From 72e24b2aa42d702ba66dc5d157f10c1a3b3dee3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20=C3=81lvaro?= Date: Sat, 3 Nov 2018 10:30:29 +0100 Subject: [PATCH] Add support for gitfs with GitPython --- CHANGELOG.md | 7 ++++--- Dockerfile | 7 +++++-- README.md | 13 +++++++++++++ assets/runtime/env-defaults.sh | 4 ++++ assets/runtime/functions.sh | 26 ++++++++++++++++++++++++++ 5 files changed, 52 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4cd0e4d..1742c01 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,12 +1,13 @@ # Changelog This file only reflects the changes that are made in this image. -Please refer to the SaltStack [Release Notes](https://docs.saltstack.com/en/develop/topics/releases/2018.3.2.html) for the list of changes in SaltStack. +Please refer to the SaltStack [Release Notes](https://docs.saltstack.com/en/develop/topics/releases/2018.3.3.html) for the list of changes in SaltStack. **2018.3.3** -- Upgrade SaltStack Master to 2018.3.3 +- Upgrade SaltStack Master to `2018.3.3` +- Add `GitPython` support **2018.3.2** -- First version: SaltStack Master 2018.3.2 +- First version: SaltStack Master `2018.3.2` diff --git a/Dockerfile b/Dockerfile index d3f8b69..60c966e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,7 +23,9 @@ ENV SALT_CONFS_DIR="${SALT_DATA_DIR}/config" \ ## -N: Do not install salt-minion ## -X: Do not start daemons after installation ## -U: Fully upgrade the system prior to bootstrapping Salt -ENV SALT_BOOTSTRAP_OPTS='-M -N -X -U' +## -V: Install Salt into virtualenv +## -a: Pip install all Python pkg dependencies for Salt +ENV SALT_BOOTSTRAP_OPTS='-M -N -X -U -Va' # Release version to install # https://github.com/saltstack/salt/releases @@ -35,7 +37,8 @@ ENV DEBIAN_FRONTEND=noninteractive # Install packages RUN apt-get update RUN apt-get install --yes --quiet --no-install-recommends \ - ca-certificates apt-transport-https curl git vim python3 locales + ca-certificates apt-transport-https curl git vim locales \ + openssh-client python3 python-git # Configure locales RUN update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \ diff --git a/README.md b/README.md index ab76dcc..2f922ef 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ For other methods to install SaltStack please refer to the [Official SaltStack I - [Minion Keys](#minion-keys) - [Master Signed Keys](#master-signed-keys) - [Host Mapping](#host-mapping) + - [Git Fileserver](#git-fileserver) - [Available Configuration Parameters](#available-configuration-parameters) - [Usage](#usage) - [Shell Access](#shell-access) @@ -128,6 +129,16 @@ docker run --name salt_stack -it --rm \ cdalvaro/saltstack-master:2018.3.3 ``` +### Git Fileserver + +This image uses [GitPython](https://github.com/gitpython-developers/GitPython) as gitfs backend to allow Salt to serve files from git repositories. + +It can be enabled by adding `gitfs` to the [`fileserver_backend`](https://docs.saltstack.com/en/latest/ref/configuration/master.html#std:conf_master-fileserver_backend) list (see [Available Configuration Parameters](#available-configuration-parameters)), and configuring one or more repositories in [`gitfs_remotes`](https://docs.saltstack.com/en/latest/ref/configuration/master.html#std:conf_master-gitfs_remotes). + +As the backend for gitfs is GitPython, then an ssh key is needed. The default name for the ssh key is `gitfs_ssh` but it can be changed with the env variables `SALT_GITFS_SSH_PRIVATE_KEY` and `SALT_GITFS_SSH_PUBLIC_KEY`. + +This keys must be placed inside `/home/salt/data/keys` directory. + ### Available Configuration Parameters Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command. Alternatively you can use docker-compose. @@ -143,6 +154,8 @@ Below is the list of available options that can be used to customize your SaltSt | `SALT_MASTER_SIGN_KEY_NAME` | The customizable name of the signing-key-pair without suffix. Default: `master_sign` | | `SALT_MASTER_PUBKEY_SIGNATURE` | The name of the file in the master's pki-directory that holds the pre-calculated signature of the master's public-key. Default: `master_pubkey_signature` | | `SALT_MASTER_ROOT_USER` | Forces `salt-master` to be runned as `root` instead of `salt`. Default: `False` | +| `SALT_GITFS_SSH_PRIVATE_KEY` | The name of the ssh private key for gitfs. Default: `gitfs_ssh` | +| `SALT_GITFS_SSH_PUBLIC_KEY` | The name of the ssh public key for gitfs. Default: `gitfs_ssh.pub` | | `USERMAP_UID` | Sets the uid for user `salt` to the specified uid. Default: `1000`. | | `USERMAP_GID` | Sets the gid for user `salt` to the specified gid. Default: `1000`. | diff --git a/assets/runtime/env-defaults.sh b/assets/runtime/env-defaults.sh index a30b2f9..5e7673f 100755 --- a/assets/runtime/env-defaults.sh +++ b/assets/runtime/env-defaults.sh @@ -13,3 +13,7 @@ SALT_MASTER_SIGN_PUBKEY=${SALT_MASTER_SIGN_PUBKEY:-False} SALT_MASTER_USE_PUBKEY_SIGNATURE=${SALT_MASTER_USE_PUBKEY_SIGNATURE:-False} SALT_MASTER_SIGN_KEY_NAME=${SALT_MASTER_SIGN_KEY_NAME:-master_sign} SALT_MASTER_PUBKEY_SIGNATURE=${SALT_MASTER_PUBKEY_SIGNATURE:-master_pubkey_signature} + +##### SSH settings ##### +SALT_GITFS_SSH_PRIVATE_KEY=${SALT_GITFS_SSH_PRIVATE_KEY:-gitfs_ssh} +SALT_GITFS_SSH_PUBLIC_KEY=${SALT_GITFS_SSH_PUBLIC_KEY:-gitfs_ssh.pub} diff --git a/assets/runtime/functions.sh b/assets/runtime/functions.sh index 1ea13da..796cb8d 100755 --- a/assets/runtime/functions.sh +++ b/assets/runtime/functions.sh @@ -75,6 +75,31 @@ EOF find ${SALT_HOME} -path ${SALT_KEYS_DIR}/\* -prune -o -print0 | xargs -0 chown -h ${SALT_USER}: } +# This function configures ssh settings +function configure_ssh() +{ + echo "Configuring ssh..." + + mkdir -p "/root/.ssh" + cat > "/root/.ssh/config" <