SaltStack配置salt-api第十二篇
介绍
SaltStack官方提供有REST API格式的 salt-api项目,将使Salt与第三方系统集成变得尤为简单。本文讲带你了解如何安装配置Salt-API, 如何利用Salt-API获取想要的信息
步骤
安装
查看salt-master版本,内核信息及系统版本
[root@linux-node1 master.d]# rpm -qa |grep salt-master
salt-master-2015.5.-.el7.noarch [root@linux-node1 master.d]# more /etc/redhat-release
CentOS Linux release 7.2. (Core)
一,在salt-master上面安装
[root@linux-node1 ~]# yum -y install salt-api
二,检查cherry包是否安装
[root@linux-node1 ~]# rpm -qa |grep cherry
python-cherrypy-3.2.-.el7.noarch
三,安装pyOpenSSL包
[root@linux-node1 ~]# yum list |grep -i pyOpenSSL
pyOpenSSL.x86_64 0.13.-.el7 base
pyOpenSSL-doc.noarch 0.13.-.el7 base
[root@linux-node1 ~]# yum install pyOpenSSL
四,自签名证书,生产环境我们可以购买证书
[root@linux-node1 ~]# salt-call --local tls.create_self_signed_cert #下面有版本提示 暂时忽略
[ERROR ] You should upgrade pyOpenSSL to at least 0.14. to enable the use of X509 extensions
local:
Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt."
五,在salt-master上,打开include功能方便管理
[root@linux-node1 ~]# grep ^default /etc/salt/master
default_include: master.d/*.conf
六,添加api配置到salt-master配置文件
[root@linux-node1 salt]# mkdir master.d #如果是新版本会自动生成此目录
[root@linux-node1 salt]# cd master.d/
[root@linux-node1 master.d]# vim api.conf
[root@linux-node1 master.d]# cat api.conf
rest_cherrypy:
host: 192.168.56.11
port:
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/certs/localhost.key
七,创建用户 -M不创建家目录 ,并设置密码
[root@linux-node1 master.d]# useradd -M -s /sbin/nologin saltapi
[root@linux-node1 master.d]# echo "saltapi" | passwd saltapi --stdin
Changing password for user saltapi.
passwd: all authentication tokens updated successfully.
八,在salt-master配置文件里添加验证,在include的目录下创建新文件
[root@linux-node1 master.d]# pwd
/etc/salt/master.d
[root@linux-node1 master.d]# vi auth.conf
[root@linux-node1 master.d]# cat auth.conf
external_auth:
pam:
saltapi:
- .*
- '@wheel'
- '@runner'
- '@jobs'
九,重启salt-master和启动salt-api
[root@linux-node1 master.d]# systemctl restart salt-master
[root@linux-node1 master.d]# systemctl start salt-api
十,查看salt-api端口监听
[root@linux-node1 master.d]# netstat -an |grep
tcp 192.168.56.11: 0.0.0.0:* LISTEN
tcp 192.168.56.11: 192.168.56.11: TIME_WAIT
十一,验证login登陆,获取token字符串
[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000/login \
> -H 'Accept: application/x-yaml' \
> -d username='saltapi' \
> -d password='saltapi' \
> -d eauth='pam'
return:
- eauth: pam
expire: 1508781206.155773
perms:
- .*
- '@wheel'
- '@runner'
- '@jobs'
start: 1508738006.155772
token: 097e62c6b81ad08019905f55799971a146b392a9
user: saltapi
十二,通过api执行test.ping测试连通性
[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000 \
> -H 'Accept: application/x-yaml' \
> -H 'X-Auth-Token: 097e62c6b81ad08019905f55799971a146b392a9'\
> -d client=local \
> -d tgt='*' \
> -d fun=test.ping
return:
- linux-node1.example.com: true
linux-node2.example.com: true
十三,执行cmd.run
[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000 \
> -H 'Accept: application/x-yaml' \
> -H 'X-Auth-Token: 097e62c6b81ad08019905f55799971a146b392a9'\
> -d client=local \
> -d tgt='*' \
> -d fun='cmd.run' -d arg='date'
return:
- linux-node1.example.com: Mon Oct :: EDT
linux-node2.example.com: Mon Oct :: EDT
十四,执行状态模块
[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000 \
> -H 'Accept: application/x-yaml' \
> -H 'X-Auth-Token: 097e62c6b81ad08019905f55799971a146b392a9'\
> -d client=local \
> -d tgt='*' \
> -d fun='state.sls' -d arg='web.lamp'
return:
- linux-node1.example.com:
cmd_|-apache-auth_|-htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin_|-run:
__run_num__:
changes: {}
comment: unless execution succeeded
duration: 5.93
name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
result: true
skip_watch: true
start_time: '02:03:25.724448'
file_|-apache-conf_|-/etc/httpd/conf.d_|-recurse:
__run_num__:
changes: {}
comment: The directory /etc/httpd/conf.d is in the correct state
duration: 22.914
name: /etc/httpd/conf.d
result: true
start_time: '02:03:25.698432'
file_|-apache-config_|-/etc/httpd/conf/httpd.conf_|-managed:
__run_num__:
changes: {}
comment: File /etc/httpd/conf/httpd.conf is in the correct state
duration: 12.031
name: /etc/httpd/conf/httpd.conf
result: true
start_time: '02:03:25.452497'
file_|-php-config_|-/etc/php.ini_|-managed:
__run_num__:
changes: {}
comment: File /etc/php.ini is in the correct state
duration: 4.087
name: /etc/php.ini
result: true
start_time: '02:03:25.464632'
pkg_|-apache-auth_|-httpd-tools_|-installed:
__run_num__:
changes: {}
comment: Package httpd-tools is already installed.
