Dockerfile is now included in foreman core

I finally got a chance to sit down with this and see if we can’t merge this image in to our production Foreman instance. First of all, well done! I did though run into exactly the same issue as @lukasmrtvy regarding database rake tasks.

For me, it would be better to have either booleans in the entrypoint.sh script, such as [ -z DB_SEED], so that we can run these when needed, or even better, in my mind, provide an entrypoint.d directory that gets parsed before running entrypoint.sh. This gives everyone the flexibility to add their own startup stuff without cluttering up the image with different use cases. This would allow people to install gems, seed the database, run different rake tasks… whatever.

For an example, you can see PostgreSQL’s image at https://github.com/docker-library/postgres/blob/master/docker-entrypoint.sh. They use the directory /docker-entrypoint-initdb.d/* so that users can toss in .sql scripts as needed. For another example, the maintainers at Puppet also use this technique: https://github.com/puppetlabs/puppetserver/blob/master/docker/puppetserver-standalone/docker-entrypoint.sh.

1 Like

would you be willing to send a PR to implement this? thanks!

just wondering, did you end up using it? :slight_smile: how are you running it? plain docker/systemd or kubernetes?

I’ll take care of the PR. Since this is my first PR for Foreman, do I need
to raise an issue and reference it? Or will referencing #18732 suffice?

We’re using a docker-compose file for the time being while we get ready to
move over to Kubernetes, hopefully by next year. We’re governmental
organization running a bit over 400+ nodes, using Puppet + Foreman as the
ENC. Right now, I’m trying to refactor my repository so that’s in line with
yours. You can view the work at https://github.com/luksi1/docker-foreman.
The issue in which I’m running the refactor is branch “issue-26”.
Hopefully, this branch will get merged shortly and we will be able to start
contributing to the project with more and more meaningful feedback!

As a side note, where do you want the documentation for this? I haven’t
seen any Docker or docker-compose information in the docs, but maybe I’m
missing something. In case there isn’t any, do you want the documentation
in the manual? In a markdown file on the site in GitHub? I do personally
think docker-compose is a nice way to on-board people with minimal set-up
so they can try Foreman out and see Foreman’s value quickly before deciding
whether or not to move forward. I would be more than happy to do this, I
just need to know if I’m sending a PR to the project or if I need to send
over the documentation in another form. Let me know what you think.

1 Like

Just as a heads-up, some recent (or not so recent) changes in the code now make it significantly harder to run TheForman easily via “docker-compose up”:

  • The original setup of Dockerfile and entrypoint.sh was moved to https://github.com/ehelms/grapple/tree/master/images/foreman.
  • While the original setup ran database migrations in the entrypoint, the current setup doesn’t do that anymore. :confused:
  • There don’t seem to be any instructions on how to get started with the Docker Compose setup (at least not in the obvious places, the README and the doveloper documentation). :grey_question:
  • For some reason, even after running database migrations and seeding (via docker-compose exec app ... and restarting the entire stack) the Rails application doesn’t respond at http://localhost:3000/. :worried: Strange.

Can we try to make this easier again?

hmm… easier than (please click the link as preview didnt get it to the right section)

Sorry for cross posting but this thread seems like the most active. I also posted under ‘Community’

Looking to see if Foreman in Docker is nearing production ready. We have a older version 1.16.0 that we are looking at fork lifting to 2.0 now. Its managed by a bunch of custom Ansible goop that I would like to switch out for just running docker.

2 Likes

Great Work! I have a dumb question but where do I find puppet after this is up? I’m trying to test it with a manifest and I cant find the puppetlabs directory

1 Like

As of today, Puppet is not included in the setup, neither in the foreman image nor in the Docker Compose setup.

For an idea of how a working setup would have to look like, @luksi1 has mentioned a PR above, and the repository he mentions hosts an example setup.

@ohadlevy Is there a full development (or even production-ready?) setup somewhere, other than that?

The Dockerfile doesn’t include any plugins, and since Puppet is a plugin, it’s not included. The recommended way is include plugins is to add files to bundler.d:

IIUC, you refer to the Puppet integration in Foreman, only. The Puppet server still needs to be run in a separate container in addition, correct?

Here’s my take on your hint, just for the sake of documentation:

# FILE: bundler.d/puppet.rb
group :puppet do
  gem 'foreman_puppet', '~> 5.1', '>= 5.1.1'
end
# FILE: Dockerfile
FROM quay.io/foreman/foreman:3.6-stable
COPY bundler.d/*.rb bundler.d/
RUN bundle install

In combination with the docker-compose.yml file, that allows to reuse the prebuilt (latest stable) foreman image. – Anything that I forgot?

Correct. We only publish the integration bits here:

That relies on the client certificates on the Smart Proxy (by default), so integrating that is tedious.

The architecture is roughly:

Foreman <-> Smart Proxy -> Puppetserver
        <-             <-  Puppetserver

The Foreman uses its configured client certificates to connect to the Smart Proxy. Then Smart Proxy uses its configured client certificates to connect to Puppetserver. Puppetserver (via the puppet-puppetserver_foreman scripts) connects back to Foreman, but using the identify of the Smart Proxy.

We’ve talked about the Puppetserver talking to Smart Proxy, but never finished that. GitHub - theforeman/smart_proxy_reports was a partial solution (still left out the ENC and fact uploads), but has since been abandoned due to a lack of time.

You could opt for a classical Smart Proxy installation in the short term and first focus on getting the Foreman part containerized.

No, I think that’s pretty much what should do. Implementation wise you could consider something like:

RUN echo "gem 'foreman_puppet', '~> 5.1', '>= 5.1.1'" > bundler.d/puppet.rb

Entirely untested, but it may make layering easier by keeping everything inside a single file. The group is technically not needed, so that makes it even easier.