Merge pull request #8 from cdalvaro/enhancement/timezone_support

Add support for setting TimeZone

CHANGELOG.md

@@ -11,6 +11,7 @@ Please refer to the SaltStack [Release Notes](https://docs.saltstack.com/en/deve
 - Add `PyGit2` support
 - Expose `/home/salt/data/logs`
 - Run `salt-master` as `salt` user
+- Add support for setting timezone
 
 **2018.3.2**
 

Dockerfile

@@ -19,6 +19,7 @@ ENV SALT_VERSION="2018.3.3" \
 
 ENV SALT_DOCKER_DIR="/etc/docker-salt" \
     SALT_ROOT_DIR="/etc/salt" \
+    SALT_CACHE_DIR='/var/cache/salt' \
     SALT_USER="salt" \
     SALT_HOME="/home/salt"
 
@@ -42,7 +43,7 @@ RUN apt-get update
 RUN apt-get install --yes --quiet --no-install-recommends \
     sudo ca-certificates wget locales pkg-config openssh-client \
     python${PYTHON_VERSION} python${PYTHON_VERSION}-dev \
-    python3-pip python3-setuptools python3-wheel
+    python3-pip python3-setuptools python3-wheel gettext-base
 
 # Configure locales
 RUN update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \

LICENSE

@@ -19,4 +19,3 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
-

README.md

@@ -161,7 +161,7 @@ gitfs_privkey: /home/salt/data/keys/gitfs/gitfs_ssh
 gitfs_pubkey: /home/salt/data/keys/gitfs/gitfs_ssh.pub
 ```
 
-**Important Note** 
+**Important Note**
 
 If you get the following error while using `gitfs` with `pygit2`
 
@@ -178,7 +178,9 @@ Please refer the docker run command options for the `--env-file` flag where you
 Below is the list of available options that can be used to customize your SaltStack master installation.
 
 | Parameter | Description |
-|-----------|-------------|
+|:----------|:------------|
+| `DEBUG` | Set this to `true` to enable entrypoint debugging. |
+| `TIMEZONE` | Set the container timezone. Defaults to `UTC`. Values are expected to be in Canonical format. Example: `Europe/Madrid`. See the list of [acceptable values](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). |
 | `SALT_LOG_LEVEL` | The level of messages to send to the console. One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. Default: `warning` |
 | `SALT_LEVEL_LOGFILE` | The level of messages to send to the log file. One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. Default: `warning` |
 | `SALT_MASTER_SIGN_PUBKEY` | Sign the master auth-replies with a cryptographic signature of the master's public key. Possible values: 'True' or 'False'. Default: `False` |

assets/build/install.sh

@@ -23,7 +23,7 @@ EOF
 
 # Compile libssh2
 echo "Building libssh2 v${LIBSSH2_VERSION} ..."
-wget https://github.com/libssh2/libssh2/archive/libssh2-${LIBSSH2_VERSION}.tar.gz 
+wget https://github.com/libssh2/libssh2/archive/libssh2-${LIBSSH2_VERSION}.tar.gz
 tar xzf libssh2-${LIBSSH2_VERSION}.tar.gz
 cd libssh2-libssh2-${LIBSSH2_VERSION}/
 cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=ON -DENABLE_ZLIB_COMPRESSION=ON .

assets/runtime/config/master.yml

@@ -0,0 +1,134 @@
+##### Primary configuration settings #####
+##########################################
+# This configuration file is used to manage the behavior of the Salt Master.
+# Values that are commented out but have an empty line after the comment are
+# defaults that do not need to be set in the config. If there is no blank line
+# after the comment then the value is presented as an example and is not the
+# default.
+
+# The master will automatically include all config files from:
+default_include: {{SALT_CONFS_DIR}}/*.conf
+
+# The user under which the salt master will run.
+user: {{SALT_USER}}
