From 614c889a96fae27d186c23bd123ce62211346ce5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20=C3=81lvaro?= <carlos.alvaro@citelan.es>
Date: Wed, 19 Dec 2018 22:13:12 +0100
Subject: [PATCH 1/5] Update Python3 packages

Issue #9
---
 Dockerfile              | 10 +++++++---
 assets/build/install.sh |  6 +++++-
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0f92a6f..fbd6e94 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,11 +11,15 @@ ENV SALT_VERSION="2018.3.3" \
     LIBGIT2_VERSION="0.27.7" \
     PYGIT2_VERSION="0.27.2" \
     GITPYTHON_VERSION="2.1.11" \
-    M2CRYPTO_VERSION="0.30.1" \
+    M2CRYPTO_VERSION="0.31.0" \
     MAKO_VERSION="1.0.7" \
-    PYCRYPTODOME_VERSION="3.7.0" \
+    PYCRYPTODOME_VERSION="3.7.2" \
     LIBNACL_VERSION="1.6.1" \
-    RAET_VERSION="0.6.8"
+    RAET_VERSION="0.6.8" \
+    CHERRYPY_VERSION="18.0.1" \
+    TIMELIB_VERSION="0.2.4" \
+    DOCKERPY_VERSION="1.10.6" \
+    MSGPACKPURE_VERSION="0.1.3"
 
 ENV SALT_DOCKER_DIR="/etc/docker-salt" \
     SALT_ROOT_DIR="/etc/salt" \
diff --git a/assets/build/install.sh b/assets/build/install.sh
index ae6cb57..4ee4b04 100755
--- a/assets/build/install.sh
+++ b/assets/build/install.sh
@@ -45,7 +45,11 @@ pip3 install "pygit2==v${PYGIT2_VERSION}" \
              "Mako==v${MAKO_VERSION}" \
              "pycryptodome==v${PYCRYPTODOME_VERSION}" \
              "libnacl==v${LIBNACL_VERSION}" \
-             "raet==v${RAET_VERSION}"
+             "raet==v${RAET_VERSION}" \
+             "CherryPy==v${CHERRYPY_VERSION}" \
+             "timelib==v${TIMELIB_VERSION}" \
+             "docker-py==v${DOCKERPY_VERSION}" \
+             "msgpack-pure==v${MSGPACKPURE_VERSION}"
 
 # Bootstrap script options:
 # https://docs.saltstack.com/en/latest/topics/tutorials/salt_bootstrap.html#command-line-options

From 47491ef8d70e7eba886f9d9a95826f7031d0c6c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20=C3=81lvaro?= <carlos.alvaro@citelan.es>
Date: Wed, 19 Dec 2018 22:14:51 +0100
Subject: [PATCH 2/5] Upgrade Ubuntu base image

From xenial-20181005 to xenial-20181113

Issue #9
---
 CHANGELOG.md | 2 +-
 Dockerfile   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 95edc74..9cf9a7a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,7 +6,7 @@ Please refer to the SaltStack [Release Notes](https://docs.saltstack.com/en/deve
 **2018.3.3**
 
 - Upgrade SaltStack Master to `2018.3.3`
-- Change Docker base image to `ubuntu:xenial-20181005`
+- Change Docker base image to `ubuntu:xenial-20181113`
 - Add `GitPython` support
 - Add `PyGit2` support
 - Expose `/home/salt/data/logs`
diff --git a/Dockerfile b/Dockerfile
index fbd6e94..1df9979 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:xenial-20181005
+FROM ubuntu:xenial-20181113
 
 LABEL maintainer="carlos.alvaro@citelan.es"
 LABEL description="SaltStack master"

From f0bbbdcb331401a09f784fe8ab541727be71efa8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20=C3=81lvaro?= <carlos.alvaro@citelan.es>
Date: Wed, 19 Dec 2018 22:19:57 +0100
Subject: [PATCH 3/5] Add support for logrotate and supervisor

