doc/topics/tutorials/docker_sls.rst
.. _docker-sls:
=====================================================
Running Salt States and Commands in Docker Containers
=====================================================
The 2016.11.0 release of Salt introduces the ability to execute Salt States
and Salt remote execution commands directly inside of Docker containers.
This addition makes it possible to not only deploy fresh containers using
Salt States. This also allows for running containers to be audited and
modified using Salt, but without running a Salt Minion inside the container.
Some of the applications include security audits of running containers as
well as gathering operating data from containers.
This new feature is simple and straightforward, and can be used via a running
Salt Minion, the Salt Call command, or via Salt SSH. For this tutorial we will
use the `salt-call` command, but like all salt commands these calls are
directly translatable to `salt` and `salt-ssh`.
Step 1 - Install Docker
=======================
Since setting up Docker is well covered in the Docker documentation we will
make no such effort to describe it here. Please see the Docker Installation
Documentation for installing and setting up Docker:
https://docs.docker.com/engine/installation/
The Docker integration also requires that the `docker-py` library is installed.
This can easily be done using pip or via your system package manager:
.. code-block:: bash
pip install docker-py
Step 2 - Install Salt
=====================
For this tutorial we will be using Salt Call, which is available in the
`salt-minion` package, please follow the Salt Installation docs found here:
https://repo.saltstack.com/
Step 3 - Create With Salt States
================================
Next some Salt States are needed, for this example a very basic state which
installs `vim` is used, but anything Salt States can do can be done here,
please see the Salt States Introduction Tutorial to learn more about Salt
States:
https://docs.saltstack.com/en/stage/getstarted/config/
For this tutorial, simply create a small state file in `/srv/salt/vim.sls`:
.. code-block:: yaml
vim:
pkg.installed
.. note::
The base image you choose will need to have python 2.6 or 2.7 installed.
We are hoping to resolve this constraint in a future release.
If `base` is omitted the default image used is a minimal openSUSE
image with Python support, maintained by SUSE
Next run the `docker.sls_build` command:
.. code-block:: bash
salt-call --local dockerng.sls_build test base=my_base_image mods=vim
Now we have a fresh image called `test` to work with and vim has been
installed.
Step 4 - Running Commands Inside the Container
==============================================
Salt can now run remote execution functions inside the container with another
simple `salt-call` command:
.. code-block:: bash
salt-call --local dockerng.call test test.version
salt-call --local dockerng.call test network.interfaces
salt-call --local dockerng.call test disk.usage
salt-call --local dockerng.call test pkg.list_pkgs
salt-call --local dockerng.call test service.running httpd
salt-call --local dockerng.call test cmd.run 'ls -l /etc'