SaltStack —— Restful API 配置环境部署

写在前面的话

SaltStack 的 API 是在 Master 和 Minion 之外的一个独立的服务,所以需要独立部署,API 服务需要部署在 Master 服务器上。

Salt-API 部署

1. 部署 Salt-API 服务

# 安装pip
yum -y install epel-release
yum install python-pip
pip install --upgrade pip
# 安装PyOpenSSL,用于生成证书
pip install PyOpenSSL
# 安装 salt-api
yum -y install salt-api

2. 配置用户以及权限

# 创建api认证用户
[root@localhost ~]# useradd -M -s /sbin/nologin saltapi
[root@localhost ~]# passwd saltapi
# 配置认证模式
[root@localhost ~]# cat /etc/salt/master.d/eauth.conf
external_auth:
  pam:
    saltapi:  # 用户名
      - .*     # 用户权限
      - '@wheel'
      - '@runner'

3. 配置 salt-api 服务

# 生成证书
[root@localhost ~]# salt-call tls.create_self_signed_cert
local:
    Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt."
# 配置服务
[root@localhost ~]# cat /etc/salt/master.d/api.conf
rest_cherrypy:
  port: 8000
  ssl_crt: /etc/pki/tls/certs/localhost.crt  # 使用前面生成的证书
  ssl_key: /etc/pki/tls/certs/localhost.key

4. 启动服务

# 配置完用户权限要重启 salt-master
[root@localhost ~]# systemctl restart salt-master
[root@localhost ~]# systemctl start salt-api
[root@localhost ~]# systemctl status salt-api
● salt-api.service - The Salt API
   Loaded: loaded (/usr/lib/systemd/system/salt-api.service; disabled; vendor preset: disabled)
   Active: active (running) since 二 2018-07-10 15:26:57 CST; 6s ago
     Docs: man:salt-api(1)
           file:///usr/share/doc/salt/html/contents.html
           https://docs.saltstack.com/en/latest/contents.html
 Main PID: 87500 (salt-api)
   CGroup: /system.slice/salt-api.service
           ├─87500 /usr/bin/python /usr/bin/salt-api
           └─87509 /usr/bin/python /usr/bin/salt-api

710 15:26:57 localhost.localdomain systemd[1]: Starting The Salt API...
710 15:26:57 localhost.localdomain systemd[1]: Started The Salt API.
[root@localhost ~]# netstat -lnp | grep 8000
tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN      87509/python   
# 若提示netstat不存在,则执行下列命令安装
yum install net-tools

5. 测试

[root@localhost ~]# curl -X POST -k https://localhost:8000/login -d username='saltapi' -d password='password' -d eauth='pam' | python -mjson.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   251  100   199  100    52    382     99 --:--:-- --:--:-- --:--:--   381
{
    "return": [
        {
            "eauth": "pam",
            "expire": 1531252162.57763,
            "perms": [
                ".*",
                "@wheel",
                "@runner"
            ],
            "start": 1531208962.577629,
            "token": "093df86e3377844a4e4bb6625ec4b29f3fb0cd0f",  # 认证后获得的令牌
            "user": "saltapi"
        }
    ]
}

[root@localhost ~]# curl -k https://localhost:8000 -H "Accept: application/json" -H "X-Auth-Token: cfe09d54f20985c311a3ecf3c60cfad90d5f3aa1" -d client='local' -d tgt='*' -d fun='test.ping'
{"return": [{"SERV00-SALTSTACK": true}]}

你可能感兴趣的:(SaltStack)