From 350684ed9b7b9de67a6c78f98492b2f8bd836856 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20=C3=81lvaro?= Date: Sun, 31 Oct 2021 11:30:27 +0100 Subject: [PATCH] feat(salt-api): Add SALT_API_CERT_CN env variable Use this environment variable in order to set the salt-api certificatescommon name. --- Dockerfile | 2 +- README.md | 1 + assets/runtime/env-defaults.sh | 1 + assets/runtime/functions.sh | 11 +++++------ 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 335e678..6d3582e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ ARG VCS_REF ENV SALT_VERSION="3004" \ PYTHON_VERSION="3.8" -ENV IMAGE_VERSION="${SALT_VERSION}" +ENV IMAGE_VERSION="${SALT_VERSION}_1" ENV SALT_DOCKER_DIR="/etc/docker-salt" \ SALT_ROOT_DIR="/etc/salt" \ diff --git a/README.md b/README.md index a516bed..fff4053 100644 --- a/README.md +++ b/README.md @@ -507,6 +507,7 @@ Below you can find a list with the available options that can be used to customi | `SALT_API_SERVICE_ENABLED` | Enable `salt-api` service. Default: `false` | | `SALT_API_USER` | Set username for `salt-api` service. Default: `salt_api` | | `SALT_API_USER_PASS` | `SALT_API_USER` password. Required if `SALT_API_SERVICE_ENBALED` is `true` and `SALT_API_USER` is not empty. _Unset_ by default | +| `SALT_API_CERT_CN` | Common name in the request. Default: `localhost` | | `SALT_MASTER_SIGN_PUBKEY` | Sign the master auth-replies with a cryptographic signature of the master's public key. Possible values: 'True' or 'False'. Default: `False` | | `SALT_MASTER_USE_PUBKEY_SIGNATURE` | Instead of computing the signature for each auth-reply, use a pre-calculated signature. This option requires `SALT_MASTER_SIGN_PUBKEY` set to 'True'. Possible values: 'True' or 'False'. Default: `True` | | `SALT_MASTER_SIGN_KEY_NAME` | The customizable name of the signing-key-pair without suffix. Default: `master_sign` | diff --git a/assets/runtime/env-defaults.sh b/assets/runtime/env-defaults.sh index bae2f93..40ccdbf 100755 --- a/assets/runtime/env-defaults.sh +++ b/assets/runtime/env-defaults.sh @@ -5,6 +5,7 @@ TIMEZONE=${TIMEZONE:-UTC} SALT_API_SERVICE_ENABLED=${SALT_API_SERVICE_ENABLED:-false} SALT_API_USER=${SALT_API_USER:-salt_api} +SALT_API_CERT_CN=${SALT_API_CERT_CN:-localhost} SALT_LOG_ROTATE_FREQUENCY=${SALT_LOG_ROTATE_FREQUENCY:-weekly} SALT_LOG_ROTATE_RETENTION=${SALT_LOG_ROTATE_RETENTION:-52} diff --git a/assets/runtime/functions.sh b/assets/runtime/functions.sh index 1511880..af7678f 100755 --- a/assets/runtime/functions.sh +++ b/assets/runtime/functions.sh @@ -208,10 +208,9 @@ function configure_salt_api() echo "Configuring salt-api service ..." CERTS_PATH=/etc/pki - SALT_API_KEY_FILE='docker-salt-master' - rm -rf "${CERTS_PATH}/tls/certs/*" - salt-call --local tls.create_self_signed_cert cacert_path="${CERTS_PATH}" CN="${SALT_API_KEY_FILE}" - chown "${SALT_USER}": "${CERTS_PATH}/tls/certs/${SALT_API_KEY_FILE}".{crt,key} + rm -rf "${CERTS_PATH}"/tls/certs/* + salt-call --local tls.create_self_signed_cert cacert_path="${CERTS_PATH}" CN="${SALT_API_CERT_CN}" + chown "${SALT_USER}": "${CERTS_PATH}/tls/certs/${SALT_API_CERT_CN}".{crt,key} cat >> "${SALT_ROOT_DIR}/master" <