Salt自然也是提供api的,使用api对自动化有极大的帮助,我们使用rest风格的api,当然大家都知道salt是python写的,那么自然也就提供了对应的api,但是并不建议使用,因为调用python api的程序是必须运行在master上的,并且此api对python3并不友好
1 [root@linux-node1 ~]# yum install pyOpenSSL salt-api –y 2 [root@linux-node1 ~]# salt-call --local tls.create_self_signed_cert 3 local: 4 Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt." 5 [root@linux-node1 ~]# vim /etc/salt/master 6 [root@linux-node1 ~]# grep "^[a-Z]" /etc/salt/master 7 default_include: master.d/*.conf # 打开这个 8 file_roots: 9 [root@linux-node1 master.d]# cd /etc/salt/master.d/ 10 [root@linux-node1 master.d]# cat api.conf # 定义key存放位置与提供端口 11 rest_cherrypy: 12 port: 8000 13 ssl_crt: /etc/pki/tls/certs/localhost.crt 14 ssl_key: /etc/pki/tls/certs/localhost.key 15 [root@linux-node1 master.d]# cat auth.conf # 定义权限 16 external_auth: 17 pam: 18 thatch: 19 - ‘@wheel‘ # to allow access to all wheel modules 20 - ‘@runner‘ # to allow access to all runner modules 21 - ‘@jobs‘ # to allow access to the jobs runner and/or wheel module 22 [root@linux-node1 master.d]# cat pam.conf # 定义认证 23 external_auth: 24 pam: 25 saltapi: 26 - .* 27 [root@linux-node1 master.d]# systemctl restart salt-master.service 28 [root@linux-node1 master.d]# systemctl restart salt-api 29 [root@linux-node1 master.d]# netstat -tpln 30 Active Internet connections (only servers) 31 Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name 32 tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd 33 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 998/sshd 34 tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 92795/python 35 tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 92801/python 36 tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 93821/python 37 tcp6 0 0 :::111 :::* LISTEN 1/systemd 38 tcp6 0 0 :::22 :::* LISTEN 998/sshd 39 [root@linux-node1 master.d]# useradd -M -s /sbin/nologin saltapi # 正式环境指定guid 40 [root@linux-node1 master.d]# passwd saltapi 41 Changing password for user saltapi. 42 New password: 43 BAD PASSWORD: The password is shorter than 8 characters 44 Retype new password: 45 passwd: all authentication tokens updated successfully.
换台机器测试一下
1 [root@linux-node2 tmp]# curl -sSk https://192.168.56.11:8000/login \ 2 > -H ‘Accept: application/x-yaml‘ \ # 返回yaml格式,读直观 3 > -d username=‘saltapi‘ 4 > -d password=‘saltapi‘ 5 > -d eauth=‘pam‘ # 认证模式是pam 6 return: 7 - eauth: pam 8 expire: 1511276286.304869 # 该token过期时间 9 perms: {} 10 start: 1511233086.304869 11 token: 9374cd95e861ba80cda73375b50917446d7a45f2 # 这个很重要 12 user: saltapi 13 [root@linux-node2 tmp]# curl -sSk https://192.168.56.11:8000 \ 14 > -H ‘Accept: application/x-yaml‘ 15 > -H ‘X-Auth-Token: 9374cd95e861ba80cda73375b50917446d7a45f2‘\ # token 16 > -d client=local 17 > -d tgt=‘*‘ 18 > -d fun=test.ping 19 return: # 返回的信息很直观 20 - linux-node1.example.com: true 21 linux-node2.example.com: true 22 [root@linux-node3 ~]# curl -sSk https://192.168.56.11:8000/login \ 23 > -H ‘Accept: application/json‘ \ # 返回json格式,容易解析 24 > -d username=‘saltapi‘ 25 > -d password=‘saltapi‘ 26 > -d eauth=pam 27 {"return": [{"perms": [".*"], "start": 1511235669.459298, "token": "9374cd95e861ba80cda73375b50917446d7a45f2‘", "expire": 1511278869.459298, "user": "saltapi", "eauth": "pam"}]} 28 [root@linux-node3 ~]# curl -sSk https://192.168.56.11:8000 \ 29 > -H ‘Accept: application/json‘ 30 > -H ‘X-Auth-Token: 9374cd95e861ba80cda73375b50917446d7a45f2‘31 > -d client=local 32 > -d tgt=‘*‘ 33 > -d fun=test.ping 34 {"return": [{"linux-node1.example.com": true, "linux-node2.example.com": true}]}
原文:http://www.cnblogs.com/bfmq/p/7872492.html