puppet/ha/compose.yaml

---
services:
### Profile: Puppet ###########################################################
  ca:
    image: ghcr.io/voxpupuli/puppetserver:8.6.3-latest
    pull_policy: always
    hostname: puppet-ca
    environment:
      PUPPETSERVER_HOSTNAME: puppet-ca
      USE_PUPPETDB: false
      CA_ENABLED: true
      CA_ALLOW_SUBJECT_ALT_NAMES: true
    volumes:
      - ./server-data/puppetserver-code:/etc/puppetlabs/code
      - ./server-data/puppet-ca-ssl:/etc/puppetlabs/puppet/ssl
      - ./server-data/puppet-ca:/etc/puppetlabs/puppetserver/ca
    restart: always
    profiles:
      - puppet

  compiler-001:
    image: ghcr.io/voxpupuli/puppetserver:8.6.3-latest
    pull_policy: always
    hostname: compiler-001
    environment:
      PUPPETSERVER_HOSTNAME: compiler-001
      USE_PUPPETDB: false
      CA_ENABLED: false
      CA_HOSTNAME: puppet-ca
      DNS_ALT_NAMES: puppet,puppet-lb
    volumes:
      - ./server-data/puppetserver-code:/etc/puppetlabs/code
      - ./server-data/compiler-001-ssl:/etc/puppetlabs/puppet/ssl
    restart: always
    profiles:
      - puppet
    depends_on:
      - ca

  compiler-002:
    image: ghcr.io/voxpupuli/puppetserver:8.6.3-latest
    pull_policy: always
    hostname: compiler-002
    environment:
      PUPPETSERVER_HOSTNAME: compiler-002
      USE_PUPPETDB: false
      CA_ENABLED: false
      CA_HOSTNAME: puppet-ca
      DNS_ALT_NAMES: puppet,puppet-lb
    volumes:
      - ./server-data/puppetserver-code:/etc/puppetlabs/code
      - ./server-data/compiler-002-ssl:/etc/puppetlabs/puppet/ssl
    restart: always
    profiles:
      - puppet
    depends_on:
      - ca

  compiler-003:
    image: ghcr.io/voxpupuli/puppetserver:8.6.3-latest
    pull_policy: always
    hostname: compiler-003
    environment:
      PUPPETSERVER_HOSTNAME: compiler-003
      USE_PUPPETDB: false
      CA_ENABLED: false
      CA_HOSTNAME: puppet-ca
      DNS_ALT_NAMES: puppet,puppet-lb
    volumes:
      - ./server-data/puppetserver-code:/etc/puppetlabs/code
      - ./server-data/compiler-003-ssl:/etc/puppetlabs/puppet/ssl
    restart: always
    profiles:
      - puppet
    depends_on:
      - ca

### Profile: LB ###############################################################
  puppet-lb:
    image: nginx:1.27.1
    pull_policy: always
    ports:
      - 8140:8140
    hostname: puppet-lb
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx-ssl:/etc/nginx/ssl:ro
    restart: always
    profiles:
      - lb

### Profile: Test #############################################################
  # testing:
  #   image: ghcr.io/betadots/pdc:latest
  #   container_name: crafty-ha-testing
  #   hostname: crafty-ha-testing
  #   platform: linux/x86_64
  #   volumes:
  #     - ./puppet.conf:/etc/puppetlabs/puppet/puppet.conf:ro
  #     - ./agent-ssl:/etc/puppetlabs/puppet/ssl
  #   restart: always
  #   profiles:
  #     - test

  puppet-agent:
    image: techsk8/puppetagent-debian12:latest
    pull_policy: always
    hostname: puppet-agent
    privileged: true
    volumes:
      - /sys/fs/cgroup/:/sys/fs/cgroup:ro
      - ./puppet.conf:/etc/puppetlabs/puppet/puppet.conf:ro
      - agent-ssl:/etc/puppetlabs/puppet/ssl
    restart: always
    profiles:
      - test

networks:
  default:
    name: crafty-ha