Docker中的盐主和盐仆从连接问题

我在最新版本的ubuntu中连接盐主和盐仆从时遇到问题。 我使用了这个参考，但由于它使用的是较旧版本的ubuntu，我在docker构建文件中更新了ubuntu。但在更新ubuntu版本后，它不会与salt master连接

下面是文件。提前谢谢

salt\u master\u docker\u文件

FROM ubuntu:latest
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y wget gnupg
RUN wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/3001/SALTSTACK-GPG-KEY.pub | apt-key add -
RUN echo "deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main" | tee -a /etc/apt/sources.list.d/saltstack.list
RUN apt-get update
RUN apt-get install -y salt-master


EXPOSE 4505 4506

COPY setup.sh /opt/setup.sh

ENTRYPOINT ["sh","/opt/setup.sh"]
CMD []

FROM ubuntu:latest
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y wget gnupg
RUN wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/3001/SALTSTACK-GPG-KEY.pub | apt-key add -
RUN echo "deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main" | tee -a /etc/apt/sources.list.d/saltstack.list
RUN apt-get update
RUN apt-get install -y salt-minion curl


COPY setup.sh /opt/setup.sh

ENTRYPOINT ["sh","/opt/setup.sh"]
CMD []

salt\u master\u setup.sh

#!/bin/bash

key_checker () {

        x=1
        while [ $x -le 250 ]
                do
                salt-key -A -y
                x=$(( $x + 1 ))
                sleep 1
        done
        echo "All available keys accepted." && salt "*" test.ping && \
        touch /var/log/salt/master && \
        tail -f /var/log/salt/master

}

service salt-master start && key_checker

盐碱兵码头工人档案

FROM ubuntu:latest
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y wget gnupg
RUN wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/3001/SALTSTACK-GPG-KEY.pub | apt-key add -
RUN echo "deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main" | tee -a /etc/apt/sources.list.d/saltstack.list
RUN apt-get update
RUN apt-get install -y salt-master


EXPOSE 4505 4506

COPY setup.sh /opt/setup.sh

ENTRYPOINT ["sh","/opt/setup.sh"]
CMD []

FROM ubuntu:latest
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y wget gnupg
RUN wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/3001/SALTSTACK-GPG-KEY.pub | apt-key add -
RUN echo "deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main" | tee -a /etc/apt/sources.list.d/saltstack.list
RUN apt-get update
RUN apt-get install -y salt-minion curl


COPY setup.sh /opt/setup.sh

ENTRYPOINT ["sh","/opt/setup.sh"]
CMD []

salt\u minion\u setup.sh

#!/bin/bash

salt_minion_check () {
        if [ ! -f /var/log/salt/minion ]; then
          echo "File not found!" && \
          touch /var/log/salt/minion && \
          salt_minion_check
        else
          tail -f /var/log/salt/minion
        fi
}

echo "master: master_1" >> /etc/salt/minion && \
echo "id: salt-minion-$(hostname)" >> /etc/salt/minion

service salt-minion start && \
salt_minion_check

主docker编写文件

version: '3'
services:
  minion:
    image: salt-minion
    links:
      - master
    depends_on:
      - master
    networks:
      saltnetwork:
        aliases:
          - minion


  master:
    image: salt-master
    networks:
      saltnetwork:
        aliases:
          - master

networks:
  saltnetwork:
    driver: bridge

---

根据Saltstack文档，有一种方法可以在主机上进行复制，以避免交互式接受

如果您只想使用

docker compose

创建一个盐主和一个仆从，那么下面的内容就足够了

在Docker主机上生成盐密钥。这将生成

minion1.pub

和

minion1.pem

salt-key --gen-keys=minion1

然后我们将在

Dockerfile

中使用各自的公钥和私钥。示例盐主文件

Dockerfile

：

FROM ubuntu:focal
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get -y install gnupg
COPY SALTSTACK-GPG-KEY.pub /tmp/SALTSTACK-GPG-KEY.pub
COPY saltstack.list /etc/apt/sources.list.d/saltstack.list
RUN apt-key add /tmp/SALTSTACK-GPG-KEY.pub
RUN apt-get update && apt-get install -y salt-master
COPY minion1.pub /etc/salt/pki/master/minions/minion1

FROM ubuntu:focal
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get -y install gnupg
COPY SALTSTACK-GPG-KEY.pub /tmp/SALTSTACK-GPG-KEY.pub
COPY saltstack.list /etc/apt/sources.list.d/saltstack.list
RUN apt-key add /tmp/SALTSTACK-GPG-KEY.pub
RUN apt-get update && apt-get install -y salt-minion

COPY minion1.pem /etc/salt/pki/minion/minion.pem
COPY minion1.pub /etc/salt/pki/minion/minion.pub
COPY id.conf /etc/salt/minion.d/id.conf

示例盐仆

Dockerfile

：

FROM ubuntu:focal
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get -y install gnupg
COPY SALTSTACK-GPG-KEY.pub /tmp/SALTSTACK-GPG-KEY.pub
COPY saltstack.list /etc/apt/sources.list.d/saltstack.list
RUN apt-key add /tmp/SALTSTACK-GPG-KEY.pub
RUN apt-get update && apt-get install -y salt-master
COPY minion1.pub /etc/salt/pki/master/minions/minion1

FROM ubuntu:focal
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get -y install gnupg
COPY SALTSTACK-GPG-KEY.pub /tmp/SALTSTACK-GPG-KEY.pub
COPY saltstack.list /etc/apt/sources.list.d/saltstack.list
RUN apt-key add /tmp/SALTSTACK-GPG-KEY.pub
RUN apt-get update && apt-get install -y salt-minion

COPY minion1.pem /etc/salt/pki/minion/minion.pem
COPY minion1.pub /etc/salt/pki/minion/minion.pub
COPY id.conf /etc/salt/minion.d/id.conf

上面的

id.conf

很简单：

id: minion1

默认情况下，Salt仆从查找

Salt

hostname。如果它解析为盐母版，则使用它。因此，我们可以在

docker compose.yml

文件中利用这一点

版本：“3”
服务：
奴才1：
图片：myminion
命令：盐仆
盐：
图片：mymaster
指挥：盐师
端口：
- 4505
- 4506

注意：

---

当我们使用

salt key-a

命令接受仆从的密钥时，它会将仆从的公钥从

/etc/salt/pki/master/minions\u pre/

移动到主控机上的

/etc/salt/pki/master/minions

。

您遇到的具体问题是什么？您是否可以重新排列映像以运行单个进程作为主容器进程（使主容器进程成为

盐主进程

或

盐仆从进程

，而不是其他进程）`echo“master:master_1”>>/etc/salt/minion&&`在这一行中，我们提到了我们运行的salt主映像将为我提供主映像，但这并不是讨论效果。如果您将主容器更改为只运行主容器，而不运行包装器脚本，会发生什么情况？（在Dockerfile中，将

ENTRYPOINT

更改为

CMD

并删除空的

CMD

行；然后

docker运行您的图像盐母版

直接运行母版，而不是默认的

CMD

）是的，它将创建一个独立的容器。但我的主要问题是如何在不登录的情况下从盐场主人那个里接受盐场仆从的钥匙。