saltstack api安装使用
2021-04-27 00:27
标签:cep .com private uid tcp6 模式 https curl bad Salt自然也是提供api的,使用api对自动化有极大的帮助,我们使用rest风格的api,当然大家都知道salt是python写的,那么自然也就提供了对应的api,但是并不建议使用,因为调用python api的程序是必须运行在master上的,并且此api对python3并不友好 换台机器测试一下 saltstack api安装使用 标签:cep .com private uid tcp6 模式 https curl bad 原文地址:http://www.cnblogs.com/bfmq/p/7872492.html 1 [root@linux-node1 ~]# yum install pyOpenSSL salt-api –y
2 [root@linux-node1 ~]# salt-call --local tls.create_self_signed_cert
3 local:
4 Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt."
5 [root@linux-node1 ~]# vim /etc/salt/master
6 [root@linux-node1 ~]# grep "^[a-Z]" /etc/salt/master
7 default_include: master.d/*.conf # 打开这个
8 file_roots:
9 [root@linux-node1 master.d]# cd /etc/salt/master.d/
10 [root@linux-node1 master.d]# cat api.conf # 定义key存放位置与提供端口
11 rest_cherrypy:
12 port: 8000
13 ssl_crt: /etc/pki/tls/certs/localhost.crt
14 ssl_key: /etc/pki/tls/certs/localhost.key
15 [root@linux-node1 master.d]# cat auth.conf # 定义权限
16 external_auth:
17 pam:
18 thatch:
19 - ‘@wheel‘ # to allow access to all wheel modules
20 - ‘@runner‘ # to allow access to all runner modules
21 - ‘@jobs‘ # to allow access to the jobs runner and/or wheel module
22 [root@linux-node1 master.d]# cat pam.conf # 定义认证
23 external_auth:
24 pam:
25 saltapi:
26 - .*
27 [root@linux-node1 master.d]# systemctl restart salt-master.service
28 [root@linux-node1 master.d]# systemctl restart salt-api
29 [root@linux-node1 master.d]# netstat -tpln
30 Active Internet connections (only servers)
31 Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
32 tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
33 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 998/sshd
34 tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 92795/python
35 tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 92801/python
36 tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 93821/python
37 tcp6 0 0 :::111 :::* LISTEN 1/systemd
38 tcp6 0 0 :::22 :::* LISTEN 998/sshd
39 [root@linux-node1 master.d]# useradd -M -s /sbin/nologin saltapi # 正式环境指定guid
40 [root@linux-node1 master.d]# passwd saltapi
41 Changing password for user saltapi.
42 New password:
43 BAD PASSWORD: The password is shorter than 8 characters
44 Retype new password:
45 passwd: all authentication tokens updated successfully.
1 [root@linux-node2 tmp]# curl -sSk https://192.168.56.11:8000/login \
2 > -H ‘Accept: application/x-yaml‘ \ # 返回yaml格式,读直观
3 > -d username=‘saltapi‘ 4 > -d password=‘saltapi‘ 5 > -d eauth=‘pam‘ # 认证模式是pam
6 return:
7 - eauth: pam
8 expire: 1511276286.304869 # 该token过期时间
9 perms: {}
10 start: 1511233086.304869
11 token: 9374cd95e861ba80cda73375b50917446d7a45f2 # 这个很重要
12 user: saltapi
13 [root@linux-node2 tmp]# curl -sSk https://192.168.56.11:8000 \
14 > -H ‘Accept: application/x-yaml‘ 15 > -H ‘X-Auth-Token: 9374cd95e861ba80cda73375b50917446d7a45f2‘\ # token
16 > -d client=local 17 > -d tgt=‘*‘ 18 > -d fun=test.ping
19 return: # 返回的信息很直观
20 - linux-node1.example.com: true
21 linux-node2.example.com: true
22 [root@linux-node3 ~]# curl -sSk https://192.168.56.11:8000/login \
23 > -H ‘Accept: application/json‘ \ # 返回json格式,容易解析
24 > -d username=‘saltapi‘ 25 > -d password=‘saltapi‘ 26 > -d eauth=pam
27 {"return": [{"perms": [".*"], "start": 1511235669.459298, "token": "9374cd95e861ba80cda73375b50917446d7a45f2‘", "expire": 1511278869.459298, "user": "saltapi", "eauth": "pam"}]}
28 [root@linux-node3 ~]# curl -sSk https://192.168.56.11:8000 \
29 > -H ‘Accept: application/json‘ 30 > -H ‘X-Auth-Token: 9374cd95e861ba80cda73375b50917446d7a45f2‘31 > -d client=local 32 > -d tgt=‘*‘ 33 > -d fun=test.ping
34 {"return": [{"linux-node1.example.com": true, "linux-node2.example.com": true}]}
上一篇:Winform 随手记