Deploying the Salt.Box Server

Downloading the project and preparing for installation

caution

If you are deploying Salt.Box server on a virtual machine, make sure that the virtual machine's processor supports the avx and avx2 instruction set extensions. These extensions are required to run MongoDB version 5.0 and higher.

You can check for support with the following command:

cat /proc/cpuinfo

The avx and avx2 flags should be specified in the flags block of the command output.

1. Download and unzip the source code of the current release of the Salt.Box using the link:
   https://dev.saltbox.pro/saltbox/saltbox-compose/-/releases

2. Enter the project directory.

3. Make a copy of example.env file named .env in the project root.
   Tune it before run building.

   Below is a description of some variables in the .env file that the user may need to redefine to ensure that Salt.Box works correctly in his network environment.

   1. If you plan to deploy Salt.Box server on a virtual machine or on a host other than localhost, then the .env file must override variables whose default value is 'localhost':

      The host system port that will be mapped to the port of the Docker container serving the Salt.Box web interface, for example:

      WEB_SERVER_PORT=80

      The WEB_SERVER_OUTER_SOCKET variable must be assigned the network address or hostname of the host on which the Salt.Box web interface will be accessible to the user. Optionally, the port number can also be specified:

      WEB_SERVER_OUTER_SOCKET=<HOST> | <HOST>:<PORT>
      info

      If Salt.Box is deployed on a virtual machine, the WEB_SERVER_OUTER_SOCKET variable must be assigned the network address of its interface on the host system.

      If Salt.Box is accessed without a reverse proxy, then WEB_SERVER_OUTER_SOCKET must be set to the same port as WEB_SERVER_PORT. If the port is not explicitly specified, the default value for the protocol will be used (80/TCP for HTTP, 443/TCP for HTTPS).

   2. Redis server socket (for connecting the master to it).
      To connect external masters, specify 0.0.0.0:6379 (all network interfaces) or specify the address of one of the network interfaces:

      REDIS_SALT_EXPOSE_SOCKET=<IP_ADDRESS>:6379

   3. Switching the Salt.Box web interface to use the SSL protocol.
      SSL encapsulation is performed by an external web server (reverse proxy server).

      WEB_SERVER_SCHEME=https
      WEB_SERVER_WS_SCHEME=wss

      Set up a reverse proxy as described in Setting up Nginx reverse proxy server with SSL termination

      To connect to the web interface from an external host without using SSL, you must specify exceptions for unsafe sources in the browser you are using.
      Below is an example of the required setting for Chrome/Chromium browsers:

      • Go to chrome://flags/#unsafely-treat-insecure-origin-as-secure
      • Enable the option "Insecure origins treated as secure"
      • In the input field, enter the URL with the web interface address: http://<IP_ADDRESS>
      • Restart the browser

   4. Tags of images from which Salt.Box is deployed:

      CORE_AUTOTESTS_TAG=<vX.Y.Z>
      CORE_IMAGE_TAG=<vX.Y.Z>
      FRONTEND_IMAGE_TAG=<vX.Y.Z>
      KEYCLOAK_IMAGE_TAG=<vX.Y.Z>
      NGINX_IMAGE_TAG=<vX.Y.Z>
      OPA_IMAGE_TAG=<vX.Y.Z>
      REDIS_IMAGE_TAG=<vX.Y.Z>
      SALT_MASTER_IMAGE_TAG=<vX.Y.Z>
      SSHFS_IMAGE_TAG=<vX.Y.Z>

      whewe <vX.Y.Z> is the version number of Salt.Box

   5. Container shutdown waiting time before forced shutdown:

      STOP_GRACE_PERIOD=5s

      Decreasing this value may speed up the shutdown, but increases the risk of losing temporary data.

   6. Logging level of the SaltStack master's container:

      SALT_MASTER_LOG_LEVEL='warning'
      SALT_MINION_LOG_LEVEL='warning'

      Logging level designations:

      Level	Numeric value	Description
      critical	50	Critical errors
      error	40	Errors
      warning	30	Warnings
      info	20	Normal log information
      debug	10	Information useful for debugging both salt implementations and salt code
      all	0	Everything

      caution

      Any log level below "info" is NOT SECURE and may log sensitive data.
      For more information on log levels, see the SaltStack project documentation.

