docker-compose.yml

---
version: '3.7'
services:
  puppetserver:
    image: ${PUPPETSERVER_IMAGE:-puppet/puppetserver:latest}
    hostname: puppet
    environment:
      - PUPPERWARE_ANALYTICS_ENABLED=${PUPPERWARE_ANALYTICS_ENABLED:-true}
      - PUPPETSERVER_HOSTNAME=puppet
      - CA_ALLOW_SUBJECT_ALT_NAMES=true
      - DNS_ALT_NAMES=${PUPPET_DNS_ALT_NAMES:-puppet}
      - PUPPET_MASTERPORT=8140
      - PUPPETDB_SERVER_URLS=https://puppetdb:8081
      # Testing specific variables needed to bootstrap cert preloading
      - CERT_VOLUME=puppetserver-config
      - CERT_SRCDIR=puppet-oss
      - CERT_DESTDIR=ssl
    volumes:
      - ./puppetserver-code:/etc/puppetlabs/code/
      - ./puppetserver-ca:/etc/puppetlabs/puppetserver/ssl/
      - puppetserver-config:/etc/puppetlabs/puppet/
      - puppetserver-data:/opt/puppetlabs/server/data/puppetserver/
    restart: always
    ports:
      - 8140:8140
      - 8170:8170

  puppetdb:
    image: ${PUPPETDB_IMAGE:-puppet/puppetdb:latest}
    hostname: puppetdb
    environment:
      - PUPPERWARE_ANALYTICS_ENABLED=${PUPPERWARE_ANALYTICS_ENABLED:-true}
      - CERTNAME=puppetdb
      # NOTE: Java follows RFC 2818 stating when SAN is provided, it's authoritative / Subject should be ignored
      - DNS_ALT_NAMES=${PUPPETDB_DNS_ALT_NAMES:-puppetdb}
      - USE_PUPPETSERVER=true
      - PUPPETSERVER_HOSTNAME=puppet
      - PUPPETSERVER_PORT=8140
      - PUPPETDB_POSTGRES_HOSTNAME=postgres
      - PUPPETDB_POSTGRES_PORT=5432
      - PUPPETDB_USER=puppetdb
      - PUPPETDB_PASSWORD=puppetdb
    volumes:
      - puppetdb-data:/opt/puppetlabs/server/data/puppetdb/
      - puppetdb-config:/etc/puppetlabs/puppetdb/
    restart: always
    ports:
      - 8081:8081
      # some test suites rely on querying pdb from localhost
      - 8080:8080
  postgres:
    image: ${POSTGRES_IMAGE:-postgres:12.6}
    hostname: postgres
    environment:
      # loading certs requires a non-default PGDATA, even though we don't use certs
      - PGDATA=/var/lib/postgresql/data/pgdata
      - PGPORT=5432
      - POSTGRES_USER=puppetdb
      - POSTGRES_PASSWORD=puppetdb
      - POSTGRES_DB=puppetdb
      # Testing specific variables needed to bootstrap cert preloading
      - CERT_VOLUME=puppetdb-postgres
    healthcheck:
      # existence check for puppetdb database
      test: [ 'CMD-SHELL', "psql --username=puppetdb puppetdb -c ''" ]
      interval: 10s
      timeout: 5s
      retries: 6
      start_period: 90s
    volumes:
      - puppetdb-postgres:/var/lib/postgresql/data
      - ${ADDITIONAL_COMPOSE_SERVICES_PATH}/postgres-custom:/docker-entrypoint-initdb.d
    restart: always
    expose:
      - 5432
  puppetboard:
    image: ${PUPPETB_IMAGE:-puppetboard:latest}
    hostname: puppetboard
    ports:
      - 80:80
    environment:
      - PUPPETDB_PORT=8081
      - PUPPETDB_HOST=puppetdb
      - PUPPETDB_SSL_VERIFY=/etc/puppetlabs/puppet/ssl/certs/ca.pem
      - PUPPETDB_KEY=/etc/puppetlabs/puppet/ssl/private_keys/${HOSTNAME}.pem
      - PUPPETDB_CERT=/etc/puppetlabs/puppet/ssl/certs/${HOSTNAME}.pem
      - INVENTORY_FACTS='Hostname,fqdn, IP Address,ipaddress'
      - ENABLE_CATALOG=True
      - GRAPH_FACTS='architecture,puppetversion,osfamily'
    restart: always
    volumes:
      - /etc/puppetlabs/puppet/:/etc/puppetlabs/puppet/


volumes:
  puppetdb-postgres:
    # Testing specific variable needed to bootstrap cert preloading
    # Added for documentation even though oss doesn't currently use certs
    labels:
      com.puppet.certs.uid: 999
      com.puppet.certs.gid: 999
  puppetdb:
  puppetserver-config:
  puppetserver-data:
  puppetdb-data:
  puppetdb-config: