{"id":14965323,"url":"https://github.com/cdalvaro/docker-salt-master","last_synced_at":"2026-02-22T13:02:11.599Z","repository":{"id":37535122,"uuid":"150004074","full_name":"cdalvaro/docker-salt-master","owner":"cdalvaro","description":"πŸ³πŸ§‚ Dockerized Salt Master - Boost your @saltstack master service with the power of @docker","archived":false,"fork":false,"pushed_at":"2024-10-29T18:47:15.000Z","size":2265,"stargazers_count":93,"open_issues_count":3,"forks_count":26,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-10-29T19:03:38.274Z","etag":null,"topics":["configuration-management","containers","devops","docker","docker-image","docker-salt-master","git-fileserver","pygit2","salt","salt-api","salt-master","saltproject","saltstack","saltstack-master"],"latest_commit_sha":null,"homepage":"https://docs.saltproject.io","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cdalvaro.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"cdalvaro"}},"created_at":"2018-09-23T16:38:54.000Z","updated_at":"2024-10-28T19:05:47.000Z","dependencies_parsed_at":"2023-10-11T10:27:02.439Z","dependency_job_id":"9da67dd9-0c02-4874-b056-547e84efb26c","html_url":"https://github.com/cdalvaro/docker-salt-master","commit_stats":{"total_commits":501,"total_committers":6,"mean_commits":83.5,"dds":"0.32534930139720564","last_synced_commit":"453f2ff5367a377d5c7ace7d8d7273f8df165be8"},"previous_names":[],"tags_count":69,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdalvaro%2Fdocker-salt-master","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdalvaro%2Fdocker-salt-master/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdalvaro%2Fdocker-salt-master/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdalvaro%2Fdocker-salt-master/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cdalvaro","download_url":"https://codeload.github.com/cdalvaro/docker-salt-master/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247386264,"owners_count":20930619,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["configuration-management","containers","devops","docker","docker-image","docker-salt-master","git-fileserver","pygit2","salt","salt-api","salt-master","saltproject","saltstack","saltstack-master"],"created_at":"2024-09-24T13:34:35.128Z","updated_at":"2026-02-22T13:02:11.572Z","avatar_url":"https://github.com/cdalvaro.png","language":"Shell","readme":"# Dockerized Salt Master\n\n\u003cpicture align=\"center\"\u003e\n \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"/social/docker-salt-master-banner-dark.png\"\u003e\n \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"/social/docker-salt-master-banner-light.png\"\u003e\n \u003cimg alt=\"cdalvaro's docker-salt-master banner.\" src=\"/social/docker-salt-master-banner-light.png\"\u003e\n\u003c/picture\u003e\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://docs.saltproject.io/en/latest/topics/releases/3007.13.html\"\u003e\u003cimg alt=\"Salt Project\" src=\"https://img.shields.io/badge/salt-3007.13%20sts-57BCAD.svg?logo=SaltProject\"/\u003e\u003c/a\u003e\n \u003ca href=\"https://docs.saltproject.io/en/3006/topics/releases/3006.22.html\"\u003e\u003cimg alt=\"Salt Project\" src=\"https://img.shields.io/badge/salt-3006.22%20lts-57BCAD.svg?logo=SaltProject\"/\u003e\u003c/a\u003e\n \u003ca href=\"https://gallery.ecr.aws/ubuntu/ubuntu\"\u003e\u003cimg alt=\"Ubuntu Image\" src=\"https://img.shields.io/badge/ubuntu-noble--20260113-E95420.svg?logo=Ubuntu\"/\u003e\u003c/a\u003e\n \u003ca href=\"https://hub.docker.com/repository/docker/cdalvaro/docker-salt-master/tags\"\u003e\u003cimg alt=\"Docker Image Size\" src=\"https://img.shields.io/docker/image-size/cdalvaro/docker-salt-master/latest?logo=docker\u0026color=2496ED\"/\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/users/cdalvaro/packages/container/package/docker-salt-master\"\u003e\u003cimg alt=\"Architecture AMD64\" src=\"https://img.shields.io/badge/arch-amd64-inactive.svg\"/\u003e\u003c/a\u003e\n \u003ca href=\"https://github.com/users/cdalvaro/packages/container/package/docker-salt-master\"\u003e\u003cimg alt=\"Architecture ARM64\" src=\"https://img.shields.io/badge/arch-arm64-inactive.svg\"/\u003e\u003c/a\u003e\n\u003c/p\u003e\n\nOther languages: [πŸ‡ͺπŸ‡Έ EspaΓ±ol](/docs/es-ES/README.md)\n\nDockerfile to build a [Salt Project](https://saltproject.io) Master image for the Docker open source container platform.\n\n`salt-master` is installed inside the image using the Salt Project repositories for Ubuntu as documented in the [official documentation](https://docs.saltproject.io/salt/install-guide/en/latest/topics/install-by-operating-system/linux-deb.html).\n\nFor other methods to install `salt-master`, please refer to\nthe [Salt install guide](https://docs.saltproject.io/salt/install-guide/en/latest/index.html).\n\n## 🐳 Installation\n\n### Container Registries\n\n#### Recommended\n\nAutomated builds of the image are available on\n[GitHub Container Registry](https://github.com/cdalvaro/docker-salt-master/pkgs/container/docker-salt-master) and is\nthe recommended method of installation.\n\n```sh\ndocker pull ghcr.io/cdalvaro/docker-salt-master:3007.13\n```\n\nYou can also pull the `latest` tag, which is built from the repository `HEAD`\n\n```sh\ndocker pull ghcr.io/cdalvaro/docker-salt-master:latest\n```\n\n#### Other Registries\n\nThese images are also available from:\n\n- [AWS ECR](https://gallery.ecr.aws/cdalvaro/docker-salt-master): `public.ecr.aws/cdalvaro/docker-salt-master`\n- [Docker Registry](https://hub.docker.com/r/cdalvaro/docker-salt-master): `docker.io/cdalvaro/docker-salt-master`\n- [Quay.io](https://quay.io/repository/cdalvaro/docker-salt-master): `quay.io/cdalvaro/docker-salt-master`\n\n#### Long Term Support\n\nIn addition to the latest Salt version, when new LTS (Long Term Support) versions are released, they will be packed into new images which will be available in the container registries as well.\n\n```sh\ndocker pull ghcr.io/cdalvaro/docker-salt-master:3006.22\n```\n\nThere are also specific tags for LTS and STS versions:\n\n- `ghcr.io/cdalvaro/docker-salt-master:lts`\n- `ghcr.io/cdalvaro/docker-salt-master:sts`\n\n\u003e [!NOTE]\n\u003e The `lts` image contains the same features as the `latest` image at the time the LTS version was released, but it will not be updated with new features added to `latest`.\n\u003e\n\u003e The `sts` image tracks the latest Short Term Support release of Salt and may not match `latest` if additional changes have been made after the STS release.\n\n#### Available Tags\n\n- `latest`\n- `3007.13`, `sts`\n- `3006.22`, `lts`\n\nAll versions have their SaltGUI counterparts:\n\n- `latest-gui`\n- `3007.13-gui`, `sts-gui`\n- `3006.22-gui`, `lts-gui`\n\n### Build From Source\n\nAlternatively, you can build the image locally using `make` command:\n\n```sh\nmake release\n```\n\n## πŸš€ Quick Start\n\nThe quickest way to get started is using [docker compose](https://docs.docker.com/compose/).\n\n```sh\nwget https://raw.githubusercontent.com/cdalvaro/docker-salt-master/master/compose.yml\n```\n\nStart the `docker-salt-master` container with the `compose.yml` file by executing:\n\n```sh\ndocker compose up --detach\n```\n\nAlternatively, you can manually launch the `docker-salt-master` container:\n\n```sh\ndocker run --name salt_master --detach \\\n --publish 4505:4505 --publish 4506:4506 \\\n --env 'SALT_LOG_LEVEL=info' \\\n --volume $(pwd)/roots/:/home/salt/data/srv/ \\\n --volume $(pwd)/keys/:/home/salt/data/keys/ \\\n --volume $(pwd)/logs/:/home/salt/data/logs/ \\\n ghcr.io/cdalvaro/docker-salt-master:latest\n```\n\n## βš™οΈ Configuration\n\n### Custom Configuration\n\nThis image uses its own `master.yml` file to configure `salt-master` to run properly inside the container. However, you\ncan still tune other configuration parameters to fit your needs by adding your configuration files inside a `config/`\ndirectory and mounting it into `/home/salt/data/config/`.\n\nFor example, you can customize the [Reactor System](https://docs.saltproject.io/en/latest/topics/reactor/index.html) by\nadding a `reactor.conf` file to `config/`:\n\n```sls\n# config/reactor.conf\nreactor: # Master config section \"reactor\"\n - 'salt/minion/*/start': # Match tag \"salt/minion/*/start\"\n - /home/salt/data/config/reactor/start.sls # Things to do when a minion starts\n```\n\nThen, you have to add the `start.sls` file into your `config/reactor/` directory:\n\n```sls\n# config/reactor/start.sls\nhighstate_run:\n local.state.apply:\n - tgt: {{ data['id'] }}\n```\n\nFinally, run your `docker-salt-master` instance mounting the required directories:\n\n```sh\ndocker run --name salt_master -d \\\n --publish 4505:4505 --publish 4506:4506 \\\n --volume $(pwd)/roots/:/home/salt/data/srv/ \\\n --volume $(pwd)/keys/:/home/salt/data/keys/ \\\n --volume $(pwd)/logs/:/home/salt/data/logs/ \\\n --volume $(pwd)/config/:/home/salt/data/config/ \\\n ghcr.io/cdalvaro/docker-salt-master:latest\n```\n\nThis image provides support for automatically restart `salt-master` when configuration files change.\nThis support is disabled by default, but it can be enabled by setting the\n`SALT_RESTART_MASTER_ON_CONFIG_CHANGE` environment variable to `True`.\n\n### Custom States\n\nIn order to provide salt with your custom states, you must bind the volume `/home/salt/data/srv/` to your `roots` directory.\n\n### Minion Keys\n\nMinion keys can be added automatically on startup to `docker-salt-master` by mounting the volume `/home/salt/data/keys`\nand copying the minion keys inside `keys/minions/` directory.\n\n**Note:** It is _recommended to mount this directory to a named volume or a host directory_. That way, you can manage your keys outside the container and avoid losing them when the container is removed.\n\n```sh\nmkdir -p keys/minions\nrsync root@minion1:/etc/salt/pki/minion/minion.pub keys/minions/minion1\n\ndocker run --name salt_master -d \\\n --publish 4505:4505 --publish 4506:4506 \\\n --env 'SALT_LOG_LEVEL=info' \\\n --volume $(pwd)/roots/:/home/salt/data/srv/ \\\n --volume $(pwd)/keys/:/home/salt/data/keys/ \\\n --volume $(pwd)/logs/:/home/salt/data/logs/ \\\n --volume $(pwd)/config/:/home/salt/data/config/ \\\n ghcr.io/cdalvaro/docker-salt-master:latest\n```\n\nAlso, you can set your `docker-salt-master` instance to auto accept minions that match certain grains. To do that, add\nthe `autosign_grains.conf` to your `config` directory:\n\n```sls\n# config/autosign_grains.conf\nautosign_grains_dir: /home/salt/data/srv/autosign_grains\n```\n\nThen, inside `roots/autosign_grains` you can place a file named like the grain you want to match and fill it with the\ncontent to match. For example, if you want to auto accept minions that belong to specific domains, you have to add\nthe `domain` file with the domains you want to allow:\n\n```sls\n# roots/autosign_grains/domain\ncdalvaro.io\ncdalvaro.com\n```\n\nIt is possible that you have to configure the minion to send the specific grains to the master in the minion config\nfile:\n\n```sls\n# minion: /etc/salt/minion.d/autosign_grains.conf\nautosign_grains:\n - domain\n```\n\nMore info at:\n[Salt Project - Auto accept Minions From Grains](https://docs.saltproject.io/en/latest/topics/tutorials/autoaccept_grains.html)\n\n### Master Signed Keys\n\nIt is possible to use signed master keys by establishing the environment variable `SALT_MASTER_SIGN_PUBKEY` to `True`.\n\n```sh\ndocker run --name salt_master --detach \\\n --publish 4505:4505 --publish 4506:4506 \\\n --env 'SALT_LOG_LEVEL=info' \\\n --env 'SALT_MASTER_SIGN_PUBKEY=True' \\\n --volume $(pwd)/roots/:/home/salt/data/srv/ \\\n --volume $(pwd)/keys/:/home/salt/data/keys/ \\\n --volume $(pwd)/logs/:/home/salt/data/logs/ \\\n ghcr.io/cdalvaro/docker-salt-master:latest\n```\n\nThe container will create the `master_sign` key and its signature. More information about how to configure the minion\nservice can be\nfound [here](https://docs.saltproject.io/en/latest/topics/tutorials/multimaster_pki.html#prepping-the-minion-to-verify-received-public-keys)\n.