feat: Add salt-api support
This commit is contained in:
Carlos Álvaro
@@ -15,7 +15,7 @@ DEBIAN_FRONTEND=noninteractive apt-get install --yes --quiet --no-install-recomm
|
||||
|
||||
# Create salt user
|
||||
echo "Creating ${SALT_USER} user ..."
|
||||
useradd -d ${SALT_HOME} -ms /bin/bash -U -G root,sudo ${SALT_USER}
|
||||
useradd -d ${SALT_HOME} -ms /bin/bash -U -G root,sudo,shadow ${SALT_USER}
|
||||
|
||||
# Set PATH
|
||||
exec_as_salt cat >> ${SALT_HOME}/.profile <<EOF
|
||||
@@ -42,7 +42,7 @@ cmake --build . --target install
|
||||
echo "Installing python3 packages ..."
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install --yes --quiet --no-install-recommends \
|
||||
python3-mako python3-pycryptodome python3-cherrypy3 python3-git python3-u-msgpack \
|
||||
python3-redis python3-gnupg python3-mysqldb python3-dateutil python3-libnacl
|
||||
python3-redis python3-gnupg python3-mysqldb python3-dateutil python3-libnacl python3-openssl
|
||||
|
||||
# Install pip3 python packages
|
||||
echo "Installing pip3 python packages ..."
|
||||
@@ -54,13 +54,16 @@ pip3 install "pygit2==v${PYGIT2_VERSION}" \
|
||||
## -M: install Salt Master by default
|
||||
## -N: Do not install salt-minion
|
||||
## -X: Do not start daemons after installation
|
||||
## -d: Disables checking if Salt services are enabled to start on system boot
|
||||
## -P: Allow pip based installations
|
||||
## -p: Extra-package to install
|
||||
## -x: Changes the python version used to install a git version of salt
|
||||
SALT_BOOTSTRAP_OPTS="-M -N -X -P -x python${PYTHON_VERSION}"
|
||||
SALT_BOOTSTRAP_OPTS=( -M -N -X -d -P -p salt-api -x "python${PYTHON_VERSION}" )
|
||||
|
||||
echo "Installing saltstack ..."
|
||||
echo "Option: ${SALT_BOOTSTRAP_OPTS[@]}"
|
||||
wget -O bootstrap-salt.sh https://bootstrap.saltstack.com
|
||||
sh bootstrap-salt.sh ${SALT_BOOTSTRAP_OPTS} git v${SALT_VERSION}
|
||||
sh bootstrap-salt.sh ${SALT_BOOTSTRAP_OPTS[@]} git v${SALT_VERSION}
|
||||
chown -R ${SALT_USER}: ${SALT_ROOT_DIR}
|
||||
|
||||
# Configure ssh
|
||||
@@ -89,7 +92,7 @@ priority=5
|
||||
directory=${SALT_HOME}
|
||||
environment=HOME=${SALT_HOME}
|
||||
command=/usr/local/bin/salt-master
|
||||
user=${SALT_USER}
|
||||
user=root
|
||||
autostart=true
|
||||
autorestart=true
|
||||
stopsignal=QUIT
|
||||
|
||||
@@ -3,6 +3,9 @@
|
||||
DEBUG=${DEBUG:-false}
|
||||
TIMEZONE=${TIMEZONE:-UTC}
|
||||
|
||||
SALT_API_SERVICE_ENABLED=${SALT_API_SERVICE_ENABLED:-false}
|
||||
SALT_API_USER=${SALT_API_USER:-salt_api}
|
||||
|
||||
SALT_LOG_ROTATE_FREQUENCY=${SALT_LOG_ROTATE_FREQUENCY:-weekly}
|
||||
SALT_LOG_ROTATE_RETENTION=${SALT_LOG_ROTATE_RETENTION:-52}
|
||||
|
||||
|
||||
@@ -13,6 +13,12 @@ function exec_as_salt()
|
||||
fi
|
||||
}
|
||||
|
||||
# Log error
|
||||
function log_error()
|
||||
{
|
||||
(>2& echo "ERROR: $@")
|
||||
}
|
||||
|
||||
# Map salt user with host user
|
||||
function map_uidgid()
|
||||
{
|
||||
@@ -135,10 +141,10 @@ function setup_ssh_keys()
|
||||
fi
|
||||
}
|
||||
|
||||
# This functions cofigures master service
|
||||
# This function cofigures master service
|
||||
function configure_salt_master()
|
||||
{
|
||||
echo "Configuring salt-master ..."
