chaos/docker-salt-master
Archived
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Install salt using onedir packages

Browse Source
This commit is contained in:
Carlos Álvaro
2023-04-19 12:03:31 +02:00
committed by Carlos D. Álvaro
parent b6422db262
commit 4cad83b724
13 changed files with 87 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/build-and-test.yml vendored
View File

@@ -64,7 +64,7 @@ jobs:
with: with:
context: . context: .
file: ./Dockerfile file: ./Dockerfile
platforms: linux/amd64,linux/arm64,linux/arm/v7 platforms: linux/amd64,linux/arm64
cache-from: | cache-from: |
type=local,src=${{ env.CACHE_PATH }} type=local,src=${{ env.CACHE_PATH }}
ghcr.io/cdalvaro/docker-salt-master:latest ghcr.io/cdalvaro/docker-salt-master:latest
@@ -88,11 +88,11 @@ jobs:
needs: build needs: build
strategy: strategy:
matrix: matrix:
platform: [linux/amd64, linux/arm64, linux/arm/v7] platform: [linux/amd64, linux/arm64]
env: env:
DOCKER_CLI_EXPERIMENTAL: enabled DOCKER_CLI_EXPERIMENTAL: enabled
PLATFORM: ${{ matrix.platform }} PLATFORM: ${{ matrix.platform }}
BOOTUP_WAIT_SECONDS: 90 BOOTUP_WAIT_SECONDS: 60
steps: steps:
- name: Checkout repository - name: Checkout repository

2
.github/workflows/publish.yml vendored
View File

@@ -17,7 +17,7 @@ on:
env: env:
IMAGE_NAME: cdalvaro/docker-salt-master IMAGE_NAME: cdalvaro/docker-salt-master
PLATFORMS: linux/amd64,linux/arm64,linux/arm/v7 PLATFORMS: linux/amd64,linux/arm64
CACHE_PATH: ${{ github.workspace }}/.buildx-cache CACHE_PATH: ${{ github.workspace }}/.buildx-cache
EXTRA_REGISTRIES: ghcr.io quay.io EXTRA_REGISTRIES: ghcr.io quay.io

5
CHANGELOG.md
View File

@@ -1,14 +1,15 @@
# Changelog # Changelog
This file only reflects the changes that are made in this image. This file only reflects the changes that are made in this image.
Please refer to the [Salt 3006 Release Notes](https://docs.saltstack.com/en/latest/topics/releases/3006.html) Please refer to the [Salt 3006.0 Release Notes](https://docs.saltstack.com/en/latest/topics/releases/3006.0.html)
for the list of changes in SaltStack. for the list of changes in SaltStack.
**3006.0** **3006.0**
- Upgrade `salt-master` to `3006.0` *Sulfur*. - Upgrade `salt-master` to `3006.0` *Sulfur*.
- Upgrade `salt-bootstrap` to version `2023.04.06`.
- Change Docker base image to `ubuntu:jammy-20230308`. - Change Docker base image to `ubuntu:jammy-20230308`.
- Use [_onedir_](https://docs.saltproject.io/en/latest/topics/releases/3006.0.html#onedir-packaging) system for installing salt.
- Remove support for arm32 architecture.
**3005.1-2_1** **3005.1-2_1**

4
Dockerfile
View File

@@ -30,9 +30,7 @@ WORKDIR ${SALT_BUILD_DIR}
# hadolint ignore=DL3008 # hadolint ignore=DL3008
RUN apt-get update \ RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install --yes --quiet --no-install-recommends \ && DEBIAN_FRONTEND=noninteractive apt-get install --yes --quiet --no-install-recommends \
sudo ca-certificates openssl apt-transport-https wget locales openssh-client gpg \ sudo ca-certificates apt-transport-https wget locales openssh-client gpg gpg-agent \
python3 python3-dev libpython3-dev \
python3-pip python3-setuptools python3-wheel \
supervisor logrotate git gettext-base tzdata inotify-tools psmisc \ supervisor logrotate git gettext-base tzdata inotify-tools psmisc \
&& DEBIAN_FRONTEND=noninteractive update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \ && DEBIAN_FRONTEND=noninteractive update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \
locale-gen en_US.UTF-8 \ locale-gen en_US.UTF-8 \

