PuppetBoard -> PuppetDB SSL issues

1. root@sofx1013dckr309.home.lan:~/tests/puppet# docker ps -a
2. CONTAINER ID   IMAGE                                         COMMAND                  CREATED        STATUS                    PORTS                              NAMES
3. 06613f67b5b8   ghcr.io/voxpupuli/puppetboard                 "/bin/sh -c 'gunicor…"   33 hours ago   Exited (2) 33 hours ago                                      puppet-puppetboard-1
4. 4e5578f794b0   ghcr.io/voxpupuli/puppetdb:8.8.1-latest       "dumb-init /docker-e…"   2 days ago     Up 2 days (healthy)       8080/tcp, 0.0.0.0:8081->8081/tcp   puppet-puppetdb-1
5. d1c60dad6305   ghcr.io/voxpupuli/puppetserver:8.7.0-latest   "dumb-init /docker-e…"   2 days ago     Up 2 days (healthy)       0.0.0.0:8140->8140/tcp             puppet-puppet-1
6. df53cd6f1a71   postgres:17-alpine                            "docker-entrypoint.s…"   2 days ago     Up 2 days (healthy)       5432/tcp                           puppet-postgres-1
7. 6db38997fdde   corentinth/it-tools                           "/docker-entrypoint.…"   9 days ago     Up 9 days                 0.0.0.0:8080->80/tcp               it-tools
8. root@sofx1013dckr309.home.lan:~/tests/puppet#
9.  
10. ------------
11.  
12. root@sofx1013dckr309.home.lan:~/tests/puppet# docker exec -it puppet-puppetdb-1 bash
13. root@puppetdb:~# hostname -f
14. puppetdb
15. root@puppetdb:~#
16. exit
17. root@sofx1013dckr309.home.lan:~/tests/puppet#
18.  
19. ------------
20.  
21. root@sofx1013dckr309.home.lan:~/tests/puppet# openssl x509 -noout -subject -in ./ssl_puppet/certs/puppetdb.pem
22. subject=CN = puppetdb
23. root@sofx1013dckr309.home.lan:~/tests/puppet#
24.  
25. ------------
26.  
27. root@sofx1013dckr309.home.lan:~/tests/puppet# cat docker-compose.yml
28. ---
29. services:
30.   puppet:
31.     image: ghcr.io/voxpupuli/puppetserver:8.7.0-latest
32.     hostname: puppet
33.     environment:
34.       PUPPETSERVER_HOSTNAME: puppet
35.       PUPPETSERVER_PORT: 8140
36.       PUPPETDB_HOSTNAME: puppetdb
37.       PUPPETDB_SSL_PORT: 8081
38.       USE_PUPPETDB: true
39.       PUPPET_STORECONFIGS_BACKEND: puppetdb
40.       PUPPET_STORECONFIGS: true
41.       PUPPET_REPORTS: "puppetdb,store"
42.       CA_ALLOW_SUBJECT_ALT_NAMES: true
43.       AUTOSIGN: true
44.     volumes:
45.       - ./ssl_puppet:/etc/puppetlabs/puppet/ssl
46.     ports:
47.       - 8140:8140
48.     restart: always
49.  
50.   puppetdb:
51.     image: ghcr.io/voxpupuli/puppetdb:8.8.1-latest
52.     hostname: puppetdb
53.     environment:
54.       USE_PUPPETSERVER: true
55.       PUPPETSERVER_HOSTNAME: puppet
56.       PUPPETSERVER_PORT: 8140
57.       PUPPETDB_SSL_PORT: 8081
58.       PUPPETDB_POSTGRES_HOSTNAME: postgres
59.       PUPPETDB_POSTGRES_PORT: 5432
60.       PUPPETDB_PASSWORD: puppetdb
61.       PUPPETDB_USER: puppetdb
62.       PUPPETDB_SSL_KEY: /etc/puppetlabs/puppet/ssl/private_keys/puppetdb.pem
63.       PUPPETDB_SSL_CERT: /etc/puppetlabs/puppet/ssl/public_keys/puppetdb.pem
64.       PUPPETDB_SSL_CA_CERT: /etc/puppetlabs/puppet/ssl/certs/ca.pem
65.       PUPPETDB_CERTIFICATE_ALLOWLIST: "puppet,puppet.home.lan,puppetdb,puppetdb.home.lan,puppetboard,puppetboard.home.lan"
66.     volumes:
67.       - ./ssl_puppet:/etc/puppetlabs/puppet/ssl
68.     ports:
69.       - 8081:8081
70.     restart: always
71.  
