From 353c7ddb0a791b26156f547cdae5ba6e067d3faf Mon Sep 17 00:00:00 2001 From: Wesley Stewart Date: Fri, 31 Jan 2025 11:02:25 -0500 Subject: [PATCH 1/4] Adding new Container and Container.debian dockerfiles to enable rootless server mode. The debian package is preffered for systems using FIPS mode, I.E RHEL9 in FIPS mode, as the openssl version breaks apt and SSL cert generation. However, when using debian directly, the the certificates are created without issue. --- openvoxserver/Containerfile | 55 +++++++++ openvoxserver/Containerfile.debian | 181 +++++++++++++++++++++++++++++ 2 files changed, 236 insertions(+) create mode 100644 openvoxserver/Containerfile.debian diff --git a/openvoxserver/Containerfile b/openvoxserver/Containerfile index 6153ef3..675ba98 100644 --- a/openvoxserver/Containerfile +++ b/openvoxserver/Containerfile @@ -114,6 +114,61 @@ COPY conf.d/puppetserver.conf \ COPY puppetdb.conf /var/tmp/puppet/ +RUN chown -R puppet /etc/puppetlabs/puppetserver && \ + chown -R puppet:puppet /var/tmp/puppet && \ + chown -R puppet:puppet /opt/puppetlabs && \ + chown -R puppet:puppet /usr/local/bin && \ + chown -R puppet:puppet /var/lib/gems && \ + chown -R puppet:puppet /etc/puppetlabs && \ + chown -R puppet:puppet /var/tmp/puppetserver && \ + chown -R puppet:puppet /etc/default && \ + chown -R puppet:puppet /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d + +USER puppet + +RUN mkdir -p /home/puppet/.puppetlabs/etc/ && \ + ln -s /etc/puppetlabs/puppet/ /home/puppet/.puppetlabs/etc/puppet + +ENV OPENVOXSERVER_JAVA_ARGS="-Xms1024m -Xmx1024m" \ + confdir=/etc/puppetlabs/puppet \ + PATH=$PATH:/opt/puppetlabs/server/bin:/opt/puppetlabs/puppet/bin:/opt/puppetlabs/bin \ + SSLDIR=/etc/puppetlabs/puppet/ssl \ + LOGDIR=/var/log/puppetlabs/puppetserver \ + OPENVOXSERVER_HOSTNAME="" \ + CERTNAME="" \ + DNS_ALT_NAMES="" \ + OPENVOXSERVER_PORT=8140 \ + AUTOSIGN=true \ + OPENVOXSERVER_MAX_ACTIVE_INSTANCES=1 \ + OPENVOXSERVER_MAX_REQUESTS_PER_INSTANCE=0 \ + CA_ENABLED=true \ + CA_TTL=157680000 \ + CA_HOSTNAME=puppet \ + CA_PORT=8140 \ + CA_ALLOW_SUBJECT_ALT_NAMES=false \ + INTERMEDIATE_CA=false \ + INTERMEDIATE_CA_BUNDLE=/etc/puppetlabs/intermediate/ca.pem \ + INTERMEDIATE_CRL_CHAIN=/etc/puppetlabs/intermediate/crl.pem \ + INTERMEDIATE_CA_KEY=/etc/puppetlabs/intermediate/key.pem \ + USE_OPENVOXDB=true \ + OPENVOXDB_SERVER_URLS=https://openvoxdb:8081 \ + OPENVOX_STORECONFIGS_BACKEND="puppetdb" \ + OPENVOX_STORECONFIGS=true \ + OPENVOX_REPORTS="puppetdb" \ + OPENVOXSERVER_GRAPHITE_EXPORTER_ENABLED=false \ + OPENVOXSERVER_GRAPHITE_PORT=9109 \ + OPENVOXSERVER_GRAPHITE_HOST=exporter \ + OPENVOXSERVER_ENVIRONMENT_TIMEOUT=unlimited \ + OPENVOXSERVER_ENABLE_ENV_CACHE_DEL_API=true \ + ENVIRONMENTPATH=/etc/puppetlabs/code/environments \ + HIERACONFIG='$confdir/hiera.yaml' \ + HOME=/home/puppet \ + CSR_ATTRIBUTES='{}' + +#We need to tell puppet to use the default installation for the non-root