chaos/docker-salt-master
Archived
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Restart salt-master on config changes

Browse Source 
Automatically restart salt-master when config changes are detected.
This commit is contained in:
Carlos Álvaro
2021-11-28 19:11:19 +01:00
parent 1fae94f6f1
commit a8d39aafe4
11 changed files with 169 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/build-and-test.yml vendored
View File

@@ -130,6 +130,9 @@ jobs:
chmod 644 "${GITFS_KEYS_DIR}"/gitfs_ssh.pub chmod 644 "${GITFS_KEYS_DIR}"/gitfs_ssh.pub
tests/gitfs/test.sh tests/gitfs/test.sh
- name: Execute config-reloader tests
run: tests/config-reloader/test.sh
- name: Cleanup - name: Cleanup
run: | run: |
docker stop registry docker stop registry

4
CHANGELOG.md
View File

@@ -4,6 +4,10 @@ This file only reflects the changes that are made in this image.
Please refer to the [Salt 3004 Release Notes](https://docs.saltstack.com/en/latest/topics/releases/3004.html) Please refer to the [Salt 3004 Release Notes](https://docs.saltstack.com/en/latest/topics/releases/3004.html)
for the list of changes in SaltStack. for the list of changes in SaltStack.
**3004_2**
- Support for automatically restart `salt-master` after config changes
**3004_1** **3004_1**
- Install `libssh2 1.10.0` from source - Install `libssh2 1.10.0` from source

4
Dockerfile
View File

@@ -7,7 +7,7 @@ ARG VCS_REF
ENV SALT_VERSION="3004" \ ENV SALT_VERSION="3004" \
PYTHON_VERSION="3.9" PYTHON_VERSION="3.9"
ENV IMAGE_VERSION="${SALT_VERSION}_1" ENV IMAGE_VERSION="${SALT_VERSION}_2"
ENV SALT_DOCKER_DIR="/etc/docker-salt" \ ENV SALT_DOCKER_DIR="/etc/docker-salt" \
SALT_ROOT_DIR="/etc/salt" \ SALT_ROOT_DIR="/etc/salt" \
@@ -35,7 +35,7 @@ RUN apt-get update \
sudo ca-certificates openssl apt-transport-https wget locales openssh-client \ sudo ca-certificates openssl apt-transport-https wget locales openssh-client \
python${PYTHON_VERSION} python3-dev libpython3-dev \ python${PYTHON_VERSION} python3-dev libpython3-dev \
python3-pip python3-setuptools python3-wheel \ python3-pip python3-setuptools python3-wheel \
supervisor logrotate git gettext-base tzdata \ supervisor logrotate git gettext-base tzdata inotify-tools \
&& DEBIAN_FRONTEND=noninteractive update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \ && DEBIAN_FRONTEND=noninteractive update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \
locale-gen en_US.UTF-8 \ locale-gen en_US.UTF-8 \
dpkg-reconfigure locales \ dpkg-reconfigure locales \

