search

voxpupuli / container-puppetserver

Container image for Puppet Server
Apache License 2.0
20 stars 10 forks source link

puppet not starting at Running /docker-entrypoint.d/90-ca.sh #88

Closed jsfrerot closed 1 month ago

jsfrerot commented 2 months ago

Hi, I'm not able to restart puppet server at this moment. Not sure what happened, I thought it was able to restart after the initial start, but today I can't restart it.

puppet_1       | Running /docker-entrypoint.d/90-ca.sh
puppet_1       | Error:
puppet_1       | Existing file at '/etc/puppetlabs/puppet/ssl/certs/puppet.mydomain.io.pem'
puppet_1       | Existing file at '/etc/puppetlabs/puppet/ssl/certs/ca.pem'
puppet_1       | Existing file at '/etc/puppetlabs/puppet/ssl/crl.pem'
puppet_1       | If you would really like to replace your CA, please delete the existing files first.
puppet_1       | Note that any certificates that were issued by this CA will become invalid if you
puppet_1       | replace it!
docker_puppet_1 exited with code 1

I'm using docker-compose and here is the configuration

  puppet:
    restart: "no"
    hostname: puppet.${DOMAIN:-internal}
    image: voxpupuli/container-puppetserver:8.6.0-main
    ports:
      - 8140:8140
    environment:
      - CA_ALLOW_SUBJECT_ALT_NAMES=true
      - PUPPETSERVER_HOSTNAME=puppet.${DOMAIN:-internal}
      - DNS_ALT_NAMES=puppet,puppet.${DOMAIN:-internal},${DNS_ALT_NAMES:-}
      - PUPPERWARE_ANALYTICS_ENABLED=${PUPPERWARE_ANALYTICS_ENABLED:-true}
      - PUPPETDB_SERVER_URLS=https://puppetdb.${DOMAIN:-internal}:8081
    volumes:
      - ${VOLUME_ROOT:-.}/volumes/code:/etc/puppetlabs/code/
      - ${VOLUME_ROOT:-.}/volumes/puppet:/etc/puppetlabs/puppet/
      - ${VOLUME_ROOT:-.}/volumes/serverdata:/opt/puppetlabs/server/data/puppetserver/
    dns_search: ${DOMAIN:-internal}
    networks:
      default:
        aliases:
         - puppet.${DOMAIN:-internal}

and my env file in /etc/docker/.env 

VOLUME_ROOT=/opt/data/docker-compose/
DOMAIN=mydomain.io
DNS_ALT_NAMES=bln-puppet-001.mydomain.io

any idea of what is happenning?

Thank you.

rwaffen commented 1 month ago

I tested this and first got confused, because something like docker compose restart puppet worked. But when I do docker compose down && docker compose up i also get the error. Will have a deeper look into that.

btw.: PUPPERWARE_ANALYTICS_ENABLED ist not supported anymore, were are not Pupperware. ;-)

rwaffen commented 1 month ago

ah okay, that was a easy one: just add the CA as a volume

    volumes:
    ...
      - ${VOLUME_ROOT:-.}/volumes/ca:/etc/puppetlabs/puppetserver/ca
jsfrerot commented 1 month ago

Adding - ${VOLUME_ROOT:-.}/volumes/ca:/etc/puppetlabs/puppetserver/ca on the puppet container did help for me. Still getting the following error. Note this is an existing installation and I would rather no to have to regenerate all my certificates.

root@bln-puppet-001:~# docker-compose -f /etc/docker/docker-compose.yml logs -f puppet
Attaching to docker_puppet_1
puppet_1       | Running /docker-entrypoint.d/20-use-templates-initially.sh
puppet_1       | Upgrading /opt/puppetlabs/server/data/puppetserver/vendored-jruby-gems
puppet_1       | Running /docker-entrypoint.d/30-set-permissions.sh
puppet_1       | Running /docker-entrypoint.d/40-update-puppetdb-conf.sh
puppet_1       | Running /docker-entrypoint.d/50-set-certname.sh
puppet_1       | Running /docker-entrypoint.d/55-set-masterport.sh
puppet_1       | Running /docker-entrypoint.d/56-set-environmentpath.sh
puppet_1       | Running /docker-entrypoint.d/57-set-hiera_config.sh
puppet_1       | Running /docker-entrypoint.d/60-setup-autosign.sh
puppet_1       | Running /docker-entrypoint.d/70-set-dns-alt-names.sh
puppet_1       | Running /docker-entrypoint.d/83-environment-cache.sh
puppet_1       | Settings environment_timeout to unlimited
puppet_1       | Running /docker-entrypoint.d/84-enable_graphite.sh
puppet_1       | Running /docker-entrypoint.d/85-setup-storeconfigs.sh
puppet_1       | Running /docker-entrypoint.d/88-enable-cache-delete-api.sh
puppet_1       | Running /docker-entrypoint.d/89-csr_attributes.sh
puppet_1       | CSR Attributes: {}
puppet_1       | Running /docker-entrypoint.d/90-ca.sh
puppet_1       | Error:
puppet_1       | Existing file at '/etc/puppetlabs/puppet/ssl/certs/puppet.mydomain.io.pem'
puppet_1       | Existing file at '/etc/puppetlabs/puppet/ssl/certs/ca.pem'
puppet_1       | Existing file at '/etc/puppetlabs/puppet/ssl/crl.pem'
puppet_1       | If you would really like to replace your CA, please delete the existing files first.
puppet_1       | Note that any certificates that were issued by this CA will become invalid if you
puppet_1       | replace it!