puppet-playground/compose.yaml at main · stexads/puppet-playground · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
---
services:
  # puppetserver
  openvoxserver:
    image: ghcr.io/openvoxproject/openvoxserver:latest
    hostname: puppet.0x3e.lan
    container_name: puppetserver
    environment:
      OPENVOXSERVER_HOSTNAME: puppet
      # duration Puppet Server waits before reloading code from disk
      OPENVOXSERVER_ENVIRONMENT_TIMEOUT: 0
      CSR_ATTRIBUTES: '{"custom_attributes": { "challengePassword": "foobar" }, "extension_requests": { "pp_project": "foo" } }'
    volumes:
      - openvoxserver:/opt/puppetlabs/server/data/puppetserver:Z
      - openvoxserver-ssl:/etc/puppetlabs/puppet/ssl:Z
      - openvoxserver-ca:/etc/puppetlabs/puppetserver/ca:Z
      - openvox-code:/etc/puppetlabs/code:Z
      # This will override the 'production' folder in puppetserver-data
      - ./puppet-environments/production:/etc/puppetlabs/code/environments/production:Z
      # r10k
      - ./r10k:/etc/puppetlabs/r10k/:Z
      # Mount entire /etc/puppetlabs/puppet to preserve changes
      - ./puppet-etc:/etc/puppetlabs/puppet:Z
      # Install script (TODO Replace with custum image build)
      - ./startup.sh:/usr/local/bin/startup.sh:Z
      # ssh
      - ./ssh:/root/.ssh/:Z
    post_start:
      - command: bash -c "/usr/local/bin/startup.sh"
    restart: always
    ports:
      - 8140:8140

  openvoxdb:
    image: ghcr.io/openvoxproject/openvoxdb:latest
    container_name: puppetdb
    hostname: openvoxdb
    environment:
      PUPPETDB_FACT_VALUES_LIMIT: 8192
    volumes:
      - openvoxdb:/opt/puppetlabs/server/data/puppetdb:Z
    restart: always
    depends_on:
      openvoxserver:
#        condition not supported in podman
#        condition: service_healthy
        restart: true
    ports:
      - 8081:8081

  postgres:
    image: docker.io/postgres:17-alpine
    container_name: postgres
    hostname: postgres
    environment:
      - POSTGRES_DB=openvoxdb
      - POSTGRES_USER=openvoxdb
      - POSTGRES_PASSWORD=openvoxdb
    healthcheck:
      test: ["CMD-SHELL", "sh -c 'pg_isready -U openvoxdb -d openvoxdb'"]
      interval: 10s
      timeout: 3s
      retries: 3
    volumes:
      - postgres-data:/var/lib/postgresql/data:Z
      # use /container-entrypoint.d/ instead...
      - ./postgres-init:/docker-entrypoint-initdb.d:Z
    restart: always

  # puppetboard
  puppetboard:
    image: ghcr.io/voxpupuli/puppetboard:latest
    container_name: puppetboard
    hostname: puppetboard
    environment:
      - PUPPETDB_HOST=openvoxdb
      # - PUPPETDB_PORT=8081 # use this for TLS
      - PUPPETDB_PORT=8080  # Use this for non-TLS
      - PUPPETBOARD_PORT=8088
      - SECRET_KEY=628c4e02daaaca2b90242491f607d3704153d424f215ac51b1dd873055e102a5  # Long random String : python3 -c 'import secrets; print(secrets.token_hex())'
      # if you wanna use SSL, you need to provide the following variables
      # see the README.md for more information, look for "Generate additional certificates"
    #   - PUPPETDB_SSL_VERIFY=/etc/puppetlabs/puppet/ssl/certs/ca.pem
    #   - PUPPETDB_KEY=/etc/puppetlabs/puppet/ssl/private_keys/puppetboard.pem
    #   - PUPPETDB_CERT=/etc/puppetlabs/puppet/ssl/certs/puppetboard.pem
    # volumes:
    #   - puppetserver-ssl:/etc/puppetlabs/puppet/ssl:Z
    restart: always
    depends_on:
      openvoxdb:
#        condition not supported in podman
#        condition: service_healthy
        restart: true
    ports:
      - 8088:8088


networks:
  default:
    name: 0x3e.lan

volumes:
  openvoxserver:
  openvoxserver-ssl:
  openvoxserver-ca:
  openvox-code:
  openvoxdb:
  postgres-data: