From 56561636743297a3200b1e70f05ad9176d8dd0eb Mon Sep 17 00:00:00 2001 From: Jacob Coffee Date: Wed, 6 Nov 2024 13:17:22 -0600 Subject: [PATCH 01/11] fix: update to new repos --- salt/base/salt.sls | 21 +++++---------------- 1 file changed, 5 insertions(+), 16 deletions(-) diff --git a/salt/base/salt.sls b/salt/base/salt.sls index 046ad82e..54946cc3 100644 --- a/salt/base/salt.sls +++ b/salt/base/salt.sls @@ -35,24 +35,13 @@ remove_old_salt_repo: salt-repo: pkgrepo.managed: - - humanname: repo.saltstack.org - {% if grains["oscodename"] == "focal" %} - - name: deb https://archive.repo.saltproject.io/py3/ubuntu/20.04/{{ grains["osarch"] }}/archive/3004 focal main - - key_url: https://archive.repo.saltproject.io/py3/ubuntu/20.04/{{ grains["osarch"] }}/archive/3004/salt-archive-keyring.gpg - {% elif grains["oscodename"] == "jammy" %} - - name: deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.gpg arch={{ grains["osarch"] }}] https://repo.saltproject.io/salt/py3/ubuntu/22.04/{{ grains["osarch"] }}/3007 jammy main - - key_url: https://repo.saltproject.io/salt/py3/ubuntu/22.04/{{ grains["osarch"] }}/SALT-PROJECT-GPG-PUBKEY-2023.gpg + {# https://saltproject.io/blog/salt-project-package-repo-migration-and-guidance/ #} + {% if grains["oscodename"] in ["jammy", "noble"] %} + - name: deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.pgp arch={{ grains["osarch"] }}] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main + - key_url: https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public - aptkey: False - {% elif grains["oscodename"] == "noble" %} - - name: deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.gpg arch={{ grains["osarch"] }}] https://repo.saltproject.io/salt/py3/ubuntu/24.04/{{ grains["osarch"] }}/3007 noble main - - key_url: https://repo.saltproject.io/salt/py3/ubuntu/24.04/{{ grains["osarch"] }}/SALT-PROJECT-GPG-PUBKEY-2023.gpg - - aptkey: False - {% else %} - - name: deb http://archive.repo.saltstack.com/py3/ubuntu/{{ grains["osrelease"] }}/{{ grains["osarch"] }}/2018.3 {{ grains["oscodename"] }} main - - key_url: https://archive.repo.saltstack.com/py3/ubuntu/18.04/amd64/2018.3/SALTSTACK-GPG-KEY.pub - {% endif %} - file: /etc/apt/sources.list.d/salt.list -{% endif %} + {% endif %} {% if salt["match.compound"](pillar["roles"]["salt-master"]["pattern"]) %} From 8112aaa74909271c1e1939c28f9e4598147f83ee Mon Sep 17 00:00:00 2001 From: Jacob Coffee Date: Wed, 6 Nov 2024 13:23:54 -0600 Subject: [PATCH 02/11] fix: update to new repos --- dockerfiles/Dockerfile.focal | 56 ------------------------------------ dockerfiles/Dockerfile.jammy | 9 ++++-- dockerfiles/Dockerfile.noble | 10 +++++-- 3 files changed, 14 insertions(+), 61 deletions(-) delete mode 100644 dockerfiles/Dockerfile.focal diff --git a/dockerfiles/Dockerfile.focal b/dockerfiles/Dockerfile.focal deleted file mode 100644 index ecd41c7b..00000000 --- a/dockerfiles/Dockerfile.focal +++ /dev/null @@ -1,56 +0,0 @@ -# Docker image to use with Vagrant -# Aims to be as similar to normal Vagrant usage as possible -# Adds SSH daemon, Systemd -# Adapted from https://github.com/BashtonLtd/docker-vagrant-images/blob/master/ubuntu1404/Dockerfile - -FROM ubuntu:20.04 -ENV container docker - -RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo $TZ > /etc/timezone - -RUN apt-get update -y && apt-get dist-upgrade -y - -# Install system dependencies, you may not need all of these -RUN apt-get install -y --no-install-recommends ssh sudo libffi-dev systemd openssh-client wget gnupg-utils gnupg apt-utils ca-certificates dbus locales cron dialog rsyslog iproute2 logrotate - -RUN locale-gen en_US.UTF-8 -COPY ./etc/locale.conf /etc/locale.conf -ENV LANG en_US.UTF-8 -ENV LANGUAGE en_US:en -ENV LC_ALL en_US.UTF-8 - -COPY ./etc/ssl/private/dhparams.pem /etc/ssl/private/dhparams.pem - -# Install Vim -RUN apt-get install -y vim - -# Needed to run systemd -# VOLUME [ "/sys/fs/cgroup" ] -# Doesn't appear to be necessary? See comments - -# Add vagrant user and key for SSH -RUN useradd --create-home -s /bin/bash vagrant -RUN echo -n 'vagrant:vagrant' | chpasswd -RUN echo 'vagrant ALL = NOPASSWD: ALL' > /etc/sudoers.d/vagrant -RUN chmod 440 /etc/sudoers.d/vagrant -RUN mkdir -p /home/vagrant/.ssh -RUN chmod 700 /home/vagrant/.ssh -RUN echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ==" > /home/vagrant/.ssh/authorized_keys -RUN chmod 600 /home/vagrant/.ssh/authorized_keys -RUN chown -R vagrant:vagrant /home/vagrant/.ssh -RUN sed -i -e 's/Defaults.*requiretty/#&/' /etc/sudoers -RUN sed -i -e 's/\(UsePAM \)yes/\1 no/' /etc/ssh/sshd_config - -# Start SSH -RUN mkdir /var/run/sshd -EXPOSE 22 -RUN /usr/sbin/sshd - -# Setup Salt Common - -RUN wget --quiet -O /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/ubuntu/20.04/$(dpkg --print-architecture)/3004/salt-archive-keyring.gpg -RUN echo "deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=$(dpkg --print-architecture)] https://repo.saltproject.io/py3/ubuntu/20.04/$(dpkg --print-architecture)/3004 focal main" > /etc/apt/sources.list.d/salt.list -RUN apt-get update -y && apt-get install -y --no-install-recommends salt-minion - -# Start Systemd (systemctl) -CMD ["/lib/systemd/systemd"] diff --git a/dockerfiles/Dockerfile.jammy b/dockerfiles/Dockerfile.jammy index 303bb4ad..6577c3bd 100644 --- a/dockerfiles/Dockerfile.jammy +++ b/dockerfiles/Dockerfile.jammy @@ -47,8 +47,13 @@ EXPOSE 22 RUN /usr/sbin/sshd # Setup Salt Common -RUN wget --quiet -O /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/ubuntu/22.04/$(dpkg --print-architecture)/SALT-PROJECT-GPG-PUBKEY-2023.gpg -RUN echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=$(dpkg --print-architecture)] https://repo.saltproject.io/salt/py3/ubuntu/22.04/$(dpkg --print-architecture)/3006 jammy main" > /etc/apt/sources.list.d/salt.list +RUN mkdir -p /etc/apt/keyrings +RUN wget --quiet -O /etc/apt/keyrings/salt-archive-keyring-2023.pgp https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public +RUN echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.pgp arch=$(dpkg --print-architecture)] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" > /etc/apt/sources.list.d/salt.list + +# Pin to Salt 3006 LTS +RUN echo -e "Package: salt-*\nPin: version 3006.*\nPin-Priority: 1001" > /etc/apt/preferences.d/salt-pin-1001 + RUN apt-get update -y && apt-get install -y --no-install-recommends salt-minion # Start Systemd (systemctl) diff --git a/dockerfiles/Dockerfile.noble b/dockerfiles/Dockerfile.noble index 944a0d47..712c4346 100644 --- a/dockerfiles/Dockerfile.noble +++ b/dockerfiles/Dockerfile.noble @@ -47,9 +47,13 @@ EXPOSE 22 RUN /usr/sbin/sshd # Setup Salt Common -RUN wget --quiet -O /etc/apt/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/salt/py3/ubuntu/24.04/$(dpkg --print-architecture)/SALT-PROJECT-GPG-PUBKEY-2023.gpg -RUN echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.gpg arch=$(dpkg --print-architecture)] https://repo.saltproject.io/salt/py3/ubuntu/24.04/$(dpkg --print-architecture)/3007 noble main" > /etc/apt/sources.list.d/saltstack.list -RUN apt-get update -y && apt-get install -y --no-install-recommends salt-minion +RUN mkdir -p /etc/apt/keyrings +RUN wget --quiet -O /etc/apt/keyrings/salt-archive-keyring-2023.pgp https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public +RUN echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.pgp arch=$(dpkg --print-architecture)] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" > /etc/apt/sources.list.d/salt.list + +# Pin to Salt 3006 LTS +RUN echo -e "Package: salt-*\nPin: version 3006.