tls_grain_demo

1. Build an image from the Dockerfile:
   docker build --rm=true -t="salt-apache"
2. Install salt-master and configure it to auto_accept minion keys
3. Spin up some docker containers from the salt-apache docker image created in step 1:
   for i in {1..5}; do docker run --privileged --hostname=salt-test-$i --add-host=salt:10.0.2.15 -p 800$i:443 -p 810$i:80 --name=salt-minion$i -e "ADDR=172.17.0.1$i" -e "ETH0=172.17.0.$i" -d salt-apache; done
4. Make sure the minions are listed on the Salt master:
   salt-key -L
5. Run the initialize.sls state file on all minions to set up apache to use mod_ssl, create a local certificate authority, generate certificates, create a virtual interface, and get services started:
   salt '**' state.sls apache.initialize
   *** Note: In order for salt to locate apache.initialize, you'll need an apache folder in your Salt master's file_roots base directory
   ** If your file_roots base is /srv/salt, create a subdirectory called 'apache' and copy initialize.sls into it
6. Create a directory called '_grains' in your file_roots base directory and copy the tls grain file (v4.py) into it:
   mkdir /srv/salt/_grains && cp v4.py /srv/salt/_grains
7. Sync the grain to the minions:
   salt '*' saltutil.sync_grains
8. You're ready to get TLS data back via the grain. Tell salt to get the cert grain from a minion:
   salt 'salt-test-1' grains.get cert