1. 主机规划

salt 版本

 [root@salt100 ~]# salt --version

 salt 2018.3. (Oxygen)

 [root@salt100 ~]# salt-minion --version

 salt-minion 2018.3. (Oxygen)

netapi modules

https://docs.saltstack.com/en/latest/ref/netapi/all/index.html

rest_cherrypy

https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html

文章参考:

saltstack API(一) 安装并测试

参考GitHub

https://github.com/yueyongyue/saltshaker

2. 必要的准备

2.1. 安装部署Python3

 [root@salt100 Python-3.7.]# yum install -y libffi-devel  # 提前安装

 [root@salt100 Python-3.7.]# pwd

 /root/software/

 [root@salt100 software]# ll

 total

 -rw-r--r--  root root  Apr   : Python-3.7..tgz

 [root@salt100 software]# tar xf Python-3.7..tgz

 [root@salt100 software]# cd Python-3.7./

 [root@salt100 Python-3.7.]# ./configure  # 配置

 [root@salt100 Python-3.7.]# make && make install  # 编译 与 安装

 # 建立软连接

 [root@salt100 ~]# ln -s /usr/local/bin/python3. /usr/bin/python3

 [root@salt100 ~]# ll /usr/bin/python3

 lrwxrwxrwx  root root  Apr   : /usr/bin/python3 -> /usr/local/bin/python3.

2.2. 安装salt-api

等到配置完毕后才能启动salt-api

 [root@salt100 ~]# yum install -y salt-api

 [root@salt100 ~]# systemctl enable salt-api.service       # 开机自启动

2.3. 新建saltapi用户

[root@salt100 ~]# useradd -M -s /sbin/nologin -u  saltapi && echo '' | /usr/bin/passwd --stdin saltapi

2.4. 安装pip和CherryPy

 [root@salt100 software]# wget https://bootstrap.pypa.io/get-pip.py

 [root@salt100 software]# python3 get-pip.py

 [root@salt100 software]# pip -V        # 查看pip版本

 [root@salt100 software]# pip install CherryPy==3.2.    # 注意版本

3. 添加https证书

 [root@salt100 certs]# pwd

 /etc/pki/tls/certs

 [root@salt100 certs]# ll

 total

 lrwxrwxrwx.  root root    Nov  : ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

 lrwxrwxrwx.  root root    Nov  : ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt

 -rwxr-xr-x.  root root   Apr    make-dummy-cert

 -rw-r--r--.  root root  Apr    Makefile

 -rwxr-xr-x.  root root   Apr    renew-dummy-cert

 [root@salt100 certs]# make testcert

 umask  ; \

 /usr/bin/openssl genrsa -aes128  > /etc/pki/tls/private/localhost.key

 Generating RSA private key,  bit long modulus

 .........................................................................+++

 ........................+++

 e is  (0x10001)

 Enter pass phrase:    # 键入加密短语

 Verifying - Enter pass phrase:    # 确认加密短语

 umask  ; \

 /usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days  -out /etc/pki/tls/certs/localhost.crt

 Enter pass phrase for /etc/pki/tls/private/localhost.key:    # 再次输入相同的加密短语

 You are about to be asked to enter information that will be incorporated

 into your certificate request.

 What you are about to enter is what is called a Distinguished Name or a DN.

 There are quite a few fields but you can leave some blank

 For some fields there will be a default value,

 If you enter '.', the field will be left blank.

 -----

 Country Name ( letter code) [XX]:

 State or Province Name (full name) []:

 Locality Name (eg, city) [Default City]:

 Organization Name (eg, company) [Default Company Ltd]:

 Organizational Unit Name (eg, section) []:

 Common Name (eg, your name or your server's hostname) []:

 Email Address []:

 [root@salt100 certs]# ll

 total

 lrwxrwxrwx.  root root    Nov  : ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

 lrwxrwxrwx.  root root    Nov  : ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt

 -rw-------   root root  Mar  : localhost.crt

 -rwxr-xr-x.  root root   Apr    make-dummy-cert

 -rw-r--r--.  root root  Apr    Makefile

 -rwxr-xr-x.  root root   Apr    renew-dummy-cert

 [root@salt100 certs]# cd /etc/pki/tls/private/  # 进入目录

 [root@salt100 private]# ll

 total

 -rw-------  root root  Mar  : localhost.key

 [root@salt100 private]# openssl rsa -in localhost.key -out localhost_nopass.key  # 生成无密码秘钥

