自动化管理工具Saltstack之Salt-api篇(16)
salt-api所有操作均在master端
一、安装salt-api
yum -y install salt-api pyOpenSSL chkconfig salt-api on
二、配置salt-api
修改/etc/salt/master文件
sed -i '/#default_include/s/#default/default/g' /etc/salt/master mkdir /etc/salt/master.d创建用于salt-api的用户
useradd -M -s /sbin/nologin hyxc echo '123456aa' | passwd hyxc --stdin新增配置文件/etc/salt/master.d/api.conf
cat /etc/salt/master.d/api.conf rest_cherrypy: port: 8000 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/certs/localhost.key新增配置文件/etc/salt/master.d/eauth.conf
cat /etc/salt/master.d/eauth.conf
external_auth:
pam:
hyxc:
- .*
生成自签名证书
salt-call tls.create_self_signed_cert重启salt-master
service salt-master restart
启动salt-api
service salt-api start
三、Salt-api的使用
使用curl 获取token
curl -k https://192.168.90.62:8000/login -H "Accept: application/x-yaml" -d username='hyxc' -d password='123456aa' -d eauth='pam' return: - eauth: pam expire: 1455557750.5028951 perms: - .* start: 1455514550.5028939 token: ca1e83b9ca3817d8333bd4054892bf3ac1b90b73 user: hyxc获取token后就可以使用token通信
注:重启salt-api后token改变
1.测试minion端的联通性
下面功能类似于“salt '*' test.ping”
curl -k https://192.168.90.62:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ca1e83b9ca3817d8333bd4054892bf3ac1b90b73" -d client='local' -d tgt='*' -d fun='test.ping' return: - 192.168.90.63: true
2.执行远程命令
下面功能类似于“salt '*' cmd.run ifconfig”
curl -k https://192.168.90.62:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ca1e83b9ca3817d8333bd4054892bf3ac1b90b73" -d client='local' -d tgt='*' -d fun='cmd.run' -d arg='ifconfig'
return:
- 192.168.90.63: "eth2 Link encap:Ethernet HWaddr 00:50:56:B5:5C:28 \n \
\ inet addr:192.168.90.63 Bcast:192.168.90.255 Mask:255.255.255.0\n \
\ inet6 addr: fe80::250:56ff:feb5:5c28/64 Scope:Link\n UP BROADCAST\
\ RUNNING MULTICAST MTU:1500 Metric:1\n RX packets:824916 errors:0\
\ dropped:0 overruns:0 frame:0\n TX packets:434238 errors:0 dropped:0\
\ overruns:0 carrier:0\n collisions:0 txqueuelen:1000 \n RX\
\ bytes:60340602 (57.5 MiB) TX bytes:27042908 (25.7 MiB)\n\nlo Link encap:Local\
\ Loopback \n inet addr:127.0.0.1 Mask:255.0.0.0\n inet6 addr:\
\ ::1/128 Scope:Host\n UP LOOPBACK RUNNING MTU:16436 Metric:1\n \
\ RX packets:808 errors:0 dropped:0 overruns:0 frame:0\n TX packets:808\
\ errors:0 dropped:0 overruns:0 carrier:0\n collisions:0 txqueuelen:0\
\ \n RX bytes:59931 (58.5 KiB) TX bytes:59931 (58.5 KiB)"
3.使用state.sls
下面功能类似于“salt '*' state.sls ifconfig”
curl -k https://192.168.90.62:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ca1e83b9ca3817d8333bd4054892bf3ac1b90b73" -d client='local' -d tgt='*' -d fun='state.sls' -d arg='ifconfig'
return:
- 192.168.90.63:
cmd_|-ifconfig_|-ifconfig_|-run:
__run_num__: 0
changes:
pid: 30954
retcode: 0
stderr: ''
stdout: "eth2 Link encap:Ethernet HWaddr 00:50:56:B5:5C:28 \n \
\ inet addr:192.168.90.63 Bcast:192.168.90.255 Mask:255.255.255.0\n\
\ inet6 addr: fe80::250:56ff:feb5:5c28/64 Scope:Link\n \
\ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n RX packets:825051\