47
README.md
View File

@@ -133,6 +133,10 @@ docker run --name salt_master -d \
cdalvaro/docker-salt-master:latest cdalvaro/docker-salt-master:latest
``` ```
This image provides support for automatically restart `salt-master` when configuration files change.
This support is disabled by default, but it can be enabled by setting the
`SALT_RESTART_MASTER_ON_CONFIG_CHANGE` environment variable to `true`.
### Custom States ### Custom States
In order to provide salt with your custom states you must mount the volume `/home/salt/data/srv/` with your `roots` directory inside it. In order to provide salt with your custom states you must mount the volume `/home/salt/data/srv/` with your `roots` directory inside it.
@@ -502,27 +506,28 @@ Please refer the docker run command options for the `--env-file` flag where you
Below you can find a list with the available options that can be used to customize your `docker-salt-master` installation. Below you can find a list with the available options that can be used to customize your `docker-salt-master` installation.
| Parameter | Description | | Parameter | Description |
| :--------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | :------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `DEBUG` | Set this to `true` to enable entrypoint debugging. | | `DEBUG` | Set this to `true` to enable entrypoint debugging. |
| `TIMEZONE` | Set the container timezone. Defaults to `UTC`. Values are expected to be in Canonical format. Example: `Europe/Madrid`. See the list of [acceptable values](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). | | `TIMEZONE` | Set the container timezone. Defaults to `UTC`. Values are expected to be in Canonical format. Example: `Europe/Madrid`. See the list of [acceptable values](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). |
| `SALT_LOG_LEVEL` | The level of messages to send to the console. One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. Default: `warning` | | `SALT_RESTART_MASTER_ON_CONFIG_CHANGE` | Set this to `true` to restart `salt-master` service when configuration files change. Default: `false` |
| `SALT_LOG_ROTATE_FREQUENCY` | Logrotate frequency for salt logs. Available options are 'daily', 'weekly', 'monthly', and 'yearly'. Default: `weekly` | | `SALT_LOG_LEVEL` | The level of messages to send to the console. One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. Default: `warning` |
| `SALT_LOG_ROTATE_RETENTION` | Keep x files before deleting old log files. Defaults: `52` | | `SALT_LOG_ROTATE_FREQUENCY` | Logrotate frequency for salt logs. Available options are 'daily', 'weekly', 'monthly', and 'yearly'. Default: `weekly` |
| `SALT_LEVEL_LOGFILE` | The level of messages to send to the log file. One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. Default: `warning` | | `SALT_LOG_ROTATE_RETENTION` | Keep x files before deleting old log files. Defaults: `52` |
| `SALT_API_SERVICE_ENABLED` | Enable `salt-api` service. Default: `false` | | `SALT_LEVEL_LOGFILE` | The level of messages to send to the log file. One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. Default: `warning` |
| `SALT_API_USER` | Set username for `salt-api` service. Default: `salt_api` | | `SALT_API_SERVICE_ENABLED` | Enable `salt-api` service. Default: `false` |
| `SALT_API_USER_PASS` | `SALT_API_USER` password. Required if `SALT_API_SERVICE_ENBALED` is `true` and `SALT_API_USER` is not empty. _Unset_ by default | | `SALT_API_USER` | Set username for `salt-api` service. Default: `salt_api` |
| `SALT_API_CERT_CN` | Common name in the request. Default: `localhost` | | `SALT_API_USER_PASS` | `SALT_API_USER` password. Required if `SALT_API_SERVICE_ENBALED` is `true` and `SALT_API_USER` is not empty. _Unset_ by default |
| `SALT_MASTER_SIGN_PUBKEY` | Sign the master auth-replies with a cryptographic signature of the master's public key. Possible values: 'True' or 'False'. Default: `False` | | `SALT_API_CERT_CN` | Common name in the request. Default: `localhost` |
| `SALT_MASTER_USE_PUBKEY_SIGNATURE` | Instead of computing the signature for each auth-reply, use a pre-calculated signature. This option requires `SALT_MASTER_SIGN_PUBKEY` set to 'True'. Possible values: 'True' or 'False'. Default: `True` | | `SALT_MASTER_SIGN_PUBKEY` | Sign the master auth-replies with a cryptographic signature of the master's public key. Possible values: 'True' or 'False'. Default: `False` |