\n\nAdditionally, you can generate new signed keys for your existing master key\nby executing the following command:\n\n```sh\ndocker run --name salt_master -it --rm \\\n --volume $(pwd)/keys/:/home/salt/data/keys/ \\\n --volume $(pwd)/logs/:/home/salt/data/logs/ \\\n ghcr.io/cdalvaro/docker-salt-master:latest \\\n app:gen-signed-keys\n```\n\nThe newly created keys will appear inside `keys/generated/master_sign.XXXXX` directory.\nWhere `XXXXX` is a random code to avoid possible collisions with previous generated keys.\n\n#### Working with Secrets\n\nMaster keys can be provided via Docker secrets. To do that, you have to set the following environment variable:\n\n- `SALT_MASTER_KEY_FILE`: The path to the master-key-pair {pem,pub} files without suffixes.\n\nAdditionally, you can provide the master-sign key pair as well:\n\n- `SALT_MASTER_SIGN_KEY_FILE`: The path to the master-sign-key-pair {pem,pub} files without suffixes.\n- `SALT_MASTER_PUBKEY_SIGNATURE_FILE`: The path of the salt-master public key file with the pre-calculated signature.\n\nHere you have a complete `compose.yml` example\n\n```yml\nservices:\n salt-master:\n image: ghcr.io/cdalvaro/docker-salt-master:latest\n ports:\n - \"4505:4505\"\n - \"4506:4506\"\n volumes:\n - ./config:/home/salt/data/config\n secrets:\n - source: salt-master-key\n target: master.pem\n uid: 1000 # Or $PUID if env variable established\n gid: 1000 # Or $GUID if env variable established\n mode: 0400\n - source: salt-master-pub\n target: master.pub\n uid: 1000 # Or $PUID if env variable established\n gid: 1000 # Or $GUID if env variable established\n mode: 0644\n - source: salt-master-sign-priv-key\n target: master_sign.pem\n uid: 1000 # Or $PUID if env variable established\n gid: 1000 # Or $GUID if env variable established\n mode: 0400\n - source: salt-master-sign-pub-key\n target: master_sign.pub\n uid: 1000 # Or $PUID if env variable established\n gid: 1000 # Or $GUID if env variable established\n mode: 0644\n - source: salt-master-signature\n target: master_pubkey_signature\n uid: 1000 # Or $PUID if env variable established\n gid: 1000 # Or $GUID if env variable established\n mode: 0644\n environment:\n SALT_MASTER_SIGN_PUBKEY: True\n SALT_MASTER_KEY_FILE: /run/secrets/master\n SALT_MASTER_SIGN_KEY_FILE: /run/secrets/master_sign\n SALT_MASTER_PUBKEY_SIGNATURE_FILE: /run/secrets/master_pubkey_signature\n\nsecrets:\n salt-master-pem-key:\n file: keys/master.pem\n salt-master-pub-key:\n file: keys/master.pub\n salt-master-sign-priv-key:\n file: keys/master_sign.pem\n salt-master-sign-pub-key:\n file: keys/master_sign.pub\n salt-master-signature:\n file: keys/master_pubkey_signature\n```\n\n### Salt API\n\nYou can enable `salt-api` service by setting env variable `SALT_API_ENABLED` to `True`.\n\nA self-signed SSL certificate will be automatically generated and the following configuration will be added to the\nmaster configuration file:\n\n```yml\nrest_cherrypy:\n port: 8000\n ssl_crt: /etc/pki/tls/certs/docker-salt-master.crt\n ssl_key: /etc/pki/tls/certs/docker-salt-master.key\n```\n\nThe container exposes port `8000` by default, although you can map this port to whatever port you like in\nyour `docker run` command:\n\n```sh\ndocker run --name salt_master --detach \\\n --publish 4505:4505 --publish 4506:4506 --publish 8000:8000 \\\n --env 'SALT_API_ENABLED=True' \\\n --env 'SALT_API_USER_PASS=4wesome-Pass0rd' \\\n --volume $(pwd)/roots/:/home/salt/data/srv/ \\\n --volume $(pwd)/keys/:/home/salt/data/keys/ \\\n --volume $(pwd)/logs/:/home/salt/data/logs/ \\\n --volume $(pwd)/config/:/home/salt/data/config/ \\\n ghcr.io/cdalvaro/docker-salt-master:latest\n```\n\nIf you choose using the [compose.yml](/compose.yml) file to manage your `salt-master` instance, uncomment `salt-api`\nsettings to enable and configure the service.\n\nBy default, user `salt_api` is created, and you can set its password by setting the environment\nvariable `SALT_API_USER_PASS`.\n\nYou can also change the salt-api _username_ by setting `SALT_API_USER`. It is possible to disable this user by\nexplicitly setting this variable to an empty string: `SALT_API_USER=''` if you are going to use an `LDAP` server.\n\nAs a security measure, if `SALT_API_ENABLED` is set to `True` and you don't disable `SALT_API_USER`, you'll be\nrequired to set `SALT_API_USER_PASS`. Otherwise, the setup process will fail and your container won't work.\n\n`SALT_API_USER_PASS_FILE` env variable is available to provide the password via a file. This is useful when using Docker\nsecretes. More info about how to configure secrets can be found in the subsection\n[_Working with secrets_](#working-with-secrets).\n\nWith all that set, you'll be able to provide your _salt-api_ custom configuration by creating the `salt-api.conf` file\ninside your `conf` directory.\n\n#### External Authentication\n\nHere is an example of giving permission to the `salt_api` user via pam:\n\n```yml\nexternal_auth:\n pam:\n salt_api:\n - .*\n - \"@runner\"\n - \"@wheel\"\n - \"@jobs\"\n```\n\nYou can specify different authentication methods, as well as specifying groups (by adding a `%` to the name). For example to authenticate the `admins` group via LDAP:\n\n```yml\nexternal_auth:\n ldap:\n admins%:\n - .*\n - \"@runner\"\n - \"@wheel\"\n - \"@jobs\"\n```\n\n#### LDAP Configuration\n\nTo authenticate via LDAP you will need to configure salt to access your LDAP server. The following example authenticates API logins against the LDAP server. It then defines group configuration for `external_auth` searches (looking up the user's group membership via `memberOf` attributes in their person object):\n\n```yml\nauth.ldap.uri: ldaps://server.example.com # Your LDAP server\nauth.ldap.basedn: \"dc=server,dc=example,dc=com\" # Search base DN (subtree scope).