What's missing there is how to have a running salt-master dedicated to Docker containers.
There is not need the salt-master run as root for this. A test config of mine looks like:
david@perseus:~$ mkdir -p salt/etc/salt david@perseus:~$ cd salt david@perseus:~salt/$ cat << EOF >etc/salt/master interface: 192.168.127.1 user: david root_dir: /home/david/salt/ pidfile: var/run/salt-master.pid pki_dir: etc/salt/pki/master cachedir: var/cache/salt/master sock_dir: var/run/salt/master file_roots: base: - /home/david/salt/states - /home/david/salt/formulas/cubicweb pillar_roots: base: - /home/david/salt/pillar EOF
Here, 192.168.127.1 is the ip of my docker0 bridge. Also note that path in file_roots and pillar_roots configs must be absolute (they are not relative to root_dir, see the salt-master configuration documentation).
Now we can start a salt-master that will be accessible to Docker containers:
david@perseus:~salt/$ /usr/bin/salt-master -c etc/salt
with salt 2015.5.0, salt-master really wants to execute dmidecode, so add /usr/sbin to the $PATH variable before running the salt-master as non-root user.
From there, you can talk to your test salt master by adding -c ~/salt/etc/salt option to all salt commands. Fortunately, you can also set the SALT_CONFIG_DIR environment variable:
david@perseus:~salt/$ export SALT_CONFIG_DIR=~/salt/etc/salt david@perseus:~salt/$ salt-key Accepted Keys: Denied Keys: Unaccepted Keys: Rejected Keys:
david@perseus:~salt/ docker run -d --add-host salt:192.168.127.1 logilab/salted_debian:wheezy 53bf7d8db53001557e9ae25f5141cd9f2caf7ad6bcb7c2e3442fcdbb1caf5144 david@perseus:~salt/ docker run -d --name jessie1 --hostname jessie1 --add-host salt:192.168.127.1 logilab/salted_debian:jessie 3da874e58028ff6dcaf3999b29e2563e1bc4d6b1b7f2f0b166f9a8faffc8aa47 david@perseus:~salt/ salt-key Accepted Keys: Denied Keys: Unaccepted Keys: 53bf7d8db530 jessie1 Rejected Keys: david@perseus:~/salt$ salt-key -y -a 53bf7d8db530 The following keys are going to be accepted: Unaccepted Keys: 53bf7d8db530 Key for minion 53bf7d8db530 accepted. david@perseus:~/salt$ salt-key -y -a jessie1 The following keys are going to be accepted: Unaccepted Keys: jessie1 Key for minion jessie1 accepted. david@perseus:~/salt$ salt '*' test.ping jessie1: True 53bf7d8db530: True
You can now build Docker images as explained by Denis, or test your sls config files in containers.