This repository contains some files that might be helpful when using Puppet
during the Docker image building process. In particular, they show how to
run puppet agent during a Docker build.
Before we can run the Puppet agent, we need to steal SSL keys from somewhere: either from an existing client or, using pre-generated client certificates, from the Puppet master
The steal-keys script will do that:
./puppet-agent/puppet/bin/steal-keys HOSTNAME
where HOSTNAME is the name of the Puppet client whose keys you are going
to use during the build.
Since you are now using the same certificate for two different purposes ---
running a full Puppet client, and using the Puppet agent during image build
--- your site.pp will need to take that into account:
node HOSTNAME {
if ($container == 'docker' && $build == 'true') {
# describe what should go into the container image
} else {
# describe what should go onto HOSTNAME proper
}
}
You can pre-generate the needed certificates with
puppet cert generate CERTNAME
where CERTNAME is the fake hostname you are going to use during image
building, and should be different from any legitimate hostname in your
infrastructure. The steal-keys script will then copy the SSL certificates
via ssh:
./puppet-agent/puppet/bin/steal-keys puppet CERTNAME
Since we are now using a dedicated SSL certificate for just this image
build, the site.pp can treat that certificate like any other host:
node CERTNAME {
# describe what should go into the container image
}
The puppet-agent/Dockerfile shows how to run puppet agent while
building with Docker.
You should also edit puppet-agent/puppet/config.yaml and add whatever
custom facts you want to use to help in describing what goes into your
container image above.
Once you've done that, just run docker build puppet-agent as you usually
would.