diff --git a/Dockerfile b/Dockerfile index 06b9d9b..a2501d6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,9 +5,11 @@ LABEL description="SaltStack master" LABEL version="2018.3.2" ENV SALT_DOCKER_DIR="/etc/salt-docker" \ - SALT_MASTER_DIR="/etc/salt/pki/master" + SALT_MASTER_DIR="/etc/salt/pki/master" \ + SALT_USER=root ENV SALT_BUILD_DIR="${SALT_DOCKER_DIR}/build" \ + SALT_CONFS_DIR="${SALT_DOCKER_DIR}/config" \ SALT_KEYS_DIR="${SALT_DOCKER_DIR}/keys" \ SALT_RUNTIME_DIR="${SALT_DOCKER_DIR}/runtime" @@ -19,7 +21,7 @@ ENV SALT_BUILD_DIR="${SALT_DOCKER_DIR}/build" \ ## -U: Fully upgrade the system prior to bootstrapping Salt ENV SALT_BOOTSTRAP_OPTS='-M -N -X -U' -# Version of salt to install: +# Release version to install # https://github.com/saltstack/salt/releases ENV SALT_GIT_RELEASE="v2018.3.2" @@ -37,8 +39,8 @@ RUN update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \ dpkg-reconfigure locales EXPOSE 4505/tcp 4506/tcp -RUN mkdir -p /srv ${SALT_KEYS_DIR} -VOLUME [ "/srv", "${SALT_KEYS_DIR}" ] +RUN mkdir -p /srv ${SALT_KEYS_DIR} ${SALT_CONFS_DIR} +VOLUME [ "/srv", "${SALT_KEYS_DIR}" "${SALT_CONFS_DIR}" ] RUN mkdir -p ${SALT_BUILD_DIR} WORKDIR ${SALT_BUILD_DIR} @@ -57,4 +59,3 @@ RUN chmod +x /sbin/entrypoint.sh WORKDIR ${SALT_DOCKER_DIR} ENTRYPOINT [ "/sbin/entrypoint.sh" ] - diff --git a/README.md b/README.md index f4da03a..dcc48bf 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,11 @@ Dockerfile to build a [SaltStack](https://www.saltstack.com) Master image for the Docker opensource container platform. -SaltStack Master is set up in the Docker image using the install from git source method as documented in the the [official bootstrap](https://docs.saltstack.com/en/latest/topics/tutorials/salt_bootstrap.html) documentation. +SaltStack Master is set up in the Docker image using the install from git source method as documented +in the the [official bootstrap](https://docs.saltstack.com/en/latest/topics/tutorials/salt_bootstrap.html) documentation. -For other methods to install SaltStack please refer to the [Official SaltStack Installation Guide](https://docs.saltstack.com/en/latest/topics/installation/index.html). +For other methods to install SaltStack please refer to the +[Official SaltStack Installation Guide](https://docs.saltstack.com/en/latest/topics/installation/index.html). ## Table of Contents @@ -13,18 +15,26 @@ For other methods to install SaltStack please refer to the [Official SaltStack I - [Configuration](#configuration) - [Custom Recipes](#custom-recipes) - [Minion Keys](#minion-keys) + - [Available Configuration Parameters](#available-configuration-parameters) - [Usage](#usage) - [Shell Access](#shell-access) - [References](#references) ## Installation -Automated builds of the image are available on [Dockerhub](https://hub.docker.com/r/cdalvaro/saltstack-master/) and is the recommended method of installation. +Automated builds of the image are available on [Dockerhub](https://hub.docker.com/r/cdalvaro/saltstack-master/) +and is the recommended method of installation. ```sh docker pull cdalvaro/saltstack-master:2018.3.2 ``` +You can also pull the latest tag which is built from the repository HEAD + +```sh +docker pull cdalvaro/saltstack-master:latest +``` + Alternatively you can build the image locally. ```sh @@ -49,7 +59,7 @@ Alternatively, you can manually launch the `saltstack-master` container: ```sh docker run --name salt_master --detach \ - --publish 4505:4505 --publish 4506:4506 \ + --publish 4505:4505/tcp --publish 4506:4506/tcp \ --env 'SALT_LOG_LEVEL=info' \ --read-only --volume ./srv/:/srv/ \ cdalvaro/saltstack-master:2018.3.2 @@ -65,20 +75,54 @@ But it is necessary to mount the `/srv/` volume ir order to provide your custom ### Minion Keys -Minion keys can be added automatically on startup to SaltStack master by mounting the volume `/etc/salt-docker/keys` and copying the minion keys inside `keys/minions/` directory: +Minion keys can be added automatically on startup to SaltStack master by mounting the volume `/etc/salt-docker/keys` +and copying the minion keys inside `keys/minions/` directory: ```sh mkdir -p keys/minions cp -v /etc/salt/pki/minion/minion.pub keys/minions/minion1 docker run --name salt_master -d \ - --publish 4505:4505 --publish 4506:4506 \ + --publish 4505:4505/tcp --publish 4506:4506/tcp \ --env 'SALT_LOG_LEVEL=info' \ --read-only --volume ./srv/:/srv/ \ --volume ./keys/:/etc/salt-docker/keys/ \ cdalvaro/saltstack-master:2018.3.2 ``` +## Available Configuration Parameters + +Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. +This will save you from writing a potentially long docker run command. Alternatively you can use docker-compose. + +Below is the list of available options that can be used to customize your SaltStack master installation. + +| Parameter | Description | +|-----------|-------------| +| `SALT_LOG_LEVEL` | The level of messages to send to the