SaltStack配置salt-api第十二篇
介绍
SaltStack官方提供有REST API格式的 salt-api项目,将使Salt与第三方系统集成变得尤为简单。本文讲带你了解如何安装配置Salt-API, 如何利用Salt-API获取想要的信息
步骤
安装
查看salt-master版本,内核信息及系统版本
[root@linux-node1 master.d]# rpm -qa |grep salt-master
salt-master-2015.5.-.el7.noarch [root@linux-node1 master.d]# more /etc/redhat-release
CentOS Linux release 7.2. (Core)
一,在salt-master上面安装
[root@linux-node1 ~]# yum -y install salt-api
二,检查cherry包是否安装
[root@linux-node1 ~]# rpm -qa |grep cherry
python-cherrypy-3.2.-.el7.noarch
三,安装pyOpenSSL包
[root@linux-node1 ~]# yum list |grep -i pyOpenSSL
pyOpenSSL.x86_64 0.13.-.el7 base
pyOpenSSL-doc.noarch 0.13.-.el7 base
[root@linux-node1 ~]# yum install pyOpenSSL
四,自签名证书,生产环境我们可以购买证书
[root@linux-node1 ~]# salt-call --local tls.create_self_signed_cert #下面有版本提示 暂时忽略
[ERROR ] You should upgrade pyOpenSSL to at least 0.14. to enable the use of X509 extensions
local:
Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt."
五,在salt-master上,打开include功能方便管理
[root@linux-node1 ~]# grep ^default /etc/salt/master
default_include: master.d/*.conf
六,添加api配置到salt-master配置文件
[root@linux-node1 salt]# mkdir master.d #如果是新版本会自动生成此目录
[root@linux-node1 salt]# cd master.d/
[root@linux-node1 master.d]# vim api.conf
[root@linux-node1 master.d]# cat api.conf
rest_cherrypy:
host: 192.168.56.11
port:
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/certs/localhost.key
七,创建用户 -M不创建家目录 ,并设置密码
[root@linux-node1 master.d]# useradd -M -s /sbin/nologin saltapi
[root@linux-node1 master.d]# echo "saltapi" | passwd saltapi --stdin
Changing password for user saltapi.
passwd: all authentication tokens updated successfully.
八,在salt-master配置文件里添加验证,在include的目录下创建新文件
[root@linux-node1 master.d]# pwd
/etc/salt/master.d
[root@linux-node1 master.d]# vi auth.conf
[root@linux-node1 master.d]# cat auth.conf
external_auth:
pam:
saltapi:
- .*
- '@wheel'
- '@runner'
- '@jobs'
九,重启salt-master和启动salt-api
[root@linux-node1 master.d]# systemctl restart salt-master
[root@linux-node1 master.d]# systemctl start salt-api
十,查看salt-api端口监听
[root@linux-node1 master.d]# netstat -an |grep
tcp 192.168.56.11: 0.0.0.0:* LISTEN
tcp 192.168.56.11: 192.168.56.11: TIME_WAIT
十一,验证login登陆,获取token字符串
[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000/login \
> -H 'Accept: application/x-yaml' \
> -d username='saltapi' \
> -d password='saltapi' \
> -d eauth='pam'
return:
- eauth: pam
expire: 1508781206.155773
perms:
- .*
- '@wheel'
- '@runner'
- '@jobs'
start: 1508738006.155772
token: 097e62c6b81ad08019905f55799971a146b392a9
user: saltapi
十二,通过api执行test.ping测试连通性
[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000 \
> -H 'Accept: application/x-yaml' \
> -H 'X-Auth-Token: 097e62c6b81ad08019905f55799971a146b392a9'\
> -d client=local \
> -d tgt='*' \
> -d fun=test.ping
return:
- linux-node1.example.com: true
linux-node2.example.com: true
十三,执行cmd.run
[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000 \
> -H 'Accept: application/x-yaml' \
> -H 'X-Auth-Token: 097e62c6b81ad08019905f55799971a146b392a9'\
> -d client=local \
> -d tgt='*' \
> -d fun='cmd.run' -d arg='date'
return:
- linux-node1.example.com: Mon Oct :: EDT
linux-node2.example.com: Mon Oct :: EDT
十四,执行状态模块
[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000 \
> -H 'Accept: application/x-yaml' \
> -H 'X-Auth-Token: 097e62c6b81ad08019905f55799971a146b392a9'\
> -d client=local \
> -d tgt='*' \
> -d fun='state.sls' -d arg='web.lamp'
return:
- linux-node1.example.com:
cmd_|-apache-auth_|-htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin_|-run:
__run_num__:
changes: {}
comment: unless execution succeeded
duration: 5.93
name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
result: true
skip_watch: true
start_time: '02:03:25.724448'
file_|-apache-conf_|-/etc/httpd/conf.d_|-recurse:
__run_num__:
changes: {}
comment: The directory /etc/httpd/conf.d is in the correct state
duration: 22.914
name: /etc/httpd/conf.d
result: true
start_time: '02:03:25.698432'
file_|-apache-config_|-/etc/httpd/conf/httpd.conf_|-managed:
__run_num__:
changes: {}
comment: File /etc/httpd/conf/httpd.conf is in the correct state
duration: 12.031
name: /etc/httpd/conf/httpd.conf
result: true
start_time: '02:03:25.452497'
file_|-php-config_|-/etc/php.ini_|-managed:
__run_num__:
changes: {}
comment: File /etc/php.ini is in the correct state
duration: 4.087
name: /etc/php.ini
result: true
start_time: '02:03:25.464632'
pkg_|-apache-auth_|-httpd-tools_|-installed:
__run_num__:
changes: {}
comment: Package httpd-tools is already installed.
