Some weeks ago I started learning SaltStack for a project at work. But I couldn’t find a good Docker image for that and I had to ask the Ops team for some VM’s. We are having a rainy weekend in Auckland, so I decided to have another look at the Jenkins SaltStack Plug-in.
But now since I was at home, I couldn’t use the VM’s that I had access to at work. So decided to look again at Docker or Vagrant images. After playing with a few images, I found bbinet/salt-master. It not only sets up a master, but also provides an easy way to enable the cherrypy API (necessary for the Jenkins plug-in).
This post describes the steps that I took to have a running Salt Master with the API enabled. First you need to create some directories and files to use with the image.
shell$ mkdir ~/master && cd ~/master shell$ mkdir -p config/master.d/ shell$ vim config/master.d/api.conf
The api.conf contains the SaltStack API configuration. You can change port, user and other settings if necessary. Just remember to add a credential in Jenkins for the plug-in.
# File: api.conf external_auth: pam: saltapiuser: - .* - '@runner' - '@wheel' - '@jobs' rest_cherrypy: port: 8000 host: 0.0.0.0 disable_ssl: True static: /opt/molten static_path: /assets app: /opt/molten/index.html app_path: /molten
The image also conveniently provides a script that is executed before the entry point (if provided). So we can also create a user for the API automatically when the image is created.
shell$ vim config/before-exec.sh
#!/bin/bash # File: before-exec.sh useradd saltapiuser echo -e "nosecret\nnosecret\n" | passwd saltapiuser exit 0
Also make the script executable.
chmod +x config/before-exec.sh
And finally start the container.
docker run --name salt-master -v $PWD/config:/config \ -p 4505:4505 -p 4506:4506 -p 443:443 -p 8000:8000 \ bbinet/salt-master
Once the container is running, you can go to http://localhost:8000 and log in as saltapiuser:nosecret, and also configure your plug-in in Jenkins.