(maint) Add network aliases of .internal for containers

Boltdir/modules/stack/tasks/manage.sh

@@ -7,7 +7,7 @@ die() {
 
 pdb_running() {
     docker-compose exec -T puppet \
-        curl -s 'http://puppetdb:8080/status/v1/services/puppetdb-status' | \
+        curl -s 'http://puppetdb.internal:8080/status/v1/services/puppetdb-status' | \
     python -c 'import json, sys; print json.load(sys.stdin)["state"]'
 }
 
@@ -27,7 +27,7 @@ wait_for_it() {
 cd pupperware || die no-repo "run the clone task first to set up pupperware"
 
 host=$(getent hosts "$(hostname -s)")
-export DNS_ALT_NAMES="puppet,${host##* }"
+export DNS_ALT_NAMES="puppet,puppet.internal,${host##* }"
 
 case $PT_action in
     up)

Boltdir/modules/stack/tasks/pdb_node.sh

@@ -7,7 +7,7 @@ body=$(printf '{ "query": "nodes { certname = \\"%s\\" }" }' "$PT_agent")
 out=""
 while [ -z "$out" ]; do
     out=$(docker-compose exec -T puppet \
-                         curl -s -X POST http://puppetdb:8080/pdb/query/v4 \
+                         curl -s -X POST http://puppetdb.internal:8080/pdb/query/v4 \
                          -H 'Content-Type:application/json' \
                          -d "$body")
     if [ -z "$out" ]; then

README.md

@@ -31,12 +31,21 @@ Once you have Docker Compose installed, you can start the stack on Linux with:
 
 The value of `DNS_ALT_NAMES` must list all the names, as a comma-separated
 list, under which the Puppet server in the stack can be reached from
-agents. It will have `puppet` prepended to it as that name is used by PuppetDB
-to communicate with the Puppet server. The value of `DNS_ALT_NAMES` only has an
-effect the first time you start the stack, as it is placed into the server's SSL
-certificate. If you need to change it after that, you will need to properly
-revoke the server's certificate and restart the stack with the changed
-`DNS_ALT_NAMES` value.
+agents. It will have `puppet` and `puppet.internal` prepended to it as that
+name is used by PuppetDB to communicate with the Puppet server. The value of
+`DNS_ALT_NAMES` only has an effect the first time you start the stack, as it
+is placed into the server's SSL certificate. If you need to change it after
+that, you will need to properly revoke the server's certificate and restart
+the stack with the changed `DNS_ALT_NAMES` value.
+
+Optionally, you may also provide a desired `DOMAIN` value, other than default
+value of `internal` to further define how the service hosts are named. It is
+not necessary to change `DNS_ALT_NAMES` as the default value already takes into
+account any custom domain.
+
+```
+    DOMAIN=foo docker-compose up -d
+```
 
 When you first start the Puppet Infrastructure, the stack will create a
 `volumes/` directory with a number of sub-directories to store the

azure-pipelines.yml

@@ -65,12 +65,8 @@ steps:
   name: test_prepare
 
 - powershell: |
-    $domain = Get-WmiObject -Class Win32_NetworkAdapterConfiguration |
-      Select -ExpandProperty DNSDomain |
-      Select -First 1
     Write-Host 'Writing compose config to disk'
     $content = @"
-    AZURE_DOMAIN=$domain
     VOLUME_ROOT=$ENV:TempVolumeRoot
     "@
     $Utf8NoBomEncoding = New-Object System.Text.UTF8Encoding $False

docker-compose.yml

@@ -2,26 +2,30 @@ version: '3'
 
