Ive have been looking for tutorials to help me understand it but my searches has been unsuccessful. so I was wondering if it is possible for a Saltstack Master to install packages, say apache-mysql-php, inside a docker container started inside a Saltstack Minion ?
Asked
Active
Viewed 724 times
1 Answers
0
The trick is initially setting up the master/minion keys and then later cleaning up those keys when the container is discarded.
I've seen setups where this is avoided by using salt-call locally. This involves injecting / sharing the salt states and pillar filesystem. Note that this kind of scenario ruins some of the benefits of the pillar system - each container will have a copy of the entire pillar instead of just its subset.
Dan Garthwaite
- 2,922
- 18
- 29
-
thanks for the reply. I have set up the master minion keys but i still remain doubtful if we can install packages onto the container, once it is up, using saltstack. Is there any other way to do it, like build an image and then run the container ? is that possible ? – vivek o.s Aug 05 '15 at 09:44
-
Yes. Docker is just a clever container manager - you can use the containers like any old system with only a few caveats. Even with "best practices" of exposing only one service per container you'll find that `apt-get update && apt-get update -y` is usually the first step in the Dockerfile. – Dan Garthwaite Aug 05 '15 at 10:52
-
Indeed Docker is clever and I have done the same requirement with Ansible as configuration management tool. It was quite easy with ansible to spin up a docker image, install php-apache-mysql, transfer files without requiring a dockerfile to do any of that. The inbuilt functions in Ansible took care of it quite well. Similarly, I am wondering whether Saltstack can install packages prior/after deploying a containers in the minion. If you can provide a small example of say just installing apache in a container spun up in a salt minion, would be helpful. Any other examples are also welcomed. :) – vivek o.s Aug 06 '15 at 06:36
-
`salt-call --local state.highstate` No minion required. You might want to create a new question, perhaps marking this one answered? – Dan Garthwaite Aug 06 '15 at 15:05
-
Isnt salt-call used to make master-less call from a minion ?? Even then it doesn't help my purpose, which is to install something in a container spun up in a minion by the master Saltstack. Everything has to happen from masterside. Im sorry, but I still don't have a clear answer for that yet. – vivek o.s Aug 08 '15 at 03:00
-
You didn't mention master/minion in the question. Automating that key exchange is a chicken and the egg problem. You can [temporarily or not] set the master to auto-except new minions. That would do it. Also there is a way to pre-compute the minion's key, if I remember correctly, and then you can push that into the minion. – Dan Garthwaite Aug 09 '15 at 13:17
-
Dear Dan, yeah.. im sorry about not notifying about the master-slave set up. I have edited the question to reflect the same. So according to you, there is no inbuilt functions or commands in the Saltstack to install packages inside a container created by the master, inside the minion.Only way to go about it is to either precompute the key and have it placed in the minion, or auto accept the new minions. Is that right ?? – vivek o.s Aug 18 '15 at 10:46
-
Yes, you need a secure key exchange one way or the other, or disable security altogether. It is a tricky problem for all config managers with docker. – Dan Garthwaite Aug 18 '15 at 17:33
-
Mr.Dan, I was wondering, instead of having the container up in the minion and install packages from the server, is it possible to have the container build in the minion using saltstack master, and have the packages integrated while the container is build. I couldnt find any modules in Saltstack that helped me do that. Does saltstack have such a capability ? – vivek o.s Sep 02 '15 at 16:12