feat(salt-api): Add SALT_API_CERT_CN env variable
Use this environment variable in order to set the salt-api certificatescommon name.
This commit is contained in:
Carlos Álvaro
@@ -7,7 +7,7 @@ ARG VCS_REF
|
||||
ENV SALT_VERSION="3004" \
|
||||
PYTHON_VERSION="3.8"
|
||||
|
||||
ENV IMAGE_VERSION="${SALT_VERSION}"
|
||||
ENV IMAGE_VERSION="${SALT_VERSION}_1"
|
||||
|
||||
ENV SALT_DOCKER_DIR="/etc/docker-salt" \
|
||||
SALT_ROOT_DIR="/etc/salt" \
|
||||
|
||||
@@ -507,6 +507,7 @@ Below you can find a list with the available options that can be used to customi
|
||||
| `SALT_API_SERVICE_ENABLED` | Enable `salt-api` service. Default: `false` |
|
||||
| `SALT_API_USER` | Set username for `salt-api` service. Default: `salt_api` |
|
||||
| `SALT_API_USER_PASS` | `SALT_API_USER` password. Required if `SALT_API_SERVICE_ENBALED` is `true` and `SALT_API_USER` is not empty. _Unset_ by default |
|
||||
| `SALT_API_CERT_CN` | Common name in the request. Default: `localhost` |
|
||||
| `SALT_MASTER_SIGN_PUBKEY` | Sign the master auth-replies with a cryptographic signature of the master's public key. Possible values: 'True' or 'False'. Default: `False` |
|
||||
| `SALT_MASTER_USE_PUBKEY_SIGNATURE` | Instead of computing the signature for each auth-reply, use a pre-calculated signature. This option requires `SALT_MASTER_SIGN_PUBKEY` set to 'True'. Possible values: 'True' or 'False'. Default: `True` |
|
||||
| `SALT_MASTER_SIGN_KEY_NAME` | The customizable name of the signing-key-pair without suffix. Default: `master_sign` |
|
||||
|
||||
@@ -5,6 +5,7 @@ TIMEZONE=${TIMEZONE:-UTC}
|
||||
|
||||
SALT_API_SERVICE_ENABLED=${SALT_API_SERVICE_ENABLED:-false}
|
||||
SALT_API_USER=${SALT_API_USER:-salt_api}
|
||||
SALT_API_CERT_CN=${SALT_API_CERT_CN:-localhost}
|
||||
|
||||
SALT_LOG_ROTATE_FREQUENCY=${SALT_LOG_ROTATE_FREQUENCY:-weekly}
|
||||
SALT_LOG_ROTATE_RETENTION=${SALT_LOG_ROTATE_RETENTION:-52}
|
||||
|
||||
@@ -208,10 +208,9 @@ function configure_salt_api()
|
||||
echo "Configuring salt-api service ..."
|
||||
|
||||
CERTS_PATH=/etc/pki
|
||||
SALT_API_KEY_FILE='docker-salt-master'
|
||||
rm -rf "${CERTS_PATH}/tls/certs/*"
|
||||
salt-call --local tls.create_self_signed_cert cacert_path="${CERTS_PATH}" CN="${SALT_API_KEY_FILE}"
|
||||
chown "${SALT_USER}": "${CERTS_PATH}/tls/certs/${SALT_API_KEY_FILE}".{crt,key}
|
||||
rm -rf "${CERTS_PATH}"/tls/certs/*
|
||||
salt-call --local tls.create_self_signed_cert cacert_path="${CERTS_PATH}" CN="${SALT_API_CERT_CN}"
|
||||
chown "${SALT_USER}": "${CERTS_PATH}/tls/certs/${SALT_API_CERT_CN}".{crt,key}
|
||||
|
||||
cat >> "${SALT_ROOT_DIR}/master" <<EOF
|
||||
|
||||
@@ -223,8 +222,8 @@ api_logfile: ${SALT_LOGS_DIR}/salt/api
|
||||
|
||||
rest_cherrypy:
|
||||
port: 8000
|
||||
ssl_crt: ${CERTS_PATH}/tls/certs/${SALT_API_KEY_FILE}.crt
|
||||
ssl_key: ${CERTS_PATH}/tls/certs/${SALT_API_KEY_FILE}.key
|
||||
ssl_crt: ${CERTS_PATH}/tls/certs/${SALT_API_CERT_CN}.crt
|
||||
ssl_key: ${CERTS_PATH}/tls/certs/${SALT_API_CERT_CN}.key
|
||||
EOF
|
||||
|
||||
# configure supervisord to start salt-api
|
||||
|
||||
Reference in New Issue
Block a user