In a recent blog post, Denis explained how to build Docker containers using Salt.
What's missing there is how to have a running salt-master dedicated to Docker containers.
There is not need the salt-master run as root for this. A test config of mine looks like:
david@perseus:~$ mkdir -p salt/etc/salt
david@perseus:~$ cd salt
david@perseus:~salt/$ cat << EOF >etc/salt/master
interface: 192.168.127.1
user: david
root_dir: /home/david/salt/
pidfile: var/run/salt-master.pid
pki_dir: etc/salt/pki/master
cachedir: var/cache/salt/master
sock_dir: var/run/salt/master
file_roots:
base:
- /home/david/salt/states
- /home/david/salt/formulas/cubicweb
pillar_roots:
base:
- /home/david/salt/pillar
EOF
Here, 192.168.127.1 is the ip of my docker0 bridge. Also note that path in file_roots and pillar_roots configs must be absolute (they are not relative to root_dir, see the salt-master configuration documentation).
Now we can start a salt-master that will be accessible to Docker containers:
david@perseus:~salt/$ /usr/bin/salt-master -c etc/salt
Warning
with salt 2015.5.0, salt-master really wants to execute dmidecode, so add /usr/sbin to the $PATH variable before running the salt-master as non-root user.
From there, you can talk to your test salt master by adding -c ~/salt/etc/salt option to all salt commands. I use a simple series of alias to deal with that:
david@perseus:~salt/$ cat sourceme.sh
#!/bin/bash
export SALTROOT=`dirname $(readlink -f $0)`
alias salt="/usr/bin/salt -c $SALTROOT/etc/salt "
alias salt-key="/usr/bin/salt-key -c $SALTROOT/etc/salt "
alias salt-master="/usr/bin/salt-master -c $SALTROOT/etc/salt "
alias salt-api="/usr/bin/salt-api -c $SALTROOT/etc/salt "
alias salt-call="/usr/bin/salt-call -c $SALTROOT/etc/salt "
alias salt-run="/usr/bin/salt-run -c $SALTROOT/etc/salt "
alias salt-cloud="/usr/bin/salt-cloud -c $SALTROOT/etc/salt "
david@perseus:~salt/$ source sourceme.sh
david@perseus:~salt/$ salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
Rejected Keys:
Now, you need to have a Docker images with salt-minion already installed, as explained in Denis' blog post. (I prefer using supervisord as PID 1 in my dockers, but that's not important here.)
david@perseus:~salt/ docker run -d --add-host salt:192.168.127.1 logilab/salted_debian:wheezy
53bf7d8db53001557e9ae25f5141cd9f2caf7ad6bcb7c2e3442fcdbb1caf5144
david@perseus:~salt/ docker run -d --name jessie1 --hostname jessie1 --add-host salt:192.168.127.1 logilab/salted_debian:jessie
3da874e58028ff6dcaf3999b29e2563e1bc4d6b1b7f2f0b166f9a8faffc8aa47
david@perseus:~salt/ salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
53bf7d8db530
jessie1
Rejected Keys:
david@perseus:~/salt$ salt-key -y -a 53bf7d8db530
The following keys are going to be accepted:
Unaccepted Keys:
53bf7d8db530
Key for minion 53bf7d8db530 accepted.
david@perseus:~/salt$ salt-key -y -a jessie1
The following keys are going to be accepted:
Unaccepted Keys:
jessie1
Key for minion jessie1 accepted.
david@perseus:~/salt$ salt '*' test.ping
jessie1:
True
53bf7d8db530:
True
You can now build Docker images as explained by Denis, or test your sls config files in containers.