3
README.md
View File

@@ -5,7 +5,6 @@
[![Docker Image Size][docker_size_badge]][docker_hub_tags] [![Docker Image Size][docker_size_badge]][docker_hub_tags]
[![Architecture AMD64][arch_amd64_badge]][arch_link] [![Architecture AMD64][arch_amd64_badge]][arch_link]
[![Architecture ARM64][arch_arm64_badge]][arch_link] [![Architecture ARM64][arch_arm64_badge]][arch_link]
[![Architecture ARM/v7][arch_arm_badge]][arch_link]
# Dockerized Salt Master v3006.0 _Sulfur_ # Dockerized Salt Master v3006.0 _Sulfur_
@@ -817,8 +816,6 @@ Many thanks to:
[arch_amd64_badge]: https://img.shields.io/badge/arch-amd64-inactive.svg [arch_amd64_badge]: https://img.shields.io/badge/arch-amd64-inactive.svg
[arch_arm_badge]: https://img.shields.io/badge/arch-arm/v7-inactive.svg
[arch_arm64_badge]: https://img.shields.io/badge/arch-arm64-inactive.svg [arch_arm64_badge]: https://img.shields.io/badge/arch-arm64-inactive.svg
[arch_link]: https://github.com/users/cdalvaro/packages/container/package/docker-salt-master [arch_link]: https://github.com/users/cdalvaro/packages/container/package/docker-salt-master

46
assets/build/functions.sh
View File

@@ -52,16 +52,7 @@ function exec_as_salt()
} }
#--- FUNCTION ------------------------------------------------------------------------------------------------------- #--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: is_arm32 # NAME: is_arm64
# DESCRIPTION: Check whether the platform is ARM 32-bits or not.
#----------------------------------------------------------------------------------------------------------------------
function is_arm32()
{
uname -m | grep -qE 'armv7l'
}
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: is_arm32
# DESCRIPTION: Check whether the platform is ARM 64-bits or not. # DESCRIPTION: Check whether the platform is ARM 64-bits or not.
#---------------------------------------------------------------------------------------------------------------------- #----------------------------------------------------------------------------------------------------------------------
function is_arm64() function is_arm64()
@@ -69,15 +60,6 @@ function is_arm64()
uname -m | grep -qE 'arm64|aarch64' uname -m | grep -qE 'arm64|aarch64'
} }
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: is_arm32
# DESCRIPTION: Check whether the platform is ARM or not.
#----------------------------------------------------------------------------------------------------------------------
function is_arm()
{
is_arm32 || is_arm64
}
#--- FUNCTION ------------------------------------------------------------------------------------------------------- #--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: install_pkgs # NAME: install_pkgs
# DESCRIPTION: Install packages using apt-get install. # DESCRIPTION: Install packages using apt-get install.
@@ -90,6 +72,9 @@ function install_pkgs()
#--- FUNCTION ------------------------------------------------------------------------------------------------------- #--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: download # NAME: download
# DESCRIPTION: Download the content from the given URL and save it into the specified file. # DESCRIPTION: Download the content from the given URL and save it into the specified file.
# ARGUMENTS:
# 1: URL where the file is hosted.
# 2: Filename (with path) for the downloaded file.
#---------------------------------------------------------------------------------------------------------------------- #----------------------------------------------------------------------------------------------------------------------
function download() function download()
{ {
@@ -97,7 +82,6 @@ function download()
local FILE_NAME="$2" local FILE_NAME="$2"
local WGET_ARGS=(--quiet) local WGET_ARGS=(--quiet)
is_arm32 && WGET_ARGS+=(--no-check-certificate)
log_info "Downloading ${FILE_NAME} from ${URL} ..." log_info "Downloading ${FILE_NAME} from ${URL} ..."
wget ${WGET_ARGS[@]} -O "${FILE_NAME}" "${URL}" wget ${WGET_ARGS[@]} -O "${FILE_NAME}" "${URL}"
@@ -112,6 +96,9 @@ function download()
#--- FUNCTION ------------------------------------------------------------------------------------------------------- #--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: check_sha256 # NAME: check_sha256
# DESCRIPTION: Compute the SHA256 hash for the given file and check if it matches the expected one. # DESCRIPTION: Compute the SHA256 hash for the given file and check if it matches the expected one.
# ARGUMENTS:
# 1: The file to check.
# 2: The expected SHA256 checksum.
#---------------------------------------------------------------------------------------------------------------------- #----------------------------------------------------------------------------------------------------------------------
function check_sha256() function check_sha256()
{ {
@@ -133,6 +120,8 @@ function check_sha256()
#--- FUNCTION ------------------------------------------------------------------------------------------------------- #--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: extract # NAME: extract
# DESCRIPTION: Extract the given .tar.gz into the current directory. # DESCRIPTION: Extract the given .tar.gz into the current directory.
# ARGUMENTS:
# 1: The file to extract.
#---------------------------------------------------------------------------------------------------------------------- #----------------------------------------------------------------------------------------------------------------------
function extract() function extract()
{ {
@@ -140,3 +129,20 @@ function extract()
log_info "Unpacking file: ${FILE}" log_info "Unpacking file: ${FILE}"
tar xzf "${FILE}" --strip-components 1 tar xzf "${FILE}" --strip-components 1
} }
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: add_salt_repository
# DESCRIPTION: Add salt repository to packages sources.
#----------------------------------------------------------------------------------------------------------------------
function add_salt_repository()
{
local arch=amd64
is_arm64 && arch=arm64
source /etc/os-release
local keyring_file="/etc/apt/keyrings/salt-archive-keyring.gpg"
local root_url="https://repo.saltproject.io/salt/py3/ubuntu/${VERSION_ID:?}/${arch}"
download "${root_url}/SALT-PROJECT-GPG-PUBKEY-2023.gpg" "${keyring_file}"
echo "deb [signed-by=${keyring_file} arch=${arch}] ${root_url}/minor/${SALT_VERSION} ${VERSION_CODENAME:?} main" > /etc/apt/sources.list.d/salt.list
}