+
+# Directory used to store public key data:
+pki_dir: {{SALT_KEYS_DIR}}
+
+# Directory to store job and cache data:
+# This directory may contain sensitive data and should be protected accordingly.
+cachedir: {{SALT_CACHE_DIR}}/master
+
+# Directory for custom modules. This directory can contain subdirectories for
+# each of Salt's module types such as "runners", "output", "wheel", "modules",
+# "states", "returners", "engines", "utils", etc.
+extension_modules: {{SALT_CACHE_DIR}}/master/extmods
+
+
+#####        Security settings       #####
+##########################################
+# Enable passphrase protection of the Master signing_key. This only applies if
+# master_sign_pubkey is set to True.  This is disabled by default.
+master_sign_pubkey: {{SALT_MASTER_SIGN_PUBKEY}}
+master_sign_key_name: {{SALT_MASTER_SIGN_KEY_NAME}}
+master_pubkey_signature: {{SALT_MASTER_PUBKEY_SIGNATURE}}
+master_use_pubkey_signature: {{SALT_MASTER_USE_PUBKEY_SIGNATURE}}
+
+# Use TLS/SSL encrypted connection between master and minion.
+# Can be set to a dictionary containing keyword arguments corresponding to Python's
+# 'ssl.wrap_socket' method.
+# Default is None.
+#ssl:
+#    keyfile: <path_to_keyfile>
+#    certfile: <path_to_certfile>
+#    ssl_version: PROTOCOL_TLSv1_2
+
+
+#####     Salt-SSH Configuration     #####
+##########################################
+# The log file of the salt-ssh command:
+ssh_log_file: {{SALT_LOGS_DIR}}/ssh
+
+
+#####      File Server settings      #####
+##########################################
+# Salt runs a lightweight file server written in zeromq to deliver files to
+# minions. This file server is built into the master daemon and does not
+# require a dedicated port.
+
+# The file server works on environments passed to the master, each environment
+# can have multiple root directories, the subdirectories in the multiple file
+# roots cannot match, otherwise the downloaded files will not be able to be
+# reliably ensured. A base environment is required to house the top file.
+file_roots:
+  base:
+    - {{SALT_BASE_DIR}}/salt
+
+# The master_roots setting configures a master-only copy of the file_roots dictionary,
+# used by the state compiler.
+master_roots:
+  base:
+    - {{SALT_BASE_DIR}}/salt-master
+
+
+#####         Pillar settings        #####
+##########################################
+# Salt Pillars allow for the building of global data that can be made selectively
+# available to different minions based on minion grain filtering. The Salt
+# Pillar is laid out in the same fashion as the file server, with environments,
+# a top file and sls files. However, pillar data does not need to be in the
+# highstate format, and is generally just key/value pairs.
+pillar_roots:
+  base:
+    - {{SALT_BASE_DIR}}/pillar
+
+
+#####          Syndic settings       #####
+##########################################
+# The Salt syndic is used to pass commands through a master from a higher
+# master. Using the syndic is simple. If this is a master that will have
+# syndic servers(s) below it, then set the "order_masters" setting to True.
+#
+# If this is a master that will be running a syndic daemon for passthrough, then
+# the "syndic_master" setting needs to be set to the location of the master server
+# to receive commands from.
+
+# The log file of the salt-syndic daemon:
+syndic_log_file: {{SALT_LOGS_DIR}}/syndic
+
+
+#####         Logging settings       #####
+##########################################
+# The location of the master log file
