一、介绍
SaltStack 官方提供有REST API格式的 salt-api 项目,将使Salt与第三方系统集成变得尤为简单。本文讲带你了解如何安装配置Salt-API, 如何利用Salt-API获取想要的信息
二、正文
查看salt-master版本,内核信息及系统版本
[root@coms ~]# rpm -qa |grep salt-mastersalt-master-2018.3.2-1.el7.noarch [root@coms ~]# uname -aLinux coms 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux[root@coms ~]# [root@coms ~]# cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core)
一,在salt-master上面安装
[root@coms ~]# yum -y install salt-api
二,检查cherry包是否安装
注: salt-api是一个基于Cherrypy(python的一个web框架)的Rest API程序,cherry包需要事先安装
[root@linux-node1 ~]# rpm -qa |grep cherry python-cherrypy-3.2.2-4.el7.noarch
三,安装pyOpenSSL包
[root@coms ~]# rpm -qa|grep -i pyOpenSSL pyOpenSSL-0.13.1-3.el7.x86_64 [root@coms ~]#
四,自签名证书,生产环境我们可以购买证书
[root@coms ~]# salt-call --local tls.create_self_signed_cert local: Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt." [root@coms ~]#
五,在salt-master上,打开include功能方便管理
[root@coms ~]# grep ^default /etc/salt/master [root@coms ~]# vim /etc/salt/master [root@coms ~]# grep ^default /etc/salt/master default_include: master.d/*.conf [root@coms ~]#
六,添加api配置到salt-master配置文件
[root@coms ~]# cd /etc/salt/master.d/ [root@coms master.d]# ls [root@coms master.d]# vim api.conf [root@coms master.d]# cat api.conf rest_cherrypy: host: 192.168.137.137 port: 9000 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/certs/localhost.key [root@coms master.d]#
七,创建用户 -M不创建家目录 ,并设置密码
[root@coms master.d]# useradd -M -s /sbin/nologin saltapi [root@coms master.d]# echo "saltapi" | passwd saltapi --stdin 更改用户 saltapi 的密码 。 passwd:所有的身份验证令牌已经成功更新。 [root@coms master.d]#
八,在salt-master配置文件里添加验证,在include的目录下创建新文件
[root@coms master.d]# vim auth.conf [root@coms master.d]# cat auth.conf external_auth: pam: saltapi: - .* - '@wheel' - '@runner' - '@jobs' [root@coms master.d]#
九,重启salt-master和启动salt-api
[root@linux-node1 master.d]# systemctl restart salt-master [root@linux-node1 master.d]# systemctl start salt-api
十,查看salt-api端口监听
[root@coms master.d]# netstat -na|grep 9000 tcp 0 0 192.168.137.137:9000 0.0.0.0:* LISTEN tcp 514 0 192.168.137.137:9000 192.168.137.1:11277 CLOSE_WAIT [root@coms master.d]#
十一、验证login登陆,获取token字符串
[root@coms ~]# curl -sSk https://192.168.137.137:9000/login -H 'Accept: application/x-yaml' -d username='saltapi' -d password='saltapi' -d eauth='pam' return: - eauth: pam expire: 1550865881.535046 perms: - .* - '@wheel' - '@runner' - '@jobs' start: 1550822681.535045 token: ade6ff420b11877a33a9f284e612cf72a5967510 user: saltapi [root@coms ~]#
十二、通过api执行test.ping测试连通性
[root@coms master.d]# curl -sSk https://192.168.137.137:9000/ -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 6c59bb8f62ee7324debe45c6a83a1ec0c92cd018' -d client=local -d tgt='*' -d fun=test.ping return: - coms: true [root@coms master.d]#
十三、执行cmd.run
[root@coms master.d]# curl -sSk https://192.168.137.137:9000/ -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 6c59bb8f62ee7324debe45c6a83a1ec0c92cd018' -d client=local -d tgt='*' -d fun='cmd.run' -d arg='uptime' return: - coms: ' 23:50:32 up 2:14, 3 users, load average: 0.38, 0.12, 0.14' [root@coms master.d]#
