tuxmea
commented
8 months ago The deployed code should be mounted into the container into /etc/puppetlabs/code/environments.
Why do you need to set the environmentpath?
Closed Conzar closed 8 months ago
tuxmea
commented
8 months ago The deployed code should be mounted into the container into /etc/puppetlabs/code/environments.
Why do you need to set the environmentpath?
Conzar
commented
8 months ago I have switched from using theforeman/puppet to manage the puppetserver to this docker project.
The following puppet-config was created by the puppet module. Note: I don't use a puppetdb in this simple setup
[main]
basemodulepath = /etc/puppetlabs/code/environments/common:/etc/puppetlabs/code/modules:/opt/puppetlabs/puppet/modules:/usr/share/puppet/modules
certname = MYHOST
codedir = /etc/puppetlabs/code
environmentpath = /etc/puppetlabs/code/environments
hiera_config = $confdir/hiera.yaml
hostprivkey = $privatekeydir/$certname.pem { mode = 640 }
logdir = /var/log/puppetlabs/puppet
pluginfactsource = puppet:///pluginfacts
pluginsource = puppet:///plugins
privatekeydir = $ssldir/private_keys { group = service }
reports =
rundir = /var/run/puppetlabs/puppetserver
server = MYHOST
show_diff = false
vardir = /opt/puppetlabs/server/data/puppetserver
[agent]
classfile = $statedir/classes.txt
default_schedules = false
environment = production
localconfig = $vardir/localconfig
masterport = 8140
noop = false
report = true
runinterval = 1800
splay = false
splaylimit = 1800
usecacheonfailure = true
[master]
autosign = /etc/puppetlabs/puppet/autosign.conf { mode = 0664 }
ca = true
certname = MYHOST
logdir = /var/log/puppetlabs/puppetserver
parser = current
rundir = /var/run/puppetlabs/puppetserver
ssldir = /etc/puppetlabs/puppet/ssl
storeconfigs = false
strict_variables = false
vardir = /opt/puppetlabs/server/data/puppetserverWhen I use the default configuration from the docker project, my nodes don't apply anything. However, when I replace the default configuration with the above configuration, my nodes correctly apply.
I suspect that both environmentpath && hiera_config are problems. There is also the difference in the sections of the configuration (main, agent, and master).
Another note is that I use g10k instead of r10k. I have a separate overrides script for this. My puppet-control uses branches for the environments.
I haven't really kept up with puppet too much as my professional life is now exclusive to Terraform/Terragrunt so I don't know if there is another way of managing environments in the puppet-control. I really like Terragrunt's way of organizing so am open to change on the puppet side.
Thank you
tuxmea
commented
8 months ago I am trying to understand your issue.
I assume that it is related to your hiera_config setting:
Are you only using global hiera data (with hiera config in /etc/puppetlabs/puppet/hiera.yaml)?
This layer is Hiera v3 only and is deprecated in favor of environment data using Hiera v5.
Conzar
commented
8 months ago Are you only using global hiera data (with hiera config in /etc/puppetlabs/puppet/hiera.yaml)?
No. My puppet-control defines hiera (/etc/puppetlabs/code/environments/[env]/hiera.yaml
This is my hiera configuration file which is the same for all environments (using Hiera v5)
---
version: 5
hierarchy:
-
name : "All Paths"
lookup_key : eyaml_lookup_key
datadir : "data/eyaml"
options :
pkcs7_private_key : "/etc/puppetlabs/hiera/keys/private_key.pkcs7.pem"
pkcs7_public_key : "/etc/puppetlabs/hiera/keys/public_key.pkcs7.pem"
globs :
- "hosts/%{facts.networking.hostname}.eyaml"
- "hosts/*/%{facts.networking.hostname}.eyaml"
- "hosts/*/*/%{facts.networking.hostname}.eyaml"
- "domain/%{facts.networking.domain}.eyaml"
- "common.eyaml"Can you please provide details, on how you are running the puppetserver container? Are you using a docker run command or a docker-compose file? Have you seen the compose example in crafty?
Conzar
commented
8 months ago I am using docker-compose to run the puppetserver container and have based it off of crafty. I have made a git repository and made it public for your reference.
Here are the relevant files:
tuxmea
commented
8 months ago You seem to run the code deployment inside the container. This is what we usually don't do. Instead we mount the code dir from the docker host and the code deployment is also run on the docker host.
Besides this: a code deployment inside the container should work (it just adds new file system layers to the running container). Does the container work with your adoptions in 93-puppet-conf.sh? (environmentpath and hiera_config)
Conzar
commented
8 months ago 93-puppet-conf.sh was an earlier attempt at getting the puppetserver to properly apply changes to my nodes. I don't know if it works as I made some other changes. Since those changes, I am using the full puppet.conf that I copied over and is listed in an earlier post.
Regarding running code deployment and g10k, that works without issue inside the container. Just thinking that say for instance you are running the Puppet Server on AWS ECS with Fargate, you would probably need to run g10k/r10k within the container unless you use ECS Tasks (possibly). Note: I am not running on AWS just a home server.
tuxmea
commented
8 months ago It would be great to know if setting environmentpath and hiera_config would solve your issue or if more settings from your fully puppet.conf file are required.. We could then add according ENV variables, which you can use in your compose file.
Conzar
commented
8 months ago I deleted my previous comment as I didn't properly test it.
I can confirm the following puppet.conf works (adding both environmentpath and hiera_config). However, I had to do the following to get it to work:
The puppet server needed to be restarted as the 93-puppet-conf.sh applies after the puppet server is already started.
[main]
certname = monky-commander-02.monky-games.com
server = monky-commander-02.monky-games.com
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://puppet.com/docs/puppet/latest/config_important_settings.html
# - https://puppet.com/docs/puppet/latest/config_about_settings.html
# - https://puppet.com/docs/puppet/latest/config_file_main.html
# - https://puppet.com/docs/puppet/latest/configuration.html
[server]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
autosign = true
environment_timeout = unlimited
storeconfigs_backend = puppetdb
storeconfigs = false
reports = log
environmentpath = /etc/puppetlabs/code/environments
hiera_config = $confdir/hiera.yamlI wonder why you must restart puppet server.
The docker-entrypoint.sh file first executes all scripts in /docker-entrypoint.d/*.sh, then the scripts in /docker-custom-entrypoint.d/*.sh and afterwards starts the puppet server.
see https://github.com/voxpupuli/container-puppetserver/blob/main/puppetserver/docker-entrypoint.sh
can you please check if your script works as expected?
I wonder what this does grep environmentpath /etc/puppetlabs/code/environments.
Maybe you want to grep in puppet.conf file.
Btw: I prefer puppet config set --section server environmentpath /etc/puppetlabs/code/environments
This reduces the need for checking if an an entry exists.
Conzar
commented
8 months ago You are correct, I hadn't committed a change. This is the working script.
grep environmentpath /etc/puppetlabs/puppet/puppet.conf >& /dev/null
if [ $? != 0 ] ; then
echo "environmentpath = /etc/puppetlabs/code/environments" >> /etc/puppetlabs/puppet/puppet.conf
echo 'hiera_config = $confdir/hiera.yaml' >> /etc/puppetlabs/puppet/puppet.conf
fiI tried using puppet config set and that worked. However, it still required restarting the puppet server.
tuxmea
commented
8 months ago Found it: 80_ca.sh already starts the Puppet server if it is a ca server.
See environmentpath.