puppet/puppetdb

docker

Hub

By puppet

•Updated almost 3 years ago

A Docker image for running PuppetDB

Image

10M+

Overview Tags

puppetlabs/puppetdb⁠

The Dockerfile for this image is available in the PuppetDB repository here⁠.

The PuppetDB container requires a working postgres container or other suitably configured PostgreSQL database. With that in place, you can run PuppetDB like so:

docker run --link postgres:postgres --link puppet:puppet puppet/puppetdb

You can change configuration settings by mounting volumes containing configuration files or by using this image as a base image. For the defaults, see the Dockerfile and supporting folders⁠.

For more details about PuppetDB, see the official documentation⁠.

See the pupperware repository⁠ for how to run a full Puppet stack using Docker Compose.

Configuration

Name	Usage / Default
CERTNAME	The DNS name used on this services SSL certificate `puppetdb`
DNS_ALT_NAMES	Additional DNS names to add to the services SSL certificate Unset
WAITFORCERT	Number of seconds to wait for certificate to be signed `120`
USE_PUPPETSERVER	Set to `false` to skip acquiring SSL certificates from a Puppet Server. `true`
PUPPETSERVER_HOSTNAME	The DNS hostname of the puppet master `puppet`
PUPPETSERVER_PORT	The port of the puppet master `8140`
PUPPETDB_POSTGRES_HOSTNAME	The DNS hostname of the postgres service `postgres`
PUPPETDB_POSTGRES_PORT	The port for postgres `5432`
PUPPETDB_POSTGRES_DATABASE	The name of the puppetdb database in postgres `puppetdb`
PUPPETDB_USER	The puppetdb database user `puppetdb`
PUPPETDB_PASSWORD	The puppetdb database password `puppetdb`
PUPPETDB_NODE_TTL	Mark as ‘expired’ nodes that haven’t seen any activity (no new catalogs, facts, or reports) in the specified amount of time `7d`
PUPPETDB_NODE_PURGE_TTL	Automatically delete nodes that have been deactivated or expired for the specified amount of time `14d`
PUPPETDB_REPORT_TTL	Automatically delete reports that are older than the specified amount of time `14d`
PUPPETDB_JAVA_ARGS	Arguments passed directly to the JVM when starting the service `-Djava.net.preferIPv4Stack=true -Xms256m -Xmx256m -XX:+UseParallelGC -Xloggc:/opt/puppetlabs/server/data/puppetdb/logs/puppetdb_gc.log -Djdk.tls.ephemeralDHKeySize=2048`
PUPPERWARE_ANALYTICS_ENABLED	Set to 'true' to enable Google Analytics. `false`

Cert File Locations

The directory structure follows the following conventions. The full path is always available inside the container as the environment variable $SSLDIR

'ssl-ca-cert' /opt/puppetlabs/server/data/puppetdb/certs/certs/ca.pem
'ssl-cert' /opt/puppetlabs/server/data/puppetdb/certs/certs/<certname>.pem
'ssl-key' /opt/puppetlabs/server/data/puppetdb/certs/private_keys/<certname>.pem

Analytics Data Collection

The puppetdb container collects usage data. This is disabled by default. You can enable it by passing --env PUPPERWARE_ANALYTICS_ENABLED=true to your docker run command.

What data is collected?

Version of the puppetdb container.
Anonymized IP address is used by Google Analytics for Geolocation data, but the IP address is not collected.

Why does the puppetdb container collect data?

We collect data to help us understand how the containers are used and make decisions about upcoming changes.

How can I opt out of puppetdb container data collection?

This is disabled by default.

Docker Pull Command

docker pull puppet/puppetdb