\nauth.ldap.binddn: \"uid={{ username }},dc=server,dc=exam,ple,dc=com\" # The DN to authenticate as (username is substituted from the API authentication information).\nauth.ldap.accountattributename: \"uid\" # The user account attribute type\nauth.ldap.groupou: \"\" # Must be set to an empty string if not in use\nauth.ldap.groupclass: \"person\" # The object class to look at when checking group membership\nauth.ldap.groupattribute: \"memberOf\" # The attribute in that object to look at when checking group membership\n```\n\nFinally (since `v3006`) [you will need to enable](https://docs.saltproject.io/en/latest/topics/netapi/netapi-enable-clients.html) one or more client interfaces:\n\n```yml\nnetapi_enable_clients:\n - local\n```\n\nDetails of all client interfaces is available at the following\nlink: [Netapi Client Interfaces](https://docs.saltproject.io/en/latest/topics/netapi/netapi-enable-clients.html)\n\nMore information is available in the following\nlink: [External Authentication System (eAuth)](https://docs.saltproject.io/en/latest/topics/eauth/index.html#acl-eauth).\n\nNow you have your `docker-salt-master` Docker image ready to accept external authentications and to connect external tools\nsuch as [`saltstack/pepper`](https://github.com/saltstack/pepper).\n\n#### Salt Pepper\n\nThe `pepper` CLI script allows users to execute Salt commands from computers that are external to computers running the `salt-master` or `salt-minion` daemons as though they were running Salt locally.\n\n##### Installation\n\n```sh\npip3 install salt-pepper\n```\n\n##### Configuration\n\nThen configure pepper by filling your `~/.pepperrc` file with your salt-api credentials:\n\n```conf\n[main]\nSALTAPI_URL=https://your.salt-master.hostname:8000/\nSALTAPI_USER=salt_api\nSALTAPI_PASS=4wesome-Pass0rd\nSALTAPI_EAUTH=pam\n```\n\n##### Usage\n\nBegin executing salt states with `pepper`:\n\n```sh\npepper '*' test.ping\n```\n\n### Salt Minion\n\nThis image contains support for running a built-in `salt-minion` service.\nYou can enable it by setting the environment variable `SALT_MINION_ENABLED` to `True`.\n\nThe `salt-minion` will be automatically accepted by the master. Keys will be automatically configured,\neven if `SALT_MASTER_SIGN_PUBKEY=True`.\n\nHowever, minion keys can be provided via Docker secrets.\nTo do that, you have to set the env variable `SALT_MINION_KEY_FILE`,\npointing to the path inside the container of the minion-key-pair {pem,pub} files without extensions.\n\nMinion's keys will be stored inside the `keys/SALT_MINION_ID/` directory.\n\nThis minion can be configured in the same way as the master.\nYou can add your custom configuration files inside a `minion_config/` directory\nand mount it into `/home/salt/data/minion_config/`.\n\nThe default id of the minion is `builtin.minion`.\nBut you can change it by setting the environment variable `SALT_MINION_ID`.\n\nLog levels are the same as the master,\nand you can set them by using the `SALT_LOG_LEVEL` and `SALT_LEVEL_LOGFILE` environment variables.\n\nHere you have an example of how to run a `salt-master` with a built-in `salt-minion`:\n\n```sh\ndocker run --name salt_master --detach \\\n --publish 4505:4505 --publish 4506:4506 \\\n --env 'SALT_MINION_ENABLED=True' \\\n --env 'SALT_MINION_ID=control-minion' \\\n --env 'SALT_MASTER_SIGN_PUBKEY=True' \\\n --volume $(pwd)/roots/:/home/salt/data/srv/ \\\n --volume $(pwd)/keys/:/home/salt/data/keys/ \\\n --volume $(pwd)/logs/:/home/salt/data/logs/ \\\n --volume $(pwd)/config/:/home/salt/data/config/ \\\n --volume $(pwd)/minion_config/:/home/salt/data/minion_config/ \\\n ghcr.io/cdalvaro/docker-salt-master:latest\n```\n\n### Host Mapping\n\nBy default, the container is configured to run `salt-master` as user and group `salt` with `uid` and `gid` `1000`. From\nthe host the mounted data volumes will be shown as owned by _user:group_ `1000:1000`. This can be a problem if the host's id is different from `1000` or if files have too restrictive permissions. Specially the keys directory and its contents.\n\nAlso, the container processes seem to be executed as the host's user/group `1000`. To avoid this, the container can be configured to\nmap\nthe `uid` and `gid` to match host ids by passing the environment variables `PUID` and `PGID`. The following\ncommand maps the ids to the current user and group on the host.\n\n```sh\ndocker run --name salt_master -it --rm \\\n --publish 4505:4505 --publish 4506:4506 \\\n --env \"PUID=$(id -u)\" --env \"PGID=$(id -g)\" \\\n --volume $(pwd)/roots/:/home/salt/data/srv/ \\\n --volume $(pwd)/keys/:/home/salt/data/keys/ \\\n --volume $(pwd)/logs/:/home/salt/data/logs/ \\\n ghcr.io/cdalvaro/docker-salt-master:latest\n```\n\n### Git Fileserver\n\nThis image uses [PyGit2](https://www.pygit2.org) as gitfs backend to allow Salt to serve files from git repositories.\n\nIt can be enabled by adding `gitfs` to\nthe [`fileserver_backend`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#std:conf_master-fileserver_backend)\nlist (see [Available Configuration Parameters](#available-configuration-parameters)), and configuring one or more\nrepositories\nin [`gitfs_remotes`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#std:conf_master-gitfs_remotes).\n\n\u003e [!NOTE]\n\u003e Sometimes, the `salt-master` process may restart automatically. If this happens while gitfs is updating repositories,\n\u003e lock files may remain undeleted, preventing gitfs from properly updating the repositories.\n\u003e\n\u003e The simple solution is to restart the container to clear the cache. However, if this happens frequently,\n\u003e and `salt-master` is not operating in _multimaster_ mode with shared cache (for example using Ceph, or nfs),\n\u003e then it may be useful to set these two configuration parameters to `False`:\n\u003e\n\u003e ```yaml\n\u003e gitfs_global_lock: False\n\u003e git_pillar_global_lock: False\n\u003e ```\n\n#### PyGit2\n\nYou can create an ssh key for pygit2 with the following command:\n\n```sh\nssh-keygen -t ed25519 -C -f gitfs_ssh -C 'gitfs_ed25519@example.com'\n```\n\nPlace it wherever you want inside the container and specify its path with the configuration parameters: `gitfs_pubkey`\nand `gitfs_privkey` in your `gitfs.conf` file.\n\nFor example:\n\n```yml\n# config/gitfs.conf\ngitfs_provider: pygit2\ngitfs_privkey: /home/salt/data/keys/gitfs/gitfs_ssh\ngitfs_pubkey: /home/salt/data/keys/gitfs/gitfs_ssh.pub\n```\n\n\u003e [!WARNING]\n\u003e This image has been tested with an _ed25519_ ssh key.\n\u003e\n\u003e Alternately, you may create a new RSA key with SHA2 hashing like so:\n\u003e\n\u003e ```sh\n\u003e ssh-keygen -t rsa-sha2-512 -b 4096 -f gitfs_ssh -C 'gitfs_rsa4096@example.com'\n\u003e ```\n\n### GPG Keys for Renderers\n\nSalt can use GPG keys to decrypt pillar data. This image is ready to import your GPG keys from the `gpgkeys` directory\ninside the `keys` directory.\n\nThe private key must be named `private.key` and the public key `pubkey.gpg`.\n\nIf you want to provide these keys via secrets, you can set `SALT_GPG_PRIVATE_KEY_FILE` and `SALT_GPG_PUBLIC_KEY_FILE`\nenv variables to specify the path to the files inside the container.\n\nFor example:\n\n```yml\n# compose.yml\nservices:\n salt-master:\n ...\n env:\n SALT_GPG_PRIVATE_KEY_FILE: /run/secrets/private.key\n SALT_GPG_PUBLIC_KEY_FILE: /run/secrets/pubkey.gpg\n```\n\nIn this case, keys will be symlinked to the `gpgkeys` directory.\n\nIt is important that the private key doesn't have passphrase in order to be imported by salt.\n\nTo generate a GPG key and export the private/public pair you can use the following commands:\n\n```sh\n# Generate key - REMEMBER: Leave empty the passphrase!\ngpg --gen-key\n\n# Check GPG keys\ngpg --list-secret-keys\ngpg: checking the trustdb\ngpg: marginals needed: 3 completes needed: 1 trust model: pgp\ngpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u\ngpg: next trustdb check due at 2024-11-09\n/tmp/gpgkeys/pubring.kbx\n--------------------\nsec rsa3072 2022-11-10 [SC] [expires: 2024-11-09]\n CB032BA54F21722945FDDE399CE3DB8AE37D28B7\nuid [ultimate] Carlos Alvaro \u003cgithub@cdalvaro.io\u003e\nssb rsa3072 2022-11-10 [E] [expires: 2024-11-09]\n\n# Export public and private keys\nmkdir -p keys/gpgkeys\nKEY_ID=github@cdalvaro.io\ngpg --armor --export \"${KEY_ID}\" \u003e keys/gpgkeys/pubkey.gpg\ngpg --export-secret-keys --export-options export-backup -o keys/gpgkeys/private.key \"${KEY_ID}\"\n```\n\nMore information about this feature is available at the\n[official documentation](https://docs.saltproject.io/en/latest/ref/renderers/all/salt.renderers.gpg.html).\n\n#### How to Encrypt Data\n\nYou can encrypt strings using the following example:\n\n```sh\necho -n 'Super secret pillar' | gpg --armor --batch --trust-model always --encrypt --recipient \"${KEY_ID}\"\n```\n\nOr you can encrypt files using the example bellow:\n\n```sh\ngpg --armor --batch --trust-model always --encrypt --recipient \"${KEY_ID}\" \\\n --output /tmp/gpg_id_ed25519 ~/.ssh/id_ed25519\ncat /tmp/gpg_id_ed25519\n```\n\nOn macOS, you can pipe the output to `pbcopy` to copy the encrypted data to the clipboard. If you are using Linux, you\ncan use `xclip` or `xsel`.\n\n### 3rd Party Formulas\n\nYou can add third party formulas to your configuration simply by adding them to your `gitfs_remotes`:\n\n```yml\n# fileserver.conf\nfileserver_backend:\n - roots\n - gitfs\n\n# gitfs.conf\ngitfs_provider: pygit2\ngitfs_remotes:\n - https://github.com/saltstack-formulas/apache-formula\n - https://github.com/aokiji/salt-formula-helm.git\n```\n\nThis is\nthe [Salt recommended](https://docs.saltproject.io/en/latest/topics/development/conventions/formulas.html#adding-a-formula-as-a-gitfs-remote)\nway of doing it, and you can go to the [Git Fileserver](#git-fileserver) section on this document if you need help\nconfiguring the service.\n\nYou can find a great set of formulas on the following GitHub repositories:\n\n- [Official Salt Formulas](https://github.com/saltstack-formulas)\n- [Unofficial Salt Formulas](https://github.com/salt-formulas)\n\nAlthough, as mention\nin [Salt Project documentation](https://docs.saltproject.io/en/latest/topics/development/conventions/formulas.html#adding-a-formula-as-a-gitfs-remote)\n, you are encouraged to fork desired formulas to avoid unexpected changes to your infrastructure.\n\nHowever, sometimes you may need to load some formulas that are not available on a git repository, and you want to have\nthem separated from your main `srv` directory.\n\nFor that case, you can mount a volume containing all your third party formulas separated in subdirectories\ninto `/home/salt/data/3pfs/`, and they will be automatically added to the master configuration when your container\nstarts.\n\n```sh\n# 3pfs directory content\n3pfs\nβ”œβ”€β”€ custom-formula\nβ”œβ”€β”€ golang-formula\n└── vim-formula\n```\n\n```sh\ndocker run --name salt_master -it --rm \\\n --publish 4505:4505 --publish 4506:4506 \\\n --env \"PUID=$(id -u)\" --env \"PGID=$(id -g)\" \\\n --volume $(pwd)/roots/:/home/salt/data/srv/ \\\n --volume $(pwd)/3pfs/:/home/salt/data/3pfs/ \\\n --volume $(pwd)/keys/:/home/salt/data/keys/ \\\n --volume $(pwd)/logs/:/home/salt/data/logs/ \\\n ghcr.io/cdalvaro/docker-salt-master:latest\n```\n\nIf you need to add more third party formulas, you can restart the container, or you can type the following command:\n\n```sh\ndocker exec -it salt_master /sbin/entrypoint.sh app:reload-3rd-formulas\n```\n\n`file_roots` base configuration file will be updated with current existing formulas and `salt-master` service will be\nrestarted to reload the new configuration.