Fix Salt container and create a user/password from .env

2020-02-16 20:26:26 -05:00 · 2020-02-16 20:26:26 -05:00 · 6d2f8bd0c8
parent d0b7d34772
commit 6d2f8bd0c8
5 changed files with 24 additions and 7 deletions
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@ -21,9 +21,11 @@ services:
    networks: 
      - database
  salt:
-    image: "saltstack/salt"
-    volumes:
-      - ./salt:/etc/salt/master.d
+    build: 
+      context: ./salt
+      args:
+        - SALT_USER=${SALT_USER}
+        - SALT_PASS=${SALT_PASS}
    ports:
      - "8123:8123"
      - "4505:4505"
--- a/docker/readme.md
+++ b/docker/readme.md
@ -3,7 +3,7 @@
 - install docker and docker-compose
 - Obtain wildcard cert or individual certs for each subdomain

-## Optional - Generate certificates with certbot
+## Generate certificates with certbot

 Install Certbot

@ -18,6 +18,10 @@ sudo certbot certonly --manual -d *.example.com --agree-tos --no-bootstrap --man
 ```
 Copy the fullchain.pem and privkey.pem to the cert directory.

+## Configure DNS and Firewall
+
+You will need to add DNS entries so that the three subdomains resolve to the IP of the docker host. There is a reverse proxy running that will route the hostnames to the correct container. On the host, you will need to ensure the firewall is open on tcp ports 80, 443, 8123, 4505, 4506.
+
 ## Run the environment with Docker

 Copy the .env.example to .env then
@ -60,7 +64,7 @@ sudo docker exec -it docker_api_1 python manage.py generate_barcode [OTP_CODE] [

 ## Connect to a container instance shell

-run `docker ps` to get the name of the running container instance
+run `docker ps` to get the name of the running container instance.

 Then use the name in the below command. It will use the api container instance as an example

--- a/docker/salt/api.conf
+++ b/docker/salt/api.conf
@ -3,7 +3,7 @@ gather_job_timeout: 30
 max_event_size: 30485760
 external_auth:
    pam:
-        saltapi:
+        ${SALT_USER}:
        - .*
        - '@runner'
        - '@wheel'
--- a/docker/salt/dockerfile
+++ b/docker/salt/dockerfile
@ -0,0 +1,12 @@
+FROM saltstack/salt
+
+ARG SALT_USER
+ARG SALT_PASS
+
+RUN adduser --no-create-home --disabled-password --gecos "" ${SALT_USER} && \
+echo "${SALT_USER}:${SALT_PASS}" | chpasswd
+RUN apk add gettext
+
+COPY ./api.conf /etc/salt/master.d/api.conf.tmp
+RUN envsubst '\$SALT_USER' < /etc/salt/master.d/api.conf.tmp > /etc/salt/master.d/api.conf && \
+ rm /etc/salt/master.d/api.conf.tmp
--- a/docker/salt/user.conf
+++ b/docker/salt/user.conf
@ -1 +0,0 @@
-{"user": "salt"}