duration: 0.661
name: httpd-tools
result: true
start_time: '02:03:25.721441'
pkg_|-lamp-install_|-lamp-install_|-installed:
__run_num__:
changes: {}
comment: All specified packages are already installed.
duration: 1109.108
name: php
result: true
start_time: '02:03:24.341037'
service_|-lamp-service_|-httpd_|-running:
__run_num__:
changes: {}
comment: Service httpd is already enabled, and is in the desired state
duration: 228.811
name: httpd
result: true
start_time: '02:03:25.469465'
linux-node2.example.com:
cmd_|-apache-auth_|-htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin_|-run:
__run_num__:
changes: {}
comment: unless execution succeeded
duration: 7.081
name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
result: true
skip_watch: true
start_time: '02:03:25.790118'
file_|-apache-conf_|-/etc/httpd/conf.d_|-recurse:
__run_num__:
changes: {}
comment: The directory /etc/httpd/conf.d is in the correct state
duration: 25.616
name: /etc/httpd/conf.d
result: true
start_time: '02:03:25.762374'
file_|-apache-config_|-/etc/httpd/conf/httpd.conf_|-managed:
__run_num__:
changes: {}
comment: File /etc/httpd/conf/httpd.conf is in the correct state
duration: 21.026
name: /etc/httpd/conf/httpd.conf
result: true
start_time: '02:03:25.489748'
file_|-php-config_|-/etc/php.ini_|-managed:
__run_num__:
changes: {}
comment: File /etc/php.ini is in the correct state
duration: 5.21
name: /etc/php.ini
result: true
start_time: '02:03:25.510932'
pkg_|-apache-auth_|-httpd-tools_|-installed:
__run_num__:
changes: {}
comment: Package httpd-tools is already installed.
duration: 0.469
name: httpd-tools
result: true
start_time: '02:03:25.788164'
pkg_|-lamp-install_|-lamp-install_|-installed:
__run_num__:
changes: {}
comment: All specified packages are already installed.
duration: 813.972
name: php
result: true
start_time: '02:03:24.672610'
service_|-lamp-service_|-httpd_|-running:
__run_num__:
changes: {}
comment: Service httpd is already enabled, and is in the desired state
duration: 245.069
name: httpd
result: true
start_time: '02:03:25.517134'
十五,以json格式输出
[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000 \
> -H 'Accept: application/json' \
> -H 'X-Auth-Token: 097e62c6b81ad08019905f55799971a146b392a9'\
> -d client=local \
> -d tgt='*' \
> -d fun='cmd.run' -d arg='w'
{"return": [{"linux-node1.example.com": " 02:06:05 up 20:29, 1 user, load average: 0.00, 0.03, 0.05\nUSER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT\nroot pts/0
192.168.56.1 21:41 5.00s 2.75s 0.10s curl -sSk https://192.168.56.11:8000 -H Accept: application/json
-H X-Auth-Token: 097e62c6b81ad08019905f55799971a146b392a9 -d client=local -d tgt=* -d fun=cmd.run -d arg=w", "linux-node2.example.com": " 02:06:06 up 20:29,
0 users, load average: 0.02, 0.02, 0.05\nUSER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT"}]}
十六,获取grains信息
[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000/minions/linux-node1.example.com \
> -H 'Accept: application/x-yaml' \
> -H 'X-Auth-Token: bfd71d03c3c933ae3ae496d27fb3a131a748723e'
return:
- linux-node1.example.com:
SSDs: []
biosreleasedate: //
biosversion: '6.00'
cpu_flags:
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- dts
- mmx
- fxsr
- sse
- sse2
- ss
- ht
- syscall
- nx
- pdpe1gb
- rdtscp
- lm
- constant_tsc
- arch_perfmon
- pebs
- bts
- nopl
- xtopology
- tsc_reliable
- nonstop_tsc
- aperfmperf
- eagerfpu
- pni
- pclmulqdq
- ssse3
- fma
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- movbe
- popcnt
- tsc_deadline_timer
- aes
- xsave
- avx
- f16c
- rdrand
- hypervisor
- lahf_lm
- abm
- 3dnowprefetch
- ida
- arat
- epb
- pln
- pts
- dtherm
- hwp
- hwp_noitfy
- hwp_act_window
- hwp_epp
- fsgsbase
- tsc_adjust
- bmi1
- avx2
- smep
- bmi2
- invpcid
- rdseed
- adx
- smap
- xsaveopt
- xsavec
- xgetbv1
- xsaves
cpu_model: Intel(R) Core(TM) i5-6200U CPU @ .30GHz
cpuarch: x86_64
domain: example.com
fqdn: linux-node1.example.com
fqdn_ip4:
- 192.168.56.11
fqdn_ip6: []
gpus:
- model: SVGA II Adapter
vendor: unknown
host: linux-node1
hwaddr_interfaces:
eth0: :0c::3c::
lo: :::::
id: linux-node1.example.com
init: systemd
ip4_interfaces:
eth0:
- 192.168.56.11
lo:
- 127.0.0.1
ip6_interfaces:
eth0:
- fe80::20c:29ff:fe3c:
lo:
- ::
ip_interfaces:
eth0:
- 192.168.56.11
- fe80::20c:29ff:fe3c:
lo:
- 127.0.0.1
- ::
ipv4:
- 127.0.0.1
- 192.168.56.11
ipv6:
- ::
- fe80::20c:29ff:fe3c:
kernel: Linux
kernelrelease: 3.10.-327.28..el7.x86_64
locale_info:
defaultencoding: UTF-
defaultlanguage: en_US
detectedencoding: UTF-
localhost: linux-node1
lsb_distrib_id: CentOS Linux
machine_id: 14e217a8e7d7475391d62b10129baa2f
manufacturer: VMware, Inc.
master: 192.168.56.11
mdadm: []
mem_total:
nodename: linux-node1
num_cpus:
num_gpus:
os: CentOS
os_family: RedHat
osarch: x86_64
oscodename: Core
osfinger: CentOS Linux-
osfullname: CentOS Linux
osmajorrelease: ''
osrelease: 7.2.
osrelease_info:
-
-
-
path: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
productname: VMware Virtual Platform
ps: ps -efH
pythonexecutable: /usr/bin/python
pythonpath:
- /usr/bin
- /usr/lib64/python27.zip
- /usr/lib64/python2.
- /usr/lib64/python2./plat-linux2
- /usr/lib64/python2./lib-tk
- /usr/lib64/python2./lib-old
- /usr/lib64/python2./lib-dynload
- /usr/lib64/python2./site-packages
- /usr/lib/python2./site-packages
pythonversion:
-
-
-
- final
-
saltpath: /usr/lib/python2./site-packages/salt
saltversion: 2015.5.
saltversioninfo:
-
-
-
-
selinux:
enabled: false
enforced: Disabled
serialnumber: VMware- 4d 7e 4c a3- e4 0f 3c
server_id:
shell: /bin/sh
systemd:
features: +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
version: ''
virtual: VMware
zmqversion: 3.2.
总结
1.salt-api必须使用https,生产环境建议使用可信证书
2.当salt-api服务重启后原token失效
附 英文文档一份
https://www.unixhot.com/docs/saltstack/ref/netapi/all/salt.netapi.rest_cherrypy.html#a-rest-api-for-salt
SaltStack配置salt-api第十二篇的更多相关文章
- Python开发【第二十二篇】:Web框架之Django【进阶】
Python开发[第二十二篇]:Web框架之Django[进阶] 猛击这里:http://www.cnblogs.com/wupeiqi/articles/5246483.html 博客园 首页 ...
- 跟我学SpringCloud | 第十二篇:Spring Cloud Gateway初探
SpringCloud系列教程 | 第十二篇:Spring Cloud Gateway初探 Springboot: 2.1.6.RELEASE SpringCloud: Greenwich.SR1 如 ...