Issue #9
---
 CHANGELOG.md                     |  2 ++
 Dockerfile                       |  3 +-
 Makefile                         |  3 +-
 README.md                        | 19 ++++++++++++
 assets/build/install.sh          | 27 +++++++++++++++++
 assets/runtime/config/master.yml |  8 ++---
 assets/runtime/env-defaults.sh   |  3 ++
 assets/runtime/functions.sh      | 52 +++++++++++++++++++++++++++-----
 docker-compose.yml               |  3 +-
 entrypoint.sh                    |  2 +-
 10 files changed, 107 insertions(+), 15 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9cf9a7a..eec8ca0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,8 @@ Please refer to the SaltStack [Release Notes](https://docs.saltstack.com/en/deve
 - Expose `/home/salt/data/logs`
 - Run `salt-master` as `salt` user
 - Add support for setting timezone
+- Add logrotate support
+- Add supervisor support
 
 **2018.3.2**
 
diff --git a/Dockerfile b/Dockerfile
index 1df9979..658d4af 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -47,7 +47,8 @@ RUN apt-get update
 RUN apt-get install --yes --quiet --no-install-recommends \
     sudo ca-certificates wget locales pkg-config openssh-client \
     python${PYTHON_VERSION} python${PYTHON_VERSION}-dev \
-    python3-pip python3-setuptools python3-wheel gettext-base
+    python3-pip python3-setuptools python3-wheel gettext-base \
+    supervisor logrotate
 
 # Configure locales
 RUN update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \
diff --git a/Makefile b/Makefile
index eae14d8..a320ed5 100644
--- a/Makefile
+++ b/Makefile
@@ -22,7 +22,8 @@ quickstart:
 		--publish=4505:4505/tcp --publish=4506:4506/tcp \
 		--env "USERMAP_UID=$(shell id -u)" --env "USERMAP_GID=$(shell id -g)" \
 		--env SALT_LOG_LEVEL=info \
-		--read-only --volume $(shell pwd)/srv/:/home/salt/data/srv/ \
+		--volume $(shell pwd)/srv/:/home/salt/data/srv/ \
+		--volume $(shell pwd)/logs/:/home/salt/data/logs/ \
 		cdalvaro/saltstack-master:latest
 	@echo "Type 'make logs' for the logs"
 
diff --git a/README.md b/README.md
index 1e58dc5..64d6bfe 100644
--- a/README.md
+++ b/README.md
@@ -19,6 +19,7 @@ For other methods to install SaltStack please refer to the [Official SaltStack I
   - [Git Fileserver](#git-fileserver)
     - [GitPython](#gitpython)
     - [PyGit2](#pygit2)
+  - [Logs](#logs)
   - [Available Configuration Parameters](#available-configuration-parameters)
 - [Usage](#usage)
 - [Shell Access](#shell-access)
@@ -171,6 +172,22 @@ _pygit2.GitError: Failed to authenticate SSH session: Unable to send userauth-pu
 
 look if your private key hash empty lines at the bottom of the file and suppress them for solving the error.
 
+### Logs
+
+Salt logs are accessible by mounting the volume `/home/salt/data/logs/`.
+
+Inside that directory you could find `supervisor/` logs and `salt/` logs:
+
+docker run --name salt_master --detach \
+    --publish 4505:4505/tcp --publish 4506:4506/tcp \
+    --env 'SALT_LOG_LEVEL=info' \
+    --volume $(pwd)/recipes/:/home/salt/data/srv/ \
+    --volume $(pwd)/keys/:/home/salt/data/keys/ \
+    --volume $(pwd)/logs/:/home/salt/data/logs/ \
+    cdalvaro/saltstack-master:2018.3.3
+
+Check [Available Configuration Parameters](#available-configuration-parameters) section for configuring logrotate.
+
 ### Available Configuration Parameters
 
 Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command. Alternatively you can use docker-compose.
@@ -182,6 +199,8 @@ Below is the list of available options that can be used to customize your SaltSt
 | `DEBUG` | Set this to `true` to enable entrypoint debugging. |
 | `TIMEZONE` | Set the container timezone. Defaults to `UTC`. Values are expected to be in Canonical format. Example: `Europe/Madrid`. See the list of [acceptable values](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). |
 | `SALT_LOG_LEVEL` | The level of messages to send to the console. One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. Default: `warning` |
+| `SALT_LOG_ROTATE_FREQUENCY` | Logrotate frequency for salt logs. Available options are 'daily', 'weekly', 'monthly', and 'yearly'. Default: `weekly` |
+| `SALT_LOG_ROTATE_RETENTION` | Keep x files before deleting old log files. Defaults: `52` |
 | `SALT_LEVEL_LOGFILE` | The level of messages to send to the log file. One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. Default: `warning` |
 | `SALT_MASTER_SIGN_PUBKEY` | Sign the master auth-replies with a cryptographic signature of the master's public key. Possible values: 'True' or 'False'. Default: `False` |
 | `SALT_MASTER_USE_PUBKEY_SIGNATURE` | Instead of computing the signature for each auth-reply, use a pre-calculated signature. This option requires `SALT_MASTER_SIGN_PUBKEY` set to 'True'. Possible values: 'True' or 'False'. Default: `True` |
diff --git a/assets/build/install.sh b/assets/build/install.sh
index 4ee4b04..28ddc3c 100755
--- a/assets/build/install.sh
+++ b/assets/build/install.sh
@@ -71,3 +71,30 @@ sed -i -e "s|^[# ]*StrictHostKeyChecking.*$|    StrictHostKeyChecking no|" /etc/
 echo "    UserKnownHostsFile /dev/null" >> /etc/ssh/ssh_config
 echo "    LogLevel ERROR" >> /etc/ssh/ssh_config
 echo "#   IdentityFile salt_ssh_key" >> /etc/ssh/ssh_config
+
+# Configure logrotate
+echo "Configuring logrotate ..."
+
+# move supervisord.log file to ${SALT_LOGS_DIR}/supervisor/
+sed -i "s|^[#]*logfile=.*|logfile=${SALT_LOGS_DIR}/supervisor/supervisord.log ;|" /etc/supervisor/supervisord.conf
+
+# fix "unknown group 'syslog'" error preventing logrotate from functioning
+sed -i "s|^su root syslog$|su root root|" /etc/logrotate.conf
+
+# Configure supervisor
+echo "Configuring supervisor ..."
+
+# configure supervisord to start unicorn
+cat > /etc/supervisor/conf.d/salt-master.conf <<EOF
+[program:salt-master]
+priority=5
+directory=${SALT_HOME}
+environment=HOME=${SALT_HOME}
+command=salt-master
+user=${SALT_USER}
+autostart=true
+autorestart=true
+stopsignal=QUIT
+stdout_logfile=${SALT_LOGS_DIR}/supervisor/%(program_name)s.log
+stderr_logfile=${SALT_LOGS_DIR}/supervisor/%(program_name)s.log
+EOF
diff --git a/assets/runtime/config/master.yml b/assets/runtime/config/master.yml
index bf722e6..d1395b8 100644
--- a/assets/runtime/config/master.yml
+++ b/assets/runtime/config/master.yml
@@ -47,7 +47,7 @@ master_use_pubkey_signature: {{SALT_MASTER_USE_PUBKEY_SIGNATURE}}
 #####     Salt-SSH Configuration     #####
 ##########################################
 # The log file of the salt-ssh command:
-ssh_log_file: {{SALT_LOGS_DIR}}/ssh
+ssh_log_file: {{SALT_LOGS_DIR}}/salt/ssh
 
 
 #####      File Server settings      #####
@@ -94,14 +94,14 @@ pillar_roots:
 # to receive commands from.
 
 # The log file of the salt-syndic daemon:
-syndic_log_file: {{SALT_LOGS_DIR}}/syndic
+syndic_log_file: {{SALT_LOGS_DIR}}/salt/syndic
 
 
 #####         Logging settings       #####
 ##########################################
 # The location of the master log file
-log_file: {{SALT_LOGS_DIR}}/master
-key_logfile: {{SALT_LOGS_DIR}}/key
+log_file: {{SALT_LOGS_DIR}}/salt/master
+key_logfile: {{SALT_LOGS_DIR}}/salt/key
 