 Enter pass phrase for localhost.key:  # 输入和之前一样的加密短语

 writing RSA key

 [root@salt100 private]# ll

 total

 -rw-------  root root  Mar  : localhost.key

 -rw-r--r--  root root  Mar  : localhost_nopass.key

4. 添加配置文件

配置文件存放位置

 [root@salt100 ~]# vim /etc/salt/master

 ##### Primary configuration settings #####

 ##########################################

 # This configuration file is used to manage the behavior of the Salt Master.

 # Values that are commented out but have an empty line after the comment are

 # defaults that do not need to be set in the config. If there is no blank line

 # after the comment then the value is presented as an example and is not the

 # default.

 # Per default, the master will automatically include all config files

 # from master.d/*.conf (master.d is a directory in the same directory

 # as the main master config file).

 #default_include: master.d/*.conf  # 默认配置即可

 …………

添加配置文件

 [root@salt100 master.d]# pwd

 /etc/salt/master.d

 [root@salt100 master.d]# ll

 total

 -rw-r--r--  root root  Mar  : api.conf

 -rw-r--r--  root root  Mar  : eauth.conf

 [root@salt100 master.d]# cat eauth.conf

 external_auth:

   pam:

     saltapi:

       - .*

       - '@wheel'   # to allow access to all wheel modules

       - '@runner'  # to allow access to all runner modules

       - '@jobs'    # to allow access to the jobs runner and/or wheel module

 [root@salt100 master.d]# cat api.conf

 rest_cherrypy:

   port:

   ssl_crt: /etc/pki/tls/certs/localhost.crt

   ssl_key: /etc/pki/tls/private/localhost_nopass.key

5. 重启salt-master

[root@salt100 ~]# systemctl restart salt-master.service      # 使配置生效

6. 启动salt-api

 [root@salt100 master.d]# systemctl start salt-api.service

 [root@salt100 ~]# netstat -lntup | grep 'salt'  # 端口查看

 tcp               0.0.0.0:            0.0.0.0:*               LISTEN      /salt-api

 tcp               0.0.0.0:            0.0.0.0:*               LISTEN      /salt-master Z

 tcp               0.0.0.0:            0.0.0.0:*               LISTEN      /salt-master M

7. 使用PAM进行登录验证

 [root@salt100 master.d]# curl -k https://172.16.1.100:8000/login \

  -H 'Accept: application/x-yaml' \

  -d username='saltapi' \

  -d password='' \

  -d eauth='pam'

 return:

 - eauth: pam

   expire: 1554173316.621825

   perms:

   - .*

   - '@wheel'

   - '@runner'

   - '@jobs'

   start: 1554130116.621824

   token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a

   user: saltapi

这个token使我们需要的,方便后文操作

8. 得到指定minion的grains信息

 [root@salt100 master.d]# curl -k https://172.16.1.100:8000/minions/salt01 \

  -H 'Accept: application/x-yaml' \

  -H 'X-Auth-Token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a'

 ## 返回如下信息

 return:

 - salt01:

     SSDs: []

     biosreleasedate: //

     biosversion: '6.00'

     cpu_flags:

 ………………

9. 获取minion状态【上下线状态】

 ## 备注: client='runner' 代表在master执行   client='local'  代表在minion执行

 [root@salt100 ~]# curl -k https://172.16.1.100:8000/ \

  -H 'Accept: application/x-yaml' \

  -H 'X-Auth-Token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a' \

  -d client='runner' \

  -d fun='manage.status'

 ## 返回如下信息

 return:

 - down: []

   up:

   - salt01

   - salt02

   - salt03

   - salt100

10. test.ping测试

 curl -k https://172.16.1.100:8000 \

  -H 'Accept: application/x-yaml' \

  -H 'X-Auth-Token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a'\

  -d client=local \

  -d tgt='*' \

  -d fun=test.ping

 ## 返回如下信息

 return:

 - salt01: true

   salt02: true

   salt03: true

   salt100: true

11. 查看jobs信息

在标签1执行

[root@salt100 ~]# salt 'salt01' cmd.run 'whoami && sleep 300'

在标签2执行

 [root@salt100 ~]# curl -k https://172.16.1.100:8000/jobs \

 >  -H 'Accept: application/x-yaml' \

 >  -H 'X-Auth-Token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a'

 return:

 - '':

     Arguments: []

     Function: test.ping

     StartTime: , Apr  ::21.862530

     Target: '*'

     Target-type: glob

     User: sudo_yun

   '':

     Arguments: []

     Function: test.ping

     StartTime: , Apr  ::00.770358

     Target: '*'

     Target-type: glob

     User: saltapi

   '':

     Arguments:

     - whoami && sleep

     Function: cmd.run

     StartTime: , Apr  ::53.892493

     Target: salt01

     Target-type: glob

     User: sudo_yun

   '':

