nee2c
/
salt
mirror of https://github.com/nee2c/salt.git


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889
							.. _docker-sls:

=====================================================
Running Salt States and Commands in Docker Containers
=====================================================

The 2016.11.0 release of Salt introduces the ability to execute Salt States
and Salt remote execution commands directly inside of Docker containers.

This addition makes it possible to not only deploy fresh containers using
Salt States. This also allows for running containers to be audited and
modified using Salt, but without running a Salt Minion inside the container.
Some of the applications include security audits of running containers as
well as gathering operating data from containers.

This new feature is simple and straightforward, and can be used via a running
Salt Minion, the Salt Call command, or via Salt SSH. For this tutorial we will
use the `salt-call` command, but like all salt commands these calls are
directly translatable to `salt` and `salt-ssh`.

Step 1 - Install Docker
=======================

Since setting up Docker is well covered in the Docker documentation we will
make no such effort to describe it here. Please see the Docker Installation 
Documentation for installing and setting up Docker:
https://docs.docker.com/engine/installation/

The Docker integration also requires that the `docker-py` library is installed.
This can easily be done using pip or via your system package manager:

.. code-block:: bash

    pip install docker-py

Step 2 - Install Salt
=====================

For this tutorial we will be using Salt Call, which is available in the
`salt-minion` package, please follow the Salt Installation docs found here:
https://repo.saltstack.com/

Step 3 - Create With Salt States
================================

Next some Salt States are needed, for this example a very basic state which
installs `vim` is used, but anything Salt States can do can be done here,
please see the Salt States Introduction Tutorial to learn more about Salt
States:
https://docs.saltstack.com/en/stage/getstarted/config/

For this tutorial, simply create a small state file in `/srv/salt/vim.sls`:

.. code-block:: yaml

    vim:
      pkg.installed

.. note::

    The base image you choose will need to have python 2.6 or 2.7 installed.
    We are hoping to resolve this constraint in a future release.

    If `base` is omitted the default image used is a minimal openSUSE
    image with Python support, maintained by SUSE

Next run the `docker.sls_build` command:

.. code-block:: bash

    salt-call --local dockerng.sls_build test base=my_base_image mods=vim

Now we have a fresh image called `test` to work with and vim has been
installed.

Step 4 - Running Commands Inside the Container
==============================================

Salt can now run remote execution functions inside the container with another
simple `salt-call` command:

.. code-block:: bash

    salt-call --local dockerng.call test test.version
    salt-call --local dockerng.call test network.interfaces
    salt-call --local dockerng.call test disk.usage
    salt-call --local dockerng.call test pkg.list_pkgs
    salt-call --local dockerng.call test service.running httpd
    salt-call --local dockerng.call test cmd.run 'ls -l /etc'