 # The level of messages to send to the console.
 # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
diff --git a/assets/runtime/env-defaults.sh b/assets/runtime/env-defaults.sh
index a759859..057947a 100755
--- a/assets/runtime/env-defaults.sh
+++ b/assets/runtime/env-defaults.sh
@@ -3,6 +3,9 @@
 DEBUG=${DEBUG:-false}
 TIMEZONE=${TIMEZONE:-UTC}
 
+SALT_LOG_ROTATE_FREQUENCY=${SALT_LOG_ROTATE_FREQUENCY:-weekly}
+SALT_LOG_ROTATE_RETENTION=${SALT_LOG_ROTATE_RETENTION:-52}
+
 # https://docs.saltstack.com/en/latest/ref/configuration/master.html
 
 #####         Logging settings       #####
diff --git a/assets/runtime/functions.sh b/assets/runtime/functions.sh
index 352a802..0f4cad6 100755
--- a/assets/runtime/functions.sh
+++ b/assets/runtime/functions.sh
@@ -171,22 +171,58 @@ function initialize_datadir()
   [[ -d /srv ]] && [[ ! -L /srv ]] && rm -rf /srv
   ln -sfnv ${SALT_BASE_DIR} /srv
 
-  # Set Slat root permissions
-  chown -R ${SALT_USER} ${SALT_ROOT_DIR}
+  # Set Salt root permissions
+  chown -R ${SALT_USER}: ${SALT_ROOT_DIR}
 
   # Set Salt run permissions
   mkdir -p /var/run/salt
-  chown -R ${SALT_USER} /var/run/salt
+  chown -R ${SALT_USER}: /var/run/salt
 
   # Set cache permissions
   mkdir -p /var/cache/salt/master
-  chown -R salt /var/cache/salt
+  chown -R ${SALT_USER}: /var/cache/salt
 
   # Logs directory
+  mkdir -p ${SALT_LOGS_DIR}/salt ${SALT_LOGS_DIR}/supervisor
+  chmod -R 0755 ${SALT_LOGS_DIR}/supervisor
+  chown -R root: ${SALT_LOGS_DIR}/supervisor
+
   [[ -d /var/log/salt ]] && [[ ! -L /var/log/salt ]] && rm -rf /var/log/salt
-  mkdir -p /var/log
-  ln -sfnv ${SALT_LOGS_DIR} /var/log/salt
-  chown -R ${SALT_USER} ${SALT_LOGS_DIR}
+  mkdir -p ${SALT_LOGS_DIR}/salt /var/log
+  ln -sfnv ${SALT_LOGS_DIR}/salt /var/log/salt
+  chown -R ${SALT_USER}: ${SALT_LOGS_DIR}/salt
+}
+
+# Configures logrotate
+function configure_logrotate()
+{
+  echo "Configuring logrotate ..."
+
+  # configure supervisord log rotation
+  cat > /etc/logrotate.d/supervisord <<EOF
+${SALT_LOGS_DIR}/supervisor/*.log {
+  ${SALT_LOG_ROTATE_FREQUENCY}
+  missingok
+  rotate ${SALT_LOG_ROTATE_RETENTION}
+  compress
+  delaycompress
+  notifempty
+  copytruncate
+}
+EOF
+
+  # configure salt-master log rotation
+  cat > /etc/logrotate.d/salt <<EOF
+${SALT_LOGS_DIR}/salt/* {
+  ${SALT_LOG_ROTATE_FREQUENCY}
+  missingok
+  rotate ${SALT_LOG_ROTATE_RETENTION}
+  compress
+  delaycompress
+  notifempty
+  copytruncate
+}
+EOF
 }
 
