saltstack api安装使用

Posted 北方姆Q

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了saltstack api安装使用相关的知识,希望对你有一定的参考价值。

Salt自然也是提供api的,使用api对自动化有极大的帮助,我们使用rest风格的api,当然大家都知道salt是python写的,那么自然也就提供了对应的api,但是并不建议使用,因为调用python api的程序是必须运行在master上的,并且此api对python3并不友好

 1 [[email protected] ~]# yum install pyOpenSSL salt-api –y
 2 [[email protected] ~]# salt-call --local tls.create_self_signed_cert
 3 local:
 4 Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt."
 5 [[email protected] ~]# vim /etc/salt/master
 6 [[email protected] ~]# grep "^[a-Z]" /etc/salt/master
 7 default_include: master.d/*.conf                    # 打开这个
 8 file_roots:
 9 [[email protected] master.d]# cd /etc/salt/master.d/
10 [[email protected] master.d]# cat api.conf                 # 定义key存放位置与提供端口
11 rest_cherrypy:
12   port: 8000
13   ssl_crt: /etc/pki/tls/certs/localhost.crt
14   ssl_key: /etc/pki/tls/certs/localhost.key
15 [[email protected] master.d]# cat auth.conf             # 定义权限
16 external_auth:
17   pam:
18     thatch:
19       - ‘@wheel‘   # to allow access to all wheel modules
20       - ‘@runner‘  # to allow access to all runner modules
21       - ‘@jobs‘    # to allow access to the jobs runner and/or wheel module
22 [[email protected] master.d]# cat pam.conf             # 定义认证
23 external_auth:
24   pam:
25     saltapi:
26       - .*
27 [[email protected] master.d]# systemctl restart salt-master.service 
28 [[email protected] master.d]# systemctl restart salt-api
29 [[email protected] master.d]# netstat -tpln
30 Active Internet connections (only servers)
31 Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
32 tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd           
33 tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      998/sshd            
34 tcp        0      0 0.0.0.0:4505            0.0.0.0:*               LISTEN      92795/python        
35 tcp        0      0 0.0.0.0:4506            0.0.0.0:*               LISTEN      92801/python        
36 tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN      93821/python        
37 tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd           
38 tcp6       0      0 :::22                   :::*                    LISTEN      998/sshd   
39 [[email protected] master.d]# useradd -M -s /sbin/nologin saltapi        # 正式环境指定guid
40 [[email protected] master.d]# passwd saltapi
41 Changing password for user saltapi.
42 New password: 
43 BAD PASSWORD: The password is shorter than 8 characters
44 Retype new password: 
45 passwd: all authentication tokens updated successfully.

换台机器测试一下

 1 [[email protected] tmp]# curl -sSk https://192.168.56.11:8000/login \
 2 >     -H Accept: application/x-yaml \                        # 返回yaml格式,读直观
 3 >     -d username=saltapi  4 >     -d password=saltapi  5 >     -d eauth=pam                                        # 认证模式是pam
 6 return:
 7 - eauth: pam
 8   expire: 1511276286.304869                                # 该token过期时间
 9   perms: {}
10   start: 1511233086.304869
11   token: 9374cd95e861ba80cda73375b50917446d7a45f2            # 这个很重要
12   user: saltapi
13 [[email protected] tmp]# curl -sSk https://192.168.56.11:8000 \
14 >     -H Accept: application/x-yaml 15 >     -H X-Auth-Token: 9374cd95e861ba80cda73375b50917446d7a45f2\        # token
16 >     -d client=local 17 >     -d tgt=* 18 >     -d fun=test.ping
19 return:                                            # 返回的信息很直观
20 - linux-node1.example.com: true
21  linux-node2.example.com: true
22 [[email protected] ~]# curl -sSk https://192.168.56.11:8000/login \
23 >     -H Accept: application/json \                    # 返回json格式,容易解析
24 >     -d username=saltapi 25 >     -d password=saltapi 26 >     -d eauth=pam
27 {"return": [{"perms": [".*"], "start": 1511235669.459298, "token": "9374cd95e861ba80cda73375b50917446d7a45f2‘", "expire": 1511278869.459298, "user": "saltapi", "eauth": "pam"}]} 
28 [[email protected] ~]# curl -sSk https://192.168.56.11:8000 \
29 >     -H Accept: application/json 30 >     -H X-Auth-Token: 9374cd95e861ba80cda73375b50917446d7a45f231 >     -d client=local 32 >     -d tgt=* 33 >     -d fun=test.ping
34 {"return": [{"linux-node1.example.com": true, "linux-node2.example.com": true}]}

 

以上是关于saltstack api安装使用的主要内容,如果未能解决你的问题,请参考以下文章

saltstack的api安装以及使用解释

Saltstack-API

saltstack API

SaltStack RESTful API的调用

saltstack python api 调用

centos 7.4 x86 安装saltstack