Saltstack之Salt-api安装使用

安装salt api

yum -y install salt-api pyOpenSSL  
chkconfig salt-api on  

创建用户，saltapi认证使用

useradd -M -s /sbin/nologin kbson  
echo 'kbson' | passwd kbson --stdin  

添加salt api配置

[root@operation ops]# cat /etc/salt/master.d/api.conf 
rest_cherrypy:  
  port: 8000  
  ssl_crt: /etc/pki/tls/certs/localhost.crt  
  ssl_key: /etc/pki/tls/certs/localhost.key
external_auth:  
  pam:  
    kbson:            
      - .*
      - '@wheel'
      - '@runner'

不使用ssl

rest_cherrypy:
  port: 8000
  #ssl_crt: /etc/pki/tls/certs/localhost.crt
  #ssl_key: /etc/pki/tls/private/localhost.key
  disable_ssl: True
external_auth:
  pam:
    kbson:
      - .*
      - '@wheel'
      - '@runner'

生成自签名证书

[root@operation ops]# salt-call tls.create_self_signed_cert
local:
    Certificate "localhost" already exists

提示已经存在时，可以删除/etc/pki/tls/certs/localhost.crt  /etc/pki/tls/certs/localhost.key重新生成

获取token

[root@operation ops]# curl -k https://192.168.62.200:8000/login  -H "Accept: application/x-yaml" -d username='kbson' -d password='kbson' -d eauth='pam'
return:
- eauth: pam
  expire: 1480714218.787106
  perms:
  - .*
  - '@wheel'
  - '@runner'
  start: 1480671018.787106
  token: ab3749a9a0fe83386b8a5d558d10e346c252e336
  user: kbson

重启salt-api后token会改变

执行models，test.ping测试minion连通性

[root@operation ops]# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='local' -d tgt='*' -d fun='test.ping'  
return:
- operation: true

远程执行命令

[root@operation ops]# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='local' -d tgt='*' -d fun='cmd.run'   -d arg='free -m'
return:
- operation: '             total       used       free     shared    buffers     cached

    Mem:           988        932         56          1         19        107

    -/+ buffers/cache:        805        182

    Swap:         1983        382       1601'

远程执行多个minion命令

[root@operation ops]# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336"  -d client='local' -d tgt='operation,slave01'  -d expr_form='list'  -d fun='cmd.run' -d arg='free -m'
return:
- operation: '             total       used       free     shared    buffers     cached


    Mem:           988        925         63          1         21         81


    -/+ buffers/cache:        821        166


    Swap:         1983        393       1590'
  slave01: '             total       used       free     shared    buffers     cached


    Mem:          1870        622       1248          6         79        300


    -/+ buffers/cache:        242       1628


    Swap:         2047          0       2047'
[root@operation ops]#

执行wheel

查看minion key状态

[root@operation ops]# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='wheel'  -d fun='key.list_all'
return:
- data:
    _stamp: '2016-12-02T09:30:35.235660'
    fun: wheel.key.list_all
    jid: '20161202173034905379'
    return:
      local:
      - master.pem
      - master.pub
      minions:
      - operation
      - slave01
      minions_denied: []
      minions_pre: []
      minions_rejected: []
    success: true
    tag: salt/wheel/20161202173034905379
    user: kbson
  tag: salt/wheel/20161202173034905379

查看sls模块信息

wheel.file_roots.list_roots

# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 2ea1a20373900c311cf4ab1a707da5de4c9c44fc" -d client='wheel'  -d fun='file_roots.list_roots'
return:
- data:
    _stamp: '2016-12-16T16:16:46.198753'
    fun: wheel.file_roots.list_roots
    jid: '20161217001646168084'
    return:
      app:
      - /data/salt/app:
          memcached:
            file:
              install_memcached-1.4.15.tar.gz: f
            init.sls: f
            install.sls: f
          nginx:
            conf.sls: f
            file:
              nginx: f
              nginx-1.2.5.tar.gz: f
              nginx.conf: f
              nginx_log_cut.sh: f
              vhost.conf: f
            init.sls: f
            install.sls: f
            vhost.sls: f

执行runner

查看saltenv环境配置

# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 2ea1a20373900c311cf4ab1a707da5de4c9c44fc" -d client='runner'  -d fun='fileserver.envs'
return:
- - app
  - base
  - online

查看minion运行状态

[root@operation ops]# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='runner'  -d fun='manage.status'
return:
- down:
  - slave01
  up:
  - operation

异步执行命令job

# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 14e719b94839b680e7860bfa34db7a385070dd53" -d client="local_async" -d expr_form="glob" -d tgt="operation"   -d fun="cmd.run" -d  arg="free -m"
return:
- jid: '20161205111629216443'
  minions:
  - operation


# curl -k https://192.168.62.200:8000/jobs/20161205111629216443 -H "Accept: application/x-yaml" -H "X-Auth-Token: 14e719b94839b680e7860bfa34db7a385070dd53"
info:
- Arguments:
  - free -m
  Function: cmd.run
  Minions:
  - operation
  Result:
    operation:
      return: '             total       used       free     shared    buffers     cached

        Mem:           988        928         59          1         17         75

        -/+ buffers/cache:        836        152

        Swap:         1983        330       1653'
  StartTime: 2016, Dec 05 11:16:29.216443
  Target: operation
  Target-type: glob
  User: kbson
  jid: '20161205111629216443'
return:
- operation: '             total       used       free     shared    buffers     cached

    Mem:           988        928         59          1         17         75

    -/+ buffers/cache:        836        152

    Swap:         1983        330       1653'