74
assets/build/install.sh
View File

@@ -11,66 +11,35 @@ source "${FUNCTIONS_FILE}"
log_info "Installing required packages and build dependencies ..." log_info "Installing required packages and build dependencies ..."
REQUIRED_PACKAGES=( REQUIRED_PACKAGES=(
libssl3 zlib1g libffi7 libpcre3 libgssapi3-heimdal binutils patchelf
) )
BUILD_DEPENDENCIES=( BUILD_DEPENDENCIES=()
make gcc g++
) log_info "Adding salt repository..."
add_salt_repository
apt-get update apt-get update
install_pkgs "${REQUIRED_PACKAGES[@]}" "${BUILD_DEPENDENCIES[@]}" install_pkgs "${REQUIRED_PACKAGES[@]}" "${BUILD_DEPENDENCIES[@]}"
# Create salt user # Create salt user
# https://manpages.ubuntu.com/manpages/xenial/en/man8/useradd.8.html
log_info "Creating ${SALT_USER} user ..." log_info "Creating ${SALT_USER} user ..."
useradd -d "${SALT_HOME}" -ms /bin/bash -U -G root,sudo,shadow "${SALT_USER}" useradd --home-dir "${SALT_HOME}" --create-home \
--shell /bin/bash --user-group "${SALT_USER}" \
--groups shadow
# Set PATH # Set PATH
exec_as_salt cat >> "${SALT_HOME}/.profile" <<EOF exec_as_salt cat >> "${SALT_HOME}/.profile" <<EOF
PATH=/usr/local/sbin:/usr/local/bin:\$PATH PATH=/usr/local/sbin:/usr/local/bin:\$PATH
EOF EOF
# Install python3 packages # Install salt packages
log_info "Installing python3 packages ..." log_info "Installing salt packages ..."
install_pkgs --quiet \ install_pkgs salt-master="${SALT_VERSION}" salt-api="${SALT_VERSION}"
python3-mako python3-pycryptodome python3-cherrypy3 \
python3-git python3-requests python3-redis python3-gnupg \
python3-mysqldb python3-dateutil python3-libnacl python3-openssl \
python3-pygit2
# Downloading bootstrap-salt.sh script # Install python packages
BOOTSTRAP_VERSION='2023.04.06' exec_as_salt salt-pip install pygit2==1.12.0
BOOTSTRAP_URL="https://github.com/saltstack/salt-bootstrap/releases/download/v${BOOTSTRAP_VERSION}/bootstrap-salt.sh"
BOOTSTRAP_FILE='bootstrap-salt.sh'
BOOTSTRAP_SHA256='994bf7e8bd92fe6d70d291c7562aff299f5651046b4e76dfa506cee0d9bb0843'
download "${BOOTSTRAP_URL}" "${BOOTSTRAP_FILE}"
check_sha256 "${BOOTSTRAP_FILE}" "${BOOTSTRAP_SHA256}"
# Bootstrap script options:
# https://docs.saltproject.io/salt/install-guide/en/latest/topics/bootstrap.html
## -M: install Salt Master by default
## -N: Do not install salt-minion
## -X: Do not start daemons after installation
## -d: Disables checking if Salt services are enabled to start on system boot
## -P: Allow pip based installations
## -p: Extra-package to install
SALT_BOOTSTRAP_OPTS=( -M -N -X -d -P -p salt-api -p salt-call )
## -I: allow insecure connections while downloading any files
is_arm32 && SALT_BOOTSTRAP_OPTS+=( -I )
log_info "Installing saltstack ..."
log_debug "Options: ${SALT_BOOTSTRAP_OPTS[@]}"
