This repository contains two Dockerfiles of SaltStack for Docker's automated build published to the public Docker Hub Registry.

In particular, this repository contains two Docker images:

• saltstack-master: a SaltStack master container image. This salt setup accepts all minions that connects to it and comes with netapi module (cherrypy) enabled. This container works with supervisord to automatically launch salt-master and salt-api daemons.
• saltstack-minion: a SaltStack minion container image.

• opensuse Tumbleweed

• Docker

docker run -d --hostname saltmaster --name saltmaster -v `pwd`/srv/salt:/srv/salt -p 9080:9080 -ti mbologna/saltstack-master

• You can start one minion...

docker run -d --hostname saltminion --name saltminion --link saltmaster:salt mbologna/saltstack-minion

• or you can deploy an army of minions:

for i in {1..10}; do docker run -d --hostname saltminion$i --name saltminion$i --link saltmaster:salt mbologna/saltstack-minion ; done

docker exec saltmaster /bin/sh -c "salt '*' cmd.run 'uname -a'"

  saltminion3:
      Linux saltminion3 4.4.57-18.3-default #1 SMP Thu Mar 30 06:39:47 UTC 2017 (39c8557) x86_64 x86_64 x86_64 GNU/Linux
  saltminion1:
      Linux saltminion1 4.4.57-18.3-default #1 SMP Thu Mar 30 06:39:47 UTC 2017 (39c8557) x86_64 x86_64 x86_64 GNU/Linux
  saltminion2:
      Linux saltminion2 4.4.57-18.3-default #1 SMP Thu Mar 30 06:39:47 UTC 2017 (39c8557) x86_64 x86_64 x86_64 GNU/Linux

1. Get a token to use in all subsequent calls:

curl -sS http://localhost:9080/login -c ~/cookies.txt -H 'Accept: application/json' -d username=saltdev -d password=saltdev -d eauth=pam

{
  "return": [
  {
    "perms": [
    ".*"
    ],
    "start": 1446379166.406894,
    "token": "4072d45939ad1a33ffbe0565ec7d15d0cf2e24c2",
    "expire": 1446422366.406895,
    "user": "saltdev",
    "eauth": "pam"
  }
  ]
}

2. Invoke Salt using saved token:

curl -sS http://localhost:9080 -b ~/cookies.txt -H 'Accept: application/json' -d client=local -d tgt='*' -d fun=cmd.run -d arg="uptime"

{
  "return": [
    {
      "saltminion1": " 23:55pm  up 2 days  8:28,  0 users,  load average: 1.31, 1.97, 1.70",
      "saltminion2": " 23:55pm  up 2 days  8:28,  0 users,  load average: 1.31, 1.97, 1.70",
      "saltminion3": " 23:55pm  up 2 days  8:28,  0 users,  load average: 1.31, 1.97, 1.70"
    }
  ]
}

A <pwd>/srv/salt directory has been created during the startup of the saltmaster container. Place your SLS state definition in it.

A Salt state example follows:

% cat srv/salt/tmux.sls

tmux:
  pkg.installed

Now you can apply defined state file to your minions:

docker exec saltmaster /bin/sh -c "salt saltminion1 state.apply tmux"

  saltminion1:
  ----------
            ID: tmux
      Function: pkg.installed
        Result: True
       Comment: The following packages were installed/updated: tmux
       Started: 12:25:42.977107
      Duration: 22305.267 ms
       Changes:
                ----------
                tmux:
                    ----------
                    new:
                        2.2-1.3
                    old:

  Summary for saltminion1
  ------------
  Succeeded: 1 (changed=1)
  Failed:    0
  ------------
  Total states run:     1
  Total run time:  22.305 s

• saltstack-master exposes port 9080/tcp (NO SSL) in order to consume salt-api via its HTTP interface.

  WARNING: your credentials travel in plain-text.

• saltstack-master works with PAM authentication module. A saltdev user (password: saltdev) has been added to the container.

• You must be root to write files in /srv/salt in the container host.