salt-minion: Add a Salt State minion image

If you already have a Salt setup, it might be easier to use Salt to
provision your container than to convert your Salt configs into
Dockerfiles.

diff --git a/README.md b/README.md
index 58a63c5f997bf56512e758d94043fd316e433aaa..a3b55df855b714e67354c399f7cc87cae153431f 100644 (file)
--- a/README.md
+++ b/README.md
@@ -31,6 +31,7 @@ The dependency graph is:
                 |   `-- kibana-azure  (adds Azure's Kibana)
                 |-- postgresql  (adds PostgreSQL)
                 |-- redis  (adds Redis)
+                |-- salt-minion  (adds a Salt Stack minion)
                 |-- stunnel  (adds stunnel)
                 `-- gentoo-java  (adds IcedTea)
                     `-- elasticsearch  (adds Elasticsearch)

diff --git a/build.sh b/build.sh
index db192217f7feefae5fc6981ef8fdfe73c0c5d5a2..3d9768c6285ffd54664ade55f0330e851760ae97 100755 (executable)
--- a/build.sh
+++ b/build.sh
@@ -58,6 +58,7 @@ REPOS="${REPOS:-
        package-cache
        postgresql
        redis
+       salt-minion
        stunnel
        }"
 

diff --git a/salt-minion/Dockerfile.template b/salt-minion/Dockerfile.template
new file mode 100644 (file)
index 0000000..7f3009d
--- /dev/null
+++ b/salt-minion/Dockerfile.template
@@ -0,0 +1,52 @@
+# Copyright (C) 2014 W. Trevor King <wking@tremily.us>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice, this
+# list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+FROM ${NAMESPACE}/gentoo-syslog:${TAG}
+MAINTAINER ${MAINTAINER}
+#VOLUME ["${PORTAGE}:/usr/portage:ro", "${PORTAGE}/distfiles:/usr/portage/distfiles:rw"]
+RUN echo 'app-admin/salt git' >> /etc/portage/package.use
+# required by app-admin/salt-0.17.4-r2
+# required by app-admin/salt (argument)
+RUN echo '=dev-python/pyyaml-3.10-r1 ~amd64' >> /etc/portage/package.accept_keywords
+# required by app-admin/salt (argument)
+RUN echo '=app-admin/salt-0.17.4-r2 ~amd64' >> /etc/portage/package.accept_keywords
+# required by app-admin/salt-0.17.4-r2
+# required by app-admin/salt (argument)
+RUN echo '=dev-python/pycryptopp-0.6.0 ~amd64' >> /etc/portage/package.accept_keywords
+# required by app-admin/salt-0.17.4-r2
+# required by app-admin/salt (argument)
+RUN echo '=dev-python/msgpack-0.4.0 ~amd64' >> /etc/portage/package.accept_keywords
+
+RUN emerge -v app-admin/salt
+RUN eselect news read new
+RUN rc-update add salt-minion default
+
+RUN sed -i 's|^#\(log_file: file:///dev/log\)|\1|' /etc/salt/minion
+RUN sed -i 's|^\(#log_level_logfile:.*\)$|\1\nlog_level_logfile: info|' /etc/salt/minion
+
+# Container networking happens automatically
+RUN sed -i 's/need net$/use net/' /etc/init.d/*
+
+CMD rc default && tail -F /var/log/messages
+EXPOSE 80

diff --git a/salt-minion/README.md b/salt-minion/README.md
new file mode 100644 (file)
index 0000000..69263fb
--- /dev/null
+++ b/salt-minion/README.md
@@ -0,0 +1,33 @@
+Run this [Salt Stack][salt] minion image with:
+
+    $ docker run -d --name salt-minion-0 --hostname salt-minion-0 wking/salt-minion
+
+The [default master name][master-name] is `salt`, so make sure that
+resolves appropriately on your Docker host (via DNS or an entry in
+`/etc/hosts`).
+
+You have two options for setting up minon keys.  The more secure
+approach is to create and install minion keys on the master:
+
+    salt# mkdir /tmp/salt-minion-0
+    salt# chmod 700 /tmp/salt-minion-0
+    salt# salt-key --gen-keys=minion --gen-keys-dir=/tmp/salt-minion-0
+    salt# cp /tmp/salt-minion-0/minion.pub /etc/salt/pki/master/minions/salt-minion-0
+    salt# cp /etc/salt/pki/master/master.pub /tmp/salt-minion-0/minion_master.pub
+    salt# scp -rp /tmp/salt-minion-0/ docker-host:/etc/salt/pki/salt-minion-0/
+    salt# rm -rf /tmp/salt-minion-0
+
+and [preseed the minion][preseed] with a [volume
+mount][volume-mount]:
+
+    $ docker run -d --name salt-minion-0 --hostname salt-minion-0 \
+    >   -v /etc/salt/pki/salt-minion-0:/etc/salt/pki/minion wking/salt-minion
+
+The less secure approach is to [auto-accept][] the minion's
+internally-generated key.
+
+[salt]: http://saltstack.com/community.html
+[master-name]: http://docs.saltstack.com/ref/configuration/minion.html#master
+[preseed]: http://docs.saltstack.com/topics/tutorials/preseed_key.html
+[volume-mount]: http://docs.docker.io/en/latest/use/working_with_volumes/
+[auto-accept]: http://docs.saltstack.com/ref/configuration/master.html#auto-accept