duration: 0.661
name: httpd-tools
result: true
start_time: '02:03:25.721441'
pkg_|-lamp-install_|-lamp-install_|-installed:
__run_num__:
changes: {}
comment: All specified packages are already installed.
duration: 1109.108
name: php
result: true
start_time: '02:03:24.341037'
service_|-lamp-service_|-httpd_|-running:
__run_num__:
changes: {}
comment: Service httpd is already enabled, and is in the desired state
duration: 228.811
name: httpd
result: true
start_time: '02:03:25.469465'
linux-node2.example.com:
cmd_|-apache-auth_|-htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin_|-run:
__run_num__:
changes: {}
comment: unless execution succeeded
duration: 7.081
name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
result: true
skip_watch: true
start_time: '02:03:25.790118'
file_|-apache-conf_|-/etc/httpd/conf.d_|-recurse:
__run_num__:
changes: {}
comment: The directory /etc/httpd/conf.d is in the correct state
duration: 25.616
name: /etc/httpd/conf.d
result: true
start_time: '02:03:25.762374'
file_|-apache-config_|-/etc/httpd/conf/httpd.conf_|-managed:
__run_num__:
changes: {}
comment: File /etc/httpd/conf/httpd.conf is in the correct state
duration: 21.026
name: /etc/httpd/conf/httpd.conf
result: true
start_time: '02:03:25.489748'
file_|-php-config_|-/etc/php.ini_|-managed:
__run_num__:
changes: {}
comment: File /etc/php.ini is in the correct state
duration: 5.21
name: /etc/php.ini
result: true
start_time: '02:03:25.510932'
pkg_|-apache-auth_|-httpd-tools_|-installed:
__run_num__:
changes: {}
comment: Package httpd-tools is already installed.
duration: 0.469
name: httpd-tools
result: true
start_time: '02:03:25.788164'
pkg_|-lamp-install_|-lamp-install_|-installed:
__run_num__:
changes: {}
comment: All specified packages are already installed.
duration: 813.972
name: php
result: true
start_time: '02:03:24.672610'
service_|-lamp-service_|-httpd_|-running:
__run_num__:
changes: {}
comment: Service httpd is already enabled, and is in the desired state
duration: 245.069
name: httpd
result: true
start_time: '02:03:25.517134'
十五,以json格式输出
[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000 \
> -H 'Accept: application/json' \
> -H 'X-Auth-Token: 097e62c6b81ad08019905f55799971a146b392a9'\
> -d client=local \
> -d tgt='*' \
> -d fun='cmd.run' -d arg='w'
{"return": [{"linux-node1.example.com": " 02:06:05 up 20:29, 1 user, load average: 0.00, 0.03, 0.05\nUSER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT\nroot pts/0
192.168.56.1 21:41 5.00s 2.75s 0.10s curl -sSk https://192.168.56.11:8000 -H Accept: application/json
-H X-Auth-Token: 097e62c6b81ad08019905f55799971a146b392a9 -d client=local -d tgt=* -d fun=cmd.run -d arg=w", "linux-node2.example.com": " 02:06:06 up 20:29,
0 users, load average: 0.02, 0.02, 0.05\nUSER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT"}]}
十六,获取grains信息
[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000/minions/linux-node1.example.com \
> -H 'Accept: application/x-yaml' \
> -H 'X-Auth-Token: bfd71d03c3c933ae3ae496d27fb3a131a748723e'
return:
- linux-node1.example.com:
SSDs: []
biosreleasedate: //
biosversion: '6.00'
cpu_flags:
