Add support for gitfs with GitPython

CHANGELOG.md

@@ -1,12 +1,13 @@
 # Changelog
 
 This file only reflects the changes that are made in this image.
-Please refer to the SaltStack [Release Notes](https://docs.saltstack.com/en/develop/topics/releases/2018.3.2.html) for the list of changes in SaltStack.
+Please refer to the SaltStack [Release Notes](https://docs.saltstack.com/en/develop/topics/releases/2018.3.3.html) for the list of changes in SaltStack.
 
 **2018.3.3**
 
-- Upgrade SaltStack Master to 2018.3.3
+- Upgrade SaltStack Master to `2018.3.3`
+- Add `GitPython` support
 
 **2018.3.2**
 
-- First version: SaltStack Master 2018.3.2
+- First version: SaltStack Master `2018.3.2`

Dockerfile

@@ -23,7 +23,9 @@ ENV SALT_CONFS_DIR="${SALT_DATA_DIR}/config" \
 ## -N: Do not install salt-minion
 ## -X: Do not start daemons after installation
 ## -U: Fully upgrade the system prior to bootstrapping Salt
-ENV SALT_BOOTSTRAP_OPTS='-M -N -X -U'
+## -V: Install Salt into virtualenv
+## -a: Pip install all Python pkg dependencies for Salt
+ENV SALT_BOOTSTRAP_OPTS='-M -N -X -U -Va'
 
 # Release version to install
 # https://github.com/saltstack/salt/releases
@@ -35,7 +37,8 @@ ENV DEBIAN_FRONTEND=noninteractive
 # Install packages
 RUN apt-get update
 RUN apt-get install --yes --quiet --no-install-recommends \
-    ca-certificates apt-transport-https curl git vim python3 locales
+    ca-certificates apt-transport-https curl git vim locales \
+    openssh-client python3 python-git
 
 # Configure locales
 RUN update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \

README.md

@@ -16,6 +16,7 @@ For other methods to install SaltStack please refer to the [Official SaltStack I
   - [Minion Keys](#minion-keys)
   - [Master Signed Keys](#master-signed-keys)
   - [Host Mapping](#host-mapping)
+  - [Git Fileserver](#git-fileserver)
   - [Available Configuration Parameters](#available-configuration-parameters)
 - [Usage](#usage)
 - [Shell Access](#shell-access)
@@ -128,6 +129,16 @@ docker run --name salt_stack -it --rm \
     cdalvaro/saltstack-master:2018.3.3
 ```
 
+### Git Fileserver
+
+This image uses [GitPython](https://github.com/gitpython-developers/GitPython) as gitfs backend to allow Salt to serve files from git repositories.
+
+It can be enabled by adding `gitfs` to the [`fileserver_backend`](https://docs.saltstack.com/en/latest/ref/configuration/master.html#std:conf_master-fileserver_backend) list (see [Available Configuration Parameters](#available-configuration-parameters)), and configuring one or more repositories in [`gitfs_remotes`](https://docs.saltstack.com/en/latest/ref/configuration/master.html#std:conf_master-gitfs_remotes).
+
+As the backend for gitfs is GitPython, then an ssh key is needed. The default name for the ssh key is `gitfs_ssh` but it can be changed with the env variables `SALT_GITFS_SSH_PRIVATE_KEY` and `SALT_GITFS_SSH_PUBLIC_KEY`.
+
+This keys must be placed inside `/home/salt/data/keys` directory.
+
 ### Available Configuration Parameters
 
 Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command. Alternatively you can use docker-compose.
@@ -143,6 +154,8 @@ Below is the list of available options that can be used to customize your SaltSt
 | `SALT_MASTER_SIGN_KEY_NAME` | The customizable name of the signing-key-pair without suffix. Default: `master_sign` |
 | `SALT_MASTER_PUBKEY_SIGNATURE` | The name of the file in the master's pki-directory that holds the pre-calculated signature of the master's public-key. Default: `master_pubkey_signature` |
 | `SALT_MASTER_ROOT_USER` | Forces `salt-master` to be runned as `root` instead of `salt`. Default: `False` |
+| `SALT_GITFS_SSH_PRIVATE_KEY` | The name of the ssh private key for gitfs. Default: `gitfs_ssh` |
+| `SALT_GITFS_SSH_PUBLIC_KEY` | The name of the ssh public key for gitfs. Default: `gitfs_ssh.pub` |
 | `USERMAP_UID` | Sets the uid for user `salt` to the specified uid. Default: `1000`. |
 | `USERMAP_GID` | Sets the gid for user `salt` to the specified gid. Default: `1000`. |
 

assets/runtime/env-defaults.sh

@@ -13,3 +13,7 @@ SALT_MASTER_SIGN_PUBKEY=${SALT_MASTER_SIGN_PUBKEY:-False}
 SALT_MASTER_USE_PUBKEY_SIGNATURE=${SALT_MASTER_USE_PUBKEY_SIGNATURE:-False}
 SALT_MASTER_SIGN_KEY_NAME=${SALT_MASTER_SIGN_KEY_NAME:-master_sign}
 SALT_MASTER_PUBKEY_SIGNATURE=${SALT_MASTER_PUBKEY_SIGNATURE:-master_pubkey_signature}
+
+#####          SSH settings          #####
+SALT_GITFS_SSH_PRIVATE_KEY=${SALT_GITFS_SSH_PRIVATE_KEY:-gitfs_ssh}
+SALT_GITFS_SSH_PUBLIC_KEY=${SALT_GITFS_SSH_PUBLIC_KEY:-gitfs_ssh.pub}

assets/runtime/functions.sh

@@ -75,6 +75,31 @@ EOF
   find ${SALT_HOME} -path ${SALT_KEYS_DIR}/\* -prune -o -print0 | xargs -0 chown -h ${SALT_USER}:
 }
 
+# This function configures ssh settings
+function configure_ssh()
+{
+  echo "Configuring ssh..."
+
+  mkdir -p "/root/.ssh"
+  cat > "/root/.ssh/config" <<EOF
+Host *
+    IdentityFile ${SALT_KEYS_DIR}/${SALT_GITFS_SSH_PRIVATE_KEY}
+    StrictHostKeyChecking no
+    UserKnownHostsFile /dev/null
+    LogLevel ERROR
+EOF
+
+  chmod 600 "/root/.ssh/config"
+
+  if [[ -f "${SALT_KEYS_DIR}/${SALT_GITFS_SSH_PRIVATE_KEY}" ]]; then
+    chmod 600 "${SALT_KEYS_DIR}/${SALT_GITFS_SSH_PRIVATE_KEY}"
+  fi
+
+  if [[ -f "${SALT_KEYS_DIR}/${SALT_GITFS_SSH_PUBLIC_KEY}" ]]; then
+    chmod 644 "${SALT_KEYS_DIR}/${SALT_GITFS_SSH_PUBLIC_KEY}"
+  fi
+}
+
 # This functions cofigures master service
 function configure_salt_master()
 {
@@ -131,4 +156,5 @@ function initialize_system()
   initialize_datadir
   configure_salt_master
   setup_keys
+  configure_ssh
 }