- Build an image from the Dockerfile:
docker build --rm=true -t="salt-apache" - Install salt-master and configure it to auto_accept minion keys
- Spin up some docker containers from the
salt-apachedocker image created in step 1:
for i in {1..5}; do docker run --privileged --hostname=salt-test-$i --add-host=salt:10.0.2.15 -p 800$i:443 -p 810$i:80 --name=salt-minion$i -e "ADDR=172.17.0.1$i" -e "ETH0=172.17.0.$i" -d salt-apache; done - Make sure the minions are listed on the Salt master:
salt-key -L - Run the initialize.sls state file on all minions to set up apache to use mod_ssl, create a local certificate authority, generate certificates, create a virtual interface, and get services started:
salt '**' state.sls apache.initialize
*** Note: In order for salt to locate apache.initialize, you'll need an apache folder in your Salt master's file_roots base directory
** If your file_roots base is /srv/salt, create a subdirectory called 'apache' and copy initialize.sls into it - Create a directory called '_grains' in your file_roots base directory and copy the tls grain file (v4.py) into it:
mkdir /srv/salt/_grains && cp v4.py /srv/salt/_grains - Sync the grain to the minions:
salt '*' saltutil.sync_grains - You're ready to get TLS data back via the grain. Tell salt to get the cert grain from a minion:
salt 'salt-test-1' grains.get cert
PredatorVI/tls_grain_demo
Folders and files
| Name | Name | Last commit date | ||
|---|---|---|---|---|