| `SALT_MASTER_SIGN_KEY_NAME` | The customizable name of the signing-key-pair without suffix. Default: `master_sign` | | `SALT_MASTER_USE_PUBKEY_SIGNATURE` | Instead of computing the signature for each auth-reply, use a pre-calculated signature. This option requires `SALT_MASTER_SIGN_PUBKEY` set to 'True'. Possible values: 'True' or 'False'. Default: `True` |
| `SALT_MASTER_PUBKEY_SIGNATURE` | The name of the file in the master's pki-directory that holds the pre-calculated signature of the master's public-key. Default: `master_pubkey_signature` | | `SALT_MASTER_SIGN_KEY_NAME` | The customizable name of the signing-key-pair without suffix. Default: `master_sign` |
| `SALT_MASTER_ROOT_USER` | Forces `salt-master` to be runned as `root` instead of `salt`. Default: `False` | | `SALT_MASTER_PUBKEY_SIGNATURE` | The name of the file in the master's pki-directory that holds the pre-calculated signature of the master's public-key. Default: `master_pubkey_signature` |
| `SALT_GITFS_SSH_PRIVATE_KEY` | The name of the ssh private key for gitfs. Default: `gitfs_ssh` | | `SALT_MASTER_ROOT_USER` | Forces `salt-master` to be runned as `root` instead of `salt`. Default: `False` |
| `SALT_GITFS_SSH_PUBLIC_KEY` | The name of the ssh public key for gitfs. Default: `gitfs_ssh.pub` | | `SALT_GITFS_SSH_PRIVATE_KEY` | The name of the ssh private key for gitfs. Default: `gitfs_ssh` |
| `USERMAP_UID` | Sets the uid for user `salt` to the specified uid. Default: `1000`. | | `SALT_GITFS_SSH_PUBLIC_KEY` | The name of the ssh public key for gitfs. Default: `gitfs_ssh.pub` |
| `USERMAP_GID` | Sets the gid for user `salt` to the specified gid. Default: `1000`. | | `USERMAP_UID` | Sets the uid for user `salt` to the specified uid. Default: `1000`. |
| `USERMAP_GID` | Sets the gid for user `salt` to the specified gid. Default: `1000`. |
Any parameter not listed in the above table and available in the following [link](https://docs.saltproject.io/en/latest/ref/configuration/examples.html#configuration-examples-master), can be set by creating the directory `config` and adding into it a `.conf` file with the desired parameters: Any parameter not listed in the above table and available in the following [link](https://docs.saltproject.io/en/latest/ref/configuration/examples.html#configuration-examples-master), can be set by creating the directory `config` and adding into it a `.conf` file with the desired parameters:

1
assets/runtime/env-defaults.sh
View File

@@ -11,6 +11,7 @@ SALT_LOG_ROTATE_FREQUENCY=${SALT_LOG_ROTATE_FREQUENCY:-weekly}
SALT_LOG_ROTATE_RETENTION=${SALT_LOG_ROTATE_RETENTION:-52} SALT_LOG_ROTATE_RETENTION=${SALT_LOG_ROTATE_RETENTION:-52}
# https://docs.saltstack.com/en/latest/ref/configuration/master.html # https://docs.saltstack.com/en/latest/ref/configuration/master.html
SALT_RESTART_MASTER_ON_CONFIG_CHANGE=${SALT_RESTART_MASTER_ON_CONFIG_CHANGE:-false}
##### Logging settings ##### ##### Logging settings #####
# https://docs.saltstack.com/en/latest/ref/configuration/master.html#master-logging-settings # https://docs.saltstack.com/en/latest/ref/configuration/master.html#master-logging-settings

22
assets/runtime/functions.sh
View File

@@ -432,6 +432,27 @@ EOF
} }
function configure_config_reloader()
{
rm -f /etc/supervisor/conf.d/config-reloader.conf
[ "${SALT_RESTART_MASTER_ON_CONFIG_CHANGE}" == true ] || return 0
echo "Configuring config reloader ..."
# configure supervisord to start config-reloader
cat > /etc/supervisor/conf.d/config-reloader.conf <<EOF
[program:config-reloader]
priority=20
directory=/tmp
command=/usr/local/sbin/config-reloader
user=root
autostart=true
autorestart=true
stdout_logfile=${SALT_LOGS_DIR}/supervisor/%(program_name)s.log
stderr_logfile=${SALT_LOGS_DIR}/supervisor/%(program_name)s.log
EOF
}
#--- FUNCTION ------------------------------------------------------------------------------------------------------- #--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: initialize_system # NAME: initialize_system
# DESCRIPTION: Initialize the system. # DESCRIPTION: Initialize the system.
@@ -445,6 +466,7 @@ function initialize_system()
configure_salt_master configure_salt_master
configure_salt_api configure_salt_api