\n\n### Python Extra Packages\n\nSome formulas may depend on Python packages that are not included in the default Salt installation. You can add these packages by setting the `PYTHON_PACKAGES_FILE` environment variable with an absolute path pointing to a `requirements.txt` file inside the container.\n\n```sh\ndocker run --name salt_master --detach \\\n --publish 4505:4505 --publish 4506:4506 \\\n --env SALT_LOG_LEVEL=\"info\" \\\n --env PYTHON_PACKAGES_FILE=/home/salt/data/other/requirements.txt \\\n --volume $(pwd)/roots/:/home/salt/data/srv/ \\\n --volume $(pwd)/keys/:/home/salt/data/keys/ \\\n --volume $(pwd)/logs/:/home/salt/data/logs/ \\\n --volume $(pwd)/requirements.txt:/home/salt/data/other/requirements.txt \\\n ghcr.io/cdalvaro/docker-salt-master:latest\n```\n\nThis will install the packages listed in the `requirements.txt` file into the container\nbefore `salt-master` starts.\n\nAlternatively, you can set the `PYTHON_PACKAGES` environment variable with a list of Python packages to be installed.\n\n```sh\ndocker run --name salt_master --detach \\\n --publish 4505:4505 --publish 4506:4506 \\\n --env SALT_LOG_LEVEL=\"info\" \\\n --env PYTHON_PACKAGES=\"docker==7.0.0 redis\" \\\n --volume $(pwd)/roots/:/home/salt/data/srv/ \\\n --volume $(pwd)/keys/:/home/salt/data/keys/ \\\n --volume $(pwd)/logs/:/home/salt/data/logs/ \\\n ghcr.io/cdalvaro/docker-salt-master:latest\n```\n\nAlthough both methods are supported, they are mutually exclusive. If both are set, `PYTHON_PACKAGES_FILE` will take precedence.\n\n### Logs\n\n`salt-master` output is streamed directly to the container's `stdout` and `stderr`. However, they are also written inside `/home/salt/data/logs/`.\n\nInside the directory you can find `supervisor/` logs and `salt/` logs.\n\nYou can access all logs by mounting the volume: `/home/salt/data/logs/`.\n\n```sh\ndocker run --name salt_master --detach \\\n --publish 4505:4505 --publish 4506:4506 \\\n --env 'SALT_LOG_LEVEL=info' \\\n --volume $(pwd)/roots/:/home/salt/data/srv/ \\\n --volume $(pwd)/keys/:/home/salt/data/keys/ \\\n --volume $(pwd)/logs/:/home/salt/data/logs/ \\\n ghcr.io/cdalvaro/docker-salt-master:latest\n```\n\nCheck [Available Configuration Parameters](#available-configuration-parameters) section for configuring logrotate.\n\n### Healthcheck\n\nThis image includes a [health check](https://docs.docker.com/engine/reference/builder/#healthcheck)\nscript: `/usr/local/sbin/healthcheck` (although it is disabled by default). It is useful to check if the `salt-master`\nservice is alive and responding.\n\nIf you are running this image under k8s, you can define a _liveness command_ as\nexplained [here](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-liveness-command)\n.\n\nIf you use `docker-compose` as your container orchestrator, you can add the following entries to your compose file:\n\n```yml\nservices:\n master:\n container_name: salt_master\n image: ghcr.io/cdalvaro/docker-salt-master:latest\n healthcheck:\n test: [\"CMD\", \"/usr/local/sbin/healthcheck\"]\n interval: 5m\n timeout: 30s\n retries: 3\n start_period: 1m\n start_interval: 30s\n```\n\n(More info available at [compose file](https://docs.docker.com/compose/compose-file/#healthcheck) official\ndocumentation)\n\nOr, if you launch your container [with docker](https://docs.docker.com/engine/reference/run/#healthcheck):\n\n```sh\ndocker run --name salt_master --detach \\\n --publish 4505:4505 --publish 4506:4506 \\\n --health-cmd='/usr/local/sbin/healthcheck' \\\n --health-start-period=30s \\\n --env 'SALT_LOG_LEVEL=info' \\\n --volume $(pwd)/roots/:/home/salt/data/srv/ \\\n --volume $(pwd)/keys/:/home/salt/data/keys/ \\\n --volume $(pwd)/logs/:/home/salt/data/logs/ \\\n ghcr.io/cdalvaro/docker-salt-master:latest\n```\n\nThen you can manually check this info by running the following command:\n\n```sh\ndocker inspect --format \"{{json .State.Health }}\" salt_master | jq\n```\n\nThen, the output will be something similar to this:\n\n```json\n{\n \"Status\": \"healthy\",\n \"FailingStreak\": 0,\n \"Log\": [\n {\n \"Start\": \"2020-05-23T16:47:55.1046568Z\",\n \"End\": \"2020-05-23T16:48:02.3381442Z\",\n \"ExitCode\": 0,\n \"Output\": \"\"\n }\n ]\n}\n```\n\nIf the default timeout for the `salt-run jobs.active` command (`20s`) is not sufficient for your configuration,\nyou can change it by setting the environment variable `SALT_HEALTHCHECK_TIMEOUT_JOBS_ACTIVE` to a value that\nbest fits your needs.\n\n#### Autoheal\n\nIf you run your _docker-salt-master_ instance with healthcheck enabled, you can\nuse [willfarrell/autoheal](https://github.com/willfarrell/docker-autoheal) image to restart your service when\nhealthcheck fails:\n\n```sh\ndocker run -d \\\n --name autoheal \\\n --restart=always \\\n -e AUTOHEAL_CONTAINER_LABEL=all \\\n -v /var/run/docker.sock:/var/run/docker.sock \\\n willfarrell/autoheal\n```\n\nThis container will watch your containers and restart your failing instances.\n\n### SaltGUI\n\nThere is a set of dedicated images tagged with `-gui` that include built-in support for [SaltGUI](https://github.com/erwindon/SaltGUI) `1.32.0`.\n\nThese images have `salt-api` enabled by default. However, it's up to you to define the [permissions](https://docs.saltproject.io/en/latest/topics/eauth/access_control.html) granted to the `salt-api` user. There is more information about permissions in the [SaltGUI documentation](https://github.com/erwindon/SaltGUI/blob/master/docs/PERMISSIONS.md).\n\nIf you are running your salt instance behind a reverse proxy, you may want to disable SSL by setting the environment variable `SALT_API_DISABLE_SSL` to `True`.\n\nBelow is an example of how to run a container with SaltGUI enabled.\n\n#### Create a Salt API Configuration File\n\nFirst, create a configuration file for `salt-api`. You can use the following example as a starting point:\n\n```yml\n# config/salt_api.conf\nnetapi_enable_clients:\n - local\n - local_async\n - local_batch\n - local_subset\n - runner\n - runner_async\n\nexternal_auth:\n pam:\n saltgui:\n - .