Merge pull request #98 from nwops/docker_updates

Docker updates

Author: reidmv

Diff for: .sync.yml

@@ -1,9 +1,14 @@
 ---
+Gemfile:
+  ':development':
+     required:
+       - gem: 'puppet-debugger'
+         version: '>= 0.18.0'
 Rakefile:
   extras:
     - 'PuppetSyntax.exclude_paths = ["plans/**/*.pp", "vendor/**/*"]'
 .gitignore:
   paths:
     - '.rerun.json'
     - '*.tar.gz'
-    
+    

Diff for: Gemfile

@@ -17,6 +17,7 @@ ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments
 minor_version = ruby_version_segments[0..1].join('.')
 
 group :development do
+  gem 'puppet-debugger', '0.18.0'
   gem "fast_gettext", '1.1.0',                                   require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0')
   gem "fast_gettext",                                            require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0')
   gem "json_pure", '<= 2.0.1',                                   require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0')

Diff for: README.md

@@ -17,6 +17,7 @@ Plans:
 * [Provision](documentation/provision.md)
 * [Upgrade](documentation/upgrade.md)
 * [Convert](documentation/convert.md)
+* [Status](documentation/status.md)
 
 Reference:
 

Diff for: documentation/docker_examples.md

@@ -69,6 +69,54 @@ This will run an interactive bash shell in the running container.
 ### Upgrades
 There is also a upgrade.sh script that is similar to the provision.sh script.  This script will upgrade an already provisioned PE stack to the version specified in the update_params.json file.
 
+## Attaching agent containers
+Because we are using containers we can start up numerous container instances and attach them all to the same PE stack.  In a matter of minutes you can easily attach hunders of new nodes to the PE stack (if resources allow). This is very useful for testing out scenarios involving different puppet versions or operating systems and even features like the orchestrator. 
+
+To attach a container to the PE stack you first must get the network name of the PE stack.  This can be done with a command like: `docker inspect pe-xl-core-0.puppet.vm`.  You need to use either the container id or the container name of the MoM when inspecting. 
+
+The network name we want to grab is 'extra-large-ha_default'.  (Yours will be different, but the output will be similar)
+
+```shell
+docker inspect pe-xl-core-0.puppet.vm -f "{{json .NetworkSettings.Networks }}" | jq
+{
+  "extra-large-ha_default": {
+    "IPAMConfig": null,
+    "Links": null,
+    "Aliases": [
+      "pe_xl_core_0",
+      "5cf7047a36cd"
+    ],
+    "NetworkID": "204ae562a25510b2425f9fe3f1599c487e40dbcaaaaf02c2f73f6fa81f45d674",
+    "EndpointID": "d91d7060fcc623a9f16cea09eecf83e9ee4454252e1af34053ef090f9c01c9c3",
+    "Gateway": "172.25.0.1",
+    "IPAddress": "172.25.0.6",
+    "IPPrefixLen": 16,
+    "IPv6Gateway": "",
+    "GlobalIPv6Address": "",
+    "GlobalIPv6PrefixLen": 0,
+    "MacAddress": "02:42:ac:19:00:06",
+    "DriverOpts": null
+  }
+}
+```
+
+**NOTE** In these example you may see the use of `jq`.  This is a [cli utility for parsing JSON](https://stedolan.github.io/jq/).  I recommend installing it.  As a alternative you can pipe output to `python -m json.tool`.
+
+### Starting agent containers
+Once you have the network name you only need to specify the network when starting a container.  Puppet [publishes container images](https://hub.docker.com/r/puppet/puppet-agent) for all version of the puppet agent.  So you can easily switch agent versions with a single command. Which container image you use is entirely up to you.  If it doesn't have puppet preinstalled you can use the special curl command from the PE console to install it. 
+
+Example:
+ `docker run -ti --network=extra-large-ha_default --entrypoint=/bin/bash puppet/puppet-agent:latest`
+ `docker run -ti --network=extra-large-ha_default --entrypoint=/bin/bash puppet/puppet-agent:6.15.0`
+ `docker run -ti --network=extra-large-ha_default --entrypoint=/bin/bash puppet/puppet-agent:6.3.0`
+ `docker run -ti --network=extra-large-ha_default --entrypoint=/bin/bash ruby:latest`
+
+For most tasks these images are great.  However, if you wish to use puppet orchestrator with the pcp transport. The one requirement is that all images used must be systemd aware, otherwise pxp will not start. If you do not plan on using pcp 
+there is no need for containers with systemd.
+
+At this time we have not added documention for starting a container with systemd.  Instructions coming soon.
+
+
 ### Other notes
 1. The provision plan is not fully idempotent.
 2. Some tasks may fail when run due to resource constraints.