- 第十二篇 SQL Server代理多服务器管理
本篇文章是SQL Server代理系列的第十二篇,详细内容请参考原文 在这一系列的上一篇,我们查看了维护计划,一个维护计划可能会创建多个作业,多个计划.你还简单地看了SSIS子系统,并查看了维护计划作 ...
- 第十二篇 Integration Services:高级日志记录
本篇文章是Integration Services系列的第十二篇,详细内容请参考原文. 简介在前一篇文章我们配置了SSIS内置日志记录,演示了简单和高级日志配置,保存并查看日志配置,生成自定义日志消息 ...
- 【译】第十二篇 Integration Services:高级日志记录
本篇文章是Integration Services系列的第十二篇,详细内容请参考原文. 简介在前一篇文章我们配置了SSIS内置日志记录,演示了简单和高级日志配置,保存并查看日志配置,生成自定义日志消息 ...
- 【译】第十二篇 SQL Server代理多服务器管理
本篇文章是SQL Server代理系列的第十二篇,详细内容请参考原文 在这一系列的上一篇,我们查看了维护计划,一个维护计划可能会创建多个作业,多个计划.你还简单地看了SSIS子系统,并查看了维护计划作 ...
- Spring Cloud第十二篇 | 消息总线Bus
本文是Spring Cloud专栏的第十二篇文章,了解前十一篇文章内容有助于更好的理解本文: Spring Cloud第一篇 | Spring Cloud前言及其常用组件介绍概览 Spring ...
- 13. 第十二篇 二进制安装kubelet
文章转载自:https://mp.weixin.qq.com/s?__biz=MzI1MDgwNzQ1MQ==&mid=2247483842&idx=1&sn=1ef1cb06 ...
- 解剖SQLSERVER 第十二篇 OrcaMDF 行压缩支持(译)
解剖SQLSERVER 第十二篇 OrcaMDF 行压缩支持(译) http://improve.dk/orcamdf-row-compression-support/ 在这两个月的断断续续的开发 ...
- Python之路【第十二篇】:JavaScrpt -暂无内容-待更新
Python之路[第十二篇]:JavaScrpt -暂无内容-待更新
随机推荐
- java讲讲几种常见的排序算法
java讲讲几种常见的排序算法(一) 目录 java讲讲几种常见的排序算法(一) java讲讲几种常见的排序算法(二) 以数组array={6,3,20,8,15,1}为例 冒泡排序 思路:从第0个到 ...
- 基于spring的quartz定时框架,实现简单的定时任务功能
在项目中,经常会用到定时任务,这就需要使用quartz框架去进行操作. 今天就把我最近做的个人主页项目里面的定时刷新功能分享一下,很简单. 首先需要配置一个配置文件,因为我是基于spring框架的,所 ...
- Flask路由系统与模板系统
路由系统 @app.route('/user/<username>') @app.route('/post/<int:post_id>') @app.route('/post/ ...
- BS一机双屏的解决方式
一.WebSocket通讯 WebSocket protocol 是HTML5一种新的协议.它实现了浏览器与server全双工通信. 为保证socket不间断.使用下面类库进行socket通讯. ht ...
- 008-Hadoop Hive sql语法详解3-DML 操作:元数据存储
一.概述 hive不支持用insert语句一条一条的进行插入操作,也不支持update操作.数据是以load的方式加载到建立好的表中.数据一旦导入就不可以修改. DML包括:INSERT插入.UPDA ...
- Java集合—Set(转载)
Set集合中包含了三个比较重要的实现类:HashSet.TreeSet和EnumSet.本篇文章将重点介绍这三个类. 一.HashSet类 HashSet简介 HashSet是Set接口的典型实现,实 ...
- RF的优缺点
随机森林有什么优点,如: a. 对于很多数据集表现良好,精确度比较高: b. 不容易过拟合: c. 可以得到变量的重要性排序: d. 既能处理离散型数据,也能处理连续型数据,且不需要进行归一化处理: ...
- 设备驱动与控制器 I/O
控制器是对硬件发起控制命令,负责给系统提供接口,想要正常使用该硬件功能系统中必须安装相应驱动 I/O设备 cpu和存储器并不是操作系统唯一需要管理的资源,I/O设备也是非常重要的一环. I/O设备一般 ...
- java Object转换成指定的类型
java Object转换成指定的类型 /** * Object转成指定的类型 * @param obj * @param type * @param <T> * @return */ p ...
- 63. Unique Paths II(有障碍的路径 动态规划)
Follow up for "Unique Paths": Now consider if some obstacles are added to the grids. How m ...