SaltStack配置salt-api第十二篇
介绍
SaltStack官方提供有REST API格式的 salt-api项目,将使Salt与第三方系统集成变得尤为简单。本文讲带你了解如何安装配置Salt-API, 如何利用Salt-API获取想要的信息
步骤
安装
查看salt-master版本,内核信息及系统版本
[root@linux-node1 master.d]# rpm -qa |grep salt-master
salt-master-2015.5.-.el7.noarch [root@linux-node1 master.d]# more /etc/redhat-release
CentOS Linux release 7.2. (Core)
一,在salt-master上面安装
[root@linux-node1 ~]# yum -y install salt-api
二,检查cherry包是否安装
[root@linux-node1 ~]# rpm -qa |grep cherry
python-cherrypy-3.2.-.el7.noarch
三,安装pyOpenSSL包
[root@linux-node1 ~]# yum list |grep -i pyOpenSSL
pyOpenSSL.x86_64 0.13.-.el7 base
pyOpenSSL-doc.noarch 0.13.-.el7 base
[root@linux-node1 ~]# yum install pyOpenSSL
四,自签名证书,生产环境我们可以购买证书
[root@linux-node1 ~]# salt-call --local tls.create_self_signed_cert #下面有版本提示 暂时忽略
[ERROR ] You should upgrade pyOpenSSL to at least 0.14. to enable the use of X509 extensions
local:
Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt."
五,在salt-master上,打开include功能方便管理
[root@linux-node1 ~]# grep ^default /etc/salt/master
default_include: master.d/*.conf
六,添加api配置到salt-master配置文件
[root@linux-node1 salt]# mkdir master.d #如果是新版本会自动生成此目录
[root@linux-node1 salt]# cd master.d/
[root@linux-node1 master.d]# vim api.conf
[root@linux-node1 master.d]# cat api.conf
rest_cherrypy:
host: 192.168.56.11
port:
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/certs/localhost.key
七,创建用户 -M不创建家目录 ,并设置密码
[root@linux-node1 master.d]# useradd -M -s /sbin/nologin saltapi
[root@linux-node1 master.d]# echo "saltapi" | passwd saltapi --stdin
Changing password for user saltapi.
passwd: all authentication tokens updated successfully.
八,在salt-master配置文件里添加验证,在include的目录下创建新文件
[root@linux-node1 master.d]# pwd
/etc/salt/master.d
[root@linux-node1 master.d]# vi auth.conf
[root@linux-node1 master.d]# cat auth.conf
external_auth:
pam:
saltapi:
- .*
- '@wheel'
- '@runner'
- '@jobs'
九,重启salt-master和启动salt-api
[root@linux-node1 master.d]# systemctl restart salt-master
[root@linux-node1 master.d]# systemctl start salt-api
十,查看salt-api端口监听
[root@linux-node1 master.d]# netstat -an |grep
tcp 192.168.56.11: 0.0.0.0:* LISTEN
tcp 192.168.56.11: 192.168.56.11: TIME_WAIT
十一,验证login登陆,获取token字符串
[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000/login \
> -H 'Accept: application/x-yaml' \
> -d username='saltapi' \
> -d password='saltapi' \
> -d eauth='pam'
return:
- eauth: pam
expire: 1508781206.155773
perms:
- .*
- '@wheel'
- '@runner'
- '@jobs'
start: 1508738006.155772
token: 097e62c6b81ad08019905f55799971a146b392a9
user: saltapi
十二,通过api执行test.ping测试连通性
[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000 \
> -H 'Accept: application/x-yaml' \
> -H 'X-Auth-Token: 097e62c6b81ad08019905f55799971a146b392a9'\
> -d client=local \
> -d tgt='*' \
> -d fun=test.ping
return:
- linux-node1.example.com: true
linux-node2.example.com: true
十三,执行cmd.run
[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000 \
> -H 'Accept: application/x-yaml' \
> -H 'X-Auth-Token: 097e62c6b81ad08019905f55799971a146b392a9'\
> -d client=local \
> -d tgt='*' \
> -d fun='cmd.run' -d arg='date'
return:
- linux-node1.example.com: Mon Oct :: EDT
linux-node2.example.com: Mon Oct :: EDT
十四,执行状态模块
[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000 \
> -H 'Accept: application/x-yaml' \
> -H 'X-Auth-Token: 097e62c6b81ad08019905f55799971a146b392a9'\
> -d client=local \
> -d tgt='*' \
> -d fun='state.sls' -d arg='web.lamp'
return:
- linux-node1.example.com:
cmd_|-apache-auth_|-htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin_|-run:
__run_num__:
changes: {}
comment: unless execution succeeded
duration: 5.93
name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
result: true
skip_watch: true
start_time: '02:03:25.724448'
file_|-apache-conf_|-/etc/httpd/conf.d_|-recurse:
__run_num__:
changes: {}
comment: The directory /etc/httpd/conf.d is in the correct state
duration: 22.914
name: /etc/httpd/conf.d
result: true
start_time: '02:03:25.698432'
file_|-apache-config_|-/etc/httpd/conf/httpd.conf_|-managed:
__run_num__:
changes: {}
comment: File /etc/httpd/conf/httpd.conf is in the correct state
duration: 12.031
name: /etc/httpd/conf/httpd.conf
result: true
start_time: '02:03:25.452497'
file_|-php-config_|-/etc/php.ini_|-managed:
__run_num__:
changes: {}
comment: File /etc/php.ini is in the correct state
duration: 4.087
name: /etc/php.ini
result: true
start_time: '02:03:25.464632'
pkg_|-apache-auth_|-httpd-tools_|-installed:
__run_num__:
changes: {}
comment: Package httpd-tools is already installed.
