Add support for generating additional certificates

voxpupuli · Nov 28, 2023 · feb7286 · feb7286
1 parent cde5b18
commit feb7286
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -30,13 +30,14 @@ on that hostname by default.
 If you would like to start the Puppet Server with your own Puppet code, you can
 mount your own directory at `/etc/puppetlabs/code`:
 
-    docker run --name puppet --hostname puppet -v ./code:/etc/puppetlabs/code/ ghcr.io/voxpupuli/container-puppetserver:v1.0.0-7
+```bash
+docker run --name puppet --hostname puppet -v ./code:/etc/puppetlabs/code/ ghcr.io/voxpupuli/container-puppetserver:v1.0.0-7
+```
 
 For compose file see: [CRAFTY](https://github.com/voxpupuli/crafty/tree/main/puppet/oss)
 
 You can find out more about Puppet Server in the [official documentation](https://www.puppet.com/docs/puppet/7/server/about_server.html).
 
-
 ## Configuration
 
 The following environment variables are supported:
@@ -61,6 +62,7 @@ The following environment variables are supported:
 | **PUPPETDB_SERVER_URLS**                   | The `server_urls` to set in `/etc/puppetlabs/puppet/puppetdb.conf`<br><br>`https://puppetdb:8081`                                                             |
 | **PUPPETDB_HOSTNAME**                      | The DNS name of the puppetdb <br><br> Defaults to `puppetdb`                                                                                                  |
 | **PUPPETDB_SSL_PORT**                      | The TLS port of the puppetdb <br><br> Defaults to `8081`                                                                                                      |
+| **ADDITIONAL_CERTIFICATES**                   | Generate and sign additional certificates                                                                                                                     |
 
 ## Initialization Scripts
 

diff --git a/puppetserver/docker-entrypoint.d/86-generate-additional-certs.sh b/puppetserver/docker-entrypoint.d/86-generate-additional-certs.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+if test -n "${ADDITIONAL_CERTIFICATES}" ; then
+  # split string into array
+  IFS=',' read -ra certnames <<< "$ADDITIONAL_CERTIFICATES"
+
+  for i in "${certnames[@]}"; do
+    echo "Generating: $i"
+    # use force to gen cert while puppetserver is still offline
+    # puppetserver will always fail, because it tries to connect to the API
+    # so we add || true to ignore the error
+    # if the cert already exists, it will not be overwritten
+    # puppetserver acknowledges the cert and continue
+    puppetserver ca generate --certname $i --force || true
+  done
+fi