Merge pull request #127 from vrtdev/feature/vrt

Don't let the entry scripts fail if there is no cert (dir)
voxpupuli · Oct 2, 2024 · 01b6c21 · 01b6c21
2 parents b637b92 + 9188abf
commit 01b6c21
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 8 deletions.
diff --git a/puppetserver/docker-entrypoint.d/70-set-dns-alt-names.sh b/puppetserver/docker-entrypoint.d/70-set-dns-alt-names.sh
@@ -2,13 +2,15 @@
 
 set -e
 
+config_section=main
+
 # Allow setting dns_alt_names for the compilers certificate. This
 # setting will only have an effect when the container is started without
 # an existing certificate on the /etc/puppetlabs/puppet volume
-if [ -n "${DNS_ALT_NAMES}" ] && [ "${CA_ENABLED}" != "true" ]; then
+if [ -n "${DNS_ALT_NAMES}" ]; then
     certname=$(puppet config print certname)
     if test ! -f "${SSLDIR}/certs/$certname.pem" ; then
-        puppet config set dns_alt_names "${DNS_ALT_NAMES}" --section agent
+        puppet config set dns_alt_names "${DNS_ALT_NAMES}" --section "${config_section}"
     else
         actual=$(puppet config print dns_alt_names --section "${config_section}")
         if test "${DNS_ALT_NAMES}" != "${actual}" ; then

diff --git a/puppetserver/docker-entrypoint.d/99-log-config.sh b/puppetserver/docker-entrypoint.d/99-log-config.sh
@@ -13,9 +13,14 @@ if [ -n "${CERTNAME}" ]; then
   certname=${CERTNAME}.pem
 else
   echo "* CERTNAME: unset, try to use the oldest certificate in the certs directory, because this might be the one that was used initially."
-  certname=$(cd "${SSLDIR}/certs" && find * -type f -name '*.pem' ! -name ca.pem -print0 | xargs -0 ls -1tr | head -n 1)
-  if [ -z "${certname}" ]; then
-    echo "WARNING: No certificates found in ${SSLDIR}/certs! Please set CERTNAME!"
+  if [ ! -d "${SSLDIR}/certs" ]; then
+    certname="Not-Found"
+    echo "WARNING: No certificates directory found in ${SSLDIR}!"
+  else
+    certname=$(cd "${SSLDIR}/certs" && find * -type f -name '*.pem' ! -name ca.pem -print0 | xargs -0 ls -1tr | head -n 1)
+    if [ -z "${certname}" ]; then
+      echo "WARNING: No certificates found in ${SSLDIR}/certs! Please set CERTNAME!"
+    fi
   fi
 fi
 
@@ -33,7 +38,11 @@ if [ -f "${SSLDIR}/certs/ca.pem" ]; then
 fi
 
 if [ -n "${certname}" ]; then
-  echo "Certificate ${certname}:"
-  # shellcheck disable=SC2086 # $altnames shouldn't be quoted
-  openssl x509 -subject -issuer -text -noout -in "${SSLDIR}/certs/${certname}" $altnames
+  if [ -f "${SSLDIR}/certs/${certname}" ]; then
+    echo "Certificate ${certname}:"
+    # shellcheck disable=SC2086 # $altnames shouldn't be quoted
+    openssl x509 -subject -issuer -text -noout -in "${SSLDIR}/certs/${certname}" $altnames
+  else
+    echo "WARNING: Certificate ${certname} not found in ${SSLDIR}/certs!"
+  fi
 fi