Initial commit

.gitignore

@@ -0,0 +1,3 @@
+# Keys
+keys/
+

Dockerfile

@@ -0,0 +1,61 @@
+FROM ubuntu:18.04
+
+LABEL maintainer="carlos.alvaro@citelan.es"
+LABEL description="SaltStack master"
+LABEL version="2018.3.2"
+
+ENV SALT_DOCKER_DIR="/etc/salt-docker" \
+    SALT_MASTER_DIR="/etc/salt/pki/master"
+
+ENV SALT_BUILD_DIR="${SALT_DOCKER_DIR}/build" \
+    SALT_KEYS_DIR="${SALT_DOCKER_DIR}/keys" \
+    SALT_RUNTIME_DIR="${SALT_DOCKER_DIR}/runtime"
+
+# Bootstrap script options:
+# https://docs.saltstack.com/en/latest/topics/tutorials/salt_bootstrap.html#command-line-options
+## -M: install Salt Master by default
+## -N: Do not install salt-minion
+## -X: Do not start daemons after installation
+## -U: Fully upgrade the system prior to bootstrapping Salt
+ENV SALT_BOOTSTRAP_OPTS='-M -N -X -U'
+
+# Version of salt to install:
+# https://github.com/saltstack/salt/releases
+ENV SALT_GIT_RELEASE="v2018.3.2"
+ENV SALT_LOG_LEVEL="info"
+
+# Set non interactive mode
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install packages
+RUN apt-get update
+RUN apt-get install --yes --quiet --no-install-recommends \
+    ca-certificates apt-transport-https curl git vim python3 locales virt-what
+
+# Configure locales
+RUN update-locale LANG=C.UTF-8 LC_MESSAGES=POSIX \
+    locale-gen en_US.UTF-8 \
+    dpkg-reconfigure locales
+
+EXPOSE 4505/tcp 4506/tcp
+RUN mkdir -p /srv ${SALT_KEYS_DIR}
+VOLUME [ "/srv", "${SALT_KEYS_DIR}" ]
+
+RUN mkdir -p ${SALT_BUILD_DIR}
+WORKDIR ${SALT_BUILD_DIR}
+
+RUN curl -o bootstrap-salt.sh -L https://bootstrap.saltstack.com
+RUN sh bootstrap-salt.sh ${SALT_BOOTSTRAP_OPTS} git ${SALT_GIT_RELEASE}
+
+RUN apt-get clean --yes
+RUN rm -rf /var/lib/apt/lists/*
+
+COPY assets/runtime ${SALT_RUNTIME_DIR}
+RUN chmod -R +x ${SALT_RUNTIME_DIR}
+
+COPY entrypoint.sh /sbin/entrypoint.sh
+RUN chmod +x /sbin/entrypoint.sh
+WORKDIR ${SALT_DOCKER_DIR}
+
+ENTRYPOINT [ "/sbin/entrypoint.sh" ]
+