   7. Paths to directories in the file system of the Docker host where client configurations will be stored.
      Directories can be moved, for example, to a mounted storage:

      SSHFS_STORAGE_PATH='./_sshfs-storage/'

      SSHFS storage is intended for storing templates and some other types of files used in the operation of Salt.Box.

Features of Salt.Box server deployment in Astra Linux Special Edition

To install the Salt.Box server on Astra Linux SE 1.7, 1.8, you need to perform additional settings for the docker service and project configuration.

1. The docker-compose component version 2.20.2, included in Astra Linux SE 1.7.7 and 1.8.2, does not support development-specific settings develop. These settings are supported starting from docker-compose 2.22.0.

   Make sure that the configuration files
   compose-backend-dev.yaml, compose-frontend-dev.yaml, compose-frontend-dev.yaml, compose-salt-dev.yaml
   do not have the develop section.

2. When working with Docker on Astra Linux SE 1.7.7 and 1.8.2, you may encounter an issue when importing containers or loading images. Commands may fail due to a vulnerability.

   Cause of the issue

    The issue occurs when Astra Linux detects vulnerabilities in the container contents.
    Astra SE 1.7 Update 4 added the Openscap vulnerability scanner, which checks vulnerabilities against the oval-db database.
    The scanner is enabled by default and prevents further use of the container if a vulnerability is detected.

   Skipping vulnerability checks

    You can bypass vulnerability checks by adding the appropriate setting to the Docker configuration file.

   1. Open or create the /etc/docker/daemon.json file.

   2. Add the following line to the file:

      { "astra-sec-level": 6 }

      You can quickly add the line with the command:

      sudo cat << EOF > /etc/docker/daemon.json
      { "astra-sec-level" : 6 }
      EOF

   3. Restart Docker:

      sudo systemctl restart docker

Setting up Nginx reverse proxy server with SSL termination

For the web interface to work properly on remote hosts, the HTTP connection must have SSL termination.
The usual way to achieve this is to use Nginx web server as a reverse HTTP proxy and terminate SSL on it.

First, be sure to set WEB_SERVER_OUTER_SOCKET to match server_name and port of the reverse proxy.

Nginx may be installed on the same host with Salt.Box, or on a different one.
In the latter case, make sure the Salt.Box is accessible to the Nginx host, e. g. with the command:

curl http://<SALTBOX_HOST>:<SALTBOX_WEB_SERVER_PORT>/auth/keycloak/realms/salt.box/.well-known/openid-configuration  

A long JSON response should be returned by the command.

The procedure for installing and configuring a reverse proxy server is given below.

1. Make the following changes to your .env file.

   WEB_SERVER_PORT=<PORT>     # an unoccupied port, for example 8090
   WEB_SERVER_SCHEME='https'
   WEB_SERVER_WS_SCHEME='wss'

2. Install Nginx web server.

   For Debian/Ubuntu:

   sudo apt update
   sudo apt install nginx -y

3. Generate a certificate.

   Create a directory to store the certificate:

   sudo mkdir -p /etc/nginx/ssl

   and generate a certificate (the following text contains an example value for the -subj parameter, be sure to specify the desired values ​​in the < ... > placeholders):

   sudo openssl req -x509 -nodes -days 365 \
     -newkey rsa:2048 \
     -keyout /etc/nginx/ssl/saltbox-selfsigned.key \
     -out /etc/nginx/ssl/saltbox-selfsigned.crt \
     -subj "/C=RU/ST=Saltbox/L=Local/O=Saltbox Dev/CN=<IP address where Salt.Box will be accessible>"

4. Create a configuration file for the Salt.Box web interface.

   sudo touch /etc/nginx/sites-available/saltbox.conf

   Contents of the configuration file:

   server {
       listen 80;
       server_name <IP address to log in to Salt.Box (specified in the WEB_SERVER_PORT variable in the .env file)>;
   
       return 301 https://$host$request_uri;
   }
   
   server {
       listen 443 ssl http2;
       server_name  <IP address to log in to Salt.Box (specified in the WEB_SERVER_PORT variable in the .env file)>;
   
       ssl_certificate /etc/nginx/ssl/saltbox-selfsigned.crt;
       ssl_certificate_key /etc/nginx/ssl/saltbox-selfsigned.key;
   
       client_max_body_size 256m;
   
       location / {
           proxy_pass http://localhost:<PORT>;  # The port specified in the WEB_SERVER_PORT variable in the .env file.
   