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- dts
- mmx
- fxsr
- sse
- sse2
- ss
- ht
- syscall
- nx
- pdpe1gb
- rdtscp
- lm
- constant_tsc
- arch_perfmon
- pebs
- bts
- nopl
- xtopology
- tsc_reliable
- nonstop_tsc
- aperfmperf
- eagerfpu
- pni
- pclmulqdq
- ssse3
- fma
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- movbe
- popcnt
- tsc_deadline_timer
- aes
- xsave
- avx
- f16c
- rdrand
- hypervisor
- lahf_lm
- abm
- 3dnowprefetch
- ida
- arat
- epb
- pln
- pts
- dtherm
- hwp
- hwp_noitfy
- hwp_act_window
- hwp_epp
- fsgsbase
- tsc_adjust
- bmi1
- avx2
- smep
- bmi2
- invpcid
- rdseed
- adx
- smap
- xsaveopt
- xsavec
- xgetbv1
- xsaves
cpu_model: Intel(R) Core(TM) i5-6200U CPU @ .30GHz
cpuarch: x86_64
domain: example.com
fqdn: linux-node1.example.com
fqdn_ip4:
- 192.168.56.11
fqdn_ip6: []
gpus:
- model: SVGA II Adapter
vendor: unknown
host: linux-node1
hwaddr_interfaces:
eth0: :0c::3c::
lo: :::::
id: linux-node1.example.com
init: systemd
ip4_interfaces:
eth0:
- 192.168.56.11
lo:
- 127.0.0.1
ip6_interfaces:
eth0:
- fe80::20c:29ff:fe3c:
lo:
- ::
ip_interfaces:
eth0:
- 192.168.56.11
- fe80::20c:29ff:fe3c:
lo:
- 127.0.0.1
- ::
ipv4:
- 127.0.0.1
- 192.168.56.11
ipv6:
- ::
- fe80::20c:29ff:fe3c:
kernel: Linux
kernelrelease: 3.10.-327.28..el7.x86_64
locale_info:
defaultencoding: UTF-
defaultlanguage: en_US
detectedencoding: UTF-
localhost: linux-node1
lsb_distrib_id: CentOS Linux
machine_id: 14e217a8e7d7475391d62b10129baa2f
manufacturer: VMware, Inc.
master: 192.168.56.11
mdadm: []
mem_total:
nodename: linux-node1
num_cpus:
num_gpus:
os: CentOS
os_family: RedHat
osarch: x86_64
oscodename: Core
osfinger: CentOS Linux-
osfullname: CentOS Linux
osmajorrelease: ''
osrelease: 7.2.
osrelease_info:
-
-
-
path: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
productname: VMware Virtual Platform
ps: ps -efH
pythonexecutable: /usr/bin/python
pythonpath:
- /usr/bin
- /usr/lib64/python27.zip
- /usr/lib64/python2.
- /usr/lib64/python2./plat-linux2
- /usr/lib64/python2./lib-tk
- /usr/lib64/python2./lib-old
- /usr/lib64/python2./lib-dynload
- /usr/lib64/python2./site-packages
- /usr/lib/python2./site-packages
pythonversion:
-
-
-
- final
-
saltpath: /usr/lib/python2./site-packages/salt
saltversion: 2015.5.
saltversioninfo:
-
-
-
-
selinux:
enabled: false
enforced: Disabled
serialnumber: VMware- 4d 7e 4c a3- e4 0f 3c
server_id:
shell: /bin/sh
systemd:
features: +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
version: ''
virtual: VMware
zmqversion: 3.2.
总结
1.salt-api必须使用https,生产环境建议使用可信证书
2.当salt-api服务重启后原token失效
附 英文文档一份
https://www.unixhot.com/docs/saltstack/ref/netapi/all/salt.netapi.rest_cherrypy.html#a-rest-api-for-salt
SaltStack配置salt-api第十二篇的更多相关文章
- Python开发【第二十二篇】:Web框架之Django【进阶】
Python开发[第二十二篇]:Web框架之Django[进阶] 猛击这里:http://www.cnblogs.com/wupeiqi/articles/5246483.html 博客园 首页 ...
- 跟我学SpringCloud | 第十二篇:Spring Cloud Gateway初探
SpringCloud系列教程 | 第十二篇:Spring Cloud Gateway初探 Springboot: 2.1.6.RELEASE SpringCloud: Greenwich.SR1 如 ...
- 第十二篇 SQL Server代理多服务器管理
本篇文章是SQL Server代理系列的第十二篇,详细内容请参考原文 在这一系列的上一篇,我们查看了维护计划,一个维护计划可能会创建多个作业,多个计划.你还简单地看了SSIS子系统,并查看了维护计划作 ...