configure_salt_formulas configure_salt_formulas
configure_config_reloader
setup_salt_keys setup_salt_keys
setup_ssh_keys setup_ssh_keys
rm -rf /var/run/supervisor.sock rm -rf /var/run/supervisor.sock

17
assets/sbin/config-reloader Executable file
View File

@@ -0,0 +1,17 @@
#!/bin/bash
# shellcheck source=assets/runtime/functions.sh
FUNCTIONS_FILE="${SALT_RUNTIME_DIR}/functions.sh"
source "${FUNCTIONS_FILE}"
function check_for_config_changes()
{
inotifywait -qq --recursive \
--event modify,move,create,delete \
"${SALT_CONFS_DIR}"
}
while check_for_config_changes; do
log_info "Configuration changes detected. Reloading salt-master ..."
supervisorctl restart salt-master
done

5
tests/config-reloader/README.md Normal file
View File

@@ -0,0 +1,5 @@
# Config Reloader Tests
Checks:
- `salt-master` is reloaded after config changes

2
tests/config-reloader/config/fileserver.conf Normal file
View File

@@ -0,0 +1,2 @@
# The buffer size in the file server can be adjusted here:
file_buffer_size: 1048576

54
tests/config-reloader/test.sh Executable file
View File

@@ -0,0 +1,54 @@
#!/usr/bin/env bash
set -e
[ "${DEBUG}" == true ] && set -vx
echo "🧪 Running config-reloader tests ..."
# https://stackoverflow.com/a/4774063/3398062
SCRIPT_PATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
# shellcheck source=assets/build/functions.sh
COMMON_FILE="${SCRIPT_PATH}/../lib/common.sh"
source "${COMMON_FILE}"
trap cleanup EXIT
# Run test instance
echo "==> Starting docker-salt-master (${PLATFORM}) ..."
start_container_and_wait \
--env SALT_RESTART_MASTER_ON_CONFIG_CHANGE=true \
--volume "${SCRIPT_PATH}/config":/home/salt/data/config:ro \
|| error "container started"
ok "container started"
# Get initial configuration values
echo "==> Checking initial configuration values ..."
FILE_BUFFER_SIZE="$(salt-run config.get file_buffer_size)"
YAML_UTF8="$(salt-run config.get yaml_utf8)"
FILE_BUFFER_SIZE_EXPECTED=1048576
YAML_UTF8_EXPECTED=
check_equal "${FILE_BUFFER_SIZE}" "${FILE_BUFFER_SIZE_EXPECTED}" "file_buffer_size"
check_equal "${YAML_UTF8}" "${YAML_UTF8_EXPECTED}" "yaml_utf8"
# Update fileserver config
echo "==> Updating file_buffer_size config ..."
FILE_BUFFER_SIZE_EXPECTED=2097152
sed -i "s/file_buffer_size:.*/file_buffer_size: ${FILE_BUFFER_SIZE_EXPECTED}/" "${SCRIPT_PATH}/config/fileserver.conf"
sleep 30 # Wait for the config to be reloaded
FILE_BUFFER_SIZE="$(salt-run config.get file_buffer_size)"
check_equal "${FILE_BUFFER_SIZE}" "${FILE_BUFFER_SIZE_EXPECTED}" "file_buffer_size"
# Create yaml_utf8 config
echo "==> Creating yaml_utf8 config ..."
YAML_UTF8_EXPECTED=True
cat > "${SCRIPT_PATH}/config/yaml_utf8.conf" <<EOF
# Enable extra routines for YAML renderer used states containing UTF characters.
yaml_utf8: ${YAML_UTF8_EXPECTED}
EOF
sleep 30 # Wait for the config to be reloaded
YAML_UTF8="$(salt-run config.get yaml_utf8)"
check_equal "${YAML_UTF8}" "${YAML_UTF8_EXPECTED}" "yaml_utf8"

33
tests/lib/common.sh
View File

@@ -43,6 +43,15 @@ function docker-exec()
docker exec "${CONTAINER_NAME}" "$@" docker exec "${CONTAINER_NAME}" "$@"
} }
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: docker-logs
# DESCRIPTION: Get the logs of the container.
#----------------------------------------------------------------------------------------------------------------------
function docker-logs()
{
docker logs "${CONTAINER_NAME}"
}
#--- FUNCTION ------------------------------------------------------------------------------------------------------- #--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: salt-run # NAME: salt-run
# DESCRIPTION: Execute the salt-run command inside the container. # DESCRIPTION: Execute the salt-run command inside the container.
@@ -107,3 +116,27 @@ function error()
master_log master_log
return 1 return 1
} }
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: check_equal
# DESCRIPTION: Check if the given value is equal to the expected value.
#----------------------------------------------------------------------------------------------------------------------
function check_equal()
{
local actual="$1"
local expected="$2"
local message="$3"
output=$(cat <<EOF
${message}
Expected: ${expected}
Actual: ${actual}
EOF
)
if [[ "${actual}" == "${expected}" ]]; then
ok "${output}"
else
error "${output}"
fi
}