MrPointy's journey designing, building and deploying private clouds

SALT: Minions in Docker containers

2015-05-07

This blog post quickly outlines getting a salt minion running in a Docker container. Why? There are many reasons, but i’m doing some scaeability testing and Docker containers provide me with the ‘volume’ of minions I need to test out some topologies and scenarios. Don’t worry, i’ll blog the results.

I need a mixture of platforms so i’ve decided to create a Centos6 and Centos7 Docker container, just to see what Salt thinks about all this.

###The Dockerfile(s)

##Centos6

1
2
3
4
5
6
7
8
9
10
FROM centos:6
MAINTAINER umm.no@nothere.com
RUN rpm -Uvh http://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
RUN yum install -y wget monit
RUN wget -O /tmp/install_salt.sh https://bootstrap.saltstack.com
RUN sh /tmp/install_salt.sh -D -X
RUN [ ! -d /etc/salt/minion.d ] && mkdir /etc/salt/minion.d
RUN echo "master: 192.168.10.48" >> /etc/salt/minion
ADD files/monit /etc/monit.d/monit
CMD ["/usr/bin/monit", "-I"]

##Centos7

1
2
3
4
5
6
7
8
9
10
FROM centos:7
MAINTAINER umm.no@nothere.com
RUN rpm -Uvh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
RUN yum install -y wget monit
RUN wget -O /tmp/install_salt.sh https://bootstrap.saltstack.com
RUN sh /tmp/install_salt.sh -D -X
RUN [ ! -d /etc/salt/minion.d ] && mkdir /etc/salt/minion.d
RUN echo "master: 192.168.10.48" >> /etc/salt/minion
ADD files/monit /etc/monit.d/monit
CMD ["/usr/bin/monit", "-I"]

in both cases the monit configuration that gets loaded looks like this :

1
2
3
4
check process salt-minion with pidfile /var/run/salt-minion.pid
start program = "/usr/bin/salt-minion -d"
stop program = "/usr/bin/pkill salt-minion"

###Build the images

1
2
$ cd centos6
$ docker build -t "salt-minion-centos6" --rm=true .
1
2
$ cd centos7
$ docker build -t "salt-minion-centos7" --rm=true .
1
2
3
$ docker images | egrep salt
salt-minion-centos7 latest b3c1ca3076ac 30 seconds ago 370.6 MB
salt-minion-centos6 latest 9ee2cdadc892 5 minutes ago 484.1 MB

Fire up the test environment

For my initial testing I want 100 Centos6 containers and 100 Centos7 containers, all related back to the salt maters on 192.168.10.48

##On the SALT master

1
2
3
4
[root@salt ~]# salt-key -L
Accepted Keys:
Unaccepted Keys:
Rejected Keys:

##On the Docker Host

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
$ for i in `seq 0 99`; do docker run -d --name="c6_$i" salt-minion-centos6; done
b129e6e9a92c7f5439199549f67d59cbf445f7c905c8fe68f1cd95e0f692ffad
160a78b01307726c3040a3bed0f42c295a0274775d24c4edd9aa2916a6953b87
99f18cf43abae006b3e01fa36d1812ac8b741c851269faaa21105993a31665ae
0db236685823218ba846275b5244307e627bcb9e1da75a2b440353135c519abe
.
.
.
$ for i in `seq 0 99`; do docker run -d --name="c7_$i" salt-minion-centos7; done
ed577522413f33a5e870c62e1f05508d6f56a8960f6616980e2aa9d170f57e9b
12c10edfd1fb89534e67b30a75d0112b55f63684ea226064b48b1edd9472a4de
dcd7e7425ca3d689c8617e7807b0a592565314be49a27a2f5350812775713725
.
.
.
$ docker ps | egrep salt-minion
d45c943ea510 salt-minion-centos7:latest "/usr/bin/monit -I" 41 seconds ago Up 40 seconds c7_99
9951ccd63705 salt-minion-centos7:latest "/usr/bin/monit -I" 42 seconds ago Up 41 seconds c7_98
5b47dd4917b8 salt-minion-centos7:latest "/usr/bin/monit -I" 42 seconds ago Up 41 seconds c7_97
0c252b520a68 salt-minion-centos7:latest "/usr/bin/monit -I" 43 seconds ago Up 42 seconds c7_96
.
.
.

##Back on the SALT master

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
[root@salt ~]# salt-key -L
Accepted Keys:
Unaccepted Keys:
008724bce6b1
023be4f3e0cf
03bc04f62fd6
0442bb9ce4b9
04e6f176cd3d
07f811c70bdc
088af2bf1976
089e1b7f39e2
09b44ba39edc
0c252b520a68
0db236685823
0f3b25c94449
119c90ae7ff2
11f5c4224792
1230b6750dcd
12b5ad4cfcc8
12c10edfd1fb
.
.
.
[root@salt ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
008724bce6b1
023be4f3e0cf
03bc04f62fd6
.
.
.
fd93bf76e714
fe6ba6f97ea0
fef8273497d1
salt.example.com
Proceed? [n/Y]Y
Key for minion 008724bce6b1 accepted.
Key for minion 023be4f3e0cf accepted.
Key for minion 03bc04f62fd6 accepted.
Key for minion 0442bb9ce4b9 accepted.
Key for minion 04e6f176cd3d accepted.
Key for minion 07f811c70bdc accepted.
Key for minion 088af2bf1976 accepted.
Key for minion 089e1b7f39e2 accepted.
Key for minion 09b44ba39edc accepted.
.
.
.
Key for minion fd93bf76e714 accepted.
Key for minion fe6ba6f97ea0 accepted.
Key for minion fef8273497d1 accepted.
Key for minion salt.example.com accepted.

##Testing SALT

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[root@salt ~]# salt '*' test.ping
fbf1aacdc50d:
True
aac116632b17:
True
7789e32a2968:
True
4c75b8f19ce8:
True
5e0fc81ae4d1:
True
bdfca46ae122:
True
14fcfb567e73:
True
d21f442a7950:
True
ee4699adfd55:
True
.
.
.

So now I can test out salt with my 200 minions and get ready for the next round of SALT fun

Cleaning up the Test Environment

Stopping the docker containers

1
2
3
4
5
6
7
8
9
10
$ docker ps | egrep "salt-minion" | awk '{print $1}' | xargs docker stop
d45c943ea510
9951ccd63705
5b47dd4917b8
.
.
.
.

Removing the docker containers

1
2
3
4
5
6
7
8
9
10
11
12
$ docker ps -a | egrep "salt-minion" | awk '{print $1}' | xargs docker rm
d45c943ea510
9951ccd63705
5b47dd4917b8
0c252b520a68
95bf6c3c374f
.
.
.
.

Removing the minion keys

1
2
3
4
5
6
[root@salt ~]# salt-key -D -y
Deleting the following keys:
Accepted Keys:
.
.
.