环境说明
操作系统:centos 7.0
salt master/minion/版本2014.7.1
Salt-api安装
salt-api 使用pip安装
[root@centos7 ~]# pip install CherryPy [root@centos7 ~]# pip install salt-api
Salt-api配置
[root@centos7 ~]# cd /etc/pki/tls/certs/ # 生成自签名证书,用于ssl [root@centos7 certs]# make testcert umask 77 ; \ /usr/bin/openssl genrsa -aes128 2048 > /etc/pki/tls/private/localhost.key Generating RSA private key, 2048 bit long modulus ...................................................................+++ ..+++ e is 65537 (0x10001) Enter pass phrase: # 输入加密密语,4到8191个字符 Verifying - Enter pass phrase: # 确认加密密语 umask 77 ; \ /usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days 365 -out /etc/pki/tls/certs/localhost.crt -set_serial 0 Enter pass phrase for /etc/pki/tls/private/localhost.key: # 再次输入密语 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN # 选填 State or Province Name (full name) []:Shanghai Locality Name (eg, city) [Default City]:Shanghai Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []:[email protected]
[root@centos7 certs]# cd ../private/ [root@centos7 private]# openssl rsa -in localhost.key -out localhost_nopass.key Enter pass phrase for localhost.key: writing RSA key [root@centos7 private]# ls localhost.key localhost_nopass.key
注:
1、 如果make testcert出现错误,删除/etc/pki/tls/private/localhost.key文件,然后再make testcert。
2、 装salt-api的时候,使用curl命令遇到curl: (56) SSL received a record that exceeded the maximum permissible length.可能是CherryPy包的问题。
# 创建用户 [root@centos7 private]# useradd -M -s /sbin/nologin saltapi [root@centos7 private]# echo "yao" | passwd saltapi --stdin
# 添加配置文件 [root@centos7 ~]# mkdir -p /etc/salt/master.d/ [root@centos7 ~]# vim /etc/salt/master.d/eauth.conf # 处于安全因素,一般只给特定模块的使用权限,这里给saltapi用户所有模块的使用权限 external_auth: pam: saltapi: - .* [root@centos7 ~]# vim /etc/salt/master.d/api.conf rest_cherrypy: port: 8888 # salt-api 监听端口 ssl_crt: /etc/pki/tls/certs/localhost.crt # ssl认证的证书 ssl_key: /etc/pki/tls/private/localhost_nopass.key [root@centos7 ~]# systemctl restart salt-master.service [root@centos7 ~]# systemctl restart salt-api.service
Salt-api使用
1、curl使用
获取token
[root@centos7 ~]# curl -k https://172.16.199.249:8888/login -H "Accept: application/x-yaml" -d username='saltapi' -d password='yao' -d eauth='pam' return: - eauth: pam expire: 1427373796.305001 perms: - .* - '@wheel' - '@runner' start: 1427330596.305 token: ec8d60e3b492e9947e557eefd4112802053432c7 user: saltapi
查询minion的信息
[root@centos7 ~]# curl -k https://172.16.199.249:8888/minions/compute-1 -H "Accept: application/x-yaml" -H "X-Auth-Token: 9845eab9848c5b5ba72fbad9102532bddab2df7f" # token是上面获取到的,如果后面跟的请求不包含特定minion id如compute-1,则请求的是所有的minion的信息。 return: - compute-1: SSDs: [] biosreleasedate: 01/01/2011 biosversion: 0.5.1 cpu_flags: - fpu - vme 。。。。。。
查询缓存的job信息
[root@centos7 ~]# curl -k https://172.16.199.249:8888/jobs/20150326085224919460 -H "Accept: application/x-yaml" -H "X-Auth-Token: 9845eab9848c5b5ba72fbad9102532bddab2df7f" # 如果后面跟的请求不包含特定job id如20150326085224919460,则请求的是所有job的信息。 info: - Arguments: [] Function: test.ping Minions: - compute-1 Result: compute-1: return: true StartTime: 2015, Mar 26 08:52:24.919460 Target: '*' Target-type: glob User: root jid: '20150326085224919460' return: - compute-1: true
远程执行module
[root@centos7 ~]# curl -k https://172.16.199.249:8888 -H "Accept: application/x-yaml" -H "X-Auth-Token: 9845eab9848c5b5ba72fbad9102532bddab2df7f" -d client='local' -d tgt='*' -d fun='test.ping' return: - compute-1: true
远程执行runner
[root@centos7 ~]# curl -k https://172.16.199.249:8888 -H "Accept: application/x-yaml" -H "X-Auth-Token: 9845eab9848c5b5ba72fbad9102532bddab2df7f" -d client='runner' -d fun='manage.status' return: - down: [] up: - compute-1
远程运行wheel
[root@centos7 ~]# curl -k https://172.16.199.249:8888 -H "Accept: application/x-yaml" -H "X-Auth-Token: 0110cb3fd4bc4521d5c2de7126eadfd786dc8b36" -d client='wheel' -d fun='key.list_all' return: - data: _stamp: '2015-03-26T13:42:16.569194' fun: wheel.key.list_all jid: '20150326134216540701' return: local: - master.pem - master.pub minions: - compute-1 minions_pre: [] minions_rejected: [] success: true tag: salt/wheel/20150326134216540701 user: saltapi tag: salt/wheel/20150326134216540701
参考链接
姚鹏Salt-API安装配置及使用
配置管理(3) salt-api安装、配置、使用