user. +RUN echo 'confdir = /etc/puppetlabs/puppet' >> /etc/puppetlabs/puppet/puppet.conf + +WORKDIR /home/puppet # k8s uses livenessProbe, startupProbe, readinessProbe and ignores HEALTHCHECK HEALTHCHECK --interval=20s --timeout=15s --retries=12 --start-period=3m CMD ["/healthcheck.sh"] diff --git a/openvoxserver/Containerfile.debian b/openvoxserver/Containerfile.debian new file mode 100644 index 0000000..c2a36e7 --- /dev/null +++ b/openvoxserver/Containerfile.debian @@ -0,0 +1,181 @@ +ARG UBUNTU_VERSION=24.04 +ARG DEBIAN_VERSION=12 +FROM ubuntu:${UBUNTU_VERSION} AS builder + +ARG BUILD_PKGS="ruby3.2-dev gcc make cmake pkg-config libssl-dev libc6-dev libssh2-1-dev" +ARG R10K_VERSION=5.0.0 +ARG RUGGED_VERSION=1.9.0 + +RUN apt-get update && \ + apt-get install -y --no-install-recommends $BUILD_PKGS && \ + gem install --no-doc r10k -v $R10K_VERSION && \ + gem install --no-doc rugged -v $RUGGED_VERSION -- --with-ssh + +FROM debian:${DEBIAN_VERSION} AS final + +ARG vcs_ref +ARG build_type +ARG build_date +ARG PACKAGES="git netbase openjdk-17-jre-headless openssh-client libssh2-1 dumb-init net-tools adduser" +ARG TARGETARCH +ARG OPENVOX_RELEASE=8 +ARG OPENVOXSERVER_VERSION=8.8.0 +ARG OPENVOXAGENT_VERSION=8.11.0 +ARG OPENVOXDB_VERSION=8.9.0 +ARG OPENVOX_USER_UID=999 +ARG OPENVOX_USER_GID=999 +ARG UBUNTU_VERSION=24.04 +ARG DEBIAN_VERSION=12 + +LABEL org.label-schema.maintainer="Voxpupuli Team " \ + org.label-schema.vendor="OpenVoxProject" \ + org.label-schema.url="https://github.com/OpenVoxProject/container-openvoxserver" \ + org.label-schema.vcs-url="https://github.com/OpenVoxProject/container-openvoxserver" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.dockerfile="/Containerfile" \ + org.label-schema.name="OpenVox Server ($build_type)" \ + org.label-schema.version="$OPENVOXSERVER_VERSION" \ + org.label-schema.vcs-ref="$vcs_ref" \ + org.label-schema.build-date="$build_date" + +ENV OPENVOXSERVER_JAVA_ARGS="-Xms1024m -Xmx1024m" \ + PATH=$PATH:/opt/puppetlabs/server/bin:/opt/puppetlabs/puppet/bin:/opt/puppetlabs/bin \ + SSLDIR=/etc/puppetlabs/puppet/ssl \ + LOGDIR=/var/log/puppetlabs/puppetserver \ + OPENVOXSERVER_HOSTNAME="" \ + CERTNAME="" \ + DNS_ALT_NAMES="" \ + OPENVOXSERVER_PORT=8140 \ + AUTOSIGN=true \ + OPENVOXSERVER_MAX_ACTIVE_INSTANCES=1 \ + OPENVOXSERVER_MAX_REQUESTS_PER_INSTANCE=0 \ + CA_ENABLED=true \ + CA_TTL=157680000 \ + CA_HOSTNAME=puppet \ + CA_PORT=8140 \ + CA_ALLOW_SUBJECT_ALT_NAMES=false \ + INTERMEDIATE_CA=false \ + INTERMEDIATE_CA_BUNDLE=/etc/puppetlabs/intermediate/ca.pem \ + INTERMEDIATE_CRL_CHAIN=/etc/puppetlabs/intermediate/crl.pem \ + INTERMEDIATE_CA_KEY=/etc/puppetlabs/intermediate/key.pem \ + USE_OPENVOXDB=true \ + OPENVOXDB_SERVER_URLS=https://openvoxdb:8081 \ + OPENVOX_STORECONFIGS_BACKEND="puppetdb" \ + OPENVOX_STORECONFIGS=true \ + OPENVOX_REPORTS="puppetdb" \ + OPENVOXSERVER_GRAPHITE_EXPORTER_ENABLED=false \ + OPENVOXSERVER_GRAPHITE_PORT=9109 \ + OPENVOXSERVER_GRAPHITE_HOST=exporter \ + OPENVOXSERVER_ENVIRONMENT_TIMEOUT=unlimited \ + OPENVOXSERVER_ENABLE_ENV_CACHE_DEL_API=true \ + ENVIRONMENTPATH=/etc/puppetlabs/code/environments \ + HIERACONFIG='$confdir/hiera.yaml' \ + CSR_ATTRIBUTES='{}' + +COPY docker-entrypoint.sh \ + healthcheck.sh \ + Containerfile \ + / + +COPY docker-entrypoint.d /docker-entrypoint.d +COPY --from=builder /var/lib/gems/ /var/lib/gems/ +COPY --from=builder /usr/local/bin/r10k /usr/local/bin/ + +#ADD https://apt.overlookinfratech.com/openvox${OPENVOX_RELEASE}-release-ubuntu${UBUNTU_VERSION}.deb / +ADD https://apt.overlookinfratech.com/openvox${OPENVOX_RELEASE}-release-debian${DEBIAN_VERSION}.deb / +RUN apt update && apt install -y ca-certificates && \ + dpkg -i /openvox${OPENVOX_RELEASE}-release-debian${DEBIAN_VERSION}.deb && \ + rm -f /openvox${OPENVOX_RELEASE}-release-debian${DEBIAN_VERSION}.deb + +RUN groupadd -g ${OPENVOX_USER_GID} puppet && \ + useradd -m -u ${OPENVOX_USER_UID} -g puppet puppet && \ + chmod +x /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d/*.sh && \ + apt-get update && \ + apt-get upgrade -y && \ + apt-get install -y $PACKAGES && \ + apt-get install -y openvox-agent=${OPENVOXAGENT_VERSION}-1+debian${DEBIAN_VERSION} && \ + apt-get install -y openvox-server=${OPENVOXSERVER_VERSION}-1+debian${DEBIAN_VERSION} && \ + apt-get install -y openvoxdb-termini=${OPENVOXDB_VERSION}-1+debian${DEBIAN_VERSION} && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* && \ + cp -pr /etc/puppetlabs/puppet /var/tmp && \ + cp -pr /opt/puppetlabs/server/data/puppetserver /var/tmp && \ + rm -rf /var/tmp/puppet/ssl +# apt-get install -y openvox-agent=${OPENVOXAGENT_VERSION}-1+debian${DEBIAN_VERSION} && \ + +# needs to be copied after package installation +COPY puppetserver /etc/default/puppetserver + +COPY logback.xml \ + request-logging.xml \ + /etc/puppetlabs/puppetserver/ + +COPY conf.d/puppetserver.conf \ + conf.d/product.conf \ + /etc/puppetlabs/puppetserver/conf.d/ + +COPY puppetdb.conf /var/tmp/puppet/ + +RUN chown -R puppet /etc/puppetlabs/puppetserver && \ + chown -R puppet:puppet /var/tmp/puppet && \ + chown -R puppet:puppet /opt/puppetlabs && \ + chown -R puppet:puppet /usr/local/bin && \ + chown -R puppet:puppet /var/lib/gems && \ + chown -R puppet:puppet /etc/puppetlabs && \ + chown -R puppet:puppet /var/tmp/puppetserver && \ + chown -R puppet:puppet /etc/default && \ + chown -R puppet:puppet /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d + +USER puppet + +RUN mkdir -p /home/puppet/.puppetlabs/etc/ && \ + ln -s /etc/puppetlabs/puppet/ /home/puppet/.puppetlabs/etc/puppet + +ENV OPENVOXSERVER_JAVA_ARGS="-Xms1024m -Xmx1024m" \ + confdir=/etc/puppetlabs/puppet \ + PATH=$PATH:/opt/puppetlabs/server/bin:/opt/puppetlabs/puppet/bin:/opt/puppetlabs/bin \ + SSLDIR=/etc/puppetlabs/puppet/ssl \ + LOGDIR=/var/log/puppetlabs/puppetserver \ + OPENVOXSERVER_HOSTNAME="" \ + CERTNAME="" \ + DNS_ALT_NAMES="" \ + OPENVOXSERVER_PORT=8140 \ + AUTOSIGN=true \ + OPENVOXSERVER_MAX_ACTIVE_INSTANCES=1 \ + OPENVOXSERVER_MAX_REQUESTS_PER_INSTANCE=0 \ + CA_ENABLED=true \ + CA_TTL=157680000 \ + CA_HOSTNAME=puppet \ + CA_PORT=8140 \ + CA_ALLOW_SUBJECT_ALT_NAMES=false \ + INTERMEDIATE_CA=false \ + INTERMEDIATE_CA_BUNDLE=/etc/puppetlabs/intermediate/ca.pem \ + INTERMEDIATE_CRL_CHAIN=/etc/puppetlabs/intermediate/crl.pem \ + INTERMEDIATE_CA_KEY=/etc/puppetlabs/intermediate/key.pem \ + USE_OPENVOXDB=true \ + OPENVOXDB_SERVER_URLS=https://openvoxdb:8081 \ + OPENVOX_STORECONFIGS_BACKEND="puppetdb" \ + OPENVOX_STORECONFIGS=true \ + OPENVOX_REPORTS="puppetdb" \ + OPENVOXSERVER_GRAPHITE_EXPORTER_ENABLED=false \ + OPENVOXSERVER_GRAPHITE_PORT=9109 \ + OPENVOXSERVER_GRAPHITE_HOST=exporter \ + OPENVOXSERVER_ENVIRONMENT_TIMEOUT=unlimited \ + OPENVOXSERVER_ENABLE_ENV_CACHE_DEL_API=true \ + ENVIRONMENTPATH=/etc/puppetlabs/code/environments \ + HIERACONFIG='$confdir/hiera.yaml' \ + HOME=/home/puppet \ + CSR_ATTRIBUTES='{}' + +RUN echo 'confdir = /etc/puppetlabs/puppet' >> /etc/puppetlabs/puppet/puppet.conf +WORKDIR /home/puppet + +# k8s uses livenessProbe, startupProbe, readinessProbe and ignores HEALTHCHECK +HEALTHCHECK --interval=20s --timeout=15s --retries=12 --start-period=3m CMD ["/healthcheck.sh"] + +# NOTE: this is just documentation on defaults +EXPOSE 8140 + +ENTRYPOINT ["dumb-init", "/docker-entrypoint.sh"] +CMD ["foreground"] From cb8c788d8279f3c9b654b545b894adba1a30434d Mon Sep 17 00:00:00 2001 From: Wesley Stewart Date: Fri, 31 Jan 2025 11:31:16 -0500 Subject: [PATCH 2/4] Cleaned up ENV files in Containerfiles. --- openvoxserver/Containerfile | 37 +---------------------------- openvoxserver/Containerfile.debian | 38 +----------------------------- 2 files changed, 2 insertions(+), 73 deletions(-) diff --git a/openvoxserver/Containerfile b/openvoxserver/Containerfile index 675ba98..05e1b35 100644 --- a/openvoxserver/Containerfile +++ b/openvoxserver/Containerfile @@ -68,6 +68,7 @@ ENV OPENVOXSERVER_JAVA_ARGS="-Xms1024m -Xmx1024m" \ OPENVOXSERVER_ENABLE_ENV_CACHE_DEL_API=true \ ENVIRONMENTPATH=/etc/puppetlabs/code/environments \ HIERACONFIG='$confdir/hiera.yaml' \ + HOME=/home/puppet \ CSR_ATTRIBUTES='{}' COPY docker-entrypoint.sh \ @@ -129,42 +130,6 @@ USER puppet RUN mkdir -p /home/puppet/.puppetlabs/etc/ && \ ln -s /etc/puppetlabs/puppet/ /home/puppet/.puppetlabs/etc/puppet -ENV OPENVOXSERVER_JAVA_ARGS="-Xms1024m -Xmx1024m" \ - confdir=/etc/puppetlabs/puppet \ - PATH=$PATH:/opt/puppetlabs/server/bin:/opt/puppetlabs/puppet/bin:/opt/puppetlabs/bin \ - SSLDIR=/etc/puppetlabs/puppet/ssl \ - LOGDIR=/var/log/puppetlabs/puppetserver \ - OPENVOXSERVER_HOSTNAME="" \ - CERTNAME="" \ - DNS_ALT_NAMES="" \ - OPENVOXSERVER_PORT=8140 \ - AUTOSIGN=true \ - OPENVOXSERVER_MAX_ACTIVE_INSTANCES=1 \ - OPENVOXSERVER_MAX_REQUESTS_PER_INSTANCE=0 \ - CA_ENABLED=true \ - CA_TTL=157680000 \ - CA_HOSTNAME=puppet \ - CA_PORT=8140 \ - CA_ALLOW_SUBJECT_ALT_NAMES=false \ - INTERMEDIATE_CA=false \ - INTERMEDIATE_CA_BUNDLE=/etc/puppetlabs/intermediate/ca.pem \ - INTERMEDIATE_CRL_CHAIN=/etc/puppetlabs/intermediate/crl.pem \ - INTERMEDIATE_CA_KEY=/etc/puppetlabs/intermediate/key.pem \ - USE_OPENVOXDB=true \ - OPENVOXDB_SERVER_URLS=https://openvoxdb:8081 \ - OPENVOX_STORECONFIGS_BACKEND="puppetdb" \ - OPENVOX_STORECONFIGS=true \ - OPENVOX_REPORTS="puppetdb" \ - OPENVOXSERVER_GRAPHITE_EXPORTER_ENABLED=false \ - OPENVOXSERVER_GRAPHITE_PORT=9109 \ - OPENVOXSERVER_GRAPHITE_HOST=exporter \ - OPENVOXSERVER_ENVIRONMENT_TIMEOUT=unlimited \ - OPENVOXSERVER_ENABLE_ENV_CACHE_DEL_API=true \ - ENVIRONMENTPATH=/etc/puppetlabs/code/environments \ - HIERACONFIG='$confdir/hiera.yaml' \ - HOME=/home/puppet \ - CSR_ATTRIBUTES='{}' - #We need to tell puppet to use the default installation for the non-root user. RUN echo 'confdir = /etc/puppetlabs/puppet' >> /etc/puppetlabs/puppet/puppet.conf diff --git a/openvoxserver/Containerfile.debian b/openvoxserver/Containerfile.debian index c2a36e7..930b0b5 100644 --- a/openvoxserver/Containerfile.debian +++ b/openvoxserver/Containerfile.debian @@ -70,6 +70,7 @@ ENV OPENVOXSERVER_JAVA_ARGS="-Xms1024m -Xmx1024m" \ OPENVOXSERVER_ENABLE_ENV_CACHE_DEL_API=true \ ENVIRONMENTPATH=/etc/puppetlabs/code/environments \ HIERACONFIG='$confdir/hiera.yaml' \ + HOME=/home/puppet \ CSR_ATTRIBUTES='{}' COPY docker-entrypoint.sh \ @@ -102,7 +103,6 @@ RUN groupadd -g ${OPENVOX_USER_GID} puppet && \ cp -pr /etc/puppetlabs/puppet /var/tmp && \ cp -pr /opt/puppetlabs/server/data/puppetserver /var/tmp && \ rm -rf /var/tmp/puppet/ssl -# apt-get install -y openvox-agent=${OPENVOXAGENT_VERSION}-1+debian${DEBIAN_VERSION} && \ # needs to be copied after package installation COPY puppetserver /etc/default/puppetserver @@ -132,42 +132,6 @@ USER puppet RUN mkdir -p /home/puppet/.puppetlabs/etc/ && \ ln -s /etc/puppetlabs/puppet/ /home/puppet/.puppetlabs/etc/puppet -ENV OPENVOXSERVER_JAVA_ARGS="-Xms1024m -Xmx1024m" \ - confdir=/etc/puppetlabs/puppet \ - PATH=$PATH:/opt/puppetlabs/server/bin:/opt/puppetlabs/puppet/bin:/opt/puppetlabs/bin \ - SSLDIR=/etc/puppetlabs/puppet/ssl \ - LOGDIR=/var/log/puppetlabs/puppetserver \ - OPENVOXSERVER_HOSTNAME="" \ - CERTNAME="" \ - DNS_ALT_NAMES="" \ - OPENVOXSERVER_PORT=8140 \ - AUTOSIGN=true \ - OPENVOXSERVER_MAX_ACTIVE_INSTANCES=1 \ - OPENVOXSERVER_MAX_REQUESTS_PER_INSTANCE=0 \ - CA_ENABLED=true \ - CA_TTL=157680000 \ - CA_HOSTNAME=puppet \ - CA_PORT=8140 \ - CA_ALLOW_SUBJECT_ALT_NAMES=false \ - INTERMEDIATE_CA=false \ - INTERMEDIATE_CA_BUNDLE=/etc/puppetlabs/intermediate/ca.pem \ - INTERMEDIATE_CRL_CHAIN=/etc/puppetlabs/intermediate/crl.pem \ - INTERMEDIATE_CA_KEY=/etc/puppetlabs/intermediate/key.pem \ - USE_OPENVOXDB=true \ - OPENVOXDB_SERVER_URLS=https://openvoxdb:8081 \ - OPENVOX_STORECONFIGS_BACKEND="puppetdb" \ - OPENVOX_STORECONFIGS=true \ - OPENVOX_REPORTS="puppetdb" \ - OPENVOXSERVER_GRAPHITE_EXPORTER_ENABLED=false \ - OPENVOXSERVER_GRAPHITE_PORT=9109 \ - OPENVOXSERVER_GRAPHITE_HOST=exporter \ - OPENVOXSERVER_ENVIRONMENT_TIMEOUT=unlimited \ - OPENVOXSERVER_ENABLE_ENV_CACHE_DEL_API=true \ - ENVIRONMENTPATH=/etc/puppetlabs/code/environments \ - HIERACONFIG='$confdir/hiera.yaml' \ - HOME=/home/puppet \ - CSR_ATTRIBUTES='{}' - RUN echo 'confdir = /etc/puppetlabs/puppet' >> /etc/puppetlabs/puppet/puppet.conf WORKDIR /home/puppet From 4b1eef39d011daf923268d0d7ef73b13b9d5a181 Mon Sep 17 00:00:00 2001 From: Wesley Stewart Date: Fri, 31 Jan 2025 13:04:19 -0500 Subject: [PATCH 3/4] Added a link to /opt to the puppet users interpolated path. --- openvoxserver/Containerfile.debian | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/openvoxserver/Containerfile.debian b/openvoxserver/Containerfile.debian index 930b0b5..d7f1733 100644 --- a/openvoxserver/Containerfile.debian +++ b/openvoxserver/Containerfile.debian @@ -129,10 +129,12 @@ RUN chown -R puppet /etc/puppetlabs/puppetserver && \ USER puppet -RUN mkdir -p /home/puppet/.puppetlabs/etc/ && \ - ln -s /etc/puppetlabs/puppet/ /home/puppet/.puppetlabs/etc/puppet +RUN mkdir -p /home/puppet/.puppetlabs && \ + ln -s /etc/puppetlabs /home/puppet/.puppetlabs/etc && \ + ln -s /opt/puppetlabs /home/puppet/.puppetlabs/opt -RUN echo 'confdir = /etc/puppetlabs/puppet' >> /etc/puppetlabs/puppet/puppet.conf +RUN echo 'confdir = /etc/puppetlabs/puppet' >> /etc/puppetlabs/puppet/puppet.conf && \ + puppet config set cadir /etc/puppetlabs/puppetserver/ca/ WORKDIR /home/puppet # k8s uses livenessProbe, startupProbe, readinessProbe and ignores HEALTHCHECK From 52d59c0328ba01a8b321232f0041a47d4aabf4b5 Mon Sep 17 00:00:00 2001 From: Wesley Stewart Date: Fri, 31 Jan 2025 13:08:24 -0500 Subject: [PATCH 4/4] Updated default containerfile to include puppetconfig change for CA cert location. --- openvoxserver/Containerfile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/openvoxserver/Containerfile b/openvoxserver/Containerfile index 05e1b35..e97ed9a 100644 --- a/openvoxserver/Containerfile +++ b/openvoxserver/Containerfile @@ -127,11 +127,13 @@ RUN chown -R puppet /etc/puppetlabs/puppetserver && \ USER puppet -RUN mkdir -p /home/puppet/.puppetlabs/etc/ && \ - ln -s /etc/puppetlabs/puppet/ /home/puppet/.puppetlabs/etc/puppet +RUN mkdir -p /home/puppet/.puppetlabs && \ + ln -s /etc/puppetlabs /home/puppet/.puppetlabs/etc && \ + ln -s /opt/puppetlabs /home/puppet/.puppetlabs/opt #We need to tell puppet to use the default installation for the non-root user. -RUN echo 'confdir = /etc/puppetlabs/puppet' >> /etc/puppetlabs/puppet/puppet.conf +RUN echo 'confdir = /etc/puppetlabs/puppet' >> /etc/puppetlabs/puppet/puppet.conf && \ + puppet config set cadir /etc/puppetlabs/puppetserver/ca/ WORKDIR /home/puppet # k8s uses livenessProbe, startupProbe, readinessProbe and ignores HEALTHCHECK