This project hosts the Containerfile and the required scripts to build a OpenVox Server container image.
You can run a copy of Puppet Server with the following Docker command:
podman run --name openvox --hostname openvox ghcr.io/openvoxproject/openvoxserver:8.8.0-latestAlthough it is not strictly necessary to name the container openvox, this is
useful when working with the other OpenVox images, as they will look for a server
on that hostname by default.
If you would like to start the OpenVox Server with your own Puppet code, you can
mount your own directory at /etc/puppetlabs/code:
podman run --name openvox --hostname openvox -v ./code:/etc/puppetlabs/code ghcr.io/openvoxproject/openvoxserver:8.8.0-latestFor compose file see: CRAFTY
curl example below.
curl -i --cert $(puppet config print hostcert) \
--key $(puppet config print hostprivkey) \
--cacert $(puppet config print cacert) \
-X DELETE \
https://$(puppet config print server):8140/puppet-admin-api/v1/environment-cache?environment=productionAnother option is to disable the environment caching by setting the OPENVOXSERVER_ENVIRONMENT_TIMEOUT environment variable to zero (0).
The version schema has the following layout:
<openvox.major>.<openvox.minor>.<openvox.patch>-v<container.major>.<container.minor>.<container.patch>
Example usage:
podman run --name openvox --hostname openvox -v ./code:/etc/puppetlabs/code/ ghcr.io/openvoxproject/openvoxserver:8.8.0-v1.0.0| Name | Description | 
|---|---|
| openvox.major | Describes the contained major OpenVox version | 
| openvox.minor | Describes the contained minor OpenVox version | 
| openvox.patch | Describes the contained patchlevel OpenVox version | 
| container.major | Describes the major version of the base container (Ubunutu 24.04) or incompatible changes | 
| container.minor | Describes new features or refactoring with backward compatibility | 
| container.patch | Describes if minor changes or bugfixes have been implemented | 
The following environment variables are supported:
| Name | Usage / Default | 
|---|---|
| AUTOSIGN | Whether or not to enable autosigning on the openvoxserver instance. Valid values are true,false, and/path/to/autosign.conf.Defaults to true. | 
| CA_ALLOW_SUBJECT_ALT_NAMES | Whether or not SSL certificates containing Subject Alternative Names should be signed by the CA. Does nothing unless CA_ENABLED=true.Defaults to false | 
| CA_ENABLED | Whether or not this openvoxserver instance has a running CA (Certificate Authority) Defaults to true | 
| CA_HOSTNAME | The DNS hostname for the openvoxserver running the CA. Does nothing unless CA_ENABLED=falseDefaults to puppet | 
| CA_PORT | The listening port of the CA. Does nothing unless CA_ENABLED=falseDefaults to 8140 | 
| CA_TTL | CA expire date (in seconds or with suffix s,m,h,d,y)Defaults to 157680000 | 
| CERTNAME | The DNS name used on the servers SSL certificate - sets the certnamein puppet.confDefaults to unset. | 
| CSR_ATTRIBUTES | Provide a JSON string of the csr_attributes.yaml content. e.g. CSR_ATTRIBUTES='{"custom_attributes": { "challengePassword": "foobar" }, "extension_requests": { "pp_project": "foo" } }'Defaults to empty JSON object {}Please note that within a compose file, you must provide all environment variables as Hash and not as Array! environment: CSR_ATTRIBUTES: '{"extension_request": {...}}' | 
| DNS_ALT_NAMES | Additional DNS names to add to the servers SSL certificate Note only effective on initial run when certificates are generated | 
| ENVIRONMENTPATH | Set an environmentpath Defaults to /etc/puppetlabs/code/environments | 
| HIERACONFIG | Set a hiera_config entry in puppet.conf file Defaults to $confdir/hiera.yaml | 
| INTERMEDIATE_CA | Allows to import an existing intermediate CA. Needs INTERMEDIATE_CA_BUNDLE,INTERMEDIATE_CA_CHAINandINTERMEDIATE_CA_KEY. See Puppet Intermediat CA | 