sh "${BOOTSTRAP_FILE}" ${SALT_BOOTSTRAP_OPTS[@]} git "v${SALT_VERSION}"
chown -R "${SALT_USER}": "${SALT_ROOT_DIR}"
# Patch to remove salt-minion
SALT_MINION="$(command -v salt-minion)"
if [[ -n "${SALT_MINION}" ]]; then
log_warn "Removing salt-minion ..."
rm -f "${SALT_MINION}"
fi
# Configure ssh # Configure ssh
log_info "Configuring ssh ..." log_info "Configuring ssh ..."
@@ -81,11 +50,13 @@ sed -i -e "s|^[# ]*StrictHostKeyChecking.*$| StrictHostKeyChecking no|" /etc/
echo "# IdentityFile salt_ssh_key" echo "# IdentityFile salt_ssh_key"
} >> /etc/ssh/ssh_config } >> /etc/ssh/ssh_config
SUPERVISOR_CONFIG_FILE=/etc/supervisor/supervisord.conf
# Configure logrotate # Configure logrotate
log_info "Configuring logrotate ..." log_info "Configuring logrotate ..."
# move supervisord.log file to ${SALT_LOGS_DIR}/supervisor/ # move supervisord.log file to ${SALT_LOGS_DIR}/supervisor/
sed -i "s|^[#]*logfile=.*|logfile=${SALT_LOGS_DIR}/supervisor/supervisord.log ;|" /etc/supervisor/supervisord.conf sed -i "s|^[#]*logfile=.*|logfile=${SALT_LOGS_DIR}/supervisor/supervisord.log ;|" "${SUPERVISOR_CONFIG_FILE}"
# fix "unknown group 'syslog'" error preventing logrotate from functioning # fix "unknown group 'syslog'" error preventing logrotate from functioning
sed -i "s|^su root syslog$|su root root|" /etc/logrotate.conf sed -i "s|^su root syslog$|su root root|" /etc/logrotate.conf
@@ -93,13 +64,20 @@ sed -i "s|^su root syslog$|su root root|" /etc/logrotate.conf
# Configure supervisor # Configure supervisor
log_info "Configuring supervisor ..." log_info "Configuring supervisor ..."
# run supervisord as root
if grep -E "^user=" "${SUPERVISOR_CONFIG_FILE}"; then
sed -i "s|^user=.*|user=root|" "${SUPERVISOR_CONFIG_FILE}"
else
sed -i "s|^\[supervisord\]\$|[supervisord]\nuser=root|" "${SUPERVISOR_CONFIG_FILE}"
fi
# configure supervisord to start salt-master # configure supervisord to start salt-master
cat > /etc/supervisor/conf.d/salt-master.conf <<EOF cat > /etc/supervisor/conf.d/salt-master.conf <<EOF
[program:salt-master] [program:salt-master]
priority=5 priority=5
directory=${SALT_HOME} directory=${SALT_HOME}
environment=HOME=${SALT_HOME} environment=HOME=${SALT_HOME}
command=/usr/local/bin/salt-master command=/usr/bin/salt-master
user=root user=root
autostart=true autostart=true
autorestart=true autorestart=true
@@ -122,7 +100,7 @@ stderr_logfile=${SALT_LOGS_DIR}/supervisor/%(program_name)s.log
EOF EOF
# Purge build dependencies and cleanup apt # Purge build dependencies and cleanup apt
apt-get purge -y --auto-remove "${BUILD_DEPENDENCIES[@]}" (( ${#BUILD_DEPENDENCIES[@]} != 0 )) && apt-get purge -y --auto-remove "${BUILD_DEPENDENCIES[@]}"
apt-get clean --yes apt-get clean --yes
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*