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Proto https;
           proxy_set_header X-Forwarded-Port 443;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection "upgrade";
       }
   }

   Don't forget to specify the desired values ​​in the < ... > placeholders.

5. Activate the configuration

   For Debian/Ubuntu:

   sudo ln -s /etc/nginx/sites-available/saltbox.conf /etc/nginx/sites-enabled/

6. Check the configuration is correct and restart nginx.

   sudo nginx -t
   sudo systemctl reload nginx

Install and run Salt.Box using a helper script

The easiest way to start the system is to run the automatic installation script.
An alternative way to deploy the Salt.Box server is the step-by-step installation.

While in the project directory, run the automatic installation script:

sudo ./bin/update_and_run.sh

Helper script:

• merges example.env and override.env (if exists) into .env config.
• makes secrets
• updates images
• runs the Salt.Box instance

Use override.env to redefine example.env default values.
Use -h or --help flag to look script options.

Install and run Salt.Box step-by-step

An alternative to installing with a script automatic installation is the step-by-step installation:

1. Initially some secrets need to be created in the ./secrets/ subdirectory.
   This may be done with helper script:

   python3 ./bin/make_secrets.py

2. While in the project directory, start the build process:

   sudo docker compose up --build -d
   caution

   Check there are no warnings on non-set variables to avoid confusing errors.

3. To update outer images:

   sudo docker compose pull

   then restart e.g. with:

   sudo docker compose down && sudo docker compose up -d

   It is possible to pull images on start with an additional flag --pull=always:

   sudo docker compose up --build --pull=always

   For production use following commands are recommended:

   sudo sh -c "echo 'vm.overcommit_memory=1' > /etc/sysctl.d/salt-box.conf"
   sudo sysctl -p /etc/sysctl.d/salt-box.conf

   vm.overcommit_memory=1 is a Redis requirement.

Docker objects that are being created during installation

Once the build process has completed successfully, a number of Docker objects are created, as shown in the tables 1, 2, 3.

Table 1. Downloaded Docker images

Docker Image	Size	Description
saltbox-proxy	208 MB	Nginx reverse proxy
saltbox-make-redis-salt-certs	109 MB	Certificate issue service for Redis auth.
registry.saltbox.pro/saltbox/saltbox-compose/keycloak-init	820 MB
registry.saltbox.pro/saltbox/saltbox-compose/keycloak	808 MB	KeyCloak IdAM server
registry.saltbox.pro/saltbox/saltbox-compose/sshfs	357 MB	Mountable SSHFS file system
registry.saltbox.pro/saltbox/saltbox-compose/opa	84 MB	Open Policy Agent
registry.saltbox.pro/saltbox/saltbox-compose/redis	61 MB	Redis server
registry.saltbox.pro/saltbox/saltbox-core	488 MB	Server components (core) of the Salt.Box
registry.saltbox.pro/saltbox/saltbox-bridge/salt-master	336 MB	Сервер SaltStack (Salt Master)
registry.saltbox.pro/saltbox/saltbox-frontend	215 MB	User interface of the Salt.Box
postgres	394 MB	PostgreSQL DBMS
mongo	1.1 GB	MongoDB DBMS
rabbitmq	389 MB	RabbitMQ message broker

Table 2. Docker containers created during installation

Docker Container	State	Description
saltbox-mongo-1	Up	MongoDB DBMS. It is used by the Salt.Box backend. The DB stores entities such as clients, collections, etc.
saltbox-sshfs-1	Up	SSH server. It is used to mount the sshfs file systems on minions
saltbox-opa-1	Up	Open Policy Agent. OPA is used to create access policies for the components of the web application
saltbox-keycloak-db-1	Up	KeyCloak service. It provides centralized authentication in the Salt.Box web interface
saltbox-saltbox-frontend-1	Up	Salt.Box user interface (frontend)
saltbox-make-redis-salt-certs-1	Exited	A module that issues certificates for Redis Certificate Based Authentication
saltbox-saltbox-core-tasks-watcher-1	Up	A module waiting for tasks to appear on the SaltStack exchange bus
saltbox-saltbox-core-taskiq-scheduler-1	Up	Module responsible for working with a distributed asynchronous task queue
saltbox-saltbox-core-taskiq-worker-1	Up	Taskiq worker process. It is responsible for receiving, sending, and executing tasks from the queue
saltbox-rabbitmq-1	Up	RabbitMQ service. It is a message broker. It is responsible for collecting data from multiple sources and sending it to services of the Salt.Box system for further processing
saltbox-redis-taskiq-1	Up	Redis server used as a message broker and a result store for Taskiq
saltbox-saltbox-core-faststream-redis-1	Up	Redis server used as a message broker for Faststream
saltbox-redis-salt-1	Up	Redis server. It works with key-value data structures. It is used to store the results of SaltStack-related processes
saltbox-keycloak-1	Up	KeyCloak service. IdAM subsystem of Salt.Box
saltbox-saltbox-core-1	Up	Main server component of Salt.Box (backend)
saltbox-salt-master-1	Up	SaltStack Master server, used to control minions
saltbox-keycloak-init-1	Exited
saltbox-proxy-1	Up	Nginx reverse proxy. Redirects client requests to internal services in containers

