puppet/puppetserver
A Docker Image for running Puppet Server. Will try and connect to a linked PuppetDB instance.
10M+
The Dockerfile for this image is available in the Puppetserver repository here.
You can run a copy of Puppet Server with the following Docker command:
docker run --name puppet --hostname puppet puppet/puppetserver
Although it is not strictly necessary to name the container puppet
, this is
useful when working with the other Puppet images, as they will look for a master
on that hostname by default.
If you would like to start the Puppet Server with your own Puppet code, you can
mount your own directory at /etc/puppetlabs/code
:
docker run --name puppet --hostname puppet -v ./code:/etc/puppetlabs/code/ puppet/puppetserver
You can find out more about Puppet Server in the official documentation.
See the pupperware repository for running a full Puppet stack using Docker Compose.
The following environment variables are supported:
Name | Usage / Default |
---|---|
PUPPETSERVER_HOSTNAME | The DNS name used on the masters SSL certificate - sets the certname and server in puppet.confDefaults to unset. |
DNS_ALT_NAMES | Additional DNS names to add to the masters SSL certificate Note only effective on initial run when certificates are generated |
PUPPET_MASTERPORT | The port of the puppet master8140 |
AUTOSIGN | Whether or not to enable autosigning on the puppetserver instance. Valid values are true , false , and /path/to/autosign.conf .Defaults to true . |
CA_ENABLED | Whether or not this puppetserver instance has a running CA (Certificate Authority)true |
CA_HOSTNAME | The DNS hostname for the puppetserver running the CA. Does nothing unless CA_ENABLED=false puppet |
CA_MASTERPORT | The listening port of the CA. Does nothing unless CA_ENABLED=false 8140 |
CA_ALLOW_SUBJECT_ALT_NAMES | Whether or not SSL certificates containing Subject Alternative Names should be signed by the CA. Does nothing unless CA_ENABLED=true .false |
PUPPET_REPORTS | Sets reports in puppet.confpuppetdb |
PUPPET_STORECONFIGS | Sets storeconfigs in puppet.conftrue |
PUPPET_STORECONFIGS_BACKEND | Sets storeconfigs_backend in puppet.confpuppetdb |
PUPPETDB_SERVER_URLS | The server_urls to set in /etc/puppetlabs/puppet/puppetdb.conf https://puppetdb:8081 |
USE_PUPPETDB | Whether to connect to puppetdb Sets PUPPET_REPORTS to log and PUPPET_STORECONFIGS to false if those unsettrue |
PUPPETSERVER_MAX_ACTIVE_INSTANCES | The maximum number of JRuby instances allowed1 |
PUPPETSERVER_MAX_REQUESTS_PER_INSTANCE | The maximum HTTP requests a JRuby instance will handle in its lifetime (disable instance flushing)0 |
PUPPETSERVER_JAVA_ARGS | Arguments passed directly to the JVM when starting the service-Xms512m -Xmx512m |
PUPPERWARE_ANALYTICS_ENABLED | Set to true to enable Google Analyticsfalse |
If you would like to do additional initialization, add a directory called /docker-custom-entrypoint.d/
and fill it with .sh
scripts.
These scripts will be executed at the end of the entrypoint script, before the service is ran.
If you plan to use the in-server CA, restarting the container can cause the server's keys and certificates to change, causing agents and the server to stop trusting each other. To prevent this, you can persist the default cadir, /etc/puppetlabs/puppetserver/ca
. For example, docker run -v $PWD/ca-ssl:/etc/puppetlabs/puppetserver/ca puppetlabs/puppetserver:latest
.
The puppetserver container collects usage data. This is disabled by default. You can enable it by passing --env PUPPERWARE_ANALYTICS_ENABLED=true
to your docker run
command.
We collect data to help us understand how the containers are used and make decisions about upcoming changes.
This is disabled by default.
docker pull puppet/puppetserver