2
assets/runtime/functions.sh
View File

@@ -448,7 +448,7 @@ EOF
priority=10 priority=10
directory=${SALT_HOME} directory=${SALT_HOME}
environment=HOME=${SALT_HOME} environment=HOME=${SALT_HOME}
command=/usr/local/bin/salt-api command=/usr/bin/salt-api
user=root user=root
autostart=true autostart=true
autorestart=true autorestart=true

6
docker-compose.yml
View File

@@ -6,9 +6,9 @@ services:
image: ghcr.io/cdalvaro/docker-salt-master:latest image: ghcr.io/cdalvaro/docker-salt-master:latest
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- "./roots/:/home/salt/data/srv" - "./roots:/home/salt/data/srv"
- "./keys/:/home/salt/data/keys" - "./keys:/home/salt/data/keys"
- "./logs/:/home/salt/data/logs" - "./logs:/home/salt/data/logs"
ports: ports:
- "4505:4505" - "4505:4505"
- "4506:4506" - "4506:4506"

11
tests/basic/test.sh
View File

@@ -18,10 +18,13 @@ ok "container started"
# Check salt version # Check salt version
echo "==> Checking salt-master version ..." echo "==> Checking salt-master version ..."
docker-exec salt-master --versions output=$(docker-exec salt-master --versions)
EXPECTED_VERSION="$(cat VERSION) (Sulfur)" echo "${output}"
CURRENT_VERSION="$(docker-exec salt-master --version)"
check_equal "${CURRENT_VERSION}" "salt-master ${EXPECTED_VERSION%%-*}" "salt-master --version" # shellcheck disable=SC2016
CURRENT_VERSION="$(echo -n "${output}" | grep -Ei 'salt: ([^\s]+)' | awk '{print $2}')"
EXPECTED_VERSION="$(cat VERSION)"
check_equal "${CURRENT_VERSION%%-*}" "${EXPECTED_VERSION%%-*}" "salt-master version"
# Test image calling healthcheck # Test image calling healthcheck
echo "==> Executing healthcheck ..." echo "==> Executing healthcheck ..."

