Skip to content

Commit

Permalink
Feat: expose salt-api on 9080
Browse files Browse the repository at this point in the history
  • Loading branch information
@mbologna
mbologna committed Feb 11, 2021
1 parent c5f8980 commit 584dd6b
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 7 deletions.
12 changes: 6 additions & 6 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ This repository contains two **Dockerfile**s of [*SaltStack*](https://http://sal
In particular, this repository contains two Docker images:

* [**saltstack-master**](https://registry.hub.docker.com/u/mbologna/saltstack-master): a SaltStack master container image. This salt setup accepts all minions that connects to it and comes with netapi module (cherrypy) enabled.
This container works with `supervisord` to automatically launch `salt-master` and `salt-api` daemons.
This container works with `supervisord` to automatically launch `salt-master` and `salt-api` daemons.
* [**saltstack-minion**](https://registry.hub.docker.com/u/mbologna/saltstack-minion): a SaltStack minion container image.

## Base Docker image
Expand All @@ -25,7 +25,7 @@ This container works with `supervisord` to automatically launch `salt-master` an
### Start `saltstack-master` container

```bash
docker run -d --hostname saltmaster --name saltmaster -v `pwd`/srv/salt:/srv/salt -p 8000:8000 -ti mbologna/saltstack-master
docker run -d --hostname saltmaster --name saltmaster -v `pwd`/srv/salt:/srv/salt -p 9080:9080 -ti mbologna/saltstack-master
```

### Start `saltstack-minion` container (could be more than one!)
Expand Down Expand Up @@ -60,7 +60,7 @@ docker exec saltmaster /bin/sh -c "salt '*' cmd.run 'uname -a'"

1. Get a token to use in all subsequent calls:
```bash
curl -sS http://localhost:8000/login -c ~/cookies.txt -H 'Accept: application/json' -d username=saltdev -d password=saltdev -d eauth=pam
curl -sS http://localhost:9080/login -c ~/cookies.txt -H 'Accept: application/json' -d username=saltdev -d password=saltdev -d eauth=pam
```
```
{
Expand All @@ -80,7 +80,7 @@ docker exec saltmaster /bin/sh -c "salt '*' cmd.run 'uname -a'"
```
2. Invoke Salt using saved token:
```bash
curl -sS http://localhost:8000 -b ~/cookies.txt -H 'Accept: application/json' -d client=local -d tgt='*' -d fun=cmd.run -d arg="uptime"
curl -sS http://localhost:9080 -b ~/cookies.txt -H 'Accept: application/json' -d client=local -d tgt='*' -d fun=cmd.run -d arg="uptime"
```
```
{
Expand Down Expand Up @@ -124,7 +124,7 @@ docker exec saltmaster /bin/sh -c "salt saltminion1 state.apply tmux"
Comment: The following packages were installed/updated: tmux
Started: 12:25:42.977107
Duration: 22305.267 ms
Changes:
Changes:
----------
tmux:
----------
Expand All @@ -143,7 +143,7 @@ docker exec saltmaster /bin/sh -c "salt saltminion1 state.apply tmux"

## Caveats and security

* `saltstack-master` exposes port `8000/tcp` (**NO SSL**) in order to consume `salt-api` via its HTTP interface.
* `saltstack-master` exposes port `9080/tcp` (**NO SSL**) in order to consume `salt-api` via its HTTP interface.

**WARNING**: your credentials travel in plain-text.

Expand Down
2 changes: 1 addition & 1 deletion etc_master/salt/master.d/netapi.conf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
rest_cherrypy:
port: 8000
port: 9080
disable_ssl: True
external_auth:
pam:
Expand Down

0 comments on commit 584dd6b

Please sign in to comment.