安装salt api
yum -y install salt-api pyOpenSSL
chkconfig salt-api on
创建用户,saltapi认证使用
useradd -M -s /sbin/nologin kbson
echo 'kbson' | passwd kbson --stdin
添加salt api配置
[root@operation ops]# cat /etc/salt/master.d/api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/certs/localhost.key
external_auth:
pam:
kbson:
- .*
- '@wheel'
- '@runner'
不使用ssl
rest_cherrypy:
port: 8000
#ssl_crt: /etc/pki/tls/certs/localhost.crt
#ssl_key: /etc/pki/tls/private/localhost.key
disable_ssl: True
external_auth:
pam:
kbson:
- .*
- '@wheel'
- '@runner'
生成自签名证书
[root@operation ops]# salt-call tls.create_self_signed_cert
local:
Certificate "localhost" already exists
提示已经存在时,可以删除/etc/pki/tls/certs/localhost.crt /etc/pki/tls/certs/localhost.key重新生成
获取token
[root@operation ops]# curl -k https://192.168.62.200:8000/login -H "Accept: application/x-yaml" -d username='kbson' -d password='kbson' -d eauth='pam'
return:
- eauth: pam
expire: 1480714218.787106
perms:
- .*
- '@wheel'
- '@runner'
start: 1480671018.787106
token: ab3749a9a0fe83386b8a5d558d10e346c252e336
user: kbson
重启salt-api后token会改变
执行models,test.ping测试minion连通性
[root@operation ops]# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='local' -d tgt='*' -d fun='test.ping'
return:
- operation: true
远程执行命令
[root@operation ops]# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='local' -d tgt='*' -d fun='cmd.run' -d arg='free -m'
return:
- operation: ' total used free shared buffers cached
Mem: 988 932 56 1 19 107
-/+ buffers/cache: 805 182
Swap: 1983 382 1601'
[root@operation ops]# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='local' -d tgt='operation,slave01' -d expr_form='list' -d fun='cmd.run' -d arg='free -m'
return:
- operation: ' total used free shared buffers cached
Mem: 988 925 63 1 21 81
-/+ buffers/cache: 821 166
Swap: 1983 393 1590'
slave01: ' total used free shared buffers cached
Mem: 1870 622 1248 6 79 300
-/+ buffers/cache: 242 1628
Swap: 2047 0 2047'
[root@operation ops]#
执行wheel
查看minion key状态
[root@operation ops]# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='wheel' -d fun='key.list_all'
return:
- data:
_stamp: '2016-12-02T09:30:35.235660'
fun: wheel.key.list_all
jid: '20161202173034905379'
return:
local:
- master.pem
- master.pub
minions:
- operation
- slave01
minions_denied: []
minions_pre: []
minions_rejected: []
success: true
tag: salt/wheel/20161202173034905379
user: kbson
tag: salt/wheel/20161202173034905379
查看sls模块信息
wheel.file_roots.list_roots
# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 2ea1a20373900c311cf4ab1a707da5de4c9c44fc" -d client='wheel' -d fun='file_roots.list_roots'
return:
- data:
_stamp: '2016-12-16T16:16:46.198753'
fun: wheel.file_roots.list_roots
jid: '20161217001646168084'
return:
app:
- /data/salt/app:
memcached:
file:
install_memcached-1.4.15.tar.gz: f
init.sls: f
install.sls: f
nginx:
conf.sls: f
file:
nginx: f
nginx-1.2.5.tar.gz: f
nginx.conf: f
nginx_log_cut.sh: f
vhost.conf: f
init.sls: f
install.sls: f
vhost.sls: f
执行runner
查看saltenv环境配置
# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 2ea1a20373900c311cf4ab1a707da5de4c9c44fc" -d client='runner' -d fun='fileserver.envs'
return:
- - app
- base
- online
查看minion运行状态
[root@operation ops]# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='runner' -d fun='manage.status'
return:
- down:
- slave01
up:
- operation
异步执行命令job
# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 14e719b94839b680e7860bfa34db7a385070dd53" -d client="local_async" -d expr_form="glob" -d tgt="operation" -d fun="cmd.run" -d arg="free -m"
return:
- jid: '20161205111629216443'
minions:
- operation
# curl -k https://192.168.62.200:8000/jobs/20161205111629216443 -H "Accept: application/x-yaml" -H "X-Auth-Token: 14e719b94839b680e7860bfa34db7a385070dd53"
info:
- Arguments:
- free -m
Function: cmd.run
Minions:
- operation
Result:
operation:
return: ' total used free shared buffers cached
Mem: 988 928 59 1 17 75
-/+ buffers/cache: 836 152
Swap: 1983 330 1653'
StartTime: 2016, Dec 05 11:16:29.216443
Target: operation
Target-type: glob
User: kbson
jid: '20161205111629216443'
return:
- operation: ' total used free shared buffers cached
Mem: 988 928 59 1 17 75
-/+ buffers/cache: 836 152
Swap: 1983 330 1653'