*\nPin-Priority: 1001" > /etc/apt/preferences.d/salt-pin-1001 + # Start Systemd (systemctl) CMD ["/lib/systemd/systemd"] From 328d86c65bddc53439958396884c519ab6c25d57 Mon Sep 17 00:00:00 2001 From: Jacob Coffee Date: Wed, 6 Nov 2024 13:26:14 -0600 Subject: [PATCH 03/11] fix: update to new repos --- dockerfiles/Dockerfile.jammy | 4 ++-- dockerfiles/Dockerfile.noble | 4 ++-- docs/guides/migration-recipe.md | 4 ++-- salt/base/salt.sls | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/dockerfiles/Dockerfile.jammy b/dockerfiles/Dockerfile.jammy index 6577c3bd..e4a208b5 100644 --- a/dockerfiles/Dockerfile.jammy +++ b/dockerfiles/Dockerfile.jammy @@ -48,8 +48,8 @@ RUN /usr/sbin/sshd # Setup Salt Common RUN mkdir -p /etc/apt/keyrings -RUN wget --quiet -O /etc/apt/keyrings/salt-archive-keyring-2023.pgp https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public -RUN echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.pgp arch=$(dpkg --print-architecture)] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" > /etc/apt/sources.list.d/salt.list +RUN wget --quiet -O /etc/apt/keyrings/salt-archive-keyring-2024.pgp https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public +RUN echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2024.pgp arch=$(dpkg --print-architecture)] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" > /etc/apt/sources.list.d/salt.list # Pin to Salt 3006 LTS RUN echo -e "Package: salt-*\nPin: version 3006.*\nPin-Priority: 1001" > /etc/apt/preferences.d/salt-pin-1001 diff --git a/dockerfiles/Dockerfile.noble b/dockerfiles/Dockerfile.noble index 712c4346..c99aec26 100644 --- a/dockerfiles/Dockerfile.noble +++ b/dockerfiles/Dockerfile.noble @@ -48,8 +48,8 @@ RUN /usr/sbin/sshd # Setup Salt Common RUN mkdir -p /etc/apt/keyrings -RUN wget --quiet -O /etc/apt/keyrings/salt-archive-keyring-2023.pgp https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public -RUN echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.pgp arch=$(dpkg --print-architecture)] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" > /etc/apt/sources.list.d/salt.list +RUN wget --quiet -O /etc/apt/keyrings/salt-archive-keyring-2024.pgp https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public +RUN echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2024.pgp arch=$(dpkg --print-architecture)] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" > /etc/apt/sources.list.d/salt.list # Pin to Salt 3006 LTS RUN echo -e "Package: salt-*\nPin: version 3006.*\nPin-Priority: 1001" > /etc/apt/preferences.d/salt-pin-1001 diff --git a/docs/guides/migration-recipe.md b/docs/guides/migration-recipe.md index 7563ec90..ab7144ee 100644 --- a/docs/guides/migration-recipe.md +++ b/docs/guides/migration-recipe.md @@ -99,9 +99,9 @@ index 68387c9..7a8ace1 100644 CODENAME=$(cat /etc/os-release | grep VERSION_CODENAME | cut -d '=' -f 2) echo "Adding the SaltStack repository key for $UBUNTU_VERSION $CODENAME ($ARCH)..." - sudo curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/ubuntu/$UBUNTU_VERSION/$ARCH/SALT-PROJECT-GPG-PUBKEY-2023.gpg + sudo curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2024.gpg ttps://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public echo "Adding the SaltStack repository for $UBUNTU_VERSION $CODENAME ($ARCH)..." - echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=$ARCH] https://repo.saltproject.io/salt/py3/ubuntu/$UBUNTU_VERSION/$ARCH/latest $CODENAME main" | sudo tee /etc/apt/sources.list.d/salt.list + echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2024.gpg arch=$ARCH] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" | sudo tee /etc/apt/sources.list.d/salt.list ``` 3. Install and configure the salt-minion. On `$new-host`, run the command ```console diff --git a/salt/base/salt.sls b/salt/base/salt.sls index 54946cc3..6917cafb 100644 --- a/salt/base/salt.sls +++ b/salt/base/salt.sls @@ -37,7 +37,7 @@ salt-repo: pkgrepo.managed: {# https://saltproject.io/blog/salt-project-package-repo-migration-and-guidance/ #} {% if grains["oscodename"] in ["jammy", "noble"] %} - - name: deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.pgp arch={{ grains["osarch"] }}] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main + - name: deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2024.pgp