*\n - \"@runner\"\n - \"@wheel\"\n - \"@jobs\"\n```\n\n#### Run the Container\n\nOnce your configuration is ready, start the container with the following command:\n\n```bash\ndocker run --name salt_master_gui --detach \\\n --publish 4505:4505 --publish 4506:4506 --publish 8000:8000 \\\n --env 'SALT_API_USER=saltgui' \\\n --env 'SALT_API_USER_PASS=4wesome-Pass0rd' \\\n --volume $(pwd)/roots/:/home/salt/data/srv/ \\\n --volume $(pwd)/config/:/home/salt/data/config/ \\\n --volume $(pwd)/keys/:/home/salt/data/keys/ \\\n --volume $(pwd)/logs/:/home/salt/data/logs/ \\\n ghcr.io/cdalvaro/docker-salt-master:latest-gui\n```\n\n\u003e [!NOTE]\n\u003e The username used in the `external_auth.pam` section (`saltgui`) must match the value of the `SALT_API_USER` environment variable.\n\nIf you plan to use an LDAP authentication backend, refer to the [External Authentication](#external-authentication) section.\n\n#### Access SaltGUI\n\nOnce the container is running, you can access the SaltGUI interface at: https://localhost:8000\n\n### Available Configuration Parameters\n\nPlease refer the docker run command options for the `--env-file` flag where you can specify all required environment\nvariables in a single file. This will save you from writing a potentially long docker run command. Alternatively you can\nuse docker-compose.\n\nBelow you can find a list with the available options that can be used to customize your `docker-salt-master`\ninstallation.\n\n| Parameter | Description |\n| :------------------------------------------------------------------------------------------------------------------------------------ | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| `DEBUG` | Set this to `True` to enable entrypoint debugging. |\n| `TIMEZONE` / `TZ` | Set the container timezone. Defaults to `UTC`. Values are expected to be in Canonical format. Example: `Europe/Madrid`. See the list of [acceptable values](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). |\n| `PUID` | Sets the uid for user `salt` to the specified uid. Default: `1000`. |\n| `PGID` | Sets the gid for user `salt` to the specified gid. Default: `1000`. |\n| `PYTHON_PACKAGES` | Contains a list of Python packages to be installed. Default: _Unset_. |\n| `PYTHON_PACKAGES_FILE` | An absolute path inside the container pointing to a requirements.txt file for installing Python extra packages. Takes preference over: `PYTHON_PACKAGES`. Default: _Unset_ |\n| `SALT_RESTART_MASTER_ON_CONFIG_CHANGE` | Set this to `True` to restart `salt-master` service when configuration files change. Default: `False`. |\n| [`SALT_LOG_LEVEL`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#log-level) | The level of messages to send to the console. One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. Default: `warning`. |\n| `SALT_LOG_ROTATE_FREQUENCY` | Logrotate frequency for salt logs. Available options are 'daily', 'weekly', 'monthly', and 'yearly'. Default: `weekly`. |\n| `SALT_LOG_ROTATE_RETENTION` | Keep x files before deleting old log files. Defaults: `52`. |\n| [`SALT_LEVEL_LOGFILE`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#log-level-logfile) | The level of messages to send to the log file. One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. Default: `SALT_LOG_LEVEL`. |\n| `SALT_MASTER_KEY_FILE` | The path to the master-key-pair {pem,pub} files without suffixes. Keys will be copied into the `pki` directory. Useful to load the password from secrets. _Unset_ by default. |\n| [`SALT_API_ENABLED`](https://docs.saltproject.io/en/latest/ref/cli/salt-api.html) | Enable `salt-api` service. Default: `False`. |\n| `SALT_API_USER` | Set username for `salt-api` service. Default: `salt_api`. |\n| `SALT_API_USER_PASS_FILE` | `SALT_API_USER` password file path. Use this variable to set the path of a file containing the password for the `SALT_API_USER`. Useful to load the password from secrets. Has priority over `SALT_API_USER_PASS`. _Unset_ by default. |\n| `SALT_API_USER_PASS` | `SALT_API_USER` password. Required if `SALT_API_SERVICE_ENBALED` is `True`, `SALT_API_USER` is not empty and `SALT_API_USER_PASS_FILE` is unset. _Unset_ by default. |\n| `SALT_API_CERT_CN` | Common name in the request. Default: `localhost`. |\n| `SALT_API_DISABLE_SSL` | Disable SSL for the Cherrypy server. **Warning!** When `True`, your salt authentication credentials will be sent in the clear. Default: `False`. |\n| `SALT_MINION_ENABLED` | Enable `salt-minion` service. Default: `False`. |\n| `SALT_MINION_ID` | Set the id of the `salt-minion` service. Default: `builtin.minion`. |\n| [`SALT_MASTER_SIGN_PUBKEY`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#master-sign-pubkey) | Sign the master auth-replies with a cryptographic signature of the master's public key. Possible values: `True` or `False`. Default: `False`. |\n| [`SALT_MASTER_USE_PUBKEY_SIGNATURE`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#master-use-pubkey-signature) | Instead of computing the signature for each auth-reply, use a pre-calculated signature. This option requires `SALT_MASTER_SIGN_PUBKEY` set to `True`. Possible values: `True` or `False`. Default: `True`. |\n| [`SALT_MASTER_SIGN_KEY_NAME`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#master-sign-key-name) | The customizable name of the signing-key-pair without suffix. Default: `master_sign`. |\n| `SALT_MASTER_SIGN_KEY_FILE` | The path to the signing-key-pair {pem,pub} without suffixes. The pair will be copied into the pki directory if they don't exists previously. Useful to load the password from secrets. _Unset_ by default. |\n| [`SALT_MASTER_PUBKEY_SIGNATURE`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#master-pubkey-signature) | The name of the file in the master's `pki` directory that holds the pre-calculated signature of the master's public-key. Default: `master_pubkey_signature`. |\n| `SALT_MASTER_PUBKEY_SIGNATURE_FILE` | The path of the salt-master public key file with the pre-calculated signature. It will be copied inside the `pki` directory if a file with name `SALT_MASTER_PUBKEY_SIGNATURE` doesn't exist. Useful to load the password from secrets. _Unset_ by default. |\n| `SALT_MASTER_ROOT_USER` | Forces `salt-master` to be run as `root` instead of `salt`. Default: `False`. |\n| `SALT_GPG_PRIVATE_KEY_FILE` | The path to the GPG private key for GPG renderers. Useful to load the key from secrets. _Unset_ by default. |\n| `SALT_GPG_PUBLIC_KEY_FILE` | The path to the GPG public key for GPG renderers. Useful to load the key from secrets. _Unset_ by default. |\n| [`SALT_REACTOR_WORKER_THREADS`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#reactor-worker-threads) | The number of workers for the runner/wheel in the reactor. Default: `10`. |\n| [`SALT_WORKER_THREADS`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#worker-threads) | The number of threads to start for receiving commands and replies from minions. Default: `5`. |\n| [`SALT_BASE_DIR`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#file-roots) | The `base` path in `file_roots` to look for `salt` and `pillar` directories. Default: `/home/salt/data/srv`. |\n| [`SALT_CONFS_DIR`](https://docs.saltproject.io/en/latest/ref/configuration/master.html#std-conf_master-default_include) | The master will automatically include all config files from this directory. Default: `/home/salt/data/config`. When set to something different than the default value, a symlink is created from `SALT_CONFS_DIR` to `/home/salt/data/config`. This is done to simplify the configuration files allowing to use the same configuration files in different containers. |\n\nAny parameter not listed in the above table and available in the\nfollowing [link](https://docs.saltproject.io/en/latest/ref/configuration/examples.html#configuration-examples-master),\ncan be set by creating the directory `config` and adding into it a `.conf` file with the desired parameters:\n\n```sh\nmkdir config\ncat \u003e config/ports.conf \u003c\u003c EOF\n# The tcp port used by the publisher:\npublish_port: 3505\n# The port used by the communication interface.\nret_port: 3506\nEOF\n\ndocker run --name salt_master -d \\\n --publish 3505:3505 --publish 3506:3506 \\\n --env 'SALT_LOG_LEVEL=info' \\\n --volume $(pwd)/roots/:/home/salt/data/srv/ \\\n --volume $(pwd)/keys/:/home/salt/data/keys/ \\\n --volume $(pwd)/logs/:/home/salt/data/logs/ \\\n --volume $(pwd)/config/:/home/salt/data/config/ \\\n ghcr.io/cdalvaro/docker-salt-master:latest\n```\n\n## πŸ§‘β€πŸš€ Usage\n\nTo test which salt minions are listening the following command can be executed directly from the host machine:\n\n```sh\ndocker exec -it salt_master salt '*' test.ping\n```\n\nThen, you can apply salt states to your minions:\n\n```sh\ndocker exec -it salt_master salt '*' state.apply [state]\n```\n\n## 🧰 Shell Access\n\nFor debugging and maintenance purposes you may want to access the container's shell.\nIf you are using docker version 1.3.0 or higher you can access a running container shell using docker exec command.\n\n```sh\ndocker exec -it salt_master bash\n```\n\n## πŸ’€ Restart Services\n\nYou can restart containers services by running the following command:\n\n```sh\ndocker exec -it salt_master entrypoint.sh app:restart [salt-service]\n```\n\nWhere `salt-service` is one of: `salt-master` or `salt-api` (if `SALT_API_ENABLED` is set to `True`).\n\n## πŸ”¨ Contributing\n\nEveryone is wellcome to contribute to this project, and I really appreciate your support. So don't be shy!\n\nBefore you start making changes, read carefully the following notes in order to avoid issues.\n\n\u003e [!WARNING]\n\u003e Some tests start and stop a _**non-isolated**_ `salt-minion` instance. So don't run tests locally.\n\u003e Tests are automatically executed on GitHub when you push commits to your PR.\n\n## πŸ‘ Credits\n\nMany thanks to:\n\n- [The SaltProject](https://saltproject.io) team for the excellent [salt](https://github.com/saltstack/salt) project.\n- [JetBrains](https://www.jetbrains.com) for their free [OpenSource](https://jb.gg/OpenSourceSupport) license.\n- [The Contributors](https://github.com/cdalvaro/docker-salt-master/graphs/contributors) for all the smart code and\n suggestions merged in the project.\n- [The Stargazers](https://github.com/cdalvaro/docker-salt-master/stargazers) for showing their support.\n\n[![Star History Chart](https://api.star-history.com/svg?repos=cdalvaro/docker-salt-master\u0026type=Date)](https://www.star-history.com/#cdalvaro/docker-salt-master\u0026Date)\n\n## πŸ“– References\n\n[![StackOverflow Community][stackoverflow_badge]][stackoverflow_community]\n[![Slack Community][slack_badge]][slack_community]\n[![Reddit channel][reddit_badge]][subreddit]\n\n- [SaltStack Get Started](https://docs.saltproject.io/en/getstarted/)\n- [Salt Table of Contents](https://docs.saltproject.io/en/latest/contents.html)\n\n[reddit_badge]: https://img.shields.io/badge/reddit-saltstack-orange?logo=reddit\u0026logoColor=FF4500\u0026color=FF4500\n[subreddit]: https://www.reddit.com/r/saltstack/\n[stackoverflow_badge]: https://img.shields.io/badge/stackoverflow-community-orange?logo=stackoverflow\u0026color=FE7A16\n[stackoverflow_community]: https://stackoverflow.com/tags/salt-stack\n[slack_badge]: https://img.shields.io/badge/slack-@saltstackcommunity-blue.svg?logo=slack\u0026logoColor=4A154B\u0026color=4A154B\n[slack_community]: https://saltstackcommunity.herokuapp.com\n\n## πŸ“ƒ License\n\nThis project is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).\n","funding_links":["https://github.com/sponsors/cdalvaro"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcdalvaro%2Fdocker-salt-master","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcdalvaro%2Fdocker-salt-master","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcdalvaro%2Fdocker-salt-master/lists"}