 services:
   puppet:
-    hostname: puppet
+    hostname: puppet.${DOMAIN:-internal}
     image: puppet/puppetserver
     ports:
       - 8140:8140
     environment:
+      # necessary to set certname and server in puppet.conf, required by
+      # puppetserver ca cli application
+      - PUPPETSERVER_HOSTNAME=puppet.${DOMAIN:-internal}
       # DNS_ALT_NAMES must be set before starting the stack the first time,
       # and must list all the names under which the puppetserver can be
-      # reached. 'puppet' must be one of them, otherwise puppetdb won't be
+      # reached. 'puppet.${DOMAIN:-internal}' must be one of them, otherwise puppetdb won't be
       # able to get a cert. Add other names as a comma-separated list
-      - DNS_ALT_NAMES=puppet,${DNS_ALT_NAMES:-}
+      - DNS_ALT_NAMES=puppet,puppet.${DOMAIN:-internal},${DNS_ALT_NAMES:-}
       - PUPPERWARE_ANALYTICS_ENABLED=${PUPPERWARE_ANALYTICS_ENABLED:-true}
-      - PUPPETDB_SERVER_URLS=https://puppetdb:8081
+      - PUPPETDB_SERVER_URLS=https://puppetdb.${DOMAIN:-internal}:8081
     volumes:
       - ${VOLUME_ROOT:-.}/volumes/code:/etc/puppetlabs/code/
       - ${VOLUME_ROOT:-.}/volumes/puppet:/etc/puppetlabs/puppet/
       - ${VOLUME_ROOT:-.}/volumes/serverdata:/opt/puppetlabs/server/data/puppetserver/
+    dns_search: ${DOMAIN:-internal}
     networks:
       default:
         aliases:
-         - puppet.${AZURE_DOMAIN:-}
+         - puppet.${DOMAIN:-internal}
 
   postgres:
     image: postgres:9.6
@@ -34,14 +38,20 @@ services:
     volumes:
       - ${VOLUME_ROOT:-.}/volumes/puppetdb-postgres/data:/var/lib/postgresql/data
       - ./postgres-custom:/docker-entrypoint-initdb.d
+    dns_search: ${DOMAIN:-internal}
+    networks:
+      default:
+        aliases:
+         - postgres.${DOMAIN:-internal}
 
   puppetdb:
-    hostname: puppetdb
+    hostname: puppetdb.${DOMAIN:-internal}
     image: puppet/puppetdb
     environment:
       - PUPPERWARE_ANALYTICS_ENABLED=${PUPPERWARE_ANALYTICS_ENABLED:-true}
       # This name is an FQDN so the short name puppet doesn't collide outside compose network
-      - PUPPETSERVER_HOSTNAME=puppet.${AZURE_DOMAIN:-}
+      - PUPPETSERVER_HOSTNAME=puppet.${DOMAIN:-internal}
+      - PUPPETDB_POSTGRES_HOSTNAME=postgres.${DOMAIN:-internal}
       - PUPPETDB_PASSWORD=puppetdb
       - PUPPETDB_USER=puppetdb
     ports:
@@ -52,3 +62,8 @@ services:
       - puppet
     volumes:
       - ${VOLUME_ROOT:-.}/volumes/puppetdb/ssl:/etc/puppetlabs/puppet/ssl/
+    dns_search: ${DOMAIN:-internal}
+    networks:
+      default:
+        aliases:
+         - puppetdb.${DOMAIN:-internal}

gem/lib/pupperware/spec_helper.rb

@@ -137,6 +137,11 @@ def get_container_hostname(container)
     return fqdn || inspect_container(container, '{{.Config.Hostname}}')
   end
 
+  # this only works when a container has a single network
+  def get_container_ip(container)
+    inspect_container(container, '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}')
+  end
+
   def emit_log(container)
     container_name = get_container_name(container)
     STDOUT.puts("#{'*' * 80}\nContainer logs for #{container_name} / #{container}\n#{'*' * 80}\n")
@@ -225,11 +230,10 @@ def wait_on_puppetserver_status(seconds = 180, service_name = 'puppet')
     end
   end
 
+  # agent_name is the fully qualified name of the node
   def clean_certificate(agent_name)
-    result = run_command('docker-compose --no-ansi exec -T puppet facter domain')
-    domain = result[:stdout].chomp
-    STDOUT.puts "cleaning cert for #{agent_name}.#{domain}"
-    result = run_command("docker-compose --no-ansi exec -T puppet puppetserver ca clean --certname #{agent_name}.#{domain}")
+    STDOUT.puts "cleaning cert for #{agent_name}"
+    result = run_command("docker-compose --no-ansi exec -T puppet puppetserver ca clean --certname #{agent_name}")
     return result[:status].exitstatus
   end
 
