1. 程式人生 > >salt-api安裝配置及使用

salt-api安裝配置及使用

salt saltstack

安裝
yum install salt-api -y

配置

  • 生成自簽名證書(用於ssl)
cd  /etc/pki/tls/certs
# 生成自簽名證書, 過程中需要輸入key密碼及RDNs
make testcert
cd /etc/pki/tls/private/
# 解密key文件,生成無密碼的key文件, 過程中需要輸入key密碼,該密碼為之前生成證書時設置的密碼
openssl rsa -in localhost.key -out localhost_nopass.key
  • 創建用於salt-api的用戶
useradd -M -s /sbin/nologin salt-api
echo "salt-api" | passwd salt-api —stdin
  • 修改/etc/salt/master文件
sed -i ‘/#default_include/s/#default/default/g‘ /etc/salt/master  
mkdir /etc/salt/master.d 
  • 新增配置文件/etc/salt/master.d/api.conf
cat /etc/salt/master.d/api.conf
rest_cherrypy:
  port: 8000
  ssl_crt: /etc/pki/tls/certs/localhost.crt
  ssl_key: /etc/pki/tls/private/localhost_nopass.key
  • 新增配置文件/etc/salt/master.d/eauth.conf
cat /etc/salt/master.d/eauth.conf  
external_auth:  
  pam:  
    salt-api:  
      - .*  
      - ‘@wheel‘  
      - ‘@runner‘ 
  • 啟動salt-master and salt-api
systemctl start salt-master
systemctl start salt-api
  • 安裝一個salt client
yum install salt-minion -y
修改配置
sed -i "/^#master: salt/c master: 192.168.104.76"  /etc/salt/minion
啟動 client
systemctl start salt-minion
  • master 上接受key
[root@node76 salt]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
node76
Rejected Keys:
[root@node76 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
node76
Proceed? [n/Y] Y
Key for minion node76 accepted.
[root@node76 salt]# salt-key -L
Accepted Keys:
node76
Denied Keys:
Unaccepted Keys:
Rejected Keys:

api使用

  • 使用curl 獲取token
 curl -k https://192.168.104.76:8000/login -H "Accept: application/x-yaml"  -d username=‘salt-api‘ -d password=‘salt-api‘  -d eauth=‘pam‘
return:
- eauth: pam
  expire: 1520269544.2591
  perms:
  - .*
  - ‘@wheel‘
  - ‘@runner‘
  start: 1520226344.259099
  token: 593a7224f988f28b84d58b7cda38fe5e5ea07d98
  user: salt-api

獲取token後就可以使用token通信

==註==:重啟salt-api後token改變

  • 測試minion端的聯通性

    下面功能類似於“salt ‘*‘ test.ping”

curl -k https://192.168.104.76:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ded897184a942ca75683276c29d787ea71c207a9" -d client=‘local‘ -d tgt=‘*‘ -d fun=‘test.ping‘ 
return:
- node76: true
  • 執行遠程命令

    下面功能類似於“salt ‘*‘ cmd.run ifconfig”

curl -k https://192.168.104.76:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ded897184a942ca75683276c29d787ea71c207a9" -d client=‘local‘ -d tgt=‘*‘ -d fun=‘cmd.run‘   -d arg=‘uptime‘
return:
- node76: ‘ 13:18:46 up 161 days,  2:23,  1 user,  load average: 0.15, 0.09, 0.10‘
  • 使用state.sls

    下面功能類似於“salt ‘*‘ state.sls ifconfig”

 curl -k https://192.168.104.76:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ded897184a942ca75683276c29d787ea71c207a9" -d client=‘local‘ -d tgt=‘*‘ -d fun=‘state.sls‘ -d arg=‘ifconfig‘
return:
- node76:
        cmd_|-ifconfig_|-ifconfig_|-run:  
      __run_num__: 0  
      changes:  
        pid: 30954  
        retcode: 0  
        stderr: ‘‘  
        stdout: "eth2      Link encap:Ethernet  HWaddr 00:50:56:B5:5C:28  \n     \  
          \     inet addr:192.168.90.63  Bcast:192.168.90.255  Mask:255.255.255.0\n\  
          \          inet6 addr: fe80::250:56ff:feb5:5c28/64 Scope:Link\n        \  
          \  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1\n          RX packets:825051\  
          \ errors:0 dropped:0 overruns:0 frame:0\n          TX packets:434351 errors:0\  
          \ dropped:0 overruns:0 carrier:0\n          collisions:0 txqueuelen:1000\  
          \ \n          RX bytes:60353823 (57.5 MiB)  TX bytes:27062672 (25.8 MiB)\n\  
          \nlo        Link encap:Local Loopback  \n          inet addr:127.0.0.1 \  
          \ Mask:255.0.0.0\n          inet6 addr: ::1/128 Scope:Host\n          UP\  
          \ LOOPBACK RUNNING  MTU:16436  Metric:1\n          RX packets:808 errors:0\  
          \ dropped:0 overruns:0 frame:0\n          TX packets:808 errors:0 dropped:0\  
          \ overruns:0 carrier:0\n          collisions:0 txqueuelen:0 \n         \  
          \ RX bytes:59931 (58.5 KiB)  TX bytes:59931 (58.5 KiB)"  
      comment: Command "ifconfig" run  
      duration: 11.991  
      name: ifconfig  
      result: true  
      start_time: ‘13:59:06.334112‘  
  • 使用Targeting

    下面功能類似於"salt -L ‘192.168.90.61,192.168.90.63‘ test.ping"

 curl -k https://192.168.104.76:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ded897184a942ca75683276c29d787ea71c207a9"  -d client=‘local‘ -d tgt=‘node76‘  -d expr_form=‘list‘  -d fun=‘test.ping‘ 
return:
- node76: true
  • 以json格式輸出
    curl -k https://192.168.104.76:8000 -H "Accept: application/json" -H "X-Auth-Token: ded897184a942ca75683276c29d787ea71c207a9"  -d client=‘local‘ -d tgt=‘node76‘  -d fun=‘cmd.run‘ -d arg=‘uptime‘
    {"return": [{"node76": " 13:25:20 up 161 days,  2:30,  1 user,  load average: 0.01, 0.06, 0.08"}]}

salt-api安裝配置及使用