4
tests/gpg/test.sh
View File

@@ -14,8 +14,8 @@ trap cleanup EXIT
# Run test instance # Run test instance
echo "==> Starting docker-salt-master (${PLATFORM}) config ..." echo "==> Starting docker-salt-master (${PLATFORM}) config ..."
start_container_and_wait \ start_container_and_wait \
--volume "${SCRIPT_PATH}/roots/":/home/salt/data/srv/:ro \ --volume "${SCRIPT_PATH}/roots":/home/salt/data/srv:ro \
--volume "${SCRIPT_PATH}/keys/":/home/salt/data/keys/ \ --volume "${SCRIPT_PATH}/keys":/home/salt/data/keys \
|| error "container started" || error "container started"
ok "container started" ok "container started"

4
tests/lib/common.sh
View File

@@ -171,8 +171,8 @@ EOF
--env PUID="$(id -u)" --env PGID="$(id -g)" \ --env PUID="$(id -u)" --env PGID="$(id -g)" \
--env SALT_LOG_LEVEL='info' \ --env SALT_LOG_LEVEL='info' \
--platform "${PLATFORM}" ${DOCKER_ARGS[@]} \ --platform "${PLATFORM}" ${DOCKER_ARGS[@]} \
--volume "${LOGS_DIR}/":/home/salt/data/logs/ \ --volume "${LOGS_DIR}":/home/salt/data/logs \
--volume "${SCRIPT_PATH}/config/":/home/salt/data/config/:ro \ --volume "${SCRIPT_PATH}/config":/home/salt/data/config:ro \
"${IMAGE_NAME}" || return 1 "${IMAGE_NAME}" || return 1
echo "==> Waiting ${BOOTUP_WAIT_SECONDS} seconds for the container to be ready ..." echo "==> Waiting ${BOOTUP_WAIT_SECONDS} seconds for the container to be ready ..."

16
tests/salt-api/test.sh
View File

@@ -51,11 +51,15 @@ ok "container started"
# Test salt-api authentication # Test salt-api authentication
echo "==> Getting salt-api token ..." echo "==> Getting salt-api token ..."
SALTAPI_TOKEN=$(curl -sSk "${SALTAPI_URL%/}/login" \ CURL_OUTPUT="$(curl -sSk "${SALTAPI_URL%/}/login" \
-H "Accept: application/x-yaml" \ -H "Accept: application/x-yaml" \
-d username="${SALTAPI_USER}" \ -d username="${SALTAPI_USER}" \
-d password="${SALTAPI_PASS}" \ -d password="${SALTAPI_PASS}" \
-d eauth="${SALTAPI_EAUTH}" | grep 'token:' | cut -d' ' -f 4) -d eauth="${SALTAPI_EAUTH}")"
echo "${CURL_OUTPUT}"
SALTAPI_TOKEN=
SALTAPI_TOKEN="$(echo -n "${CURL_OUTPUT}" | grep -Ei 'token: ([^\s]+)' | awk '{print $2}')"
[ -n "${SALTAPI_TOKEN}" ] || error "salt-api token" [ -n "${SALTAPI_TOKEN}" ] || error "salt-api token"
ok "salt-api token" ok "salt-api token"
@@ -89,11 +93,15 @@ ok "container started"
# Test salt-api authentication # Test salt-api authentication
echo "==> Getting salt-api token (pass via file) ..." echo "==> Getting salt-api token (pass via file) ..."
SALTAPI_TOKEN=$(curl -sSk "${SALTAPI_URL%/}/login" \ CURL_OUTPUT="$(curl -sSk "${SALTAPI_URL%/}/login" \
-H "Accept: application/x-yaml" \ -H "Accept: application/x-yaml" \
-d username="${SALTAPI_USER}" \ -d username="${SALTAPI_USER}" \
-d password="${SALTAPI_PASS}" \ -d password="${SALTAPI_PASS}" \
-d eauth="${SALTAPI_EAUTH}" | grep 'token:' | cut -d' ' -f 4) -d eauth="${SALTAPI_EAUTH}")"
echo "${CURL_OUTPUT}"
SALTAPI_TOKEN=
SALTAPI_TOKEN="$(echo -n "${CURL_OUTPUT}" | grep -Ei 'token: ([^\s]+)' | awk '{print $2}')"
[ -n "${SALTAPI_TOKEN}" ] || error "salt-api token" [ -n "${SALTAPI_TOKEN}" ] || error "salt-api token"
ok "salt-api token" ok "salt-api token"