Diff for: spec/docker/Dockerfile

@@ -26,6 +26,18 @@ RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == system
   rm -rf /var/cache/yum; \
   ln -s '/usr/lib/systemd/system/sshd.service' '/etc/systemd/system/multi-user.target.wants/sshd.service' && \
   ln -s '/etc/systemd/system/live_audit.service' '/etc/systemd/system/multi-user.target.wants/live_audit.service'
+ARG HOST="localhost"
+RUN mkdir -p /root/.puppetlabs/client-tools && \
+    echo $' \n\
+{ \n\
+  "puppetdb": { \n\
+    "server_urls": "https://'$HOST$':8081", \n\
+    "cacert": "/etc/puppetlabs/puppet/ssl/certs/ca.pem", \n\
+    "cert": "/etc/puppetlabs/puppet/ssl/certs/'$HOST$'.pem", \n\
+    "key": "/etc/puppetlabs/puppet/ssl/private_keys/'$HOST$'.pem" \n\
+  } \n\
+} \n '\
+> /root/.puppetlabs/client-tools/puppetdb.conf
 VOLUME [ “/sys/fs/cgroup” ]
 #CMD /bin/bash
 ENTRYPOINT [ "/sbin/init" ]

Diff for: spec/docker/Dockerfile_bolt

@@ -1,7 +1,10 @@
 FROM puppet/puppet-bolt
-ENV LC_ALL="en_US.UTF-8" LANG="en_US.UTF-8" LANGUAGE="en_US.UTF-8"
-RUN echo "LANG=en_US.UTF-8" > /etc/locale.conf
-RUN apt-get update && apt-get install -y ssh sudo curl; \
+RUN apt-get update && apt-get install -y locales ssh sudo curl; \
    /opt/puppetlabs/bolt/bin/gem install bundler puppet-debugger -N -q
+ENV LC_ALL="en_US.UTF-8" LANG="en_US.UTF-8" LANGUAGE="en_US.UTF-8"
+RUN echo "LC_ALL=en_US.UTF-8" >> /etc/environment && \
+    echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && \
+    echo "LANG=en_US.UTF-8" > /etc/locale.conf && \
+    locale-gen en_US.UTF-8
 CMD /bin/bash
 ENTRYPOINT [ "/opt/puppetlabs/bin/bolt" ]