 # Initializes the system
@@ -194,8 +230,10 @@ function initialize_system()
 {
   map_uidgid
   initialize_datadir
+  configure_logrotate
   configure_timezone
   configure_salt_master
   setup_salt_keys
   setup_ssh_keys
+  rm -rf /var/run/supervisor.sock
 }
diff --git a/docker-compose.yml b/docker-compose.yml
index fe9f6a9..8c645ff 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,7 +6,8 @@ services:
     image: cdalvaro/saltstack-master:2018.3.3
     restart: always
     volumes:
-      - "./srv/:/home/salt/data/srv"
+      - "srv/:/home/salt/data/srv"
+      - "logs/:/home/salt/data/logs"
     ports:
       - "4505:4505/tcp"
       - "4506:4506/tcp"
diff --git a/entrypoint.sh b/entrypoint.sh
index ab1147c..9bdf20a 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -13,7 +13,7 @@ case ${1} in
     case ${1} in
       app:start)
         echo "Starting salt-master..."
-        exec sudo -HEu ${SALT_USER} salt-master
+        exec /usr/bin/supervisord -nc /etc/supervisor/supervisord.conf
         ;;
       app:gen-signed-keys)
         shift 1

From 74431312d672be1c8c1e636ea4974628cfd36f07 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20=C3=81lvaro?= <carlos.alvaro@citelan.es>
Date: Wed, 19 Dec 2018 22:21:34 +0100
Subject: [PATCH 4/5] Bugfix when keys/minions directory did not exist

Addressed a bug that caused the container to crash
when `/home/salt/data/keys/minions` was not present

Issue #9
---
 CHANGELOG.md                | 1 +
 assets/runtime/functions.sh | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index eec8ca0..f38168a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ Please refer to the SaltStack [Release Notes](https://docs.saltstack.com/en/deve
 - Add support for setting timezone
 - Add logrotate support
 - Add supervisor support
+- Addressed a bug that caused the container to crash when `/home/salt/data/keys/minions` was not present
 
 **2018.3.2**
 
diff --git a/assets/runtime/functions.sh b/assets/runtime/functions.sh
index 0f4cad6..1779604 100755
--- a/assets/runtime/functions.sh
+++ b/assets/runtime/functions.sh
@@ -182,6 +182,10 @@ function initialize_datadir()
   mkdir -p /var/cache/salt/master
   chown -R ${SALT_USER}: /var/cache/salt
 
+  # Keys directories
+  mkdir -p ${SALT_KEYS_DIR}/minions
+  chown -R ${SALT_USER}: ${SALT_KEYS_DIR}
+
   # Logs directory
   mkdir -p ${SALT_LOGS_DIR}/salt ${SALT_LOGS_DIR}/supervisor
   chmod -R 0755 ${SALT_LOGS_DIR}/supervisor

From fbd13b4120d7278e70b60b1803ee6c8ccdecdd68 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20=C3=81lvaro?= <carlos.alvaro@citelan.es>
Date: Wed, 19 Dec 2018 22:23:03 +0100
Subject: [PATCH 5/5] Update documentation

Issue #9
---
 Makefile           |  3 ++-
 README.md          | 21 ++++++++++++---------
 docker-compose.yml |  3 ++-
 3 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/Makefile b/Makefile
index a320ed5..d979070 100644
--- a/Makefile
+++ b/Makefile
@@ -22,7 +22,8 @@ quickstart:
 		--publish=4505:4505/tcp --publish=4506:4506/tcp \
 		--env "USERMAP_UID=$(shell id -u)" --env "USERMAP_GID=$(shell id -g)" \
 		--env SALT_LOG_LEVEL=info \
-		--volume $(shell pwd)/srv/:/home/salt/data/srv/ \
+		--volume $(shell pwd)/recipes/:/home/salt/data/srv/ \
+		--volume $(shell pwd)/keys/:/home/salt/data/keys/ \
 		--volume $(shell pwd)/logs/:/home/salt/data/logs/ \
 		cdalvaro/saltstack-master:latest
 	@echo "Type 'make logs' for the logs"
diff --git a/README.md b/README.md
index 64d6bfe..a60079b 100644
--- a/README.md
+++ b/README.md
@@ -65,7 +65,8 @@ Alternatively, you can manually launch the `saltstack-master`  container:
 docker run --name salt_master --detach \
     --publish 4505:4505/tcp --publish 4506:4506/tcp \
     --env 'SALT_LOG_LEVEL=info' \
-    --read-only --volume $(pwd)/srv/:/home/salt/data/srv/ \
+    --volume $(pwd)/recipes/:/home/salt/data/srv/ \
+    --volume $(pwd)/keys/:/home/salt/data/keys/ \
     cdalvaro/saltstack-master:2018.3.3
 ```
 
@@ -73,13 +74,13 @@ docker run --name salt_master --detach \
 
 ### Custom Recipes
 
-This image does not require storing data out of the container.
-
-But it is necessary to mount the `/srv/` volume ir order to provide your custom recipes.
+In order to provide salt with your custom recipes you must mount the volume `/home/salt/data/srv/` with your recipes directory.
 
 ### Minion Keys
 
-Minion keys can be added automatically on startup to SaltStack master by mounting the volume `/home/salt/data/keys` and copying the minion keys inside `keys/minions/` directory:
+Minion keys can be added automatically on startup to SaltStack master by mounting the volume `/home/salt/data/keys` and copying the minion keys inside `keys/minions/` directory.
+
+It is also important to know that, in order to keep your keys after removing the container, the keys directory must be mounted.
 
