lrhazi · July 19, 2014 22:05
diff --git a/saltmaster-base-Dockerfile b/saltmaster-base-Dockerfile
 FROM stackbrew/ubuntu:saucy

 RUN apt-get update
 RUN apt-get install -y --force-yes \
        software-properties-common \
        pciutils \
        debconf-utils
 RUN add-apt-repository -y ppa:saltstack/salt

 RUN apt-get update
 # Make sure, the Salt installation succeeds, although it can't find any running Upstart
 RUN dpkg-divert --local --rename --add /sbin/initctl
 RUN ln -sf /bin/true /sbin/initctl
 RUN apt-get install -y --force-yes \
        salt-common \
        salt-master \
        python-pip \
        python-cherrypy3 \
        python-ldap \
        python-git
 RUN pip install -U halite

 # SSH identity for accessing the git repository for saltmaster's gitfs
 ADD id_rsa /root/.ssh/id_rsa
 ADD id_rsa.pub /root/.ssh/id_rsa.pub
 ADD known_hosts /root/.ssh/known_hosts

 ENV HOME /root
 WORKDIR /root
diff --git a/saltmaster-daemon-Dockerfile b/saltmaster-daemon-Dockerfile
 FROM dep/saltmaster-base

 ADD external_auth.conf /etc/salt/master.d/external_auth.conf
 ADD fileserver.conf /etc/salt/master.d/fileserver.conf
 ADD halite.conf /etc/salt/master.d/halite.conf 
 ADD https://raw.github.com/eliasp/salt/auth-ldap/salt/auth/ldap.py /usr/share/pyshared/salt/auth/ldap.py

 EXPOSE 4505 4506 8080

 VOLUME /etc/salt
 VOLUME /var/cache/salt/master
 VOLUME /run/salt/master
 VOLUME /srv/salt

 RUN mkdir -p /var/cache/salt/master/gitfs

 ENV HOME /root

 # Using CMD instead of ENTRYPOINT allows overwriting the log-level in cases where manual debugging of the saltmaster daemon is required
 CMD ["/usr/bin/salt-master", "-l", "info"]
diff --git a/saltmaster-daemon-external_auth.conf b/saltmaster-daemon-external_auth.conf
 external_auth:
  pam:
    salt:
      - .*
      - '@runner'
      - '@wheel'
  ldap:
    # As long as there's no group support for external auth ACLs (https://github.com/saltstack/salt/issues/3238),
    # the IT staff members need to be listed individually
    it-user-001:
      - .*
    it-user-002:
      - .*

 # Requires LDAP SRV lookup implementation in salt/auth/ldap.py
 #auth.ldap.uri: "ldap:///dc=institution,dc=tld"
 auth.ldap.uri: "ldap://dc01.institution.tld"
 auth.ldap.binddn: "{{ username }}@institution.tld"
diff --git a/saltmaster-daemon-fileserver.conf b/saltmaster-daemon-fileserver.conf
 fileserver_backend:
  - roots
  - git

 file_roots:
  base:
    - /srv/salt/roots/base
  dev:
    - /srv/salt/roots/dev

 gitfs_remotes:
  - [email protected]:salt-states.git
diff --git a/saltmaster-daemon-halite.conf b/saltmaster-daemon-halite.conf
 halite:
  # Needs to be changed before being used in production
  level: 'debug'
  server: 'cherrypy'
  host: '0.0.0.0'
  port: '8080'
  cors: False
  # Needs to be changed before being used in production
  tls: False
diff --git a/saltmaster-shell-Dockerfile b/saltmaster-shell-Dockerfile
 FROM dep/saltmaster-base

 RUN apt-get install -y --force-yes vim git openssh-client
 # Workaround for https://github.com/saltstack/salt/issues/8009
 ADD local-salt.conf /root/.salt 

 ENV HOME /root

 CMD ["/bin/bash"]
diff --git a/saltmaster-shell-local-salt.conf b/saltmaster-shell-local-salt.conf
 # to be removed once https://github.com/saltstack/salt/issues/8009 is fixed
 interface: IP.of.the.saltmaster
	FROM stackbrew/ubuntu:saucy

	RUN apt-get update
	RUN apt-get install -y --force-yes \
	software-properties-common \
	pciutils \
	debconf-utils
	RUN add-apt-repository -y ppa:saltstack/salt

	RUN apt-get update
	# Make sure, the Salt installation succeeds, although it can't find any running Upstart
	RUN dpkg-divert --local --rename --add /sbin/initctl
	RUN ln -sf /bin/true /sbin/initctl
	RUN apt-get install -y --force-yes \
	salt-common \
	salt-master \
	python-pip \
	python-cherrypy3 \
	python-ldap \
	python-git
	RUN pip install -U halite

	# SSH identity for accessing the git repository for saltmaster's gitfs
	ADD id_rsa /root/.ssh/id_rsa
	ADD id_rsa.pub /root/.ssh/id_rsa.pub
	ADD known_hosts /root/.ssh/known_hosts

	ENV HOME /root
	WORKDIR /root
	FROM dep/saltmaster-base

	ADD external_auth.conf /etc/salt/master.d/external_auth.conf
	ADD fileserver.conf /etc/salt/master.d/fileserver.conf
	ADD halite.conf /etc/salt/master.d/halite.conf
	ADD https://raw.github.com/eliasp/salt/auth-ldap/salt/auth/ldap.py /usr/share/pyshared/salt/auth/ldap.py

	EXPOSE 4505 4506 8080

	VOLUME /etc/salt
	VOLUME /var/cache/salt/master
	VOLUME /run/salt/master
	VOLUME /srv/salt

	RUN mkdir -p /var/cache/salt/master/gitfs

	ENV HOME /root

	# Using CMD instead of ENTRYPOINT allows overwriting the log-level in cases where manual debugging of the saltmaster daemon is required
	CMD ["/usr/bin/salt-master", "-l", "info"]
	external_auth:
	pam:
	salt:
	- .*
	- '@runner'
	- '@wheel'
	ldap:
	# As long as there's no group support for external auth ACLs (https://github.com/saltstack/salt/issues/3238),
	# the IT staff members need to be listed individually
	it-user-001:
	- .*
	it-user-002:
	- .*

	# Requires LDAP SRV lookup implementation in salt/auth/ldap.py
	#auth.ldap.uri: "ldap:///dc=institution,dc=tld"
	auth.ldap.uri: "ldap://dc01.institution.tld"
	auth.ldap.binddn: "{{ username }}@institution.tld"
	fileserver_backend:
	- roots
	- git

	file_roots:
	base:
	- /srv/salt/roots/base
	dev:
	- /srv/salt/roots/dev

	gitfs_remotes:
	- [email protected]:salt-states.git
	halite:
	# Needs to be changed before being used in production
	level: 'debug'
	server: 'cherrypy'
	host: '0.0.0.0'
	port: '8080'
	cors: False
	# Needs to be changed before being used in production
	tls: False
	FROM dep/saltmaster-base

	RUN apt-get install -y --force-yes vim git openssh-client
	# Workaround for https://github.com/saltstack/salt/issues/8009
	ADD local-salt.conf /root/.salt

	ENV HOME /root

	CMD ["/bin/bash"]
	# to be removed once https://github.com/saltstack/salt/issues/8009 is fixed
	interface: IP.of.the.saltmaster