arch={{ grains["osarch"] }}] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main - key_url: https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public - aptkey: False - file: /etc/apt/sources.list.d/salt.list From df6aa9075c492efda091c1efc6946ff5103e4d1e Mon Sep 17 00:00:00 2001 From: Jacob Coffee Date: Wed, 6 Nov 2024 13:39:48 -0600 Subject: [PATCH 04/11] fix: correct newlin issue --- dockerfiles/Dockerfile.jammy | 2 +- dockerfiles/Dockerfile.noble | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dockerfiles/Dockerfile.jammy b/dockerfiles/Dockerfile.jammy index e4a208b5..119f1474 100644 --- a/dockerfiles/Dockerfile.jammy +++ b/dockerfiles/Dockerfile.jammy @@ -52,7 +52,7 @@ RUN wget --quiet -O /etc/apt/keyrings/salt-archive-keyring-2024.pgp https://pack RUN echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2024.pgp arch=$(dpkg --print-architecture)] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" > /etc/apt/sources.list.d/salt.list # Pin to Salt 3006 LTS -RUN echo -e "Package: salt-*\nPin: version 3006.*\nPin-Priority: 1001" > /etc/apt/preferences.d/salt-pin-1001 +RUN printf "Package: salt-*\nPin: version 3006.*\nPin-Priority: 1001\n" > /etc/apt/preferences.d/salt-pin-1001 RUN apt-get update -y && apt-get install -y --no-install-recommends salt-minion diff --git a/dockerfiles/Dockerfile.noble b/dockerfiles/Dockerfile.noble index c99aec26..8700fb74 100644 --- a/dockerfiles/Dockerfile.noble +++ b/dockerfiles/Dockerfile.noble @@ -52,7 +52,7 @@ RUN wget --quiet -O /etc/apt/keyrings/salt-archive-keyring-2024.pgp https://pack RUN echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2024.pgp arch=$(dpkg --print-architecture)] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" > /etc/apt/sources.list.d/salt.list # Pin to Salt 3006 LTS -RUN echo -e "Package: salt-*\nPin: version 3006.*\nPin-Priority: 1001" > /etc/apt/preferences.d/salt-pin-1001 +RUN printf "Package: salt-*\nPin: version 3006.*\nPin-Priority: 1001\n" > /etc/apt/preferences.d/salt-pin-1001 # Start Systemd (systemctl) From 5f299faad6fc7e4543e1cee48a616c89e7d6104f Mon Sep 17 00:00:00 2001 From: Jacob Coffee Date: Wed, 6 Nov 2024 13:43:18 -0600 Subject: [PATCH 05/11] fix: add missing conditional close --- salt/base/salt.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/base/salt.sls b/salt/base/salt.sls index 6917cafb..b18f1373 100644 --- a/salt/base/salt.sls +++ b/salt/base/salt.sls @@ -35,13 +35,13 @@ remove_old_salt_repo: salt-repo: pkgrepo.managed: - {# https://saltproject.io/blog/salt-project-package-repo-migration-and-guidance/ #} {% if grains["oscodename"] in ["jammy", "noble"] %} - name: deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2024.pgp arch={{ grains["osarch"] }}] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main - key_url: https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public - aptkey: False - file: /etc/apt/sources.list.d/salt.list {% endif %} +{% endif %} {% if salt["match.compound"](pillar["roles"]["salt-master"]["pattern"]) %} From d1c19217ddb0ffc5da12d18141a0ecc11d39b363 Mon Sep 17 00:00:00 2001 From: Jacob Coffee Date: Thu, 7 Nov 2024 14:46:52 -0600 Subject: [PATCH 06/11] Update docs/guides/migration-recipe.md Co-authored-by: Ee Durbin --- docs/guides/migration-recipe.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/migration-recipe.md b/docs/guides/migration-recipe.md index ab7144ee..3dbfb789 100644 --- a/docs/guides/migration-recipe.md +++ b/docs/guides/migration-recipe.md @@ -99,7 +99,7 @@ index 68387c9..7a8ace1 100644 CODENAME=$(cat /etc/os-release | grep VERSION_CODENAME | cut -d '=' -f 2) echo "Adding the SaltStack repository key for $UBUNTU_VERSION $CODENAME ($ARCH)..." - sudo curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2024.gpg ttps://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public + sudo curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2024.gpg https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public