+log_file: {{SALT_LOGS_DIR}}/master
+key_logfile: {{SALT_LOGS_DIR}}/key
+
+# The level of messages to send to the console.
+# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
+#
+# The following log levels are considered INSECURE and may log sensitive data:
+# ['garbage', 'trace', 'debug']
+#
+log_level: {{SALT_LOG_LEVEL}}
+
+# The level of messages to send to the log file.
+# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
+# If using 'log_granular_levels' this must be set to the highest desired level.
+log_level_logfile: {{SALT_LEVEL_LOGFILE}}
+
+
+#####  Windows Software Repo settings #####
+###########################################
+# Location of the repo on the master:
+winrepo_dir_ng: '{{SALT_BASE_DIR}}/salt/win/repo-ng'
+
+
+#####  Windows Software Repo settings - Pre 2015.8 #####
+########################################################
+# Legacy repo settings for pre-2015.8 Windows minions.
+#
+# Location of the repo on the master:
+winrepo_dir: '{{SALT_BASE_DIR}}/salt/win/repo'
+#
+# Location of the master's repo cache file:
+winrepo_mastercachefile: '{{SALT_BASE_DIR}}/salt/win/repo/winrepo.p'

assets/runtime/env-defaults.sh

@@ -1,5 +1,8 @@
 #!/usr/bin/env bash
 
+DEBUG=${DEBUG:-false}
+TIMEZONE=${TIMEZONE:-UTC}
+
 # https://docs.saltstack.com/en/latest/ref/configuration/master.html
 
 #####         Logging settings       #####

assets/runtime/functions.sh

@@ -3,6 +3,16 @@
 set -e
 source ${SALT_RUNTIME_DIR}/env-defaults.sh
 
+# Execute a command as SALT_USER
+function exec_as_salt()
+{
+  if [[ $(whoami) == ${SALT_USER} ]]; then
+    $@
+  else
+    sudo -HEu ${SALT_USER} "$@"
+  fi
+}
+
 # Map salt user with host user
 function map_uidgid()
 {
@@ -18,11 +28,60 @@ function map_uidgid()
   fi
 }
 
+# This function replaces placeholders with values
+# $1: file with placeholders to replace
+# $x: placeholders to replace
+function update_template()
+{
+  local FILE=${1?missing argument}
+  shift
+
+  [[ ! -f ${FILE} ]] && return 1
+
+  local VARIABLES=($@)
+  local USR=$(stat -c %U ${FILE})
+  local tmp_file=$(mktemp)
+  cp -a "${FILE}" ${tmp_file}
+
+  local variables
+  for variable in ${VARIABLES[@]}; do
+    sed -ri "s|[{}]{2}$variable[}]{2}|\${$variable}|g" ${tmp_file}
+  done
+
+  # Replace placeholders
+  (
+    export ${VARIABLES[@]}
+    local IFS=":"; sudo -HEu ${USR} envsubst "${VARIABLES[*]/#/$}" < ${tmp_file} > ${FILE}
+  )
+
+  rm -f ${tmp_file}
+}
+
+# This function configures containers timezone
+function configure_timezone()
+{
+  echo "Configuring container timezone ..."
+
+  # Perform sanity check of provided timezone value
+  if [ -e /usr/share/zoneinfo/${TIMEZONE} ]; then
+    echo "Setting TimeZone -> ${TIMEZONE} ..."
+
+    # Set localtime
+    ln -snf /usr/share/zoneinfo/${TIMEZONE} /etc/localtime
+
+    # Set timezone
+    echo ${TIMEZONE} > /etc/timezone
+  else
+    echo "Timezone: '${TIMEZONE}' is not valid. Check available timezones at: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones"
+    return 1
+  fi
+}
+
 # This function generates a master_sign key pair and its signature
 function gen_signed_keys()
 {
   local key_name=${1:-master}
-  
+
   mkdir -p ${SALT_KEYS_DIR}/generated/
   GENERATED_KEYS_DIR=$(mktemp -d -p ${SALT_KEYS_DIR}/generated/ -t ${key_name}.XXXXX)
 
@@ -35,25 +94,7 @@ function gen_signed_keys()
 # This function repairs keys permissions and creates keys if neaded
 function setup_salt_keys()
 {
-  echo "Setting up keys ..."
-
-  sed -i \