duration: 0.661
name: httpd-tools
result: true
start_time: '02:03:25.721441'
pkg_|-lamp-install_|-lamp-install_|-installed:
__run_num__:
changes: {}
comment: All specified packages are already installed.
duration: 1109.108
name: php
result: true
start_time: '02:03:24.341037'
service_|-lamp-service_|-httpd_|-running:
__run_num__:
changes: {}
comment: Service httpd is already enabled, and is in the desired state
duration: 228.811
name: httpd
result: true
start_time: '02:03:25.469465'
linux-node2.example.com:
cmd_|-apache-auth_|-htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin_|-run:
__run_num__:
changes: {}
comment: unless execution succeeded
duration: 7.081
name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
result: true
skip_watch: true
start_time: '02:03:25.790118'
file_|-apache-conf_|-/etc/httpd/conf.d_|-recurse:
__run_num__:
changes: {}
comment: The directory /etc/httpd/conf.d is in the correct state
duration: 25.616
name: /etc/httpd/conf.d
result: true
start_time: '02:03:25.762374'
file_|-apache-config_|-/etc/httpd/conf/httpd.conf_|-managed:
__run_num__:
changes: {}
comment: File /etc/httpd/conf/httpd.conf is in the correct state
duration: 21.026
name: /etc/httpd/conf/httpd.conf
result: true
start_time: '02:03:25.489748'
file_|-php-config_|-/etc/php.ini_|-managed:
__run_num__:
changes: {}
comment: File /etc/php.ini is in the correct state
duration: 5.21
name: /etc/php.ini
result: true
start_time: '02:03:25.510932'
pkg_|-apache-auth_|-httpd-tools_|-installed:
__run_num__:
changes: {}
comment: Package httpd-tools is already installed.
duration: 0.469
name: httpd-tools
result: true
start_time: '02:03:25.788164'
pkg_|-lamp-install_|-lamp-install_|-installed:
__run_num__:
changes: {}
comment: All specified packages are already installed.
