Skip to content

Instantly share code, notes, and snippets.

@sckevmit

sckevmit/salt#master.sls

Forked from eliasp/salt#master.sls
Last active August 29, 2015 14:07
Show Gist options
  • Save sckevmit/a11520e2a1bed13b1c03 to your computer and use it in GitHub Desktop.
Save sckevmit/a11520e2a1bed13b1c03 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
salt#master.sls
python-pip:
pkg.installed
docker-py:
pip.installed:
- require:
- pkg: python-pip
# TODO: ensure docker-py is declared a requirement for all dockerio states without having to explicitely declare the requirement in each container state again
saltmaster-container:
docker.installed:
- name: saltmaster-daemon
- hostname: salt.dep.institution.tld
- image: saltmaster-daemon
- require_in: saltmaster
saltmaster:
docker.running:
- container: saltmaster-daemon
- binds:
/media/volumes/salt/master/pki: /var/lib/salt/pki
/media/volumes/salt/master/fileserver: /srv/salt
- port_bindings:
"4505/tcp":
HostIp: "0.0.0.0"
HostPort: "4505"
"4506/tcp":
HostIp: "0.0.0.0"
HostPort: "4506"
Raw
saltmaster-base#Dockerfile
FROM ubuntu:14.04
RUN apt-get update
RUN apt-get install -y --force-yes \
software-properties-common \
pciutils \
debconf-utils
RUN add-apt-repository -y ppa:saltstack/salt
RUN apt-get update
# Make sure, the Salt installation succeeds, although it can't find any running Upstart
RUN dpkg-divert --local --rename --add /sbin/initctl
RUN ln -sf /bin/true /sbin/initctl
RUN apt-get install -y --force-yes \
salt-common \
salt-master \
python-pip \
python-cherrypy3 \
python-ldap \
python-git
# SSH identity for accessing the git repository for saltmaster's gitfs
ADD id_rsa /root/.ssh/id_rsa
ADD id_rsa.pub /root/.ssh/id_rsa.pub
ADD known_hosts /root/.ssh/known_hosts
ENV HOME /root
WORKDIR /root
Raw
saltmaster-daemon#Dockerfile
FROM saltmaster-base
ADD external_auth.conf /etc/salt/master.d/external_auth.conf
ADD fileserver.conf /etc/salt/master.d/fileserver.conf
ADD pki.conf /etc/salt/master.d/pki.conf
RUN mkdir -p /var/lib/salt/pki/master
EXPOSE 4505 4506 8080
VOLUME /etc/salt
# Should be mounted from the host as it contains persistent data (the Salt PKI), defining it as a volume will cause a mess when running the container…
#VOLUME /var/lib/salt/pki/master
VOLUME /var/cache/salt/master
VOLUME /run/salt/master
# Should be mounted from the host as it contains persistent data (the Salt repository)
#VOLUME /srv/salt
RUN mkdir -p /var/cache/salt/master/gitfs
ENV HOME /root
CMD ["/usr/bin/salt-master", "-l", "info"]
Raw
saltmaster-daemon#external_auth.conf
external_auth:
pam:
salt:
- .*
- '@runner'
- '@wheel'
Raw
saltmaster-daemon#fileserver.conf
fileserver_backend:
- roots
- git
file_roots:
base:
- /srv/salt
dev:
- /srv/salt
gitfs_remotes:
- [email protected]:salt-states.git
- [email protected]:salt-minions.git
- [email protected]:salt-formulas.git
Raw
saltmaster-daemon#pki.conf
pki_dir: /var/lib/salt/pki/master
Raw
saltmaster-shell#Dockerfile
FROM saltmaster-base
RUN apt-get install -y --force-yes vim git openssh-client
# Workaround for https://github.com/saltstack/salt/issues/8009
ADD local-salt.conf /root/.saltrc
ENV HOME /root
CMD ["/bin/bash"]
Raw
saltmaster-shell#local-salt.conf
# to be removed once https://github.com/saltstack/salt/issues/8009 is fixed
# simply using 'master' works fine without any changes, as long as the saltmaster-shell container is started with `--link=saltmaster-shell:master`
interface: master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment