http://blog.csdn.net/hnhuangyiyang/article/details/50667000
一、安装:
yum -y install salt-api pyOpenSS
systemctl status salt-api.service
二、配置:
修改/etc/salt/master文件
[root@controller2 ~]# sed -i '/#default_include/s/#default/default/g' /etc/salt/master
[root@controller2 ~]# mkdir /etc/salt/master.d
创建用于salt-api的用户
[root@controller2 ~]# useradd -M -s /sbin/nologin hyxc
[root@controller2 ~]# echo '123456' | passwd hyxc --stdin
Changing password for user hyxc.
passwd: all authentication tokens updated successfully.
新增配置文件/etc/salt/master.d/api.conf
[root@controller2 ~]# cat /etc/salt/master.d/api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/certs/localhost.key
新增配置文件/etc/salt/master.d/eauth.conf
[root@controller2 ~]# cat /etc/salt/master.d/eauth.conf
external_auth:
pam:
hyxc:
- .*
- '@wheel'
- '@runner'
生成自签名证书
[root@controller2 ~]# salt-call tls.create_self_signed_cert
local:
Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt."
重启salt-master
[root@controller2 ~]# service salt-master restart
Redirecting to /bin/systemctl restart salt-master.service
启动salt-api
[root@controller2 ~]# service salt-api start
Redirecting to /bin/systemctl start salt-api.service
三、Salt-api的使用
1、使用curl 获取token
[root@controller2 ~]# curl -k https://172.16.142.45:8000/login -H "Accept: application/x-yaml" -d username='hyxc' -d password='123456' -d eauth='pam'
return:
- eauth: pam
expire: 1497906533.304127
perms:
- .*
- '@wheel'
- '@runner'
start: 1497863333.304126
token: 3f007802587e3a3b2a0e2a9e6d1f56a7d5a5c42b
user: hyxc
获取token后就可以使用token通信
注:重启salt-api后token改变
2、测试minion端的联通性
下面功能类似于“salt '*' test.ping”
[root@controller2 ~]# curl -k https://172.16.142.45:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 3f007802587e3a3b2a0e2a9e6d1f56a7d5a5c42b" -d client='local' -d tgt='*' -d fun='test.ping'
return:
- controller2: true
3.执行远程命令
下面功能类似于“salt '*' cmd.run ifconfig”
[root@controller2 ~]# curl -k https://172.16.142.45:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 3f007802587e3a3b2a0e2a9e6d1f56a7d5a5c42b" -d client='local' -d tgt='*' -d fun='cmd.run' -d arg='ifconfig'
return:
- controller2: "enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500\n \
\ inet 172.16.142.45 netmask 255.255.255.0 broadcast 172.16.142.255\n \
\ inet6 fe80::a00:27ff:feec:6138 prefixlen 64 scopeid 0x20<link>\n \
\ ether 08:00:27:ec:61:38 txqueuelen 1000 (Ethernet)\n RX packets\
\ 41175 bytes 7055302 (6.7 MiB)\n RX errors 0 dropped 0 overruns 0 \
\ frame 0\n TX packets 3239 bytes 669239 (653.5 KiB)\n TX errors\
\ 0 dropped 0 overruns 0 carrier 0 collisions 0\n\nenp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>\
\ mtu 1500\n inet 192.168.56.151 netmask 255.255.255.0 broadcast 192.168.56.255\n\
\ inet6 fe80::a00:27ff:fead:cf4f prefixlen 64 scopeid 0x20<link>\n \
\ ether 08:00:27:ad:cf:4f txqueuelen 1000 (Ethernet)\n RX packets\
\ 6 bytes 360 (360.0 B)\n RX errors 0 dropped 0 overruns 0 frame 0\n\
\ TX packets 10 bytes 744 (744.0 B)\n TX errors 0 dropped 0 overruns\
\ 0 carrier 0 collisions 0\n\nenp0s9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>\
\ mtu 1500\n inet 192.168.57.105 netmask 255.255.255.0 broadcast 192.168.57.255\n\
\ inet6 fe80::a00:27ff:fe5a:e546 prefixlen 64 scopeid 0x20<link>\n \