\ errors:0 dropped:0 overruns:0 frame:0\n TX packets:434351 errors:0\
\ dropped:0 overruns:0 carrier:0\n collisions:0 txqueuelen:1000\
\ \n RX bytes:60353823 (57.5 MiB) TX bytes:27062672 (25.8 MiB)\n\
\nlo Link encap:Local Loopback \n inet addr:127.0.0.1 \
\ Mask:255.0.0.0\n inet6 addr: ::1/128 Scope:Host\n UP\
\ LOOPBACK RUNNING MTU:16436 Metric:1\n RX packets:808 errors:0\
\ dropped:0 overruns:0 frame:0\n TX packets:808 errors:0 dropped:0\
\ overruns:0 carrier:0\n collisions:0 txqueuelen:0 \n \
\ RX bytes:59931 (58.5 KiB) TX bytes:59931 (58.5 KiB)"
comment: Command "ifconfig" run
duration: 11.991
name: ifconfig
result: true
start_time: '13:59:06.334112'
4.使用Targeting
下面功能类似于“salt -L '192.168.90.61,192.168.90.63' test.ping”
curl -k https://192.168.90.62:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 8f0ced127b052abddccac723a990c0015cdce33a" -d client='local' -d tgt='192.168.90.61,192.168.90.63' -d expr_form='list' -d fun='test.ping' return: - 192.168.90.61: true 192.168.90.63: true下面功能类似于“salt -N test2 test.ping”
curl -k https://192.168.90.62:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 8f0ced127b052abddccac723a990c0015cdce33a" -d client='local' -d tgt='test2' -d expr_form='nodegroup' -d fun='test.ping' return: - 192.168.90.61: true 192.168.90.63: true
5.以json格式输出
curl -k https://192.168.90.62:8000 -H "Accept: application/json" -H "X-Auth-Token: 8f0ced127b052abddccac723a990c0015cdce33a" -d client='local' -d tgt='*.63' -d fun='cmd.run' -d arg='ifconfig'
{"return": [{"192.168.90.63": "eth2 Link encap:Ethernet HWaddr 00:50:56:B5:5C:28 \n inet addr:192.168.90.63 Bcast:192.168.90.255 Mask:255.255.255.0\n inet6 addr: fe80::250:56ff:feb5:5c28/64 Scope:Link\n UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n RX packets:826940 errors:0 dropped:0 overruns:0 frame:0\n TX packets:435580 errors:0 dropped:0 overruns:0 carrier:0\n collisions:0 txqueuelen:1000 \n RX bytes:60495607 (57.6 MiB) TX bytes:27156010 (25.8 MiB)\n\nlo Link encap:Local Loopback \n inet addr:127.0.0.1 Mask:255.0.0.0\n inet6 addr: ::1/128 Scope:Host\n UP LOOPBACK RUNNING MTU:16436 Metric:1\n RX packets:808 errors:0 dropped:0 overruns:0 frame:0\n TX packets:808 errors:0 dropped:0 overruns:0 carrier:0\n collisions:0 txqueuelen:0 \n RX bytes:59931 (58.5 KiB) TX bytes:59931 (58.5 KiB)"}]}
问题1:在执行“service salt-api stop”后再执行“service salt-api start”启动服务失败,或执行“service salt-apirestart”时,启动服务也有出现失败现象
解决办法:salt-api每次启动默认开启两个进程,执行“service salt-api stop”后每次只能杀死一个进程,造成服务再次启动失败。修改/etc/init.d/salt-api中stop函数如下(也可自己重写此脚本,这里是省事,直接改原脚本)
vim /etc/init.d/salt-api
stop() {
echo -n $"Stopping salt-api daemon: "
if [ -f $SUSE_RELEASE ]; then
killproc -TERM $SALTAPI
rc_status -v
elif [ -f $DEBIAN_VERSION ]; then
# Added this since Debian's start-stop-daemon doesn't support spawned processes
if ps -ef | grep "$PYTHON $SALTAPI" | grep -v grep | awk '{print $2}' | xargs kill &> /dev/null; then
echo -n "OK"
RETVAL=0
else
echo -n "Daemon is not started"
RETVAL=1
fi
else
killproc $PROCESS && killproc $PROCESS
fi
RETVAL=$?
echo
return $RETVAL
}