duration: 813.972
name: php
result: true
start_time: '02:03:24.672610'
service_|-lamp-service_|-httpd_|-running:
__run_num__:
changes: {}
comment: Service httpd is already enabled, and is in the desired state
duration: 245.069
name: httpd
result: true
start_time: '02:03:25.517134'
十五,以json格式输出
[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000 \
> -H 'Accept: application/json' \
> -H 'X-Auth-Token: 097e62c6b81ad08019905f55799971a146b392a9'\
> -d client=local \
> -d tgt='*' \
> -d fun='cmd.run' -d arg='w'
{"return": [{"linux-node1.example.com": " 02:06:05 up 20:29, 1 user, load average: 0.00, 0.03, 0.05\nUSER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT\nroot pts/0
192.168.56.1 21:41 5.00s 2.75s 0.10s curl -sSk https://192.168.56.11:8000 -H Accept: application/json
-H X-Auth-Token: 097e62c6b81ad08019905f55799971a146b392a9 -d client=local -d tgt=* -d fun=cmd.run -d arg=w", "linux-node2.example.com": " 02:06:06 up 20:29,
0 users, load average: 0.02, 0.02, 0.05\nUSER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT"}]}
十六,获取grains信息
[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000/minions/linux-node1.example.com \
> -H 'Accept: application/x-yaml' \
> -H 'X-Auth-Token: bfd71d03c3c933ae3ae496d27fb3a131a748723e'
return:
- linux-node1.example.com:
SSDs: []
biosreleasedate: //
biosversion: '6.00'
cpu_flags:
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- dts
- mmx
- fxsr
- sse
- sse2
- ss
- ht
- syscall
- nx
- pdpe1gb
- rdtscp
- lm
- constant_tsc
- arch_perfmon
- pebs
- bts
- nopl
- xtopology
- tsc_reliable
- nonstop_tsc
- aperfmperf
- eagerfpu
- pni
- pclmulqdq
- ssse3
- fma
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- movbe
- popcnt
- tsc_deadline_timer
- aes
- xsave
- avx
- f16c
- rdrand
- hypervisor
- lahf_lm
- abm
- 3dnowprefetch
- ida
- arat
- epb
- pln
- pts
- dtherm
- hwp
- hwp_noitfy
- hwp_act_window
- hwp_epp
- fsgsbase
- tsc_adjust
- bmi1
- avx2
- smep
- bmi2
- invpcid
- rdseed
- adx
- smap
- xsaveopt
- xsavec
- xgetbv1
- xsaves
cpu_model: Intel(R) Core(TM) i5-6200U CPU @ .30GHz
cpuarch: x86_64
domain: example.com
fqdn: linux-node1.example.com
fqdn_ip4:
- 192.168.56.11
fqdn_ip6: []
gpus:
- model: SVGA II Adapter
vendor: unknown
host: linux-node1
hwaddr_interfaces:
eth0: :0c::3c::
lo: :::::
id: linux-node1.example.com
init: systemd
ip4_interfaces:
eth0:
- 192.168.56.11
lo:
- 127.0.0.1
ip6_interfaces:
eth0:
- fe80::20c:29ff:fe3c:
lo:
- ::
ip_interfaces:
eth0:
- 192.168.56.11
- fe80::20c:29ff:fe3c:
lo:
- 127.0.0.1
- ::
ipv4:
- 127.0.0.1
- 192.168.56.11
ipv6:
- ::
- fe80::20c:29ff:fe3c:
kernel: Linux
kernelrelease: 3.10.-327.28..el7.x86_64
locale_info:
defaultencoding: UTF-
defaultlanguage: en_US
detectedencoding: UTF-
localhost: linux-node1
lsb_distrib_id: CentOS Linux
machine_id: 14e217a8e7d7475391d62b10129baa2f
manufacturer: VMware, Inc.
master: 192.168.56.11
mdadm: []
mem_total:
nodename: linux-node1
num_cpus:
num_gpus:
os: CentOS
os_family: RedHat
osarch: x86_64
oscodename: Core
osfinger: CentOS Linux-
osfullname: CentOS Linux
osmajorrelease: ''
osrelease: 7.2.
osrelease_info:
-
-
-
path: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
productname: VMware Virtual Platform
ps: ps -efH
pythonexecutable: /usr/bin/python
pythonpath:
- /usr/bin
- /usr/lib64/python27.zip
- /usr/lib64/python2.
- /usr/lib64/python2./plat-linux2
- /usr/lib64/python2./lib-tk
- /usr/lib64/python2./lib-old
- /usr/lib64/python2./lib-dynload
- /usr/lib64/python2./site-packages
- /usr/lib/python2./site-packages
pythonversion:
-
-
-
- final
-
saltpath: /usr/lib/python2./site-packages/salt
saltversion: 2015.5.
saltversioninfo:
-
-
-
-
selinux:
enabled: false
enforced: Disabled
serialnumber: VMware- 4d 7e 4c a3- e4 0f 3c
server_id:
shell: /bin/sh
systemd:
features: +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
version: ''
virtual: VMware
zmqversion: 3.2.
总结
1.salt-api必须使用https,生产环境建议使用可信证书
2.当salt-api服务重启后原token失效
附 英文文档一份
https://www.unixhot.com/docs/saltstack/ref/netapi/all/salt.netapi.rest_cherrypy.html#a-rest-api-for-salt
SaltStack配置salt-api第十二篇的更多相关文章
- Python开发【第二十二篇】:Web框架之Django【进阶】
Python开发[第二十二篇]:Web框架之Django[进阶] 猛击这里:http://www.cnblogs.com/wupeiqi/articles/5246483.html 博客园 首页 ...