72.   postgres:
73.     image: docker.io/postgres:17-alpine
74.     hostname: postgres
75.     environment:
76.       POSTGRES_DB: puppetdb
77.       POSTGRES_USER: puppetdb
78.       POSTGRES_PASSWORD: puppetdb
79.     healthcheck:
80.       test: ["CMD-SHELL", "sh -c 'pg_isready -U puppetdb -d puppetdb'"]
81.       interval: 10s
82.       timeout: 3s
83.       retries: 3
84.     volumes:
85.       - ./enable_pg_trgm.sql:/docker-entrypoint-initdb.d/enable_pg_trgm.sql
86.       - ./postgres_data:/var/lib/postgresql/data
87.     restart: always
88.  
89.   puppetboard:
90.     image: ghcr.io/voxpupuli/puppetboard
91.     hostname: puppetboard
92.     environment:
93.       PUPPETDB_HOST: puppetdb
94.       PUPPETDB_PORT: 8081
95.       PUPPETBOARD_PORT: 8080
96.       ENABLE_CATALOG: true
97.       PUPPETDB_SSL_VERIFY: /etc/puppetlabs/puppet/ssl/ca-cert.pem
98.       PUPPETDB_KEY: /etc/puppetlabs/puppet/ssl/puppetboard-key.pem
99.       PUPPETDB_CERT: /etc/puppetlabs/puppet/ssl/puppetboard-key.pem
100.       SECRET_KEY: "495ed6e5e799015811d1d00bd424b464df1b9809dade7964b6e4dcf124d9e170"
101.       DEFAULT_ENVIRONMENT: "*"
102.     volumes:
103.       - ./ssl_puppetboard:/etc/puppetlabs/puppet/ssl
104.     ports:
105.       - 8282:8080
106.     restart: none
107.  
108. networks:
109.   default:
110.     name: crafty-minimal
111. root@sofx1013dckr309.home.lan:~/tests/puppet#
112.  
113. ------------
114.  
115. root@sofx1013dckr309.home.lan:~/tests/puppet# openssl x509 -noout -subject -in ./ssl_puppetboard/puppetboard-cert.pem
116. subject=CN = puppetdb
117. root@sofx1013dckr309.home.lan:~/tests/puppet#
118.  
119. ------------
120.  
121. root@puppet:~# puppetserver ca list --all
122. Signed Certificates:
123.     puppetdb              (SHA256)  93:E9:48:34:68:66:43:AA:43:CA:B5:DB:95:53:2E:18:64:E1:83:FC:C2:7F:3E:A1:71:7A:35:3D:9D:B4:84:7D     alt names: ["DNS:puppetdb", "DNS:puppetdb.home.lan"]
124.     puppet.home.lan       (SHA256)  45:13:A3:68:58:11:E5:B2:5E:45:7A:58:2F:E4:84:2E:9A:14:5A:FC:CB:6C:D5:3B:E3:08:CF:20:50:02:57:73     alt names: ["DNS:puppet", "DNS:puppet.home.lan"]     authorization extensions: [pp_cli_auth: true]
125.     puppetboard           (SHA256)  BA:3E:4E:54:51:27:C5:42:C5:AC:90:E0:2A:61:BD:AB:26:37:26:FD:DD:3A:72:0C:47:AE:F8:EC:2E:A9:8F:FE     alt names: ["DNS:puppetboard", "DNS:puppetboard.home.lan"]
126. root@puppet:~#
127.  
128.