diff --git a/CHANGELOG.md b/CHANGELOG.md index 0f7b429..65ec493 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ This file only reflects the changes that are made in this image. Please refer to the [Salt 3004 Release Notes](https://docs.saltstack.com/en/latest/topics/releases/3004.html) for the list of changes in SaltStack. +**3004_6** + +- Set the number of worker threads to start by setting `SALT_WORKER_THREADS` env variable. + **3004_5** - Set the number of workers for the runner/wheel in the reactor by setting `SALT_REACTOR_WORKER_THREADS` env variable. diff --git a/Dockerfile b/Dockerfile index 98e2380..1117e10 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,11 +4,10 @@ ARG BUILD_DATE ARG VCS_REF # https://github.com/saltstack/salt/releases +# NOTE: Review org.label-schema.version label if necessary ENV SALT_VERSION="3004" \ PYTHON_VERSION="3.9" -ENV IMAGE_VERSION="${SALT_VERSION}_5" - ENV SALT_DOCKER_DIR="/etc/docker-salt" \ SALT_ROOT_DIR="/etc/salt" \ SALT_CACHE_DIR='/var/cache/salt' \ @@ -67,7 +66,7 @@ LABEL \ maintainer="carlos@cdalvaro.io" \ org.label-schema.vendor=cdalvaro \ org.label-schema.name="SaltStack Master" \ - org.label-schema.version=${IMAGE_VERSION} \ + org.label-schema.version="${SALT_VERSION}_6" \ org.label-schema.description="Dockerized SaltStack Master" \ org.label-schema.url="https://github.com/cdalvaro/docker-salt-master" \ org.label-schema.vcs-url="https://github.com/cdalvaro/docker-salt-master.git" \ diff --git a/README.md b/README.md index 24dd5af..247afa1 100644 --- a/README.md +++ b/README.md @@ -506,31 +506,32 @@ Please refer the docker run command options for the `--env-file` flag where you Below you can find a list with the available options that can be used to customize your `docker-salt-master` installation. -| Parameter | Description | -| :------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `DEBUG` | Set this to `True` to enable entrypoint debugging. | -| `TIMEZONE` / `TZ` | Set the container timezone. Defaults to `UTC`. Values are expected to be in Canonical format. Example: `Europe/Madrid`. See the list of [acceptable values](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). | -| `SALT_RESTART_MASTER_ON_CONFIG_CHANGE` | Set this to `True` to restart `salt-master` service when configuration files change. Default: `False` | -| `SALT_LOG_LEVEL` | The level of messages to send to the console. One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. Default: `warning` | -| `SALT_LOG_ROTATE_FREQUENCY` | Logrotate frequency for salt logs. Available options are 'daily', 'weekly', 'monthly', and 'yearly'. Default: `weekly` | -| `SALT_LOG_ROTATE_RETENTION` | Keep x files before deleting old log files. Defaults: `52` | -| `SALT_LEVEL_LOGFILE` | The level of messages to send to the log file. One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. Default: `warning` | -| `SALT_API_SERVICE_ENABLED` | Enable `salt-api` service. Default: `False` | -| `SALT_API_USER` | Set username for `salt-api` service. Default: `salt_api` | -| `SALT_API_USER_PASS` | `SALT_API_USER` password. Required if `SALT_API_SERVICE_ENBALED` is `True` and `SALT_API_USER` is not empty. _Unset_ by default | -| `SALT_API_CERT_CN` | Common name in the request. Default: `localhost` | -| `SALT_MASTER_SIGN_PUBKEY` | Sign the master auth-replies with a cryptographic signature of the master's public key. Possible values: 'True' or 'False'. Default: `False` | -| `SALT_MASTER_USE_PUBKEY_SIGNATURE` | Instead of computing the signature for each auth-reply, use a pre-calculated signature. This option requires `SALT_MASTER_SIGN_PUBKEY` set to 'True'. Possible values: 'True' or 'False'. Default: `True` | -| `SALT_MASTER_SIGN_KEY_NAME` | The customizable name of the signing-key-pair without suffix. Default: `master_sign` | -| `SALT_MASTER_PUBKEY_SIGNATURE` | The name of the file in the master's pki-directory that holds the pre-calculated signature of the master's public-key. Default: `master_pubkey_signature` | -| `SALT_MASTER_ROOT_USER` | Forces `salt-master` to be runned as `root` instead of `salt`. Default: `False` | -| `SALT_GITFS_SSH_PRIVATE_KEY` | The name of the ssh private key for gitfs. Default: `gitfs_ssh` | -| `SALT_GITFS_SSH_PUBLIC_KEY` | The name of the ssh public key for gitfs. Default: `gitfs_ssh`.pub` | -| `SALT_REACTOR_WORKER_THREADS` | The number of workers for the runner/wheel in the reactor. Default: `10`. | -| `PUID` | Sets the uid for user `salt` to the specified uid. Default: `1000`. | -| `PGID` | Sets the gid for user `salt` to the specified gid. Default: `1000`. | -| `USERMAP_UID` (**deprecated**) | Same as `PUID`. Support will be removed in Salt 3005 release in favor of `PUID`. | -| `USERMAP_GID` (**deprecated**) | Same as `PGID`. Support will be removed in Salt 3005 release in favor of `PGID`. | +| Parameter | Description | +| :------------------------------------------------------------------------------------------------------------------------------------ | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `DEBUG` | Set this to `True` to enable entrypoint debugging. | +| `TIMEZONE` / `TZ` | Set the container timezone. Defaults to `UTC`. Values are expected to be in Canonical format. Example: `Europe/Madrid`. See the list of [acceptable values](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). | +| `SALT_RESTART_MASTER_ON_CONFIG_CHANGE` | Set this to `True` to restart `salt-master` service when configuration files change. Default: `False` | +| [`SALT_LOG_LEVEL`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#log-level) | The level of messages to send to the console. One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. Default: `warning` | +| `SALT_LOG_ROTATE_FREQUENCY` | Logrotate frequency for salt logs. Available options are 'daily', 'weekly', 'monthly', and 'yearly'. Default: `weekly` | +| `SALT_LOG_ROTATE_RETENTION` | Keep x files before deleting old log files. Defaults: `52` | +| [`SALT_LEVEL_LOGFILE`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#log-level-logfile) | The level of messages to send to the log file. One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. Default: `warning` | +| [`SALT_API_SERVICE_ENABLED`](https://docs.saltproject.io/en/latest/ref/cli/salt-api.html) | Enable `salt-api` service. Default: `False` | +| `SALT_API_USER` | Set username for `salt-api` service. Default: `salt_api` | +| `SALT_API_USER_PASS` | `SALT_API_USER` password. Required if `SALT_API_SERVICE_ENBALED` is `True` and `SALT_API_USER` is not empty. _Unset_ by default | +| `SALT_API_CERT_CN` | Common name in the request. Default: `localhost` | +| [`SALT_MASTER_SIGN_PUBKEY`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#master-sign-pubkey) | Sign the master auth-replies with a cryptographic signature of the master's public key. Possible values: 'True' or 'False'. Default: `False` | +| [`SALT_MASTER_USE_PUBKEY_SIGNATURE`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#master-use-pubkey-signature) | Instead of computing the signature for each auth-reply, use a pre-calculated signature. This option requires `SALT_MASTER_SIGN_PUBKEY` set to 'True'. Possible values: 'True' or 'False'. Default: `True` | +| [`SALT_MASTER_SIGN_KEY_NAME`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#master-sign-key-name) | The customizable name of the signing-key-pair without suffix. Default: `master_sign` | +| [`SALT_MASTER_PUBKEY_SIGNATURE`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#master-pubkey-signature) | The name of the file in the master's pki-directory that holds the pre-calculated signature of the master's public-key. Default: `master_pubkey_signature` | +| `SALT_MASTER_ROOT_USER` | Forces `salt-master` to be runned as `root` instead of `salt`. Default: `False` | +| `SALT_GITFS_SSH_PRIVATE_KEY` | The name of the ssh private key for gitfs. Default: `gitfs_ssh` | +| `SALT_GITFS_SSH_PUBLIC_KEY` | The name of the ssh public key for gitfs. Default: `gitfs_ssh`.pub` | +| [`SALT_REACTOR_WORKER_THREADS`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#reactor-worker-threads) | The number of workers for the runner/wheel in the reactor. Default: `10`. | +| [`SALT_WORKER_THREADS`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#worker-threads) | The number of threads to start for receiving commands and replies from minions. Default: `5`. | +| `PUID` | Sets the uid for user `salt` to the specified uid. Default: `1000`. | +| `PGID` | Sets the gid for user `salt` to the specified gid. Default: `1000`. | +| `USERMAP_UID` (**deprecated**) | Same as `PUID`. Support will be removed in Salt 3005 release in favor of `PUID`. | +| `USERMAP_GID` (**deprecated**) | Same as `PGID`. Support will be removed in Salt 3005 release in favor of `PGID`. | Any parameter not listed in the above table and available in the following [link](https://docs.saltproject.io/en/latest/ref/configuration/examples.html#configuration-examples-master), can be set by creating the directory `config` and adding into it a `.conf` file with the desired parameters: diff --git a/assets/runtime/config/master.yml b/assets/runtime/config/master.yml index 4ab032e..532cff0 100644 --- a/assets/runtime/config/master.yml +++ b/assets/runtime/config/master.yml @@ -25,6 +25,15 @@ cachedir: {{SALT_CACHE_DIR}}/master extension_modules: {{SALT_CACHE_DIR}}/master/extmods +##### Large-scale tuning settings ##### +########################################## +# The number of worker threads to start. These threads are used to manage +# return calls made from minions to the master. If the master seems to be +# running slowly, increase the number of threads. This setting can not be +# set lower than 3. +worker_threads: {{SALT_WORKER_THREADS}} + + ##### Security settings ##### ########################################## # Enable passphrase protection of the Master signing_key. This only applies if diff --git a/assets/runtime/env-defaults.sh b/assets/runtime/env-defaults.sh index 207116c..c24c3a5 100755 --- a/assets/runtime/env-defaults.sh +++ b/assets/runtime/env-defaults.sh @@ -13,6 +13,7 @@ SALT_LOG_ROTATE_RETENTION=${SALT_LOG_ROTATE_RETENTION:-52} # https://docs.saltstack.com/en/latest/ref/configuration/master.html SALT_RESTART_MASTER_ON_CONFIG_CHANGE=${SALT_RESTART_MASTER_ON_CONFIG_CHANGE:-False} SALT_REACTOR_WORKER_THREADS=${SALT_REACTOR_WORKER_THREADS:-10} +SALT_WORKER_THREADS=${SALT_WORKER_THREADS:-5} ##### Logging settings ##### # https://docs.saltstack.com/en/latest/ref/configuration/master.html#master-logging-settings diff --git a/assets/runtime/functions.sh b/assets/runtime/functions.sh index 5915601..55c9547 100755 --- a/assets/runtime/functions.sh +++ b/assets/runtime/functions.sh @@ -269,7 +269,8 @@ function configure_salt_master() SALT_CACHE_DIR \ SALT_CONFS_DIR \ SALT_KEYS_DIR \ - SALT_REACTOR_WORKER_THREADS + SALT_REACTOR_WORKER_THREADS \ + SALT_WORKER_THREADS # Update keys configuration update_template "${SALT_ROOT_DIR}/master" \