 ```sh
 mkdir -p keys/minions
@@ -88,7 +89,7 @@ rsync root@minion1:/etc/salt/pki/minion/minion.pub keys/minions/minion1
 docker run --name salt_master -d \
     --publish 4505:4505/tcp --publish 4506:4506/tcp \
     --env 'SALT_LOG_LEVEL=info' \
-    --volume $(pwd)/srv/:/home/salt/data/srv/ \
+    --volume $(pwd)/recipes/:/home/salt/data/srv/ \
     --volume $(pwd)/keys/:/home/salt/data/keys/ \
     cdalvaro/saltstack-master:2018.3.3
 ```
@@ -102,7 +103,7 @@ docker run --name salt_stack --detach \
     --publish 4505:4505/tcp --publish 4506:4506/tcp \
     --env 'SALT_LOG_LEVEL=info' \
     --env 'SALT_MASTER_SIGN_PUBKEY=True'
-    --volume $(pwd)/srv/:/home/salt/data/srv/ \
+    --volume $(pwd)/recipes/:/home/salt/data/srv/ \
     --volume $(pwd)/keys/:/home/salt/data/keys/ \
     cdalvaro/saltstack-master:2018.3.3
 ```
@@ -128,7 +129,8 @@ Also the container processes seem to be executed as the host's user/group `1000`
 ```sh
 docker run --name salt_stack -it --rm \
     --env "USERMAP_UID=$(id -u)" --env "USERMAP_GID=$(id -g)" \
-    --volume $(pwd)/srv/:/home/salt/data/srv/ \
+    --volume $(pwd)/recipes/:/home/salt/data/srv/ \
+    --volume $(pwd)/keys/:/home/salt/data/keys/ \
     cdalvaro/saltstack-master:2018.3.3
 ```
 
@@ -226,7 +228,8 @@ EOF
 docker run --name salt_master -d \
     --publish 3505:3505/tcp --publish 3506:3506/tcp \
     --env 'SALT_LOG_LEVEL=info' \
-    --read-only --volume $(pwd)/srv/:/home/salt/data/srv/ \
+    --volume $(pwd)/recipes/:/home/salt/data/srv/ \
+    --volume $(pwd)/keys/:/home/salt/data/keys/ \
     --volume $(pwd)/config/:/home/salt/data/config/ \
     cdalvaro/saltstack-master:2018.3.3
 ```
diff --git a/docker-compose.yml b/docker-compose.yml
index 8c645ff..944ee3a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,7 +6,8 @@ services:
     image: cdalvaro/saltstack-master:2018.3.3
     restart: always
     volumes:
-      - "srv/:/home/salt/data/srv"
+      - "recipes/:/home/salt/data/srv"
+      - "keys/:/home/salt/data/keys"
       - "logs/:/home/salt/data/logs"
     ports:
       - "4505:4505/tcp"