github cdalvaro/docker-salt-master 3008.0
3008.0 STS
on GitHub

10 hours ago

The following changes are only related with the Docker image.

Please refer to the Salt 3008.0 Release Notes for the full list of changes.

Important

Change introduced in 3008.0 — please read if you use key secrets.

Salt 3008.0's new localfs_key cache driver rejects symlinked key files. Master keys provided via Docker secrets are now copied into /home/salt/data/keys instead of symlinked. If you bind-mount the full keys volume together with key secrets, the master private key will land on that persisted volume.

It is recommended to not bind-mount the whole keys volume when using key secrets. Mount only the minion sub-directories you need (e.g. /home/salt/data/keys/minions). See the README for full details and migration notes.

What's Changed

  • Update salt-master to 3008.0 Chlorine.
  • Fix master key provisioning for Salt 3008's localfs_key cache driver: secret keys are now copied (not symlinked) into pki_dir.
  • Fix master fingerprint computation to use salt.utils.crypt.pem_finger() directly, avoiding a Salt 3008 regression in salt-key that caused the built-in minion to loop on fingerprint mismatch errors.
  • Replace ubuntu:noble base image with ubuntu:resolute-20260413.
  • Install libgit2-dev 1.9.1 from apt; bump pygit2 to 1.19.2.
  • Dearmor Salt APT signing key for compatibility.
  • Replace sed -i /etc/passwd UID/GID remapping with usermod/groupmod.
  • Switch self-signed certificate generation to openssl.

See #394 for all the details.

Full changelog: 3007.14...3008.0

Images

docker pull ghcr.io/cdalvaro/docker-salt-master:3008.0

docker pull ghcr.io/cdalvaro/docker-salt-master:3008.0-gui
Check out latest releases or
releases around cdalvaro/docker-salt-master 3008.0

Don't miss a new docker-salt-master release

NewReleases is sending notifications on new releases.

Get notifications