一、系统环境

cat /etc/redhat-release 

CentOS Linux release 7.3.1611 (Core)


二、安装及配置

1、salt-api所有操作均在master端

yum -y install salt-api pyOpenSSL  

  

2、配置salt-api

修改/etc/salt/master文件

sed -i '/#default_include/s/#default/default/g' /etc/salt/master  


如果没有目录需要创建

mkdir /etc/salt/master.d  


3、创建用于salt-api的用户

useradd -M -s /sbin/nologin saltapi  

echo 'saltapi' | passwd saltapi --stdin  


4、新增配置文件api.conf、eauth.conf


vim /etc/salt/master.d/api.conf  

rest_cherrypy:  

  port: 8000  

  ssl_crt: /etc/pki/tls/certs/localhost.crt  

  ssl_key: /etc/pki/tls/certs/localhost.key  


vim /etc/salt/master.d/eauth.conf  

external_auth:  

  pam:  

    saltapi:  

      - .*  

      - '@wheel'  

      - '@runner' 


5、生成自签名证书

salt-call tls.create_self_signed_cert  


6、重启salt-master

systemctl restart salt-master.service


7、启动salt-api

systemctl restart salt-api


查看是否启动8000端口

netstat -tnlp |grep 8000

tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN      11042/python 


三、Salt-api的使用方法

1、使用curl 获取token

 curl -k https://172.16.8.200:8000/login -H "Accept: application/x-yaml"  -d username='saltapi' -d password='saltapi'  -d eauth='pam'

return:

- eauth: pam

  expire: 1503412552.298529

  perms:

  - .*

  - '@wheel'

  - '@runner'

  start: 1503369352.298528

  token: a30a9b669696402888d67ce857626799a89d8992

  user: saltapi


获取token后就可以使用token通信

注:重启salt-api后token改变


2、测试minion端的联通性

salt '*' test.ping

curl -k https://172.16.8.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: a30a9b669696402888d67ce857626799a89d8992" -d client='local' -d tgt='*' -d fun='test.ping'  


执行结果: 

curl -k https://172.16.8.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: a30a9b669696402888d67ce857626799a89d8992" -d client='local' -d tgt='*' -d fun='test.ping'  

return:

- zabbix-grafana: true


3、执行远程命令

salt '*' cmd.run df -h

curl -k https://172.16.8.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: a30a9b669696402888d67ce857626799a89d8992" -d client='local' -d tgt='*' -d fun='cmd.run' -d arg='df -h' 


执行结果:

curl -k https://172.16.8.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: a30a9b669696402888d67ce857626799a89d8992" -d client='local' -d tgt='*' -d fun='cmd.run' -d arg='df -h' 

return:

- zabbix-grafana: 'Filesystem      Size  Used Avail Use% Mounted on


    /dev/sda5        98G   80G   19G  82% /


    devtmpfs        3.9G     0  3.9G   0% /dev


    tmpfs           3.9G   28K  3.9G   1% /dev/shm


    tmpfs           3.9G   81M  3.8G   3% /run


    tmpfs           3.9G     0  3.9G   0% /sys/fs/cgroup


    /dev/sda2       497M  129M  368M  26% /boot


    tmpfs           783M     0  783M   0% /run/user/0'