chaos/docker-salt-master
Archived
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2025-11-20. You can view files and clone it, but cannot push or open issues or pull requests.
Files
911b6566d6289ae7cf3eff7079b99af3f1d8aeff
docker-salt-master/assets/runtime/functions.sh
Carlos Álvaro 911b6566d6 Add /home/salt/data/srv to /srv symlink
2018-10-19 20:09:05 +02:00

135 lines
4.2 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -e
source ${SALT_RUNTIME_DIR}/env-defaults.sh
# Map salt user with host user
function map_uidgid()
{
USERMAP_ORIG_UID=$(id -u ${SALT_USER})
USERMAP_ORIG_GID=$(id -g ${SALT_USER})
USERMAP_GID=${USERMAP_GID:-${USERMAP_UID:-$USERMAP_ORIG_GID}}
USERMAP_UID=${USERMAP_UID:-$USERMAP_ORIG_UID}
if [[ ${USERMAP_UID} != ${USERMAP_ORIG_UID} ]] || [[ ${USERMAP_GID} != ${USERMAP_ORIG_GID} ]]; then
echo "Mapping UID and GID for ${SALT_USER}:${SALT_USER} to ${USERMAP_UID}:${USERMAP_GID}..."
groupmod -o -g ${USERMAP_GID} ${SALT_USER}
sed -i -e "s|:${USERMAP_ORIG_UID}:${USERMAP_GID}:|:${USERMAP_UID}:${USERMAP_GID}:|" /etc/passwd
find ${SALT_HOME} -path ${SALT_DATA_DIR}/\* -prune -o -print0 | xargs -0 chown -h ${SALT_USER}:
fi
}
# This function generates a master_sign key pair and its signature
function gen_signed_keys()
{
local key_name=${1:-master}
mkdir -p ${SALT_KEYS_DIR}/generated/
GENERATED_KEYS_DIR=$(mktemp -d -p ${SALT_KEYS_DIR}/generated/ -t ${key_name}.XXXXX)
salt-key --gen-keys ${key_name} --gen-keys-dir ${GENERATED_KEYS_DIR} > /dev/null 2>&1
salt-key --gen-signature --auto-create --pub ${GENERATED_KEYS_DIR}/${key_name}.pub --signature-path ${GENERATED_KEYS_DIR} > /dev/null 2>&1
echo -n ${GENERATED_KEYS_DIR}
}
# This function repairs keys permissions and creates keys if neaded
function setup_keys()
{
echo "Setting up keys..."
sed -i \
-e "s|^[#]*master_sign_pubkey:.*$|# master_sign_pubkey -> overrided|" \
-e "s|^[#]*master_sign_key_name:.*$|# master_sign_key_name -> overrided|" \
-e "s|^[#]*master_pubkey_signature:.*$|# master_pubkey_signature -> overrided|" \
-e "s|^[#]*master_use_pubkey_signature:.*$|# master_use_pubkey_signature -> overrided|" \
${SALT_ROOT_DIR}/master
cat >> ${SALT_ROOT_DIR}/master <<EOF
##### Security settings #####
############################################
master_sign_pubkey: ${SALT_MASTER_SIGN_PUBKEY}
master_sign_key_name: ${SALT_MASTER_SIGN_KEY_NAME}
master_pubkey_signature: ${SALT_MASTER_PUBKEY_SIGNATURE}
master_use_pubkey_signature: ${SALT_MASTER_USE_PUBKEY_SIGNATURE}
EOF
if [ ! -f ${SALT_KEYS_DIR}/master.pem ]; then
echo "Generating keys..."
salt-key --gen-keys master --gen-keys-dir ${SALT_KEYS_DIR}
fi
if [ ! -f "${SALT_KEYS_DIR}/${SALT_MASTER_SIGN_KEY_NAME}.pem" ] && [ ${SALT_MASTER_SIGN_PUBKEY} == True ]; then
echo "Generating signed keys..."
salt-key --gen-signature --auto-create --pub ${SALT_KEYS_DIR}/master.pub --signature-path ${SALT_KEYS_DIR}
fi
for pub_key in $(find ${SALT_KEYS_DIR} -type f -maxdepth 2); do
if [[ ${pub_key} =~ .*\.pem$ ]]; then
chmod 400 ${pub_key}
else
chmod 644 ${pub_key}
fi
done
find ${SALT_HOME} -path ${SALT_KEYS_DIR}/\* -prune -o -print0 | xargs -0 chown -h ${SALT_USER}:
}
# This functions cofigures master service
function configure_salt_master()
{
echo "Configuring salt-master..."
# https://docs.saltstack.com/en/latest/ref/configuration/master.html
# Backup file
if [ ! -f ${SALT_ROOT_DIR}/master.backup ]; then
cp -p ${SALT_ROOT_DIR}/master ${SALT_ROOT_DIR}/master.backup
else
cp -p ${SALT_ROOT_DIR}/master.backup ${SALT_ROOT_DIR}/master
fi
# Set env variables
sed -i \
-e "s|^[#]*log_level:.*$|log_level: ${SALT_LOG_LEVEL}|" \
-e "s|^[#]*log_level_logfile:.*$|log_level_logfile: ${SALT_LEVEL_LOGFILE}|" \
-e "s|^[#]*default_include:.*$|default_include: ${SALT_CONFS_DIR}/*.conf|" \
-e "s|^[#]*pki_dir:.*$|pki_dir: ${SALT_KEYS_DIR}/|" \
${SALT_ROOT_DIR}/master
cat >> ${SALT_ROOT_DIR}/master <<EOF
###### Custom Settings ######
############################################
###### Base Directories ######
############################################
file_roots:
base:
- ${SALT_BASE_DIR}/salt
pillar_roots:
base:
- ${SALT_BASE_DIR}/pillar
EOF
}
# Initializes main directories
function initialize_datadir()
{
echo "Configuring directories..."
# This symlink simplifies paths for loading sls files
rm -rf /srv
ln -sf ${SALT_BASE_DIR} /srv
}
# Initializes the system
function initialize_system()
{
map_uidgid
initialize_datadir
configure_salt_master
setup_keys
}
Reference in New Issue View Git Blame Copy Permalink