- 第十二篇 Integration Services:高级日志记录
本篇文章是Integration Services系列的第十二篇,详细内容请参考原文. 简介在前一篇文章我们配置了SSIS内置日志记录,演示了简单和高级日志配置,保存并查看日志配置,生成自定义日志消息 ...
- 【译】第十二篇 Integration Services:高级日志记录
本篇文章是Integration Services系列的第十二篇,详细内容请参考原文. 简介在前一篇文章我们配置了SSIS内置日志记录,演示了简单和高级日志配置,保存并查看日志配置,生成自定义日志消息 ...
- 【译】第十二篇 SQL Server代理多服务器管理
本篇文章是SQL Server代理系列的第十二篇,详细内容请参考原文 在这一系列的上一篇,我们查看了维护计划,一个维护计划可能会创建多个作业,多个计划.你还简单地看了SSIS子系统,并查看了维护计划作 ...
- Spring Cloud第十二篇 | 消息总线Bus
本文是Spring Cloud专栏的第十二篇文章,了解前十一篇文章内容有助于更好的理解本文: Spring Cloud第一篇 | Spring Cloud前言及其常用组件介绍概览 Spring ...
- 13. 第十二篇 二进制安装kubelet
文章转载自:https://mp.weixin.qq.com/s?__biz=MzI1MDgwNzQ1MQ==&mid=2247483842&idx=1&sn=1ef1cb06 ...
- 解剖SQLSERVER 第十二篇 OrcaMDF 行压缩支持(译)
解剖SQLSERVER 第十二篇 OrcaMDF 行压缩支持(译) http://improve.dk/orcamdf-row-compression-support/ 在这两个月的断断续续的开发 ...
- Python之路【第十二篇】:JavaScrpt -暂无内容-待更新
Python之路[第十二篇]:JavaScrpt -暂无内容-待更新
随机推荐
- Buffer Data
waylau/netty-4-user-guide: Chinese translation of Netty 4.x User Guide. 中文翻译<Netty 4.x 用户指南> h ...
- 3 differences between Savepoints and Checkpoints in Apache Flink
https://mp.weixin.qq.com/s/nQOxsZUZSiPi7Sx40mgwsA 20181104 3 differences between Savepoints and Chec ...
- 把www.domain.com均衡到本机不同的端口 反向代理 隐藏端口 Nginx做非80端口转发 搭建nginx反向代理用做内网域名转发 location 规则
负载均衡-Nginx中文文档 http://www.nginx.cn/doc/example/loadbanlance.html 负载均衡 一个简单的负载均衡的示例,把www.domain.com均衡 ...
- 4.1 - FTP文件上传下载
题目:开发一个支持多用户同时在线的FTP程序要求:1.用户加密认证2.允许同时多用户登录3.每个用户有自己的家目录,且只能访问自己的家目录4.对用户进行磁盘配额,每个用户的可用空间不同5.允许用户在f ...
- 都说新的Arraylist 扩容是(1.5倍+1) 看了1.8的源代码发现不是这么回事
都说新的Arraylist 扩容是(1.5倍+1) 看了1.8的源代码发现不是这么回事 就用下面这段代码在jdk的三个版本运行看了下效果 import java.lang.reflect.Field; ...
- Linux下多个.c文件的编译和Makefile文件
在编程的时候,我们可以把一个完整程序的每个函数分离出来,写成.c文件,最后再一起编译和链接.这样有利于程序功能模块化,也方便检查代码错误. .h文件:里面编辑该程序需要引用的头文件. #ifndef ...
- Linux系统下RPM命令和yum的使用
Linux系统下RPM命令和yum的使用 RPM:Redhat Packages Manager (红帽系列软件包的管理),主要用于安装.卸载.升级和管理软件. 一个包由下面几个部分构成: 例如:ht ...
- 进程 、进程组、会话、控制终端之间的关系 (转载 http://blog.csdn.net/yh1548503342/article/details/41891047)
一个进程组可以包含多个进程 进程组中的这些进程之间不是孤立的,他们彼此之间或者存在者父子.兄弟关系,或者在功能有相近的联系. 那linux为什么要有进程组呢?其实提供进程组就是方便管理这些进程.假设要 ...
- spoj1812 LCS2 - Longest Common Substring II
地址:http://www.spoj.com/problems/LCS2/ 题面: LCS2 - Longest Common Substring II no tags A string is fi ...
- XVII Open Cup named after E.V. Pankratiev Grand Prix of Moscow Workshops, Sunday, April 23, 2017 Problem D. Great Again
题目: Problem D. Great AgainInput file: standard inputOutput file: standard outputTime limit: 2 second ...