Saltmaster Dockerfiles

salt#master.sls

python-pip:
    pkg.installed

docker-py:
    pip.installed:
        - require:
            - pkg: python-pip

# TODO: ensure docker-py is declared a requirement for all dockerio states without having to explicitely declare the requirement in each container state again

saltmaster-container:
    docker.installed:
        - name: saltmaster-daemon
        - hostname: salt.dep.institution.tld
        - image: saltmaster-daemon
        - require_in: saltmaster

saltmaster:
    docker.running:
        - container: saltmaster-daemon
        - binds:
            /media/volumes/salt/master/pki: /var/lib/salt/pki
            /media/volumes/salt/master/fileserver: /srv/salt
        - port_bindings:
            "4505/tcp":
                HostIp: "0.0.0.0"
                HostPort: "4505"
            "4506/tcp":
                HostIp: "0.0.0.0"
                HostPort: "4506"

saltmaster-base#Dockerfile

FROM ubuntu:14.04

RUN apt-get update
RUN apt-get install -y --force-yes \
        software-properties-common \
        pciutils \
        debconf-utils
RUN add-apt-repository -y ppa:saltstack/salt

RUN apt-get update
# Make sure, the Salt installation succeeds, although it can't find any running Upstart
RUN dpkg-divert --local --rename --add /sbin/initctl
RUN ln -sf /bin/true /sbin/initctl
RUN apt-get install -y --force-yes \
        salt-common \
        salt-master \
        python-pip \
        python-cherrypy3 \
        python-ldap \
        python-git

# SSH identity for accessing the git repository for saltmaster's gitfs
ADD id_rsa /root/.ssh/id_rsa
ADD id_rsa.pub /root/.ssh/id_rsa.pub
ADD known_hosts /root/.ssh/known_hosts

ENV HOME /root
WORKDIR /root

saltmaster-daemon#Dockerfile

FROM saltmaster-base

ADD external_auth.conf /etc/salt/master.d/external_auth.conf
ADD fileserver.conf /etc/salt/master.d/fileserver.conf
ADD pki.conf /etc/salt/master.d/pki.conf 

RUN mkdir -p /var/lib/salt/pki/master

EXPOSE 4505 4506 8080

VOLUME /etc/salt
# Should be mounted from the host as it contains persistent data (the Salt PKI), defining it as a volume will cause a mess when running the container…
#VOLUME /var/lib/salt/pki/master
VOLUME /var/cache/salt/master
VOLUME /run/salt/master
# Should be mounted from the host as it contains persistent data (the Salt repository)
#VOLUME /srv/salt

RUN mkdir -p /var/cache/salt/master/gitfs

ENV HOME /root
CMD ["/usr/bin/salt-master", "-l", "info"]

saltmaster-daemon#external_auth.conf

external_auth:
  pam:
    salt:
      - .*
      - '@runner'
      - '@wheel'

saltmaster-daemon#fileserver.conf

fileserver_backend:
  - roots
  - git

file_roots:
  base:
    - /srv/salt
  dev:
    - /srv/salt

gitfs_remotes:
  - git@git.dep.institution.tld:salt-states.git
  - git@git.dep.institution.tld:salt-minions.git
  - git@git.dep.institution.tld:salt-formulas.git

saltmaster-daemon#pki.conf

pki_dir: /var/lib/salt/pki/master

saltmaster-shell#Dockerfile

FROM saltmaster-base

RUN apt-get install -y --force-yes vim git openssh-client
# Workaround for https://github.com/saltstack/salt/issues/8009
ADD local-salt.conf /root/.saltrc

ENV HOME /root
CMD ["/bin/bash"]

saltmaster-shell#local-salt.conf

# to be removed once https://github.com/saltstack/salt/issues/8009 is fixed
# simply using 'master' works fine without any changes, as long as the saltmaster-shell container is started with `--link=saltmaster-shell:master`
interface: master

Something I should have mentioned in my previous comment:
The whole idea of Docker containers is: to be disposable. They provide a static set of runtime data, but should never contain any persistent data. All working data need to be stored outside of a container.

Otherwise, one would lose all these data each time a container is updated (e.g. updating from Salt 2014.1.9 to 2014.1.10).