@@ -253,11 +257,10 @@ def run_agent(agent_name, network, server = get_container_hostname(get_service_c
     return result[:status].exitstatus
   end
 
+  # agent_name is the fully qualified name of the node
   def check_report(agent_name)
     pdb_uri = URI::join(get_service_base_uri('puppetdb', 8080), '/pdb/query/v4')
-    result = run_command("docker-compose --no-ansi exec -T puppet facter domain")
-    domain = result[:stdout].chomp
-    body = "{ \"query\": \"nodes { certname = \\\"#{agent_name}.#{domain}\\\" } \" }"
+    body = "{ \"query\": \"nodes { certname = \\\"#{agent_name}\\\" } \" }"
 
     return retry_block_up_to_timeout(120) do
       Net::HTTP.start(pdb_uri.hostname, pdb_uri.port) do |http|

k8s/README.md

@@ -14,7 +14,7 @@ running Kubernetes via Docker for Mac, this will be the FQDN of your Mac. Note t
 
 ```yaml
   - name: DNS_ALT_NAMES
-    value: puppet,myworkstation.domain.net
+    value: puppet,puppet.internal,myworkstation.domain.net
 ```
 
 Then create the Pupperware resources:

k8s/bin/puppet-query

@@ -1,3 +1,3 @@
 #! /bin/sh
 
-kubectl get pods --selector=svc=puppetdb -o name | cut -d '/' -f 2 | xargs -I '%' kubectl exec '%' -- curl -s -X GET http://puppetdb:8080/pdb/query/v4 --data-urlencode "query=$@"
+kubectl get pods --selector=svc=puppetdb -o name | cut -d '/' -f 2 | xargs -I '%' kubectl exec '%' -- curl -s -X GET http://puppetdb.internal:8080/pdb/query/v4 --data-urlencode "query=$@"

k8s/postgres.yaml

@@ -44,6 +44,7 @@ spec:
         app: pupperware
         svc: postgres
     spec:
+      hostname: postgres.internal
       containers:
         - image: puppet/puppetdb-postgres
           name: postgres

k8s/puppetdb.yaml

@@ -47,11 +47,15 @@ spec:
         app: pupperware
         svc: puppetdb
     spec:
-      hostname: puppetdb
+      hostname: puppetdb.internal
       containers:
         - image: puppet/puppetdb
           name: puppetdb
           env:
+            - name: PUPPETSERVER_HOSTNAME
+              value: puppet.internal
+            - name: PUPPETDB_POSTGRES_HOSTNAME
+              value: postgres.internal
             - name: PUPPETDB_PASSWORD
               valueFrom:
                 secretKeyRef:

k8s/puppetserver.yaml

@@ -71,15 +71,19 @@ spec:
         app: pupperware
         svc: puppet
     spec:
-      hostname: puppet
+      hostname: puppet.internal
       containers:
         - image: puppet/puppetserver
           name: puppet
           env:
+            # necessary to set certname and server in puppet.conf, required by
+            # puppetserver ca cli application
+            - name: PUPPETSERVER_HOSTNAME
+              value: puppet.internal
             - name: DNS_ALT_NAMES
-              value: puppet
+              value: puppet,puppet.internal
             - name: PUPPETDB_SERVER_URLS
-              value: https://puppetdb:8081
+              value: https://puppetdb.internal:8081
           ports:
             - containerPort: 8140
           volumeMounts:

spec/dockerfile_spec.rb

@@ -14,7 +14,9 @@
   ]
 
   before(:all) do
-    @test_agent = "puppet_test#{Random.rand(1000)}"
+    # append .internal (or user domain) to ensure domain suffix for Docker DNS resolver is used
+    # since search domains are not appended to /etc/resolv.conf
+    @test_agent = "puppet_test#{Random.rand(1000)}.#{ENV['DOMAIN'] || 'internal'}"
     @timestamps = []
     status = run_command('docker-compose --no-ansi version')[:status]
     if status.exitstatus != 0