- 跟我学SpringCloud | 第十二篇:Spring Cloud Gateway初探
SpringCloud系列教程 | 第十二篇:Spring Cloud Gateway初探 Springboot: 2.1.6.RELEASE SpringCloud: Greenwich.SR1 如 ...
- 第十二篇 SQL Server代理多服务器管理
本篇文章是SQL Server代理系列的第十二篇,详细内容请参考原文 在这一系列的上一篇,我们查看了维护计划,一个维护计划可能会创建多个作业,多个计划.你还简单地看了SSIS子系统,并查看了维护计划作 ...
- 第十二篇 Integration Services:高级日志记录
本篇文章是Integration Services系列的第十二篇,详细内容请参考原文. 简介在前一篇文章我们配置了SSIS内置日志记录,演示了简单和高级日志配置,保存并查看日志配置,生成自定义日志消息 ...
- 【译】第十二篇 Integration Services:高级日志记录
本篇文章是Integration Services系列的第十二篇,详细内容请参考原文. 简介在前一篇文章我们配置了SSIS内置日志记录,演示了简单和高级日志配置,保存并查看日志配置,生成自定义日志消息 ...
- 【译】第十二篇 SQL Server代理多服务器管理
本篇文章是SQL Server代理系列的第十二篇,详细内容请参考原文 在这一系列的上一篇,我们查看了维护计划,一个维护计划可能会创建多个作业,多个计划.你还简单地看了SSIS子系统,并查看了维护计划作 ...
- Spring Cloud第十二篇 | 消息总线Bus
本文是Spring Cloud专栏的第十二篇文章,了解前十一篇文章内容有助于更好的理解本文: Spring Cloud第一篇 | Spring Cloud前言及其常用组件介绍概览 Spring ...
- 13. 第十二篇 二进制安装kubelet
文章转载自:https://mp.weixin.qq.com/s?__biz=MzI1MDgwNzQ1MQ==&mid=2247483842&idx=1&sn=1ef1cb06 ...
- 解剖SQLSERVER 第十二篇 OrcaMDF 行压缩支持(译)
解剖SQLSERVER 第十二篇 OrcaMDF 行压缩支持(译) http://improve.dk/orcamdf-row-compression-support/ 在这两个月的断断续续的开发 ...
- Python之路【第十二篇】:JavaScrpt -暂无内容-待更新
Python之路[第十二篇]:JavaScrpt -暂无内容-待更新
随机推荐
- Linux压缩解压缩(unzip,tar)
unzip tar 常用解压缩命令: tar -zxvpf:解压缩 tar -zcvpf: 压缩 # tar [-j|-z] [cv] [-f 建立的檔名] filename... <==打包与 ...
- 如何做rom,体验做rom过程,附图文教程,感谢各位romer
http://bbs.gfan.com/android-5408130-1-1.html 有人问我,我简单的写一下,来源XDA,运行环境ubuntu 10.4. ubuntu安装很简单,在window ...
- MySQL和时间戳有关的函数
1. MySQL 获得当前时间戳函数:current_timestamp, current_timestamp()mysql> select current_timestamp, current ...
- JUnit4.12 源码分析之Statement
1. Statement 抽象类Statement作为命令模式的Command,只有一个方法 各种Runner作为命令模式中的Invoker,将发出各种Statement,来表示它们运行JUnit测试 ...
- HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM'。
情况:WCF服务在浏览器中可以正常浏览,但是通过程序调用提示: HTTP request is unauthorized with client authentication scheme 'Anon ...
- nodejs跨平台应用
nodejs官网https://nodejs.org/download/release/ 一.发行版 1)ubuntu sudo apt-get install nodejssudo apt-get ...
- springboot使用tomcat apr模式
因需项目对并发要求比较高.提高Tomcat效率.使用tomcat apr模式.今天在这记录下使用过程.apr全称为apache portable runtime.这里套用下wiki对apr的解释. T ...
- python全栈开发从入门到放弃之推导式详解
variable = [out_exp_res for out_exp in input_list if out_exp == 2] out_exp_res: 列表生成元素表达式,可以是有返回值的函数 ...
- Using RUNDLL32.exe to call a function within a dll
Using RUNDLL32.exe to call a function within a dll Rundll32 is a utility included with Window ...
- ORM中的related_name
ORM 的反向查找(related_name) 先定义两个模型,一个是A,一个是B,是一对多的类型. class A(models.Model): name= models.CharField('名称 ...