Diff for: spec/docker/extra-large-ha/docker-compose.yaml

@@ -13,6 +13,7 @@ services:
     depends_on:
       - pe_xl_core_0
   compiler1:
+    restart: always
     depends_on:
       - pe_xl_core_0
     build:
@@ -33,6 +34,7 @@ services:
     volumes:
       - '/sys/fs/cgroup:/sys/fs/cgroup:ro'  
   pe_pdb:
+    restart: always
     depends_on:
       - pe_xl_core_0
     build:
@@ -52,6 +54,7 @@ services:
     volumes:
       - '/sys/fs/cgroup:/sys/fs/cgroup:ro' 
   pe_pdb-replica:
+    restart: always
     depends_on:
       - pe_xl_core_0
     build:
@@ -71,11 +74,14 @@ services:
     volumes:
       - '/sys/fs/cgroup:/sys/fs/cgroup:ro'       
   pe_xl_core_1:
+    restart: always
     depends_on:
       - pe_xl_core_0
     build:
       dockerfile: 'Dockerfile'
       context: ../
+      args:
+        HOST: 'pe-xl-core-1.puppet.vm'
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd
@@ -96,9 +102,12 @@ services:
     volumes:
       - '/sys/fs/cgroup:/sys/fs/cgroup:ro'      
   pe_xl_core_0:
+    restart: always
     build:
       dockerfile: 'Dockerfile'
       context: ../
+      args:
+        HOST: 'pe-xl-core-0.puppet.vm'
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd

Diff for: spec/docker/extra-large/docker-compose.yaml

@@ -55,6 +55,8 @@ services:
     build:
       dockerfile: 'Dockerfile'
       context: ../
+      args:
+        HOST: 'pe-xl-core-0.puppet.vm'
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd

Diff for: spec/docker/large-ha/docker-compose.yaml

@@ -38,6 +38,8 @@ services:
     build:
       dockerfile: 'Dockerfile'
       context: ../
+      args:
+        HOST: 'pe-lg-replica.puppet.vm'
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd
@@ -61,6 +63,8 @@ services:
     build:
       dockerfile: 'Dockerfile'
       context: ../
+      args:
+        HOST: 'pe-lg.puppet.vm'
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd

Diff for: spec/docker/large/docker-compose.yaml

@@ -36,6 +36,8 @@ services:
     build:
       dockerfile: 'Dockerfile'
       context: ../
+      args:
+        HOST: 'pe-lg.puppet.vm'
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd

Diff for: spec/docker/standard-ha/docker-compose.yaml

@@ -18,6 +18,8 @@ services:
     build:
       dockerfile: 'Dockerfile'
       context: ../
+      args:
+        HOST: 'pe-std-replica.puppet.vm'
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd
@@ -41,6 +43,8 @@ services:
     build:
       dockerfile: 'Dockerfile'
       context: ../
+      args:
+        HOST: 'pe-std.puppet.vm'
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd

Diff for: spec/docker/standard/docker-compose.yaml

@@ -20,6 +20,8 @@ services:
     build:
       dockerfile: 'Dockerfile'
       context: ../
+      args:
+        HOST: 'pe-std.puppet.vm'
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd

Diff for: tasks/submit_csr.rb

@@ -4,6 +4,10 @@
 #
 require 'json'
 require 'open3'
+require 'puppet'
+require 'puppet/face'
+
+Puppet.initialize_settings
 
 def already_signed?
   cmd = ['/opt/puppetlabs/bin/puppet', 'ssl', 'verify']
@@ -12,23 +16,14 @@ def already_signed?
 end
 
 def main
-  majver = `/opt/puppetlabs/bin/puppet --version`
-           .chomp
-           .split('.')
-           .first
-           .to_i
-
+  majver = Gem::Version.new(Puppet.version).segments.first
   if majver < 6
-    conf = `/opt/puppetlabs/bin/puppet config print dns_alt_names certname`
-           .chomp
-           .split("\n")
-           .map { |line| line.split(' = ', 2) }
-           .to_h
-
+    # signed cert already exist, assuming it is valid, no good way to verify until Puppet 6
+    exit 0 if File.exist?(Puppet.settings[:hostcert])
     cmd = ['/opt/puppetlabs/bin/puppet', 'certificate', 'generate',
            '--ca-location', 'remote',
-           '--dns-alt-names', conf['dns_alt_names'],
-           conf['certname']]
+           '--dns-alt-names', Puppet.settings[:dns_alt_names],
+           Puppet.settings[:certname]]
   else
     exit 0 if already_signed?
     cmd = ['/opt/puppetlabs/bin/puppet', 'ssl', 'submit_request']