Container statuses specified in the table 2:
Up — Container is running
Exited — Container was successfully started and then stopped normally until needed

Table 3. Docker volumes created during installation

Docker Volume	Initial size	Description
<256-битное имя в 16-ричной записи>	< 1 MB	RabbitMQ service data (Container in-use: saltbox-rabbitmq-1)
saltbox_saltbox_core_var	< 1 MB	GPG keys (Containers in-use: saltbox-saltbox-core-faststream-redis-1, saltbox-saltbox-core-tasks-watcher-1, saltbox-saltbox-core-1, saltbox-saltbox-core-taskiq-scheduler-1, saltbox-saltbox-core-taskiq-worker-1)
saltbox_keycloak-db_data	67 MB	KeyCloak service data (Container in-use: saltbox-keycloak-db-1)
saltbox_salt_master_pki	< 1 MB	Keystore of the salt-master service (Container in-use: saltbox-salt-master-1)
saltbox_redis_taskiq_data	< 1 MB	Taskiq service data (Container in-use: saltbox-redis-taskiq-1)
saltbox_mongo_config	< 1 MB	MongoDB configuration data (Container in-use: saltbox-mongo-1)
saltbox_mongo_data	311 MB	MongoDB data (Container in-use: saltbox-mongo-1)
saltbox_redis_salt_data	< 1 MB	Redis server data (Container in-use: saltbox-redis-salt-1)
saltbox_redis_salt_certs	< 1 MB	Redis server certificate store (Containers in-use: saltbox-saltbox-core-faststream-redis-1, saltbox-saltbox-core-tasks-watcher-1, saltbox-saltbox-core-1, saltbox-saltbox-core-taskiq-scheduler-1, saltbox-saltbox-core-taskiq-worker-1, saltbox-redis-salt-1, saltbox-make-redis-salt-certs-1, saltbox-salt-master-1)
saltbox_salt_master_saltbox_var	< 1 MB	(Container in-use: saltbox-salt-master-1)
saltbox_salt_repos	< 1 MB	JSON schemas for various SaltStack functions (Containers in-use: saltbox-saltbox-core-faststream-redis-1, saltbox-saltbox-core-tasks-watcher-1, saltbox-saltbox-core-1, saltbox-saltbox-core-taskiq-scheduler-1, saltbox-saltbox-core-taskiq-worker-1, saltbox-sshfs-1)

Images

Below is an example of the output of the docker image ls command.

REPOSITORY                                                     TAG            IMAGE ID       CREATED        SIZE
registry.saltbox.pro/salt.box/salt-box-bridge/salt-master      master         6e6a65ae6d5c   14 hours ago   305MB
registry.saltbox.pro/salt.box/salt-box-core                    master         dc990973edb6   15 hours ago   486MB
registry.saltbox.pro/salt.box/salt-box-frontend                master         cb046f5104d3   22 hours ago   215MB
salt-box-proxy                                                 latest         0a7a69e50215   9 days ago     208MB
registry.saltbox.pro/salt.box/salt-box-compose/keycloak-init   master         c3ad347807b2   11 days ago    819MB
registry.saltbox.pro/salt.box/salt-box-compose/keycloak        master         cce07c6262d2   11 days ago    808MB
registry.saltbox.pro/salt.box/salt-box-compose/sshfs           master         6d4bced308df   11 days ago    218MB
registry.saltbox.pro/salt.box/salt-box-compose/opa             master         9f4e528e02fb   11 days ago    82.6MB
registry.saltbox.pro/salt.box/salt-box-compose/redis           master         2cb6940da7ee   11 days ago    60.7MB
mongo                                                          7              8c30f14b362a   2 weeks ago    1.1GB
postgres                                                       16-alpine      3b057e1c2c6d   6 weeks ago    394MB
salt-box-make-redis-salt-certs                                 latest         f82ed3daf965   6 weeks ago    109MB
rabbitmq                                                       3-management   49895caee5d3   6 months ago   389MB

Volumes

Below is an example of the output of the docker volume ls command.

