使用Salt-API可以更加方便的对salt进行管理。配置salt-api主要有这样几个步骤:
1、证书
2、配置文件
3、验证。使用PAM验证
4、启动salt-api
验证配置
添加用户:
# useradd -M -s /sbin/nologin saltapi
设置密码:
# passwd saltapi
设置密钥:
[root@node1 /etc/pki/tls/certs]# make testcert
在另一个目录中设置不需要密码验证的key:
[root@node1 /etc/pki/tls/private]# openssl rsa -in localhost.key -out salt_nopass.key Enter pass phrase for localhost.key: writing RSA key
此时会生成salt_nopass.key的key.
安装CherryPy配置master
安装salt-api:
# yum install salt-api -y
使用pip安装配置CherryPy:
# pip install CherryPy==3.2.6
修改master的配置文件,打开注释,将默认配置放在master.d中:
# vim /etc/salt/master default_include: master.d/*.conf
在对应的路径下创建api.conf:
[root@node1 /etc/salt/master.d]# cat api.conf rest_cherrypy: host: 172.16.10.60 port: 8000 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/private/salt_nopass.key
创建授权文件:
[root@node1 /etc/salt/master.d]# cat eauth.conf external_auth: pam: saltapi: - .* # 权限,代表所有模块 - ‘@wheel‘ # 指定key saltkey - ‘@runner‘ # 机器是否在线
重启salt-master:
# systemctl restart salt-master
启动salt-api:
# systemctl start salt-api
查看8000端口是否开启:
# netstat -lntp|grep 8000 tcp 0 0 172.16.10.60:8000 0.0.0.0:* LISTEN 41783/python
请求token进行验证:
# curl -k https://172.16.10.60:8000/login -H ‘Accept: application/x-yaml‘ -d username=saltapi -d password=saltapi -d eauth=pam return: - eauth: pam expire: 1480035796.270958 perms: - .* - ‘@wheel‘ - ‘@runner‘ start: 1479992596.270957 token: 1723b0f260664994bce5b171e7844f1a12979a44 user: saltapi
使用API执行salt
使用token获取指定主机的grance信息:
# curl -k https://172.16.10.60:8000/minions/node1 -H ‘Accept: application/x-yaml‘ \
-H ‘X-Auth-Token:1723b0f260664994bce5b171e7844f1a12979a44‘
使用api检测机器的状态:
# curl -k https://172.16.10.60:8000/ -H ‘Accept: application/x-yaml‘ -H ‘X-Auth-Token:1723b0f260664994bce5b171e7844f1a12979a44‘ -d client=‘runner‘ \ #runner 在master上执行 -d fun=‘manage.status‘ #查看主机在线状态 #返回结果: return: - down: [] up: - node1 - node2
使用api 执行命令:
# curl -k https://172.16.10.60:8000/ -H ‘Accept: application/x-yaml‘ -H ‘X-Auth-Token:1723b0f260664994bce5b171e7844f1a12979a44‘ -d client=‘local‘ -d tgt=‘*‘ \ #在minion端本地执行 -d fun=‘test.ping‘ # 执行test.ping命令 #执行结果: return: - node1: true node2: true
使用api执行salt高级状态:
# curl -k https://172.16.10.60:8000/ -H ‘Accept: application/x-yaml‘ -H ‘X-Auth-Token:1723b0f260664994bce5b171e7844f1a12979a44‘ -d client=‘local‘ -d tgt=‘*‘ -d fun=‘state.highstate‘
使用API获取Jobs信息:
# curl -k https://172.16.10.60:8000/jobs \ # 返回jobs信息 -H ‘Accept: application/x-yaml‘ -H ‘X-Auth-Token:1723b0f260664994bce5b171e7844f1a12979a44‘
查看具体某一个jobs的信息:
# curl -k https://172.16.10.60:8000/jobs/20161124212822336420 \ # 指定job ID查询 -H ‘Accept: application/x-yaml‘ -H ‘X-Auth-Token:1723b0f260664994bce5b171e7844f1a12979a44‘
参考资料:
oms 系统salt api 集成 https://github.com/binbin91/oms
salt dashboard: https://github.com/yueyongyue/saltshaker
本文出自 “Trying” 博客,请务必保留此出处http://tryingstuff.blog.51cto.com/4603492/1876383
原文:http://tryingstuff.blog.51cto.com/4603492/1876383