码迷,mamicode.com
首页 > Windows程序 > 详细

saltstack api安装使用

时间:2017-11-21 15:01:10      阅读:353      评论:0      收藏:0      [点我收藏+]

标签:cep   .com   private   uid   tcp6   模式   https   curl   bad   

Salt自然也是提供api的,使用api对自动化有极大的帮助,我们使用rest风格的api,当然大家都知道salt是python写的,那么自然也就提供了对应的api,但是并不建议使用,因为调用python api的程序是必须运行在master上的,并且此api对python3并不友好

 1 [root@linux-node1 ~]# yum install pyOpenSSL salt-api –y
 2 [root@linux-node1 ~]# salt-call --local tls.create_self_signed_cert
 3 local:
 4 Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt."
 5 [root@linux-node1 ~]# vim /etc/salt/master
 6 [root@linux-node1 ~]# grep "^[a-Z]" /etc/salt/master
 7 default_include: master.d/*.conf                    # 打开这个
 8 file_roots:
 9 [root@linux-node1 master.d]# cd /etc/salt/master.d/
10 [root@linux-node1 master.d]# cat api.conf                 # 定义key存放位置与提供端口
11 rest_cherrypy:
12   port: 8000
13   ssl_crt: /etc/pki/tls/certs/localhost.crt
14   ssl_key: /etc/pki/tls/certs/localhost.key
15 [root@linux-node1 master.d]# cat auth.conf             # 定义权限
16 external_auth:
17   pam:
18     thatch:
19       - ‘@wheel‘   # to allow access to all wheel modules
20       - ‘@runner‘  # to allow access to all runner modules
21       - ‘@jobs‘    # to allow access to the jobs runner and/or wheel module
22 [root@linux-node1 master.d]# cat pam.conf             # 定义认证
23 external_auth:
24   pam:
25     saltapi:
26       - .*
27 [root@linux-node1 master.d]# systemctl restart salt-master.service 
28 [root@linux-node1 master.d]# systemctl restart salt-api
29 [root@linux-node1 master.d]# netstat -tpln
30 Active Internet connections (only servers)
31 Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
32 tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd           
33 tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      998/sshd            
34 tcp        0      0 0.0.0.0:4505            0.0.0.0:*               LISTEN      92795/python        
35 tcp        0      0 0.0.0.0:4506            0.0.0.0:*               LISTEN      92801/python        
36 tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN      93821/python        
37 tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd           
38 tcp6       0      0 :::22                   :::*                    LISTEN      998/sshd   
39 [root@linux-node1 master.d]# useradd -M -s /sbin/nologin saltapi        # 正式环境指定guid
40 [root@linux-node1 master.d]# passwd saltapi
41 Changing password for user saltapi.
42 New password: 
43 BAD PASSWORD: The password is shorter than 8 characters
44 Retype new password: 
45 passwd: all authentication tokens updated successfully.

换台机器测试一下

 1 [root@linux-node2 tmp]# curl -sSk https://192.168.56.11:8000/login \
 2 >     -H Accept: application/x-yaml \                        # 返回yaml格式,读直观
 3 >     -d username=saltapi  4 >     -d password=saltapi  5 >     -d eauth=pam                                        # 认证模式是pam
 6 return:
 7 - eauth: pam
 8   expire: 1511276286.304869                                # 该token过期时间
 9   perms: {}
10   start: 1511233086.304869
11   token: 9374cd95e861ba80cda73375b50917446d7a45f2            # 这个很重要
12   user: saltapi
13 [root@linux-node2 tmp]# curl -sSk https://192.168.56.11:8000 \
14 >     -H Accept: application/x-yaml 15 >     -H X-Auth-Token: 9374cd95e861ba80cda73375b50917446d7a45f2\        # token
16 >     -d client=local 17 >     -d tgt=* 18 >     -d fun=test.ping
19 return:                                            # 返回的信息很直观
20 - linux-node1.example.com: true
21  linux-node2.example.com: true
22 [root@linux-node3 ~]# curl -sSk https://192.168.56.11:8000/login \
23 >     -H Accept: application/json \                    # 返回json格式,容易解析
24 >     -d username=saltapi 25 >     -d password=saltapi 26 >     -d eauth=pam
27 {"return": [{"perms": [".*"], "start": 1511235669.459298, "token": "9374cd95e861ba80cda73375b50917446d7a45f2‘", "expire": 1511278869.459298, "user": "saltapi", "eauth": "pam"}]} 
28 [root@linux-node3 ~]# curl -sSk https://192.168.56.11:8000 \
29 >     -H Accept: application/json 30 >     -H X-Auth-Token: 9374cd95e861ba80cda73375b50917446d7a45f231 >     -d client=local 32 >     -d tgt=* 33 >     -d fun=test.ping
34 {"return": [{"linux-node1.example.com": true, "linux-node2.example.com": true}]}

 

saltstack api安装使用

标签:cep   .com   private   uid   tcp6   模式   https   curl   bad   

原文地址:http://www.cnblogs.com/bfmq/p/7872492.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!