Puppet Docker Images
Docker images containing Puppet Enterprise Puppet Master
What is this?
A collection of scripts to assemble and create Docker images with a pre-installed Puppet Enterprise Puppet master.
Why would I want to do that?
I've been doing testing with Beaker recently and found myself needing to install Puppet Enterprise each time I ran my tests which took several minutes and generated lots of network traffic.
Switching to a Docker image with the Puppet Master built-in lets me run my tests in a fraction of the time and also lets me distribute the container to others easily using the Docker Hub
First go to puppet.com and download Puppet Enterprise for RHEL 7, then drop the downloaded file in the directory you checked out this script to
./build_image.rb --pe-version 2015.2.1 --tag-version VERSION_NUMBER [--hostname HOSTNAME]
Build a new docker image for a given Puppet Enterprise version and tag the
resulting image with a version number. If hostname is specified your
installation will be tailored to include it and the image name will include
Reference the image name and/or repository you have produced in the nodeset file, eg:
HOSTS: pe-puppet.localdomain: roles: - "agent" - "master" platform: "el-7-x86_64" image: "geoffwilliams/pe2015-2-1_centos-7_aio-master_public:2" docker_cmd: '["/sbin/init"]' hypervisor : "docker"
docker run -d -P --privileged --name CONTAINER_NAME \ --volume /sys/fs/cgroup:/sys/fs/cgroup --hostname pe-puppet.localdomain
Start a Docker container with the hostname it was installed for. Note, data will be stored inside the container. This is good for testing but could lead to dataloss in more complex scenarios - see #Advanced for more info.
docker run -d --privileged \ --name CONTAINER_NAME \ --volume /sys/fs/cgroup:/sys/fs/cgroup \ --volume /etc/puppetlabs \ --volume /var/log \ --volume /opt/puppetlabs/server/data \ --hostname HOSTNAME \ --restart always \ IMAGE_NAME pipework br0 CONTAINER_NAME udhcpc
Start a docker container that restores itself on reboot, set a hostname and use
pipework to connect the container
directly to a pre-existing bridged network adaptor
udhcpc on the
docker host machine to obtain an IP address. Its also possible to specify an
IP address and CIDR mask here instead.
Pushing to local repository
docker tag repo:port/IMAGE_NAME docker push repo:port/IMAGE_NAME
Pusing to Docker Hub
docker push IMAGE_NAME
How does the build work?
- You manually download Puppet Enterprise for RHEL 7 and place the downloaded tarball in the directory you checked out the script to
- A customised Dockerfile will be created by munging the requested Puppet Enterprise version number into the Dockerfile ERB template
- A centos image will be created and configured to run with systemd
- The Puppet Enterprise tarball you downloaded manually will be copied into the image
- A container will be created from the image in privileged mode (needed for systemd)
- The script will docker exec into the container and run the puppet enterprise installer using the
all-in-one.answers.txtfile with the hostname set to whatever the script was called with (defaults to
- The image will be committed and tagged with the name in the bash script
This image is primarily targeted at throw-away test environments so security isn't a huge concern at the moment. With that said, there are some security settings to be aware of:
- The console
aaaaaaaa, this can be changed through the GUI
- Other puppet passwords are fixed, weak passwords
- You should build and host your own image if you would like to choose a more suitable hostname and ensure that your passwords are unique
Ruby script? What about Fig or Docker compose...
I did briefly look at these after a colleague recommended them but I ended up throwing them in the too-hard basket- at least for the moment.
- Puppet Enterprise needs about 3-6GB RAM to work without crashing. If your running on a mac or windows, you will need to ensure your docker-machine (formerly boot2docker) has lots of memory available or your container might run out
- Sometimes builds randomly fail during the agent downloading section of the build. This seems to be due to network congestion - there are just under 1GB of installers that need to be downloaded so it can take a while. This is usually fixed by turning off netflix and running the build again
What is the status of this code
This code is experimental and is in no way supported by Puppet Labs. Its shamefully basic at the moment as I've written just enough to let me generate an image and publish it to Docker Hub. Pull Requests accepted.
Is there a ready-to-use image?
Afraid not. The resulting images are not distributable outside of Puppet. If you work for puppet I may or may not have an image you can use...