     Arguments:

     - ''

     Function: saltutil.find_job

     StartTime: , Apr  ::58.925816

     Target:

     - salt01

     Target-type: list

     User: sudo_yun

   '':

     Arguments: []

     Function: saltutil.running

     StartTime: , Apr  ::06.139505

     Target: '*'

     Target-type: glob

     User: root

   '':

     Arguments:

     - ''

     Function: saltutil.find_job

     StartTime: , Apr  ::08.955596

     Target:

     - salt01

     Target-type: list

     User: sudo_yun

   '':

     Arguments:

     - ''

     Function: saltutil.find_job

     StartTime: , Apr  ::18.970482

     Target:

     - salt01

     Target-type: list

     User: sudo_yun

 [root@salt100 ~]#

 [root@salt100 ~]# curl -k https://172.16.1.100:8000/jobs/20190401232353892493 \

  -H 'Accept: application/x-yaml' \

  -H 'X-Auth-Token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a'

 ## 返回如下信息

 info:

 - Arguments:

   - whoami && sleep

   Function: cmd.run

   Minions:

   - salt01

   Result: {}

   StartTime: , Apr  ::53.892493

   Target: salt01

   Target-type: glob

   User: sudo_yun

   jid: ''

 return:

 - {}

12. 其他常用操作

 # salt 'salt01' state.sls web.apache ,执行 apache.sls  # yum 部署httpd

 curl -k https://172.16.1.100:8000/ \

  -H 'Accept: application/x-yaml' \

  -H 'X-Auth-Token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a' \

  -d client=local \

  -d tgt='salt01' \

  -d fun=state.sls \

  -d arg='web.apache'

 # salt -L 'salt01,salt02,salt03' test.ping

 curl -k https://172.16.1.100:8000 \

  -H 'Accept: application/x-yaml' \

  -H 'X-Auth-Token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a'\

  -d client=local \

  -d tgt='salt01,salt02,salt03' \

  -d expr_form='list' \

  -d fun=test.ping

 # salt -G 'host:salt01' cmd.run ifconfig

 curl -k https://172.16.1.100:8000 \

  -H 'Accept: application/x-yaml' \

  -H 'X-Auth-Token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a'\

  -d client=local \

  -d tgt='host:salt01' \

  -d expr_form='grain' \

  -d fun=cmd.run \

  -d arg='ifconfig'

 # 以json格式输出

 # salt -G 'host:salt01' cmd.run ifconfig

 curl -k https://172.16.1.100:8000 \

  -H 'Accept: application/json' \

  -H 'X-Auth-Token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a'\

  -d client=local \

  -d tgt='host:salt01' \

  -d expr_form='grain' \

  -d fun=cmd.run \

  -d arg='ifconfig'

13. 参数解释

 client : 模块,python处理salt-api的主要模块,‘client interfaces <netapi-clients>’

     local : 使用‘LocalClient <salt.client.LocalClient>’ 发送命令给受控主机,等价于saltstack命令行中的'salt'命令

     local_async : 和local不同之处在于,这个模块是用于异步操作的,即在master端执行命令后返回的是一个jobid,任务放在后台运行,通过产看jobid的结果来获取命令的执行结果。

     runner : 使用'RunnerClient<salt.runner.RunnerClient>' 调用salt-master上的runner模块,等价于saltstack命令行中的'salt-run'命令

     runner_async : 异步执行runner模块

     wheel : 使用'WheelClient<salt.wheel.WheelClient>', 调用salt-master上的wheel模块,wheel模块没有在命令行端等价的模块,但它通常管理主机资源,比如文件状态,pillar文件,salt配置文件,以及关键模块<salt.wheel.key>功能类似于命令行中的salt-key。

     wheel_async : 异步执行wheel模块

     备注:一般情况下local模块,需要tgt和arg(数组),kwarg(字典),因为这些值将被发送到minions并用于执行所请求的函数。而runner和wheel都是直接应用于master,不需要这些参数。

 tgt : minions

 fun : 函数

 arg : 参数

 expr_form : tgt的匹配规则

     'glob' - Bash glob completion - Default

     'pcre' - Perl style regular expression

     'list' - Python list of hosts

     'grain' - Match based on a grain comparison

     'grain_pcre' - Grain comparison with a regex

     'pillar' - Pillar data comparison

     'nodegroup' - Match on nodegroup

     'range' - Use a Range server for matching

     'compound' - Pass a compound match string

Saltstack_使用指南18_API的更多相关文章

  1. Saltstack_实战指南02_各主机Pillar信息指定

    1. 实战项目GitHub地址 该项目已经放在了GitHub上,地址如下: https://github.com/zhanglianghhh/salt-example-lnmp 2. 主机规划 3. ...