echo "Adding the SaltStack repository for $UBUNTU_VERSION $CODENAME ($ARCH)..." echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2024.gpg arch=$ARCH] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" | sudo tee /etc/apt/sources.list.d/salt.list ``` From 7f2476c9dda90a17b9e3adb3bbd808afff1c9da9 Mon Sep 17 00:00:00 2001 From: Jacob Coffee Date: Fri, 8 Nov 2024 10:20:53 -0600 Subject: [PATCH 07/11] chore(UNTESTED): attempt to support focal --- Vagrantfile | 1 + dockerfiles/Dockerfile.focal | 58 ++++++++++++++++++++++++++++++++++++ salt/base/salt.sls | 2 +- 3 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 dockerfiles/Dockerfile.focal diff --git a/Vagrantfile b/Vagrantfile index 1337e2a2..d7f58ecb 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -2,6 +2,7 @@ SERVERS = [ + # TODO: test focal salt repo changes {:name => "backup-server", :codename => "noble"}, {:name => "bugs", :codename => "jammy", :ports => [8080]}, {:name => "buildbot", :codename => "noble"}, diff --git a/dockerfiles/Dockerfile.focal b/dockerfiles/Dockerfile.focal new file mode 100644 index 00000000..62d9da20 --- /dev/null +++ b/dockerfiles/Dockerfile.focal @@ -0,0 +1,58 @@ + # Docker image to use with Vagrant +# Aims to be as similar to normal Vagrant usage as possible +# Adds SSH daemon, Systemd +# Adapted from https://github.com/BashtonLtd/docker-vagrant-images/blob/master/ubuntu1404/Dockerfile + +FROM ubuntu:20.04 +ENV container docker + +RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo $TZ > /etc/timezone + +RUN apt-get update -y && apt-get dist-upgrade -y + +# Install system dependencies, you may not need all of these +RUN apt-get install -y --no-install-recommends ssh sudo libffi-dev systemd openssh-client wget gnupg-utils gnupg apt-utils ca-certificates dbus locales cron dialog rsyslog iproute2 logrotate + +RUN locale-gen en_US.UTF-8 +COPY ./etc/locale.conf /etc/locale.conf +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + +COPY ./etc/ssl/private/dhparams.pem /etc/ssl/private/dhparams.pem + +# Install Vim +RUN apt-get install -y vim + +# Needed to run systemd +# VOLUME [ "/sys/fs/cgroup" ] +# Doesn't appear to be necessary? See comments + +# Add vagrant user and key for SSH +RUN useradd --create-home -s /bin/bash vagrant +RUN echo -n 'vagrant:vagrant' | chpasswd +RUN echo 'vagrant ALL = NOPASSWD: ALL' > /etc/sudoers.d/vagrant +RUN chmod 440 /etc/sudoers.d/vagrant +RUN mkdir -p /home/vagrant/.ssh +RUN chmod 700 /home/vagrant/.ssh +RUN echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ==" > /home/vagrant/.ssh/authorized_keys +RUN chmod 600 /home/vagrant/.ssh/authorized_keys +RUN chown -R vagrant:vagrant /home/vagrant/.ssh +RUN sed -i -e 's/Defaults.*requiretty/#&/' /etc/sudoers +RUN sed -i -e 's/\(UsePAM \)yes/\1 no/' /etc/ssh/sshd_config + +# Start SSH +RUN mkdir /var/run/sshd +EXPOSE 22 +RUN /usr/sbin/sshd + +# Setup Salt Common +RUN wget --quiet -O /etc/apt/keyrings/salt-archive-keyring-2024.pgp https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public +RUN echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2024.pgp arch=$(dpkg --print-architecture)] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" > /etc/apt/sources.list.d/salt.list + +# Pin to Salt 3006 LTS +RUN printf "Package: salt-*\nPin: version 3006.*\nPin-Priority: 1001\n" > /etc/apt/preferences.d/salt-pin-1001 +RUN apt-get update -y && apt-get install -y --no-install-recommends salt-minion + +# Start Systemd (systemctl) +CMD ["/lib/systemd/systemd"] diff --git a/salt/base/salt.sls b/salt/base/salt.sls index b18f1373..bfa3ca77 100644 --- a/salt/base/salt.sls +++ b/salt/base/salt.sls @@ -35,7 +35,7 @@ remove_old_salt_repo: salt-repo: pkgrepo.managed: - {% if grains["oscodename"] in ["jammy", "noble"] %} + {% if grains["oscodename"] in ["focal", "jammy", "noble"] %} - name: deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2024.pgp arch={{ grains["osarch"] }}] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main - key_url: https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public - aptkey: False From 5443c5f32d734c26e88a1b236ffe71e1fd8dabef Mon Sep 17 00:00:00 2001 From: Jacob Coffee Date: Thu, 21 Nov 2024 16:58:38 -0600 Subject: [PATCH 08/11] fix: add dir creation for focal --- dockerfiles/Dockerfile.focal | 1 + 1 file changed, 1 insertion(+) diff --git a/dockerfiles/Dockerfile.focal b/dockerfiles/Dockerfile.focal index 62d9da20..bb7ad124 100644 --- a/dockerfiles/Dockerfile.focal +++ b/dockerfiles/Dockerfile.focal @@ -47,6 +47,7 @@ EXPOSE 22 RUN /usr/sbin/sshd # Setup Salt Common +RUN mkdir -p /etc/apt/keyrings RUN wget --quiet -O /etc/apt/keyrings/salt-archive-keyring-2024.pgp https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public RUN echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2024.pgp arch=$(dpkg --print-architecture)] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" > /etc/apt/sources.list.d/salt.list From f953b2474f8947bb86b7bfdb48faa2f7f1539ee5 Mon Sep 17 00:00:00 2001 From: Jacob Coffee Date: Fri, 22 Nov 2024 08:44:22 -0600 Subject: [PATCH 09/11] chore: cleanup --- Vagrantfile | 1 - dockerfiles/Dockerfile.focal | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index d7f58ecb..1337e2a2 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -2,7 +2,6 @@ SERVERS = [ - # TODO: test focal salt repo changes {:name => "backup-server", :codename => "noble"}, {:name => "bugs", :codename => "jammy", :ports => [8080]}, {:name => "buildbot", :codename => "noble"}, diff --git a/dockerfiles/Dockerfile.focal b/dockerfiles/Dockerfile.focal index bb7ad124..35227f95 100644 --- a/dockerfiles/Dockerfile.focal +++ b/dockerfiles/Dockerfile.focal @@ -1,4 +1,4 @@ - # Docker image to use with Vagrant +# Docker image to use with Vagrant # Aims to be as similar to normal Vagrant usage as possible # Adds SSH daemon, Systemd # Adapted from https://github.com/BashtonLtd/docker-vagrant-images/blob/master/ubuntu1404/Dockerfile From 9acd4bae92be781af8bbcff78296de87c447a52b Mon Sep 17 00:00:00 2001 From: Jacob Coffee Date: Fri, 22 Nov 2024 08:44:39 -0600 Subject: [PATCH 10/11] docs: add pin command --- docs/guides/migration-recipe.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/guides/migration-recipe.md b/docs/guides/migration-recipe.md index 3dbfb789..7b0aedc5 100644 --- a/docs/guides/migration-recipe.md +++ b/docs/guides/migration-recipe.md @@ -102,6 +102,8 @@ index 68387c9..7a8ace1 100644 sudo curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2024.gpg https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public echo "Adding the SaltStack repository for $UBUNTU_VERSION $CODENAME ($ARCH)..." echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2024.gpg arch=$ARCH] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main" | sudo tee /etc/apt/sources.list.d/salt.list + echo "Pinning Salt to v3006.*" + RUN printf "Package: salt-*\nPin: version 3006.*\nPin-Priority: 1001\n" > /etc/apt/preferences.d/salt-pin-1001 ``` 3. Install and configure the salt-minion. On `$new-host`, run the command ```console From 1050e3a0dd8cb0f3cf8407622c32d29a1adf6e6c Mon Sep 17 00:00:00 2001 From: Jacob Coffee Date: Fri, 22 Nov 2024 08:48:09 -0600 Subject: [PATCH 11/11] fix: add pin command to salt base run --- salt/base/salt.sls | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/salt/base/salt.sls b/salt/base/salt.sls index bfa3ca77..5327f794 100644 --- a/salt/base/salt.sls +++ b/salt/base/salt.sls @@ -33,6 +33,19 @@ remove_old_salt_repo: file.absent: - name: /etc/apt/sources.list.d/saltstack.list +{% if grains["oscodename"] in ["focal", "jammy", "noble"] %} +salt-pin-config: + file.managed: + - name: /etc/apt/preferences.d/salt-pin-1001 + - contents: | + Package: salt-* + Pin: version 3006.* + Pin-Priority: 1001 + - user: root + - group: root + - mode: "0644" +{% endif %} + salt-repo: pkgrepo.managed: {% if grains["oscodename"] in ["focal", "jammy", "noble"] %}