| INTERMEDIATE_CA_BUNDLE | File path and name to the complete CA bundle (signing CA + Intermediate CA) | 
| INTERMEDIATE_CA_KEY | File path and name to the private CA key | 
| INTERMEDIATE_CRL_CHAIN | File path and name to the complete CA CRL chain | 
| OPENVOX_REPORTS | Sets reportsin puppet.confDefaults to puppetdb | 
| OPENVOX_STORECONFIGS | Sets storeconfigsin puppet.confDefaults to true | 
| OPENVOX_STORECONFIGS_BACKEND | Sets storeconfigs_backendin puppet.confDefaults to puppetdb | 
| OPENVOXDB_SERVER_URLS | The URL of the OpenVoxDB servers. This is used to connect to the OpenVoxDB server. Defaults to https://openvoxdb:8081Please note that within a compose file, you must provide all environment variables as Hash and not as Array! environment: OPENVOXDB_SERVER_URLS: 'https://openvoxdb:8081' | 
| OPENVOXSERVER_ENABLE_ENV_CACHE_DEL_API | Enable the puppet admin api endpoint via certificates to allow clearing environment caches Defaults to true | 
| OPENVOXSERVER_ENVIRONMENT_TIMEOUT | Configure the environment timeout Defaults to unlimited | 
| OPENVOXSERVER_GRAPHITE_EXPORTER_ENABLED | Activate the graphite exporter. Also needs OPENVOXSERVER_GRAPHITE_HOST and OPENVOXSERVER_GRAPHITE_PORT Defaults to false | 
| OPENVOXSERVER_GRAPHITE_HOST | Only used if OPENVOXSERVER_GRAPHITE_EXPORTER_ENABLED is set to true. FQDN or Hostname of the graphite server where puppet should push metrics to.Defaults to exporter | 
| OPENVOXSERVER_GRAPHITE_PORT | Only used if OPENVOXSERVER_GRAPHITE_EXPORTER_ENABLED is set to true. Port of the graphite server where puppet should push metrics to.Default to 9109 | 
| OPENVOXSERVER_HOSTNAME | The DNS name used on the servers SSL certificate - sets the serverin puppet.confDefaults to unset. | 
| OPENVOXSERVER_JAVA_ARGS | Arguments passed directly to the JVM when starting the service Defaults to -Xms1024m -Xmx1024m | 
| OPENVOXSERVER_MAX_ACTIVE_INSTANCES | The maximum number of JRuby instances allowed Defaults to 1 | 
| OPENVOXSERVER_MAX_REQUESTS_PER_INSTANCE | The maximum HTTP requests a JRuby instance will handle in its lifetime (disable instance flushing) Defaults to 0 | 
| OPENVOXSERVER_PORT | The port of the openvoxserver Defaults to 8140 | 
| USE_OPENVOXDB | Whether to connect to puppetdb Sets OPENVOX_REPORTStologandOPENVOX_STORECONFIGStofalseifOPENVOX_STORECONFIGS_BACKENDispuppetdb.Defaults to true | 
If you would like to do additional initialization, add a directory called /container-custom-entrypoint.d/ and fill it with .sh scripts.
You can also create sub-directories in /container-custom-entrypoint.d/ for scripts that have to run at different stages.
- /container-custom-entrypoint.d/pre-default/- scripts that run before the default entrypoints scripts.
- /container-custom-entrypoint.d/- scripts that run after the default entrypoint scripts, but before the openvoxserver service is started.
- /container-custom-entrypoint.d/post-startup/- scripts that run after the openvoxserver service is started.
- /container-custom-entrypoint.d/sigterm-handler/- scripts that run when the container receives a SIGTERM signal.
- /container-custom-entrypoint.d/post-execution/- scripts that run after the openvoxserver service has stopped.
If you plan to use the in-server CA, restarting the container can cause the server's keys and certificates to change, causing agents and the server to stop trusting each other.
To prevent this, you can persist the default cadir, /etc/puppetlabs/puppetserver/ca.
For example:
podman run -v $PWD/ca-ssl:/etc/puppetlabs/puppetserver/ca ghcr.io/openvoxproject/openvoxserver:8.6.1-latestor in compose:
services:
  puppet:
    image: ghcr.io/openvoxproject/openvoxserver:8.8.0-latest
    # ...
    volumes:
      - ./ca-ssl:/etc/puppetlabs/puppetserver/ca