From ee3111cf020ca9d2e252e176d4f82d9ab0fadb5b Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Mon, 24 Feb 2014 15:07:59 -0800 Subject: [PATCH] salt-minion: Add a Salt State minion image If you already have a Salt setup, it might be easier to use Salt to provision your container than to convert your Salt configs into Dockerfiles. --- README.md | 1 + build.sh | 1 + salt-minion/Dockerfile.template | 52 +++++++++++++++++++++++++++++++++ salt-minion/README.md | 33 +++++++++++++++++++++ 4 files changed, 87 insertions(+) create mode 100644 salt-minion/Dockerfile.template create mode 100644 salt-minion/README.md diff --git a/README.md b/README.md index 58a63c5..a3b55df 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,7 @@ The dependency graph is: | `-- kibana-azure (adds Azure's Kibana) |-- postgresql (adds PostgreSQL) |-- redis (adds Redis) + |-- salt-minion (adds a Salt Stack minion) |-- stunnel (adds stunnel) `-- gentoo-java (adds IcedTea) `-- elasticsearch (adds Elasticsearch) diff --git a/build.sh b/build.sh index db19221..3d9768c 100755 --- a/build.sh +++ b/build.sh @@ -58,6 +58,7 @@ REPOS="${REPOS:- package-cache postgresql redis + salt-minion stunnel }" diff --git a/salt-minion/Dockerfile.template b/salt-minion/Dockerfile.template new file mode 100644 index 0000000..7f3009d --- /dev/null +++ b/salt-minion/Dockerfile.template @@ -0,0 +1,52 @@ +# Copyright (C) 2014 W. Trevor King +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +FROM ${NAMESPACE}/gentoo-syslog:${TAG} +MAINTAINER ${MAINTAINER} +#VOLUME ["${PORTAGE}:/usr/portage:ro", "${PORTAGE}/distfiles:/usr/portage/distfiles:rw"] +RUN echo 'app-admin/salt git' >> /etc/portage/package.use +# required by app-admin/salt-0.17.4-r2 +# required by app-admin/salt (argument) +RUN echo '=dev-python/pyyaml-3.10-r1 ~amd64' >> /etc/portage/package.accept_keywords +# required by app-admin/salt (argument) +RUN echo '=app-admin/salt-0.17.4-r2 ~amd64' >> /etc/portage/package.accept_keywords +# required by app-admin/salt-0.17.4-r2 +# required by app-admin/salt (argument) +RUN echo '=dev-python/pycryptopp-0.6.0 ~amd64' >> /etc/portage/package.accept_keywords +# required by app-admin/salt-0.17.4-r2 +# required by app-admin/salt (argument) +RUN echo '=dev-python/msgpack-0.4.0 ~amd64' >> /etc/portage/package.accept_keywords + +RUN emerge -v app-admin/salt +RUN eselect news read new +RUN rc-update add salt-minion default + +RUN sed -i 's|^#\(log_file: file:///dev/log\)|\1|' /etc/salt/minion +RUN sed -i 's|^\(#log_level_logfile:.*\)$|\1\nlog_level_logfile: info|' /etc/salt/minion + +# Container networking happens automatically +RUN sed -i 's/need net$/use net/' /etc/init.d/* + +CMD rc default && tail -F /var/log/messages +EXPOSE 80 diff --git a/salt-minion/README.md b/salt-minion/README.md new file mode 100644 index 0000000..69263fb --- /dev/null +++ b/salt-minion/README.md @@ -0,0 +1,33 @@ +Run this [Salt Stack][salt] minion image with: + + $ docker run -d --name salt-minion-0 --hostname salt-minion-0 wking/salt-minion + +The [default master name][master-name] is `salt`, so make sure that +resolves appropriately on your Docker host (via DNS or an entry in +`/etc/hosts`). + +You have two options for setting up minon keys. The more secure +approach is to create and install minion keys on the master: + + salt# mkdir /tmp/salt-minion-0 + salt# chmod 700 /tmp/salt-minion-0 + salt# salt-key --gen-keys=minion --gen-keys-dir=/tmp/salt-minion-0 + salt# cp /tmp/salt-minion-0/minion.pub /etc/salt/pki/master/minions/salt-minion-0 + salt# cp /etc/salt/pki/master/master.pub /tmp/salt-minion-0/minion_master.pub + salt# scp -rp /tmp/salt-minion-0/ docker-host:/etc/salt/pki/salt-minion-0/ + salt# rm -rf /tmp/salt-minion-0 + +and [preseed the minion][preseed] with a [volume +mount][volume-mount]: + + $ docker run -d --name salt-minion-0 --hostname salt-minion-0 \ + > -v /etc/salt/pki/salt-minion-0:/etc/salt/pki/minion wking/salt-minion + +The less secure approach is to [auto-accept][] the minion's +internally-generated key. + +[salt]: http://saltstack.com/community.html +[master-name]: http://docs.saltstack.com/ref/configuration/minion.html#master +[preseed]: http://docs.saltstack.com/topics/tutorials/preseed_key.html +[volume-mount]: http://docs.docker.io/en/latest/use/working_with_volumes/ +[auto-accept]: http://docs.saltstack.com/ref/configuration/master.html#auto-accept -- 2.26.2