diff --git a/README.md b/README.md index dd58af19..20cf9bea 100644 --- a/README.md +++ b/README.md @@ -31,12 +31,12 @@ Once you have Docker Compose installed, you can start the stack on Linux with: The value of `DNS_ALT_NAMES` must list all the names, as a comma-separated list, under which the Puppet server in the stack can be reached from -agents. It will have `puppet` prepended to it as that name is used by PuppetDB -to communicate with the Puppet server. The value of `DNS_ALT_NAMES` only has an -effect the first time you start the stack, as it is placed into the server's SSL -certificate. If you need to change it after that, you will need to properly -revoke the server's certificate and restart the stack with the changed -`DNS_ALT_NAMES` value. +agents. It will have `puppet` and `puppet.internal` prepended to it as that +name is used by PuppetDB to communicate with the Puppet server. The value of +`DNS_ALT_NAMES` only has an effect the first time you start the stack, as it +is placed into the server's SSL certificate. If you need to change it after +that, you will need to properly revoke the server's certificate and restart +the stack with the changed `DNS_ALT_NAMES` value. When you first start the Puppet Infrastructure, the stack will create a `volumes/` directory with a number of sub-directories to store the diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 9bae94ec..8a2971a5 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -65,12 +65,8 @@ steps: name: test_prepare - powershell: | - $domain = Get-WmiObject -Class Win32_NetworkAdapterConfiguration | - Select -ExpandProperty DNSDomain | - Select -First 1 Write-Host 'Writing compose config to disk' $content = @" - AZURE_DOMAIN=$domain VOLUME_ROOT=$ENV:TempVolumeRoot "@ $Utf8NoBomEncoding = New-Object System.Text.UTF8Encoding $False diff --git a/docker-compose.yml b/docker-compose.yml index 392f1597..efae8803 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,26 +2,30 @@ version: '3' services: puppet: - hostname: puppet + hostname: puppet.internal image: puppet/puppetserver ports: - 8140:8140 environment: + # necessary to set certname and server in puppet.conf, required by + # puppetserver ca cli application + - PUPPETSERVER_HOSTNAME=puppet.internal # DNS_ALT_NAMES must be set before starting the stack the first time, # and must list all the names under which the puppetserver can be - # reached. 'puppet' must be one of them, otherwise puppetdb won't be + # reached. 'puppet.internal' must be one of them, otherwise puppetdb won't be # able to get a cert. Add other names as a comma-separated list - - DNS_ALT_NAMES=puppet,${DNS_ALT_NAMES:-} + - DNS_ALT_NAMES=puppet,puppet.internal,${DNS_ALT_NAMES:-} - PUPPERWARE_ANALYTICS_ENABLED=${PUPPERWARE_ANALYTICS_ENABLED:-true} - - PUPPETDB_SERVER_URLS=https://puppetdb:8081 + - PUPPETDB_SERVER_URLS=https://puppetdb.internal:8081 volumes: - ${VOLUME_ROOT:-.}/volumes/code:/etc/puppetlabs/code/ - ${VOLUME_ROOT:-.}/volumes/puppet:/etc/puppetlabs/puppet/ - ${VOLUME_ROOT:-.}/volumes/serverdata:/opt/puppetlabs/server/data/puppetserver/ + dns_search: internal networks: default: aliases: - - puppet.${AZURE_DOMAIN:-} + - puppet.internal postgres: image: postgres:9.6 @@ -34,14 +38,20 @@ services: volumes: - ${VOLUME_ROOT:-.}/volumes/puppetdb-postgres/data:/var/lib/postgresql/data - ./postgres-custom:/docker-entrypoint-initdb.d + dns_search: internal + networks: + default: + aliases: + - postgres.internal puppetdb: - hostname: puppetdb + hostname: puppetdb.internal image: puppet/puppetdb environment: - PUPPERWARE_ANALYTICS_ENABLED=${PUPPERWARE_ANALYTICS_ENABLED:-true} # This name is an FQDN so the short name puppet doesn't collide outside compose network - - PUPPETSERVER_HOSTNAME=puppet.${AZURE_DOMAIN:-} + - PUPPETSERVER_HOSTNAME=puppet.internal + - PUPPETDB_POSTGRES_HOSTNAME=postgres.internal - PUPPETDB_PASSWORD=puppetdb - PUPPETDB_USER=puppetdb ports: @@ -52,3 +62,8 @@ services: - puppet volumes: - ${VOLUME_ROOT:-.}/volumes/puppetdb/ssl:/etc/puppetlabs/puppet/ssl/ + dns_search: internal + networks: + default: + aliases: + - puppetdb.internal diff --git a/gem/lib/pupperware/spec_helper.rb b/gem/lib/pupperware/spec_helper.rb index 2d022f24..57e51193 100644 --- a/gem/lib/pupperware/spec_helper.rb +++ b/gem/lib/pupperware/spec_helper.rb @@ -225,11 +225,10 @@ def wait_on_puppetserver_status(seconds = 180, service_name = 'puppet') end end + # agent_name is the fully qualified name of the node def clean_certificate(agent_name) - result = run_command('docker-compose --no-ansi exec -T puppet facter domain') - domain = result[:stdout].chomp - STDOUT.puts "cleaning cert for #{agent_name}.#{domain}" - result = run_command("docker-compose --no-ansi exec -T puppet puppetserver ca clean --certname #{agent_name}.#{domain}") + STDOUT.puts "cleaning cert for #{agent_name}" + result = run_command("docker-compose --no-ansi exec -T puppet puppetserver ca clean --certname #{agent_name}") return result[:status].exitstatus end @@ -253,11 +252,10 @@ def run_agent(agent_name, network, server = get_container_hostname(get_service_c return result[:status].exitstatus end + # agent_name is the fully qualified name of the node def check_report(agent_name) pdb_uri = URI::join(get_service_base_uri('puppetdb', 8080), '/pdb/query/v4') - result = run_command("docker-compose --no-ansi exec -T puppet facter domain") - domain = result[:stdout].chomp - body = "{ \"query\": \"nodes { certname = \\\"#{agent_name}.#{domain}\\\" } \" }" + body = "{ \"query\": \"nodes { certname = \\\"#{agent_name}\\\" } \" }" return retry_block_up_to_timeout(120) do Net::HTTP.start(pdb_uri.hostname, pdb_uri.port) do |http| diff --git a/spec/dockerfile_spec.rb b/spec/dockerfile_spec.rb index b9c91999..c56faa82 100644 --- a/spec/dockerfile_spec.rb +++ b/spec/dockerfile_spec.rb @@ -14,7 +14,9 @@ ] before(:all) do - @test_agent = "puppet_test#{Random.rand(1000)}" + # append .internal to ensure domain suffix for Docker DNS resolver is used + # since search domains are not appended to /etc/resolv.conf + @test_agent = "puppet_test#{Random.rand(1000)}.internal" @timestamps = [] status = run_command('docker-compose --no-ansi version')[:status] if status.exitstatus != 0