2016-11-28 19:54:17 +00:00
|
|
|
.. _docker-sls:
|
|
|
|
|
|
|
|
=====================================================
|
2016-07-29 16:32:10 +00:00
|
|
|
Running Salt States and Commands in Docker Containers
|
|
|
|
=====================================================
|
|
|
|
|
2016-10-27 21:26:30 +00:00
|
|
|
The 2016.11.0 release of Salt introduces the ability to execute Salt States
|
2016-07-29 16:32:10 +00:00
|
|
|
and Salt remote execution commands directly inside of Docker containers.
|
|
|
|
|
|
|
|
This addition makes it possible to not only deploy fresh containers using
|
|
|
|
Salt States. This also allows for running containers to be audited and
|
|
|
|
modified using Salt, but without running a Salt Minion inside the container.
|
|
|
|
Some of the applications include security audits of running containers as
|
|
|
|
well as gathering operating data from containers.
|
|
|
|
|
|
|
|
This new feature is simple and straightforward, and can be used via a running
|
|
|
|
Salt Minion, the Salt Call command, or via Salt SSH. For this tutorial we will
|
2016-08-01 21:00:37 +00:00
|
|
|
use the `salt-call` command, but like all salt commands these calls are
|
2016-07-29 16:32:10 +00:00
|
|
|
directly translatable to `salt` and `salt-ssh`.
|
|
|
|
|
|
|
|
Step 1 - Install Docker
|
|
|
|
=======================
|
|
|
|
|
|
|
|
Since setting up Docker is well covered in the Docker documentation we will
|
|
|
|
make no such effort to describe it here. Please see the Docker Installation
|
|
|
|
Documentation for installing and setting up Docker:
|
|
|
|
https://docs.docker.com/engine/installation/
|
|
|
|
|
|
|
|
The Docker integration also requires that the `docker-py` library is installed.
|
|
|
|
This can easily be done using pip or via your system package manager:
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
pip install docker-py
|
|
|
|
|
|
|
|
Step 2 - Install Salt
|
|
|
|
=====================
|
|
|
|
|
|
|
|
For this tutorial we will be using Salt Call, which is available in the
|
|
|
|
`salt-minion` package, please follow the Salt Installation docs found here:
|
|
|
|
https://repo.saltstack.com/
|
|
|
|
|
2016-08-01 20:23:07 +00:00
|
|
|
Step 3 - Create With Salt States
|
|
|
|
================================
|
2016-07-29 16:32:10 +00:00
|
|
|
|
|
|
|
Next some Salt States are needed, for this example a very basic state which
|
|
|
|
installs `vim` is used, but anything Salt States can do can be done here,
|
|
|
|
please see the Salt States Introduction Tutorial to learn more about Salt
|
|
|
|
States:
|
|
|
|
https://docs.saltstack.com/en/stage/getstarted/config/
|
|
|
|
|
|
|
|
For this tutorial, simply create a small state file in `/srv/salt/vim.sls`:
|
|
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
|
|
vim:
|
|
|
|
pkg.installed
|
|
|
|
|
2016-08-01 20:44:32 +00:00
|
|
|
.. note::
|
|
|
|
|
|
|
|
The base image you choose will need to have python 2.6 or 2.7 installed.
|
|
|
|
We are hoping to resolve this constraint in a future release.
|
|
|
|
|
2016-08-01 22:01:14 +00:00
|
|
|
If `base` is omitted the default image used is a minimal openSUSE
|
2016-08-01 21:00:37 +00:00
|
|
|
image with Python support, maintained by SUSE
|
2016-08-01 20:44:32 +00:00
|
|
|
|
2016-07-29 16:32:10 +00:00
|
|
|
Next run the `docker.sls_build` command:
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
2016-08-01 20:44:32 +00:00
|
|
|
salt-call --local dockerng.sls_build test base=my_base_image mods=vim
|
2016-07-29 16:32:10 +00:00
|
|
|
|
2016-08-01 21:55:46 +00:00
|
|
|
Now we have a fresh image called `test` to work with and vim has been
|
2016-07-29 16:32:10 +00:00
|
|
|
installed.
|
|
|
|
|
|
|
|
Step 4 - Running Commands Inside the Container
|
|
|
|
==============================================
|
|
|
|
|
|
|
|
Salt can now run remote execution functions inside the container with another
|
|
|
|
simple `salt-call` command:
|
|
|
|
|
|
|
|
.. code-block:: bash
|
|
|
|
|
|
|
|
salt-call --local dockerng.call test test.ping
|
|
|
|
salt-call --local dockerng.call test network.interfaces
|
|
|
|
salt-call --local dockerng.call test disk.usage
|
|
|
|
salt-call --local dockerng.call test pkg.list_pkgs
|
|
|
|
salt-call --local dockerng.call test service.running httpd
|
|
|
|
salt-call --local dockerng.call test cmd.run 'ls -l /etc'
|