十四、以json格式输出
[root@coms master.d]# curl -sSk https://192.168.137.137:9000/ -H 'Accept: application/json' -H 'X-Auth-Token: 6c59bb8f62ee7324debe45c6a83a1ec0c92cd018' -d client=local -d tgt='*' -d fun='cmd.run' -d arg='uptime' | python -mjson.tool { "return": [ { "coms": " 23:51:52 up 2:16, 3 users, load average: 0.10, 0.10, 0.13" } ] } [root@coms master.d]#
十五、获取节点grains信息
[root@coms master.d]# curl -sSk https://192.168.137.137:9000/minions/coms -H 'Accept: application/json' -H 'X-Auth-Token: 6c59bb8f62ee7324debe45c6a83a1ec0c92cd018' | python -mjson.tool { "return": [ { "coms": { "SSDs": [], "biosreleasedate": "07/02/2015", "biosversion": "6.00", "cpu_flags": [ "fpu", "vme", "de", "pse", "tsc", "msr", "pae", "mce", "cx8", "apic", "sep", "mtrr", "pge", "mca", "cmov", "pat", "pse36", "clflush", "dts", "mmx", "fxsr", "sse", "sse2", "ss", "syscall", "nx", "pdpe1gb", "rdtscp", "lm", "constant_tsc", "arch_perfmon", "pebs", "bts", "nopl", "xtopology", "tsc_reliable", "nonstop_tsc", "aperfmperf", "eagerfpu", "pni", "pclmulqdq", "ssse3", "fma", "cx16", "pcid", "sse4_1", "sse4_2", "x2apic", "movbe", "popcnt", "tsc_deadline_timer", "xsave", "avx", "f16c", "rdrand", "hypervisor", "lahf_lm", "abm", "3dnowprefetch", "epb", "fsgsbase", "tsc_adjust", "bmi1", "hle", "avx2", "smep", "bmi2", "invpcid", "rtm", "rdseed", "adx", "smap", "xsaveopt", "dtherm", "ida", "arat", "pln", "pts" ], "cpu_model": "Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz", "cpuarch": "x86_64", "disks": [ "sda", "sr0", "dm-0", "dm-1" ], "dns": { "domain": "", "ip4_nameservers": [ "8.8.8.8" ], "ip6_nameservers": [], "nameservers": [ "8.8.8.8" ], "options": [], "search": [], "sortlist": [] }, "domain": "", "fqdn": "coms", "fqdn_ip4": [ "192.168.137.137", "192.168.122.1" ], "fqdn_ip6": [ "fe80::20c:29ff:fe89:255f" ], "gid": 0, "gpus": [ { "model": "SVGA II Adapter", "vendor": "unknown" } ], "groupname": "root", "host": "coms", "hwaddr_interfaces": { "ens33": "00:0c:29:89:25:5f", "lo": "00:00:00:00:00:00", "virbr0": "52:54:00:50:d4:e0", "virbr0-nic": "52:54:00:50:d4:e0" }, "id": "coms", "init": "systemd", "ip4_gw": "192.168.137.1", "ip4_interfaces": { "ens33": [ "192.168.137.137" ], "lo": [ "127.0.0.1" ], "virbr0": [ "192.168.122.1" ], "virbr0-nic": [] }, "ip6_gw": false, "ip6_interfaces": { "ens33": [ "fe80::20c:29ff:fe89:255f" ], "lo": [ "::1" ], "virbr0": [], "virbr0-nic": [] }, "ip_gw": true, "ip_interfaces": { "ens33": [ "192.168.137.137", "fe80::20c:29ff:fe89:255f" ], "lo": [ "127.0.0.1", "::1" ], "virbr0": [ "192.168.122.1" ], "virbr0-nic": [] }, "ipv4": [ "127.0.0.1", "192.168.122.1", "192.168.137.137" ], "ipv6": [ "::1", "fe80::20c:29ff:fe89:255f" ], "kernel": "Linux", "kernelrelease": "3.10.0-862.el7.x86_64", "kernelversion": "#1 SMP Fri Apr 20 16:44:24 UTC 2018", "locale_info": { "defaultencoding": "UTF-8", "defaultlanguage": "zh_CN", "detectedencoding": "UTF-8" }, "localhost": "coms", "lsb_distrib_codename": "CentOS Linux 7 (Core)", "lsb_distrib_id": "CentOS Linux", "machine_id": "51c5e9520d814f29b2dc273eac744beb", "manufacturer": "VMware, Inc.", "master": "192.168.137.137", "mdadm": [], "mem_total": 