-      -e "s|^[# ]*master_sign_pubkey:.*$|# master_sign_pubkey -> Overrided, see Custom Settings|" \
-      -e "s|^[# ]*master_sign_key_name:.*$|# master_sign_key_name -> Overrided, see Custom Settings|" \
-      -e "s|^[# ]*master_pubkey_signature:.*$|# master_pubkey_signature -> Overrided, see Custom Settings|" \
-      -e "s|^[# ]*master_use_pubkey_signature:.*$|# master_use_pubkey_signature -> Overrided, see Custom Settings|" \
-      ${SALT_ROOT_DIR}/master
-
-  cat >> ${SALT_ROOT_DIR}/master <<EOF
-#####         Security settings        #####
-############################################
-master_sign_pubkey: ${SALT_MASTER_SIGN_PUBKEY}
-master_sign_key_name: ${SALT_MASTER_SIGN_KEY_NAME}
-master_pubkey_signature: ${SALT_MASTER_PUBKEY_SIGNATURE}
-master_use_pubkey_signature: ${SALT_MASTER_USE_PUBKEY_SIGNATURE}
-
-EOF
-
+  echo "Setting up salt keys ..."
   if [ ! -f ${SALT_KEYS_DIR}/master.pem ]; then
     echo "Generating keys ..."
     salt-key --gen-keys master --gen-keys-dir ${SALT_KEYS_DIR}
@@ -100,46 +141,32 @@ function configure_salt_master()
   echo "Configuring salt-master ..."
   # https://docs.saltstack.com/en/latest/ref/configuration/master.html
 
-  # Backup file
-  if [ ! -f ${SALT_ROOT_DIR}/master.backup ]; then
-    cp -p ${SALT_ROOT_DIR}/master ${SALT_ROOT_DIR}/master.orig
-  else
-    cp -p ${SALT_ROOT_DIR}/master.orig ${SALT_ROOT_DIR}/master
-  fi
+  exec_as_salt cp -p ${SALT_RUNTIME_DIR}/config/master.yml ${SALT_ROOT_DIR}/master
 
-  # Set env variables
-  sed -i \
-      -e "s|^[#]*user:.*$|user: ${SALT_USER}|" \
-      -e "s|^[#]*log_level:.*$|log_level: ${SALT_LOG_LEVEL}|" \
-      -e "s|^[#]*log_level_logfile:.*$|log_level_logfile: ${SALT_LEVEL_LOGFILE}|" \
-      -e "s|^[#]*default_include:.*$|default_include: ${SALT_CONFS_DIR}/*.conf|" \
-      -e "s|^[#]*pki_dir:.*$|pki_dir: ${SALT_KEYS_DIR}/|" \
-      -e "s|/var/log/salt|${SALT_LOGS_DIR}|g" \
-      ${SALT_ROOT_DIR}/master
+  # Update main configuration
+  update_template ${SALT_ROOT_DIR}/master \
+    SALT_USER \
+    SALT_LOG_LEVEL \
+    SALT_LEVEL_LOGFILE \
+    SALT_LOGS_DIR \
+    SALT_BASE_DIR \
+    SALT_CACHE_DIR \
+    SALT_CONFS_DIR \
+    SALT_KEYS_DIR
 
-  cat >> ${SALT_ROOT_DIR}/master <<EOF
-
-######       Custom Settings          ######
-############################################
-
-######       Base Directories         ######
-############################################
-file_roots:
-  base:
-    - ${SALT_BASE_DIR}/salt
-
-pillar_roots:
-  base:
-    - ${SALT_BASE_DIR}/pillar
-
-EOF
+  # Update keys configuration
+  update_template ${SALT_ROOT_DIR}/master \
+    SALT_MASTER_SIGN_PUBKEY \
+    SALT_MASTER_SIGN_KEY_NAME \
+    SALT_MASTER_PUBKEY_SIGNATURE \
+    SALT_MASTER_USE_PUBKEY_SIGNATURE
 }
 
 # Initializes main directories
 function initialize_datadir()
 {
   echo "Configuring directories ..."
-  
+
   # This symlink simplifies paths for loading sls files
   [[ -d /srv ]] && [[ ! -L /srv ]] && rm -rf /srv
   ln -sfnv ${SALT_BASE_DIR} /srv
@@ -167,6 +194,7 @@ function initialize_system()
 {
   map_uidgid
   initialize_datadir
+  configure_timezone
   configure_salt_master
   setup_salt_keys
   setup_ssh_keys

docker-compose.yml

@@ -4,6 +4,7 @@ services:
   master:
     container_name: salt_master
     image: cdalvaro/saltstack-master:2018.3.3
+    restart: always
     volumes:
       - "./srv/:/home/salt/data/srv"
     ports:
@@ -11,6 +12,7 @@ services:
       - "4506:4506/tcp"
     environment:
       - DEBUG=false
+      - TIMEZONE=Europe/Madrid
       - USERMAP_UID=1000
       - USERMAP_GID=1000