DRIVER    VOLUME NAME
local     f85f6baa5742b4b1bf7b3b7ca86929361c529aee6e06bff9b1a5208d76469345
local     salt-box_keycloak-db_data
local     salt-box_mongo_config
local     salt-box_mongo_data
local     salt-box_redis_salt_certs
local     salt-box_redis_salt_data
local     salt-box_redis_taskiq_data
local     salt-box_salt_box_core_var
local     salt-box_salt_master_pki

Containers

Below is an example of the output of the docker compose ls -a command.

NAME                STATUS                   CONFIG FILES
salt-box            exited(2), running(16)   root/salt-box-compose/compose.yaml

Below is an example of the output of the docker container ls -a command.

CONTAINER ID   IMAGE                                                                 COMMAND                  CREATED          STATUS                      PORTS                                                                  NAMES
88dc531cc401   salt-box-proxy                                                        "/docker/entrypoint.…"   22 minutes ago   Up 21 minutes               0.0.0.0:80->80/tcp                                                     salt-box-proxy-1
9027787dcf67   registry.saltbox.pro/salt.box/salt-box-core:master                    "entrypoint.sh salt-…"   22 minutes ago   Up 22 minutes               8000/tcp                                                               salt-box-salt-box-core-faststream-redis-1
372acea8af4a   registry.saltbox.pro/salt.box/salt-box-core:master                    "/usr/local/bin/uvic…"   22 minutes ago   Up 21 minutes               8000/tcp                                                               salt-box-salt-box-core-1
04ccd3ce9c7c   registry.saltbox.pro/salt.box/salt-box-bridge/salt-master:master      "/usr/local/bin/entr…"   22 minutes ago   Up 22 minutes               0.0.0.0:4505-4506->4505-4506/tcp, 8000/tcp                             salt-box-salt-master-1
a864aec0556a   registry.saltbox.pro/salt.box/salt-box-core:master                    "entrypoint.sh salt-…"   22 minutes ago   Up 22 minutes               8000/tcp                                                               salt-box-salt-box-core-tasks-watcher-1
8ed8856d31c1   registry.saltbox.pro/salt.box/salt-box-compose/keycloak-init:master   "/usr/local/bin/crea…"   22 minutes ago   Exited (0) 21 minutes ago                                                                          salt-box-keycloak-init-1
332bc7787b30   registry.saltbox.pro/salt.box/salt-box-core:master                    "/usr/local/bin/task…"   22 minutes ago   Up 21 minutes               8000/tcp                                                               salt-box-salt-box-core-taskiq-scheduler-1
140c425ca829   registry.saltbox.pro/salt.box/salt-box-core:master                    "/usr/local/bin/task…"   22 minutes ago   Up 21 minutes               8000/tcp                                                               salt-box-salt-box-core-taskiq-worker-1
f8b895c79ec2   registry.saltbox.pro/salt.box/salt-box-compose/redis:master           "entrypoint.sh '--sa…"   22 minutes ago   Up 22 minutes (healthy)     127.0.0.1:6379->6379/tcp                                               salt-box-redis-salt-1
05bb59635b38   registry.saltbox.pro/salt.box/salt-box-compose/keycloak:master        "/usr/local/bin/star…"   22 minutes ago   Up 21 minutes (healthy)     8080/tcp                                                               salt-box-keycloak-1
b68811fa1e30   postgres:16-alpine                                                    "docker-entrypoint.s…"   22 minutes ago   Up 22 minutes (healthy)     5432/tcp                                                               salt-box-keycloak-db-1
e7091bac8749   rabbitmq:3-management                                                 "docker-entrypoint.s…"   22 minutes ago   Up 22 minutes (healthy)     4369/tcp, 5671-5672/tcp, 15671-15672/tcp, 15691-15692/tcp, 25672/tcp   salt-box-rabbitmq-1
6673e7cb5a06   mongo:7                                                               "docker-entrypoint.s…"   22 minutes ago   Up 22 minutes               127.0.0.1:27017->27017/tcp                                             salt-box-mongo-1
8cd31f8c27ad   salt-box-make-redis-salt-certs                                        "entrypoint.sh /root…"   22 minutes ago   Exited (0) 22 minutes ago                                                                          salt-box-make-redis-salt-certs-1
b1ba6ea04662   registry.saltbox.pro/salt.box/salt-box-compose/redis:master           "entrypoint.sh '--sa…"   22 minutes ago   Up 22 minutes               6379/tcp                                                               salt-box-redis-taskiq-1
77199f687853   registry.saltbox.pro/salt.box/salt-box-frontend:master                "/docker/entrypoint.…"   22 minutes ago   Up 22 minutes               80/tcp                                                                 salt-box-salt-box-frontend-1
c727e1df0c0b   registry.saltbox.pro/salt.box/salt-box-compose/sshfs:master           "/usr/local/bin/sshd…"   22 minutes ago   Up 22 minutes               0.0.0.0:1022->1022/tcp                                                 salt-box-sshfs-1
53f1daabbebd   registry.saltbox.pro/salt.box/salt-box-compose/opa:master             "/opa run --server -…"   22 minutes ago   Up 22 minutes               0.0.0.0:8181->8181/tcp                                                 salt-box-opa-1

