Question

I want my container to have access to Puppet only when it's running. But I don't want to have Puppet software installed into all my containers. Is there a way that my container can access puppet only whenever it runs despite of the fact that it doesn't have puppet installed on it explicitly? Is this feature supported in puppet or docker?

Answer 1

Docker provides a solution to this problem with Volumes.

• Volumes allow for directories from one container to be mounted into another at runtime.

• In the context of Puppet that means we can make the Puppet software available to any container we like by mounting the /opt/puppetlabs directory (which contains Puppet and all it's dependencies due to the all-in-one packaging).

Example:

• First run a puppet-agent container. 

• This will terminate once the command has run, just outputting the Puppet version, but the volume will persist.

docker run --name puppet-agent -v /opt/puppetlabs puppet/puppet-agent-ubuntu --version

• With that volume in place we can use it in any other containers via the handy --volumes-from command.

docker run --volumes-from=puppet-agent ubuntu /opt/puppetlabs/bin/puppet resource package tar --param provider
package { 'tar':
  ensure   => '1.27.1-1',
  provider => 'apt',
}

• Note the name of the original container (which contains Puppet) is used in the volumes-from argument for this container. 

• To prove we're really adding Puppet at runtime, if we run without mounting the volume:

docker run ubuntu /opt/puppetlabs/bin/puppet resource package
docker: Error response from daemon: Container command '/opt/puppetlabs/bin/puppet' not found or does not exist..

• You could cross check it using the method mentioned above.