SaltStack is a configuration management tool / orchestration platform.
This image contains a running salt-master and salt-api process, which can be used to control other salt-minions.
$ docker run --name salt --hostname salt -P -e SALT_SHARED_SECRET=mysecretpassword -d saltstack/saltThe default salt user is created but the shared secret is specified in the /etc/salt/master.d/api.conf.
The api listens on port 8000 with ssl enabled.
There are many ways to extend the salt image. Without trying to support every possible use case, here are just a few that we have found useful.
The SaltStack image uses several environment variables which are easy to miss. While none of the variables are required, they may significantly aid you in using the image.
A JSON object. This variable is dumped to /etc/salt/master.d/master.conf and can be used to provide extra config for the salt master.
A JSON object. This variable is dumped to /etc/salt/master.d/api.conf, and defaults to the following.
rest_cherrypy:
port: 8000,
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/certs/localhost.key
external_auth:
sharedsecret:
salt: ['.*', '@wheel', '@jobs', '@runner']
sharedsecret: $SALT_SHARED_SECRETIf this environment variable is set, it will set the sharedsecret variable for using the salt-api with the salt user.
If the salt-master is not configured immediately at the start, the master config can be updated using wheel modules via the salt api using the Salt Config Wheel Module
In order to make volumes available to the salt user in the container, assign the group id 450 to the directory before it mounting it on the container.