README.md

@@ -0,0 +1,105 @@
+# SaltStack Master v2018.3.2
+
+Dockerfile to build a [SaltStack](https://www.saltstack.com) Master image for the Docker opensource container platform.
+
+SaltStack Master is set up in the Docker image using the install from git source method as documented in the the [official bootstrap](https://docs.saltstack.com/en/latest/topics/tutorials/salt_bootstrap.html) documentation.
+
+For other methods to install SaltStack please refer to the [Official SaltStack Installation Guide](https://docs.saltstack.com/en/latest/topics/installation/index.html).
+
+## Table of Contents
+
+- [Installation](#installation)
+- [Quick Start](#quick-start)
+- [Configuration](#configuration)
+  - [Custom Recipes](#custom-recipes)
+  - [Minion Keys](#minion-keys)
+- [Usage](#usage)
+- [Shell Access](#shell-access)
+- [References](#references)
+
+## Installation
+
+At the moment there are not auomated images at [Dockerhub](https://hub.docker.com) (There will be as soon as possible...)
+
+In the meantime, you can build the image locally.
+
+```sh
+docker build -t cdalvaro/saltstack_master gitlab.com/cdalvaro/saltstack-master
+```
+
+## Quick Start
+
+The quickest way to get started is using [docker-compose](https://docs.docker.com/compose/).
+
+```sh
+wget https://gitlab.com/cdalvaro/saltstack-master/raw/master/docker-compose.yml
+```
+
+Start SaltStack master using:
+
+```sh
+docker-compose up --detach
+```
+
+Alternatively, you can manually launch the `saltstack-master`  container:
+
+```sh
+docker run --name salt_master --detach \
+    --publish 4505:4505 --publish 4506:4506 \
+    --env 'SALT_LOG_LEVEL=info' \
+    --read-only --volume ./srv/:/srv/ \
+    cdalvaro/saltstack_master:2018.3.2
+```
+
+## Configuration
+
+### Custom Recipes
+
+This image does not require storing data out of the container.
+
+But it is necessary to mount the `/srv/` volume ir order to provide your custom recipes.
+
+### Minion Keys
+
+Minion keys can be added automatically on startup to SaltStack master by mounting the volume `/etc/salt-docker/keys` and copying the minion keys inside `keys/minions/` directory:
+
+```sh
+mkdir -p key/minions
+cp -v /etc/salt/pki/minion/minion.pub keys/minions/minion1
+
+docker run --name salt_master -d \
+    --publish 4505:4505 --publish 4506:4506 \
+    --env 'SALT_LOG_LEVEL=info' \
+    --read-only --volume ./srv/:/srv/ \
+    --volume ./keys/:/etc/salt-docker/keys/ \
+    cdalvaro/saltstack_master:2018.3.2
+```
+
+## Usage
+
+To test which salt minions are listening the following command can be executed from the master service:
+
+```sh
+docker-compose exec master salt '*' test.ping
+```
+
+Then, you can apply salt states to your minions:
+
+```sh
+docker-compose exec master salt '*' state.apply
+```
+
+## Shell Access
+
+For debugging and maintenance purposes you may want access the container shell. If you are using docker version 1.3.0 or higher you can access a running container shell using docker exec command.
+
+```sh
+docker exec -it salt_master bash
+```
+
+## References
+
+- https://docs.saltstack.com/en/latest/topics/installation/index.html
+- https://docs.saltstack.com/en/latest/topics/tutorials/salt_bootstrap.html
+- https://github.com/saltstack/salt/releases
+

assets/runtime/functions.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+# This function copies minion keys
+function copy_minion_keys()
+{
+    echo "Copying minion keys..."
+
+    if [ -d "${SALT_KEYS_DIR}/master" ] && [ ! -z "$(ls -A ${SALT_KEYS_DIR}/master)" ]; then
+        mkdir -v -p -m 0700 ${SALT_MASTER_DIR}
+        cp -v ${SALT_KEYS_DIR}/master/master.{pem,pub} ${SALT_MASTER_DIR}
+        chown -v root:root ${SALT_MASTER_DIR}/master.{pem,pub}
+    fi
+
+    if [ -d "${SALT_KEYS_DIR}/minions" ] && [ ! -z "$(ls -A ${SALT_KEYS_DIR}/minions)" ]; then
+        mkdir -v -p -m 0700 ${SALT_MASTER_DIR}/minions
+        cp -v ${SALT_KEYS_DIR}/minions/* ${SALT_MASTER_DIR}/minions
+        chown -v root:root ${SALT_MASTER_DIR}/minions/*
+    fi
+}
+

docker-compose.yml

@@ -0,0 +1,16 @@
+version: '3'
+
+services:
+  master:
+    container_name: salt_master
+    image: cdalvaro/saltstack-master:2018.3.2
+    build:
+      context: ./
+    volumes:
+      - "./srv/:/srv/:ro"
+    ports:
+      - "4505:4505/tcp"
+      - "4506:4506/tcp"
+    environment:
+      - SALT_LOG_LEVEL=info
+

entrypoint.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+set -e
+
+source "${SALT_RUNTIME_DIR}/functions.sh"
+
+# Copy minion keys
+copy_minion_keys
+
+exec salt-master --log-level=${SALT_LOG_LEVEL:-warning}
+