ixdotai/saltmaster

docker

Hub

By ixdotai

•Updated 9 days ago

Extension of saltstack/salt:latest with built-in support for gitfs and gpg

Image

50K+

Overview Tags

saltmaster

This image started as an extenstion of the (now archived) project /saltstack/open/saltdocker⁠.

Added / Upgraded

Built-in support for gitfs⁠ using GitPython⁠
Build-in support for gpg⁠
Always installs the latest pypi salt⁠ version currently available

Usage

Use as you normally would saltstack/salt:latest
Mount your SSH private key under /etc/salt/sshkeys/saltmaster
Mount your GPG homedir under /etc/salt/gpgkeys

Note: If you don't supply the SSH private key or the GPG homedir, they will be automatically generated

Optionally create the keys manually

SSH Keys:

docker volume create sshkeys
docker run --rm --volume sshkeys:/etc/salt/sshkeys registry.gitlab.com/ix.ai/saltmaster gen-ssh.sh

GPG Keyring:

docker volume create gpgkeys
docker run --rm --volume gpgkeys:/etc/salt/gpgkeys registry.gitlab.com/ix.ai/saltmaster gen-gpg.sh

Start it up

docker run --rm \
           --volume sshkeys:/etc/salt/sshkeys \
           --volume gpgkeys:/etc/salt/gpgkeys \
           --volume cache:/var/cache/salt \
           --volume pki:/etc/salt/pki \
           -p 4505:4505 \
           -p 4506:4506 \
           registry.gitlab.com/ix.ai/saltmaster:latest

Environment Variables

Inherited from the original project⁠, the Salt image uses several environment variables which are easy to miss. While none of the variables are required, they may significantly aid you in using the image.

`SALT_MASTER_CONFIG`

A JSON object. This variable is dumped to /etc/salt/master.d/master.conf and can be used to provide extra config for the salt master.

`SALT_API_CONFIG`

A JSON object. This variable is dumped to /etc/salt/master.d/api.conf, and defaults to the following.

rest_cherrypy:
  port: 8000,
  ssl_crt: /etc/pki/tls/certs/localhost.crt
  ssl_key: /etc/pki/tls/certs/localhost.key
external_auth:
    sharedsecret:
        salt: ['.*', '@wheel', '@jobs', '@runner']
sharedsecret: $SALT_SHARED_SECRET

`SALT_SHARED_SECRET`

If this environment variable is set, it will set the sharedsecret variable for using the salt-api with the salt user.

Version tags

registry.gitlab.com/ix.ai/saltmaster:dev-master is the latest build on the master branch
registry.gitlab.com/ix.ai/saltmaster:latest is the latest build on a git tag
all other tags follow the salt releases

Warning: The build on the master brancch always installs the latestpypi salt⁠ version at the time of the pipeline run!

Multi-Arch Support

Starting with 3005.1, this image is multi-arch, supporting:

AMD64
ARM64
~~ARMv7~~ (disabled)
~~ARMv6~~ (disabled)
i386

Resources

GitLab: https://gitlab.com/ix.ai/saltmaster⁠
GitLab Registry: https://gitlab.com/ix.ai/saltmaster/container_registry⁠
Docker Hub: https://hub.docker.com/r/ixdotai/saltmaster

Docker Pull Command

docker pull ixdotai/saltmaster