Login to Salt.Box web interface

if the Salt.Box server is installed locally, go to
http://<Address specified in the WEB_SERVER_OUTER_SOCKET variable of the .env file>
in your web browser,

or go to
https://<Address specified in the WEB_SERVER_OUTER_SOCKET variable of the .env file>
if the Salt.Box server is accessed via a reverse proxy server.

In the second case, the web browser will display a warning about the self-signed certificate. Make an exception for this site.

Dev mode

info

The information provided in this section is intended for software developers and is not important for standard deployment of the Salt.Box server.

Synopsis

Dev mode allows to build images instead of pulling pre-built ones, and also adds a few useful overrides.

Look at Dev options section of your example.env file copy.
To enable dev options uncomment required COMPOSE_FILE= lines.
Then run compose as usual.

Use --watch flag or toggle watch with w in attached mode to rebuld dev-services on changes.

caution

Do not use development mode on production environments because it may change the data.

Build images in dev mode

To build clean images use command with enabled COMPOSE_FILE overrides:

sudo docker compose build --no-cache

--no-cache guarantees build with latest dependencies.

Connect to redis-salt instance

Dev mode allows to connect to the Redis instance by URL rediss://localhost:6379 (SIC!).
Since TLS is enabled client may skip a certificate validation (option like --insecure) or use a CA certificate.
The last may be obtained with command:

sudo docker compose exec redis-salt cat /etc/redis/certs/ca.crt

Dev minions

Dev mode provides amount of impersistent minions in replica mode.
Look for options in the example.env file.

Dev minions do not keep their keys between restarts so keys will be dropped on the master.
Some operations may result in the loss of minions.
In that case try the following command, which should reconnect minions:

sudo docker compose restart salt-master

info

docker compose up --force-recreate salt-master command does not regenerate minions.

Cleanup

Cleanup data

After changes made, created containers and volumes may become incompatible with current code without special migrations.
To fix startup problems on developement environment stop containters with Control-c and make them down:

sudo docker compose -f compose.yaml -f compose-dev-override.yaml down --volumes

info

The --volumes flag will purge attached volumes and result in data loss.
Make sure not to lose production data.

Cleanup stale Docker stuff

When code and configs change, new layers and other objects are created.
To free up resources, you can run the cleanup command for unused Docker objects.

caution

If you have stopped containers that you plan to restart later, they will be removed.
The same applies to images and networks that are not currently in use.
To control removal, do not use the --all and --force options.

The cleanup command syntax is:

sudo docker system prune

Development agreements

Redis: channels

Hash name should be in form of OBJ_TYPE:{ID}:DATA_TYPE e.g. minion:{MID}:grains.
Use the singular form for the OBJ_TYPE and the plural form for the DATA_TYPE because there are multiple values ​​for an object.

Keycloak

Keycloak for admin user (password in file ./secrets/keycloak_admin_password): http://localhost/auth/keycloak/