|
||||
echo "Configuring salt-master service ..."
|
||||
# https://docs.saltstack.com/en/latest/ref/configuration/master.html
|
||||
|
||||
exec_as_salt cp -p ${SALT_RUNTIME_DIR}/config/master.yml ${SALT_ROOT_DIR}/master
|
||||
@@ -162,6 +168,66 @@ function configure_salt_master()
|
||||
SALT_MASTER_USE_PUBKEY_SIGNATURE
|
||||
}
|
||||
|
||||
# This function configures salt-api if service is set to be enabled
|
||||
function configure_salt_api()
|
||||
{
|
||||
[[ ${SALT_API_SERVICE_ENABLED} == true ]] || return 0
|
||||
|
||||
if [[ -n "${SALT_API_USER}" ]]; then
|
||||
|
||||
if [[ ${SALT_API_USER} == ${SALT_USER} ]]; then
|
||||
log_error "SALT_API_USER cannot be the same as ${SALT_USER}"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [[ -z "${SALT_API_USER_PASS}" ]]; then
|
||||
log_error "SALT_API_USER_PASS env variable must be set to create ${SALT_API_USER} user"
|
||||
return 2
|
||||
fi
|
||||
|
||||
echo "Creating ${SALT_API_USER} user for salt-api ..."
|
||||
adduser --quiet --disabled-password --gecos "Salt API" ${SALT_API_USER}
|
||||
echo "${SALT_API_USER}:${SALT_API_USER_PASS}" | chpasswd
|
||||
unset SALT_API_USER_PASS
|
||||
fi
|
||||
|
||||
echo "Configuring salt-api service ..."
|
||||
|
||||
CERTS_PATH=/etc/pki
|
||||
rm -rf ${CERTS_PATH}/tls/certs/*
|
||||
salt-call --local tls.create_self_signed_cert cacert_path=${CERTS_PATH} CN=docker-salt-master
|
||||
|
||||
cat >> ${SALT_ROOT_DIR}/master <<EOF
|
||||
|
||||
|
||||
##### salt-api settings #####
|
||||
##########################################
|
||||
# Basic configuration for salt-api
|
||||
api_logfile: ${SALT_LOGS_DIR}/salt/api
|
||||
|
||||
rest_cherrypy:
|
||||
port: 8000
|
||||
ssl_crt: /etc/pki/tls/certs/docker-salt-master.crt
|
||||
ssl_key: /etc/pki/tls/certs/docker-salt-master.key
|
||||
EOF
|
||||
|
||||
# configure supervisord to start salt-api
|
||||
cat > /etc/supervisor/conf.d/salt-api.conf <<EOF
|
||||
[program:salt-api]
|
||||
priority=5
|
||||
directory=${SALT_HOME}
|
||||
environment=HOME=${SALT_HOME}
|
||||
command=/usr/local/bin/salt-api
|
||||
user=root
|
||||
autostart=true
|
||||
autorestart=true
|
||||
stopsignal=QUIT
|
||||
stdout_logfile=${SALT_LOGS_DIR}/supervisor/%(program_name)s.log
|
||||
stderr_logfile=${SALT_LOGS_DIR}/supervisor/%(program_name)s.log
|
||||
EOF
|
||||
|
||||
}
|
||||
|
||||
# Initializes main directories
|
||||
function initialize_datadir()
|
||||
{
|
||||
@@ -253,6 +319,7 @@ function initialize_system()
|
||||
configure_logrotate
|
||||
configure_timezone
|
||||
configure_salt_master
|
||||
configure_salt_api
|
||||
setup_salt_keys
|
||||
setup_ssh_keys
|
||||
rm -rf /var/run/supervisor.sock
|
||||
|
||||
Reference in New Issue
Block a user