OpenVoxProject · Sebastian-Maier · Jul 25, 2025 · Jul 25, 2025 · Jul 30, 2025 · Jul 31, 2025
@@ -116,14 +116,15 @@ The following environment variables are supported:
 
 ## Initialization Scripts
 
-If you would like to do additional initialization, add a directory called `/docker-custom-entrypoint.d/` and fill it with `.sh` scripts.
+If you would like to do additional initialization, add a directory called `/container-custom-entrypoint.d/` and fill it with `.sh` scripts.
 
-You can also create sub-directories in `/docker-custom-entrypoint.d/` for scripts that have to run at different stages.
+You can also create sub-directories in `/container-custom-entrypoint.d/` for scripts that have to run at different stages.
 
-- `/docker-custom-entrypoint.d/` - scripts that run after the default entrypoint scripts, but before the openvoxserver service is started.
-- `/docker-custom-entrypoint.d/post-startup/` - scripts that run after the openvoxserver service is started.
-- `/docker-custom-entrypoint.d/sigterm-handler/` - scripts that run when the container receives a SIGTERM signal.
-- `/docker-custom-entrypoint.d/post-execution/` - scripts that run after the openvoxserver service has stopped.
+- `/container-custom-entrypoint.d/pre-default/` - scripts that run before the default entrypoints scripts.
+- `/container-custom-entrypoint.d/` - scripts that run after the default entrypoint scripts, but before the openvoxserver service is started.
+- `/container-custom-entrypoint.d/post-startup/` - scripts that run after the openvoxserver service is started.
+- `/container-custom-entrypoint.d/sigterm-handler/` - scripts that run when the container receives a SIGTERM signal.
+- `/container-custom-entrypoint.d/post-execution/` - scripts that run after the openvoxserver service has stopped.
 
 ## Persistence
 

@@ -70,12 +70,13 @@ ENV AUTOSIGN=true \
     SSLDIR=/etc/puppetlabs/puppet/ssl \
     USE_OPENVOXDB=true
 
-COPY docker-entrypoint.sh \
+COPY container-entrypoint.sh \
+     docker-entrypoint.sh \
      healthcheck.sh \
      Containerfile \
      /
 
-COPY docker-entrypoint.d /docker-entrypoint.d
+COPY container-entrypoint.d /container-entrypoint.d
 COPY --from=builder /var/lib/gems/ /var/lib/gems/
 COPY --from=builder /usr/local/bin/r10k /usr/local/bin/
 
@@ -86,7 +87,7 @@ RUN apt-get update && \
 
 RUN groupadd -g ${OPENVOX_USER_GID} puppet && \
     useradd -m -u ${OPENVOX_USER_UID} -g puppet puppet && \
-    chmod +x /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d/*.sh && \
+    chmod +x /container-entrypoint.sh /docker-entrypoint.sh /healthcheck.sh /container-entrypoint.d/*.sh && \
     apt-get update && \
     apt-get upgrade -y && \
     apt-get install -y \
@@ -120,5 +121,5 @@ HEALTHCHECK --interval=20s --timeout=15s --retries=12 --start-period=3m CMD ["/h
 # NOTE: this is just documentation on defaults
 EXPOSE 8140
 
-ENTRYPOINT ["dumb-init", "/docker-entrypoint.sh"]
+ENTRYPOINT ["dumb-init", "/container-entrypoint.sh"]
 CMD ["foreground"]
@@ -164,14 +164,15 @@ COPY --from=build /etc/puppetlabs /etc/puppetlabs
 COPY --from=build /var/log/puppetlabs /var/log/puppetlabs
 COPY --from=build /var/run/puppetlabs /var/run/puppetlabs
 
-COPY docker-entrypoint.sh \
+COPY container-entrypoint.sh \
+     docker-entrypoint.sh \
      healthcheck.sh \
      Containerfile.alpine \
      /
 
