chaos/docker-salt-master
Archived
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Use PUID and PGID for mapping host's user

Browse Source
This commit is contained in:
Carlos Álvaro
2021-12-19 19:09:07 +01:00
parent 12a8f3fc94
commit d3b2740b28
5 changed files with 67 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGELOG.md
View File

@@ -4,6 +4,13 @@ This file only reflects the changes that are made in this image.
Please refer to the [Salt 3004 Release Notes](https://docs.saltstack.com/en/latest/topics/releases/3004.html)
for the list of changes in SaltStack.
**3004_3**
- Deprecate `USERMAP_UID` env variable in favor of `PUID`.
- Deprecate `USERMAP_GID` env variable in favor of `PGID`.
Support for the `USERMAP_UID` and `USERMAP_GID` env variables will be removed with Salt 3005.
**3004_2**
- Support for automatically restart `salt-master` after config changes

2
Makefile
View File

@@ -24,7 +24,7 @@ quickstart:
@echo "Starting docker-salt-master container..."
@docker run --name='docker-salt-master-demo' --detach \
--publish=4505:4505/tcp --publish=4506:4506/tcp \
--env "USERMAP_UID=$(shell id -u)" --env "USERMAP_GID=$(shell id -g)" \
--env "PUID=$(shell id -u)" --env "PGID=$(shell id -g)" \
--env SALT_LOG_LEVEL=info \
--volume $(shell pwd)/roots/:/home/salt/data/srv/ \
--volume $(shell pwd)/keys/:/home/salt/data/keys/ \

12
README.md
View File

@@ -295,12 +295,12 @@ pepper '*' test.ping
Per default the container is configured to run `salt-master` as user and group `salt` with `uid` and `gid` `1000`. From the host it appears as if the mounted data volumes are owned by the host's user/group `1000` and maybe leading to unfavorable effects.
Also the container processes seem to be executed as the host's user/group `1000`. The container can be configured to map the uid and gid of git to different ids on host by passing the environment variables `USERMAP_UID` and `USERMAP_GID`. The following command maps the ids to the current user and group on the host.
Also the container processes seem to be executed as the host's user/group `1000`. The container can be configured to map the uid and gid of git to different ids on host by passing the environment variables `PUID` and `PGID`. The following command maps the ids to the current user and group on the host.
```sh
docker run --name salt_stack -it --rm \
--publish 4505:4505 --publish 4506:4506 \
--env "USERMAP_UID=$(id -u)" --env "USERMAP_GID=$(id -g)" \
--env "PUID=$(id -u)" --env "PGID=$(id -g)" \
--volume $(pwd)/roots/:/home/salt/data/srv/ \
--volume $(pwd)/keys/:/home/salt/data/keys/ \
cdalvaro/docker-salt-master:latest
@@ -393,7 +393,7 @@ For that case, you can mount a volume containing all your third party formulas s
```sh
docker run --name salt_stack -it --rm \
--publish 4505:4505 --publish 4506:4506 \
--env "USERMAP_UID=$(id -u)" --env "USERMAP_GID=$(id -g)" \
--env "PUID=$(id -u)" --env "PGID=$(id -g)" \
--volume $(pwd)/roots/:/home/salt/data/srv/ \
--volume $(pwd)/3pfs/:/home/salt/data/3pfs/ \
--volume $(pwd)/keys/:/home/salt/data/keys/ \
@@ -526,8 +526,10 @@ Below you can find a list with the available options that can be used to customi
| `SALT_MASTER_ROOT_USER` | Forces `salt-master` to be runned as `root` instead of `salt`. Default: `False` |
| `SALT_GITFS_SSH_PRIVATE_KEY` | The name of the ssh private key for gitfs. Default: `gitfs_ssh` |
| `SALT_GITFS_SSH_PUBLIC_KEY` | The name of the ssh public key for gitfs. Default: `gitfs_ssh.pub` |
| `USERMAP_UID` | Sets the uid for user `salt` to the specified uid. Default: `1000`. |
| `USERMAP_GID` | Sets the gid for user `salt` to the specified gid. Default: `1000`. |
| `PUID` | Sets the uid for user `salt` to the specified uid. Default: `1000`. |
| `PGID` | Sets the gid for user `salt` to the specified gid. Default: `1000`. |
| `USERMAP_UID` (**deprecated**) | Same as `PUID`. Support will be removed in Salt 3005 release in favor of `PUID`. |
| `USERMAP_GID` (**deprecated**) | Same as `PGID`. Support will be removed in Salt 3005 release in favor of `PGID`. |
Any parameter not listed in the above table and available in the following [link](https://docs.saltproject.io/en/latest/ref/configuration/examples.html#configuration-examples-master), can be set by creating the directory `config` and adding into it a `.conf` file with the desired parameters:

59
assets/runtime/functions.sh
View File

@@ -57,20 +57,61 @@ function log_error()
(>&2 echo "[ERROR] - $*")
}
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: __check_puid_pgid_env
# DESCRIPTION: Check if the PUID and PGID environment variables are set correctly.
#----------------------------------------------------------------------------------------------------------------------
function __check_puid_pgid_env
{
if [[ "${SALT_VERSION}" -ge "3005" ]]; then
log_error "The USERMAP_UID and USERMAP_GID environment variables are not supported in Salt >= 3005"
exit 1
fi
if [[ -n "${USERMAP_UID}" ]]; then
log_warn "The USERMAP_UID environment variable is deprecated. Please use PUID instead."
log_warn "Support for USERMAP_UID will be removed in Salt 3005 release."
if [[ -z "${PUID}" ]]; then
log_warn "Setting PUID to USERMAP_UID (${USERMAP_UID})"
export PUID="${USERMAP_UID}"
else
log_error "The PUID and USERMAP_UID environment variables are set. PUID will be used."
fi
unset USERMAP_UID
fi
if [[ -n "${USERMAP_GID}" ]]; then
log_warn "The USERMAP_GID environment variable is deprecated. Please use PGID instead."
log_warn "Support for USERMAP_GID will be removed in Salt 3005 release."
if [[ -z "${PGID}" ]]; then
log_info "Setting PGID to USERMAP_GID (${USERMAP_GID})"
export PGID="${USERMAP_GID}"
else
log_error "The PGID and USERMAP_GID environment variables are set. PGID will be used."
fi
unset USERMAP_GID
fi
}
#--- FUNCTION -------------------------------------------------------------------------------------------------------
# NAME: map_uidgid
# DESCRIPTION: Map salt user with host user.
#----------------------------------------------------------------------------------------------------------------------
function map_uidgid()
{
USERMAP_ORIG_UID=$(id -u "${SALT_USER}")
USERMAP_ORIG_GID=$(id -g "${SALT_USER}")
USERMAP_GID=${USERMAP_GID:-${USERMAP_UID:-$USERMAP_ORIG_GID}}
USERMAP_UID=${USERMAP_UID:-$USERMAP_ORIG_UID}
if [[ "${USERMAP_UID}" != "${USERMAP_ORIG_UID}" ]] || [[ "${USERMAP_GID}" != "${USERMAP_ORIG_GID}" ]]; then
echo "Mapping UID and GID for ${SALT_USER}:${SALT_USER} to ${USERMAP_UID}:${USERMAP_GID} ..."
groupmod -o -g "${USERMAP_GID}" "${SALT_USER}"
sed -i -e "s|:${USERMAP_ORIG_UID}:${USERMAP_GID}:|:${USERMAP_UID}:${USERMAP_GID}:|" /etc/passwd
__check_puid_pgid_env
# Move this into env-defaults.sh
[ -z "${PUID}" ] && export PUID=1000
[ -z "${PGID}" ] && export PGID=1000
ORIG_PUID=$(id -u "${SALT_USER}")
ORIG_PGID=$(id -g "${SALT_USER}")
PGID=${PGID:-${PUID:-$ORIG_PGID}}
PUID=${PUID:-$ORIG_PUID}
if [[ "${PUID}" != "${ORIG_PUID}" ]] || [[ "${PGID}" != "${ORIG_PGID}" ]]; then
log_info "Mapping UID and GID for ${SALT_USER}:${SALT_USER} to ${PUID}:${PGID} ..."
groupmod -o -g "${PGID}" "${SALT_USER}"
sed -i -e "s|:${ORIG_PUID}:${PGID}:|:${PUID}:${PGID}:|" /etc/passwd
find "${SALT_HOME}" \
-not -path "${SALT_CONFS_DIR}*" \
-not -path "${SALT_KEYS_DIR}*" \
@@ -78,7 +119,7 @@ function map_uidgid()
-not -path "${SALT_LOGS_DIR}*" \
-not -path "${SALT_FORMULAS_DIR}*" \
-path "${SALT_DATA_DIR}/*" \
\( ! -uid "${USERMAP_ORIG_UID}" -o ! -gid "${USERMAP_ORIG_GID}" \) \
\( ! -uid "${ORIG_PUID}" -o ! -gid "${ORIG_PGID}" \) \
-print0 | xargs -0 chown -h "${SALT_USER}": "${SALT_HOME}"
fi
}

4
docker-compose.yml
View File

@@ -20,8 +20,8 @@ services:
environment:
- DEBUG=false
- TIMEZONE=Europe/Madrid
- USERMAP_UID=1000
- USERMAP_GID=1000
- PUID=1000
- PGID=1000
- SALT_LOG_LEVEL=info
### salt-api settings
# - SALT_API_SERVICE_ENABLED=true