup in pe-puppetserver (or at least the first 3)
# generated certs, logs, restartcounter, filesync, reports, filebucket, facts.d
VOLUME /opt/puppetlabs/server/data/puppetserver \
# pe_repo packages
/opt/puppetlabs/server/data/packages \
# code manager data, code-manager / filesync environment / staging, master code dir
/opt/puppetlabs/server/data/code-manager \
# users should volume map in their id-control_repo.rsa. See 30-configure-ssh.sh
/etc/puppetlabs/puppetserver/ssh
This is to make it easier to just swap in pe-puppetserver and point it to the same volumes as the open source version to "upgrade" and also because we figured out what config to tweak to make sure all the "data" lives in external volumes. This container has more of a legacy setup at this point.
Use Case
I wanted to tell Puppet to re-read the files on disk for an environment, but to do that i have to modify
auth.conf
. First, I think oh, here'sauth.conf
right in/var/lib/docker/volumes/pupperware_puppetserver-config/_data/
, but after some chatting with Charlie and Morgan, seems like that file isn't actually used (so maybe it should go away) and that we need theauth.conf
that would mount into puppetserver'sconf.d
directory.Describe the Solution You Would Like
Have a way to modify
auth.conf
rules (the one that is used) that persists across container restarts. This could a volume mounted, it could be ENV vars set and read in or something.Describe Alternatives You've Considered
auth.conf
.Additional Context
Probably should make the files either expose via volumes or values available in ENV vars.