 COPY conf.d/product.conf /etc/puppetlabs/puppetserver/conf.d/
 COPY conf.d/puppetserver.conf /etc/puppetlabs/puppetserver/conf.d/
-COPY docker-entrypoint.d /docker-entrypoint.d
+COPY container-entrypoint.d /container-entrypoint.d
 COPY logback.xml /etc/puppetlabs/puppetserver/
 COPY puppetdb.conf /var/tmp/puppet/
 COPY puppetserver /etc/default/puppetserver
@@ -210,7 +211,7 @@ RUN apk update \
 && chmod 700 ${data_dir}/puppetserver/yaml \
 && find /etc/puppetlabs/puppet/ssl -type d -print0 | xargs -0 chmod 770 \
 && echo 'alias ll="ls -la --color=auto"' >> ~/.bashrc \
-&& chmod +x /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d/*.sh \
+&& chmod +x /container-entrypoint.sh /docker-entrypoint.sh /healthcheck.sh /container-entrypoint.d/*.sh \
 && mkdir -p /opt/puppetlabs/puppet/bin \
 && ln -s /usr/bin/puppet /opt/puppetlabs/puppet/bin/puppet \
 && ln -s /usr/bin/facter /opt/puppetlabs/puppet/bin/facter \
@@ -228,5 +229,5 @@ HEALTHCHECK --interval=20s --timeout=15s --retries=12 --start-period=3m CMD ["/h
 
 EXPOSE 8140
 
-ENTRYPOINT ["dumb-init", "/docker-entrypoint.sh"]
+ENTRYPOINT ["dumb-init", "/container-entrypoint.sh"]
 CMD ["foreground"]
@@ -2,10 +2,14 @@
 
 set -e
 
+# determine script location
+readonly SCRIPT_FILENAME=$(readlink -f "${BASH_SOURCE[0]}")
+readonly SCRIPT_PATH=$(dirname "$SCRIPT_FILENAME")
+
 if [[ "$OPENVOXSERVER_GRAPHITE_EXPORTER_ENABLED" == "true" ]]; then
   if [[ -n "$OPENVOXSERVER_GRAPHITE_HOST" && -n "$OPENVOXSERVER_GRAPHITE_PORT" ]]; then
     echo "Enabling graphite exporter"
-    sed -e "s/GRAPHITE_HOST/$OPENVOXSERVER_GRAPHITE_HOST/" -e "s/GRAPHITE_PORT/$OPENVOXSERVER_GRAPHITE_PORT/" /docker-entrypoint.d/84-metrics.conf.tmpl > /etc/puppetlabs/puppetserver/conf.d/metrics.conf
+    sed -e "s/GRAPHITE_HOST/$OPENVOXSERVER_GRAPHITE_HOST/" -e "s/GRAPHITE_PORT/$OPENVOXSERVER_GRAPHITE_PORT/" "$SCRIPT_PATH/84-metrics.conf.tmpl" > /etc/puppetlabs/puppetserver/conf.d/metrics.conf
   else
     echo "ERROR: no OPENVOXSERVER_GRAPHITE_HOST or OPENVOXSERVER_GRAPHITE_PORT set."
     exit 99