console. One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. Default: 'warning' | +| `SALT_LEVEL_LOGFILE` | The level of messages to send to the log file. One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. Default: 'warning' | + +Any parameter not listed in the table and available in the next +[link](https://docs.saltstack.com/en/latest/ref/configuration/examples.html#configuration-examples-master) +can be set by creating the directory `confs` and adding into it configurations files with the desired parameters: + +```sh +mkdir confs +cat > confs/ports.conf << EOF +# The tcp port used by the publisher: +publish_port: 3505 +# The port used by the communication interface. +ret_port: 3506 +EOF + +docker run --name salt_master -d \ + --publish 3505:3505/tcp --publish 3506:3506/tcp \ + --env 'SALT_LOG_LEVEL=info' \ + --read-only --volume ./srv/:/srv/ \ + --volume ./confs/:/etc/salt-docker/confs/ \ + cdalvaro/saltstack-master:2018.3.2 +``` + ## Usage To test which salt minions are listening the following command can be executed from the master service: @@ -95,7 +139,8 @@ docker-compose exec master salt '*' state.apply ## Shell Access -For debugging and maintenance purposes you may want access the container shell. If you are using docker version 1.3.0 or higher you can access a running container shell using docker exec command. +For debugging and maintenance purposes you may want access the container shell. +If you are using docker version 1.3.0 or higher you can access a running container shell using docker exec command. ```sh docker exec -it salt_master bash @@ -106,4 +151,3 @@ docker exec -it salt_master bash - https://docs.saltstack.com/en/latest/topics/installation/index.html - https://docs.saltstack.com/en/latest/topics/tutorials/salt_bootstrap.html - https://github.com/saltstack/salt/releases - diff --git a/assets/runtime/env-defaults.sh b/assets/runtime/env-defaults.sh new file mode 100755 index 0000000..73807fb --- /dev/null +++ b/assets/runtime/env-defaults.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +##### Logging settings ##### +SALT_LOG_LEVEL=${SALT_LOG_LEVEL:-warning} +SALT_LEVEL_LOGFILE=${SALT_LEVEL_LOGFILE:-warning} diff --git a/assets/runtime/functions.sh b/assets/runtime/functions.sh index 50649f7..c4a2a1e 100755 --- a/assets/runtime/functions.sh +++ b/assets/runtime/functions.sh @@ -1,5 +1,10 @@ #!/usr/bin/env bash +set -e + +echo "Loading ${SALT_RUNTIME_DIR}/env-defaults.sh" +source ${SALT_RUNTIME_DIR}/env-defaults.sh + # This function copies minion keys function copy_minion_keys() { @@ -8,13 +13,43 @@ function copy_minion_keys() if [ -d "${SALT_KEYS_DIR}/master" ] && [ ! -z "$(ls -A ${SALT_KEYS_DIR}/master)" ]; then mkdir -v -p -m 0700 ${SALT_MASTER_DIR} cp -v ${SALT_KEYS_DIR}/master/master.{pem,pub} ${SALT_MASTER_DIR} - chown -v root:root ${SALT_MASTER_DIR}/master.{pem,pub} + chown -v ${SALT_USER}:${SALT_USER} ${SALT_MASTER_DIR}/master.{pem,pub} fi if [ -d "${SALT_KEYS_DIR}/minions" ] && [ ! -z "$(ls -A ${SALT_KEYS_DIR}/minions)" ]; then mkdir -v -p -m 0700 ${SALT_MASTER_DIR}/minions cp -v ${SALT_KEYS_DIR}/minions/* ${SALT_MASTER_DIR}/minions - chown -v root:root ${SALT_MASTER_DIR}/minions/* + chown -v ${SALT_USER}:${SALT_USER} ${SALT_MASTER_DIR}/minions/* fi } +# This functions cofigures master service +function configure_salt_master() +{ + echo "Configuring salt-master..." + # https://docs.saltstack.com/en/latest/ref/configuration/master.html + + local SALT_ROOT_DIR=/etc/salt + + # Backup file + if [ ! -f ${SALT_ROOT_DIR}/master.backup ]; then + cp -pv ${SALT_ROOT_DIR}/master ${SALT_ROOT_DIR}/master.backup + else + cp -pv ${SALT_ROOT_DIR}/master.backup ${SALT_ROOT_DIR}/master + fi + + # Set env variables + sed -i \ + -e "s|^[#]*log_level:.*$|log_level: ${SALT_LOG_LEVEL}|" \ + -e "s|^[#]*log_level_logfile:.*$|log_level_logfile: ${SALT_LEVEL_LOGFILE}|" \ + -e "s|^[#]*default_include:.*$|default_include: ${SALT_ROOT_DIR}/master.d/*.conf|" \ + ${SALT_ROOT_DIR}/master + + # Sync config files + if [[ $(find ${SALT_CONFS_DIR} -type f -name '*.conf' | wc -l) -gt 0 ]]; then + rsync --verbose --delete ${SALT_CONFS_DIR}/*.conf ${SALT_ROOT_DIR}/master.d/ + chown ${SALT_USER}:${SALT_USER} ${SALT_ROOT_DIR}/master.d/*.conf + chmod +rx-w ${SALT_ROOT_DIR}/master.d/*.conf + fi + +} diff --git a/docker-compose.yml b/docker-compose.yml index a54c3dd..cc741f0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,8 +4,6 @@ services: master: container_name: salt_master image: cdalvaro/saltstack-master:2018.3.2 - build: - context: ./ volumes: - "./srv/:/srv/:ro" ports: diff --git a/entrypoint.sh b/entrypoint.sh index 950a275..c202209 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -7,5 +7,8 @@ source "${SALT_RUNTIME_DIR}/functions.sh" # Copy minion keys copy_minion_keys -exec salt-master --log-level=${SALT_LOG_LEVEL:-warning} +# Configure salt-master +configure_salt_master +echo "Starting salt-master..." +exec salt-master