1821, "nodename": "coms", "num_cpus": 1, "num_gpus": 1, "os": "CentOS", "os_family": "RedHat", "osarch": "x86_64", "oscodename": "CentOS Linux 7 (Core)", "osfinger": "CentOS Linux-7", "osfullname": "CentOS Linux", "osmajorrelease": 7, "osrelease": "7.5.1804", "osrelease_info": [ 7, 5, 1804 ], "path": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin", "pid": 1788, "productname": "VMware Virtual Platform", "ps": "ps -efHww", "pythonexecutable": "/usr/bin/python", "pythonpath": [ "/usr/bin", "/usr/lib/python2.7/site-packages/Django-1.11.18-py2.7.egg", "/usr/lib/python2.7/site-packages/PyMySQL-0.9.3-py2.7.egg", "/usr/lib64/python27.zip", "/usr/lib64/python2.7", "/usr/lib64/python2.7/plat-linux2", "/usr/lib64/python2.7/lib-tk", "/usr/lib64/python2.7/lib-old", "/usr/lib64/python2.7/lib-dynload", "/usr/lib64/python2.7/site-packages", "/usr/lib64/python2.7/site-packages/gtk-2.0", "/usr/lib/python2.7/site-packages" ], "pythonversion": [ 2, 7, 5, "final", 0 ], "saltpath": "/usr/lib/python2.7/site-packages/salt", "saltversion": "2018.3.2", "saltversioninfo": [ 2018, 3, 2, 0 ], "selinux": { "enabled": false, "enforced": "Disabled" }, "serialnumber": "VMware-56 4d 43 54 ca 1c a8 bd-2e a5 ab 9f 99 89 25 5f", "server_id": 1180429514, "shell": "/bin/sh", "swap_total": 2047, "systemd": { "features": "+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN", "version": "219" }, "uid": 0, "username": "root", "uuid": "54434d56-1cca-bda8-2ea5-ab9f9989255f", "virtual": "VMware", "zfs_feature_flags": false, "zfs_support": false, "zmqversion": "4.1.4" } } ] } [root@coms master.d]# [root@coms ~]# curl -sSk https://192.168.137.137:9000/ -H 'Accept: application/json' -H 'x`: 1177497221780d4623088e48c63c32eb3560466a' |python -mjson.tool { "clients": [ "local", "local_async", "local_batch", "local_subset", "runner", "runner_async", "ssh", "wheel", "wheel_async" ], "return": "Welcome" } [root@coms ~]# curl -sSk https://192.168.137.137:9000/ -H 'Accept: application/json' -H 'X-Auth-Token: 1177497221780d4623088e48c63c32eb3560466a' -d client=local -d tgt='*' -d fun=disk.usage | python -mjson.tool { "return": [ { "coms": { "/": { "1K-blocks": "17811456", "available": "12365236", "capacity": "31%", "filesystem": "/dev/mapper/centos-root", "used": "5446220" }, "/boot": { "1K-blocks": "1038336", "available": "865172", "capacity": "17%", "filesystem": "/dev/sda1", "used": "173164" }, "/dev": { "1K-blocks": "915508", "available": "915508", "capacity": "0%", "filesystem": "devtmpfs", "used": "0" }, "/dev/shm": { "1K-blocks": "932640", "available": "932612", "capacity": "1%", "filesystem": "tmpfs", "used": "28" }, "/run": { "1K-blocks": "932640", "available": "922384", "capacity": "2%", "filesystem": "tmpfs", "used": "10256" }, "/run/user/1000": { "1K-blocks": "186532", "available": "186532", "capacity": "0%", "filesystem": "tmpfs", "used": "0" }, "/sys/fs/cgroup": { "1K-blocks": "932640", "available": "932640", "capacity": "0%", "filesystem": "tmpfs", "used": "0" } } } ] } [root@coms ~]#