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -e
+
+# determine script location
+readonly SCRIPT_FILENAME=$(readlink -f "${BASH_SOURCE[0]}")
+readonly SCRIPT_PATH=$(dirname "$SCRIPT_FILENAME")
+
+if [[ "$OPENVOXSERVER_ENABLE_ENV_CACHE_DEL_API" == true ]]; then
+  if [[ $(grep 'puppet-admin-api' /etc/puppetlabs/puppetserver/conf.d/auth.conf) ]]; then
+    echo "Admin API already set"
+  else
+    /opt/puppetlabs/puppet/bin/ruby "$SCRIPT_PATH/88-add_cache_del_api_auth_rules.rb"
+  fi
+fi
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e
+
+# determine script location
+readonly SCRIPT_FILENAME=$(readlink -f "${BASH_SOURCE[0]}")
+readonly SCRIPT_PATH=$(dirname "$SCRIPT_FILENAME")
+
+if [ -n "${CSR_ATTRIBUTES}" ]; then
+    echo "CSR Attributes: ${CSR_ATTRIBUTES}"
+    /opt/puppetlabs/puppet/bin/ruby "$SCRIPT_PATH/89-csr_attributes.rb"
+fi
@@ -0,0 +1,127 @@
+#!/bin/bash
+# bash is required to pass ENV vars with dots as sh cannot
+
+set -o errexit  # exit on any command failure; use `whatever || true` to accept failures
+                # use `if something; then` instead of `something; if [ $? -eq 0 ]; then`
+                # use `rv=0; something || rv=$?` if you really need the exact exit code
+set -o pipefail # pipes fail when any command fails, not just the last one. Use: ( whatever || true ) | somethingelse
+set -o nounset  # exit on use of undeclared var, use `${possibly_undefined-}` to substitute the empty string in that case
+                # You can assign default values like this:
+                # `: ${possibly_undefined=default}`
+                # `: ${possibly_undefined_or_empty:=default}` will also replace an empty (but declared) value
+# set -o xtrace
+
+pid=0
+
+echoerr() { echo "$@" 1>&2; }
+
+echoerr "Entrypoint PID $$"
+
+# Generic execution function for custom handlers
+# Usage: run_custom_handler [handler_name]
+run_custom_handler() {
+  local CUSTOM_HANDLER_ROOT_DIRECTORY=""
+  local CUSTOM_HANDLER_DIRECTORY=""
+  local -a DIR_LIST=("/docker-custom-entrypoint.d" "/container-custom-entrypoint.d")
+
+  for CUSTOM_HANDLER_ROOT_DIRECTORY in "${DIR_LIST[@]}"; do
+    if [ -d "${CUSTOM_HANDLER_ROOT_DIRECTORY}" ]; then
+      if [[ "${CUSTOM_HANDLER_ROOT_DIRECTORY}" == "/docker-custom-entrypoint.d" ]]; then
+        if [[ $# -eq 1 && "$1" == "pre-default" ]]; then
+          echoerr "DEPRECATED: Use /container-custom-entrypoint.d/ instead of /docker-custom-entrypoint.d/"
+        fi
+      fi
+
+      if [[ $# -eq 0 || "$1" == "" ]]; then
+        CUSTOM_HANDLER_DIRECTORY=${CUSTOM_HANDLER_ROOT_DIRECTORY}
+      else
+        CUSTOM_HANDLER_DIRECTORY=${CUSTOM_HANDLER_ROOT_DIRECTORY}/$1
+      fi
+
+      if [ -d ${CUSTOM_HANDLER_DIRECTORY}/ ]; then
+        find ${CUSTOM_HANDLER_DIRECTORY}/ -type f -name "*.sh" \
+          -exec chmod +x {} \;
+        sync
+        for f in ${CUSTOM_HANDLER_DIRECTORY}/*.sh; do
+          if [[ -f "$f" && -x $(realpath "$f") ]]; then
+            echo "Running $f"
+            "$f"
+          fi
+        done
+      fi
+    fi
+  done
+}
+
+## Pre execution handler
+pre_execution_handler() {
+  run_custom_handler pre-default
+
+  if [ -d /container-entrypoint.d ]; then
+    echoerr "DEPRECATED: Use /container-entrypoint.d/ instead of /docker-entrypoint.d/"
+    for f in /docker-entrypoint.d/*.sh; do
+      echo "Running $f"
+      "$f"
+    done
+  fi
+
+  for f in /container-entrypoint.d/*.sh; do
+    echo "Running $f"
+    "$f"
+  done
+
+  run_custom_handler
+}
+
+## Post startup handler
+post_startup_handler() {
+  run_custom_handler post-startup
+}
+
+## Post execution handler
+post_execution_handler() {
+  run_custom_handler post-execution
+}
+
+## Sigterm Handler
+# shellcheck disable=SC2317 # function is called when the container receives a SIGTERM signal
+sigterm_handler() {
+  echoerr "Catching SIGTERM"
+  if [ $pid -ne 0 ]; then
+    echoerr "sigterm_handler for PID '${pid}' triggered"
+    # the above if statement is important because it ensures
+    # that the application has already started. without it you
+    # could attempt cleanup steps if the application failed to
+    # start, causing errors.
+    run_custom_handler sigterm-handler
+    kill -15 "$pid"
+    wait "$pid"
+    post_execution_handler
+  fi
+  exit 143; # 128 + 15 -- SIGTERM
+}
+
+## Setup signal trap
+# on callback execute the specified handler
+trap sigterm_handler SIGTERM
+
+## Initialization
+pre_execution_handler
+
+## Start Process
+echoerr "Starting Puppetserver"
+# run process in background and record PID
+/opt/puppetlabs/bin/puppetserver "$@" &
+pid="$!"
+
+## Post Startup
+post_startup_handler
+
+## Wait forever until app dies
+wait "$pid"
+return_code="$?"
+
+## Cleanup
+post_execution_handler
+# echo the return code of the application
+exit $return_code