  2. Saltstack_实战指南01_系统规划

    1. 实战项目GitHub地址 之前<Saltstack_使用指南>详细讲解了saltstack的使用.那么从这节开始实战讲解,当然不会再像之前那样详细说明了.只是讲一些系统规划之类的信息 ...

  3. Saltstack_使用指南17_salt-ssh

    1. 主机规划 salt 版本 [root@salt100 ~]# salt --version salt (Oxygen) [root@salt100 ~]# salt-minion --versi ...

  4. Saltstack_使用指南16_syndic

    1. 主机规划 salt 版本 [root@salt100 ~]# salt --version salt (Oxygen) [root@salt100 ~]# salt-minion --versi ...

  5. Saltstack_使用指南12_配置管理-jinja模板

    1. 说明 下文的案例是根据上一篇文章进行的修改.因此请优先读取上一章博文内容<Saltstack_使用指南11_配置管理-状态之间依赖关系> 2. 主机规划 salt 版本 [root@ ...

  6. Saltstack_使用指南07_远程执行-执行模块

    1. 主机规划 远程执行教程文档 https://docs.saltstack.com/en/latest/topics/tutorials/modules.html 所有模块文档 https://d ...

  7. Saltstack_使用指南06_远程执行-指定目标

    1. 主机规划 Targeting Minions文档 https://docs.saltstack.com/en/latest/contents.html 另请参见:自动化运维神器之saltstac ...

  8. Saltstack_使用指南05_数据系统-Pillar

    1. 主机规划 Pillar文档 https://docs.saltstack.com/en/latest/topics/pillar/index.html 注意事项 修改了master或者minio ...

  9. Saltstack_使用指南04_数据系统-Grains

    1. 主机规划 Grains文档 https://docs.saltstack.com/en/latest/topics/grains/index.html 注意事项 修改了master或者minio ...

随机推荐

  1. day01-day02 初识java、注释、变量、变量命名、基本数据类型

    1. 初识java 1) 什么是java java是一门高级的计算机编程语言 2) JDK的安装 2.1) 下载2.2) 安装2.3) 验证 3) 环境变量的配置 3.1) 打开环境变量3.2) 配置 ...

  2. ubuntu下安装tomcat,shutdown时报错:./catalina.sh:1:eval:/home/xxx/jdk/jre/bin/java:not found

    该问题可能导致tomcat启动成功了,但是浏览器输入http://127.0.0.1:8080无法显示tomcat的欢迎界面 打开Tomcat安装目录下的bin文件下的setclasspath.sh, ...

  3. 《Hands-On System Programming with Go》之写文件的代码模板

    使用了buffer,这个神奇东东. var w io.WriteCloser // initialise writer defer w.Close() b := bufio.NewWriter(w) ...

  4. 安装SDK 6.0(二)

    2==>安装SDK 6.0 打开安卓Android Studio 出现 Unable to access Android SDK add-on list 点击 Cancal 在点击Cancel ...

  5. Linux流量监控工具iftop & nload

    本文简单介绍和演示Linux下两款流量监控工具iftop 和 nload的使用. 环境 # cat /etc/redhat-release CentOS Linux release (Core) # ...

  6. react + typescript 学习

    react,前端三大框架之一,也是非常受开发者追捧的一门技术.而 typescript 是 javascript 的超集,主要特点是对 类型 的检查.二者的结合必然是趋势,不,已经是趋势了.react ...

  7. 一起学SpringMVC之国际化

    随着网络的发展,在Web开发中,系统的国际化需求已经变得非常的普遍.本文主要讲解SpringMVC框架对多语言的支持,仅供学习分享使用,如有不足之处,还请指正. 什么是国际化? 国际化(interna ...

  8. 如何使用CAD删除命令?怎么删除图纸中线段

    大家经常使用CAD制图软件来绘制图纸,那在绘制图纸的过程中有时候会出现一些问题,就是图纸中不小心多绘制了一个线段,那要怎么办呢?如何使用CAD删除命令?怎么删除图纸中线段呢?那下面小编就来教教大家具体 ...

  9. java后台树形结构展示---懒加载

    一.数据库设计 二.实体类:entity import com.joyoung.cloud.security.common.validatedGroup.Add;import com.joyoung. ...

  10. ASP.NET MVC中使用MvcPager异步分页+在分页中复选框下一页上一页也保持选中

    ASP.NET MVC 分页使用的是作者杨涛的MvcPager分页控件  地址:http://www.webdiyer.com/mvcpager/demos/ajaxpaging/ 这个分页控件在里面 ...