\ ether 08:00:27:5a:e5:46 txqueuelen 1000 (Ethernet)\n RX packets\
\ 6 bytes 360 (360.0 B)\n RX errors 0 dropped 0 overruns 0 frame 0\n\
\ TX packets 10 bytes 744 (744.0 B)\n TX errors 0 dropped 0 overruns\
\ 0 carrier 0 collisions 0\n\nenp0s10: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>\
\ mtu 1500\n inet 192.168.58.105 netmask 255.255.255.0 broadcast 192.168.58.255\n\
\ inet6 fe80::a00:27ff:fe6a:fec6 prefixlen 64 scopeid 0x20<link>\n \
\ ether 08:00:27:6a:fe:c6 txqueuelen 1000 (Ethernet)\n RX packets\
\ 18 bytes 8500 (8.3 KiB)\n RX errors 0 dropped 0 overruns 0 frame\
\ 0\n TX packets 10 bytes 744 (744.0 B)\n TX errors 0 dropped\
\ 0 overruns 0 carrier 0 collisions 0\n\nlo: flags=73<UP,LOOPBACK,RUNNING> \
\ mtu 65536\n inet 127.0.0.1 netmask 255.0.0.0\n inet6 ::1 prefixlen\
\ 128 scopeid 0x10<host>\n loop txqueuelen 0 (Local Loopback)\n \
\ RX packets 2121 bytes 188757 (184.3 KiB)\n RX errors 0 dropped 0\
\ overruns 0 frame 0\n TX packets 2121 bytes 188757 (184.3 KiB)\n \
一、安装:
yum -y install salt-api pyOpenSS
systemctl status salt-api.service
二、配置:
修改/etc/salt/master文件
[root@controller2 ~]# sed -i '/#default_include/s/#default/default/g' /etc/salt/master
[root@controller2 ~]# mkdir /etc/salt/master.d
创建用于salt-api的用户
[root@controller2 ~]# useradd -M -s /sbin/nologin hyxc
[root@controller2 ~]# echo '123456' | passwd hyxc --stdin
Changing password for user hyxc.
passwd: all authentication tokens updated successfully.
新增配置文件/etc/salt/master.d/api.conf
[root@controller2 ~]# cat /etc/salt/master.d/api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/certs/localhost.key
新增配置文件/etc/salt/master.d/eauth.conf
[root@controller2 ~]# cat /etc/salt/master.d/eauth.conf
external_auth:
pam:
hyxc:
- .*
- '@wheel'
- '@runner'
生成自签名证书
[root@controller2 ~]# salt-call tls.create_self_signed_cert
local:
Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt."
重启salt-master
[root@controller2 ~]# service salt-master restart
Redirecting to /bin/systemctl restart salt-master.service
启动salt-api
[root@controller2 ~]# service salt-api start
Redirecting to /bin/systemctl start salt-api.service
三、Salt-api的使用
1、使用curl 获取token
[root@controller2 ~]# curl -k https://172.16.142.45:8000/login -H "Accept: application/x-yaml" -d username='hyxc' -d password='123456' -d eauth='pam'
return:
- eauth: pam
expire: 1497906533.304127
perms:
- .*
- '@wheel'
- '@runner'
start: 1497863333.304126
token: 3f007802587e3a3b2a0e2a9e6d1f56a7d5a5c42b
user: hyxc
获取token后就可以使用token通信
注:重启salt-api后token改变
2、测试minion端的联通性
下面功能类似于“salt '*' test.ping”
[root@controller2 ~]# curl -k https://172.16.142.45:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 3f007802587e3a3b2a0e2a9e6d1f56a7d5a5c42b" -d client='local' -d tgt='*' -d fun='test.ping'
return:
- controller2: true
3.执行远程命令
下面功能类似于“salt '*' cmd.run ifconfig”
[root@controller2 ~]# curl -k https://172.16.142.45:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 3f007802587e3a3b2a0e2a9e6d1f56a7d5a5c42b" -d client='local' -d tgt='*' -d fun='cmd.run' -d arg='ifconfig'
return:
- controller2: "enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500\n \
\ inet 172.16.142.45 netmask 255.255.255.0 broadcast 172.16.142.255\n \
\ inet6 fe80::a00:27ff:feec:6138 prefixlen 64 scopeid 0x20<link>\n \
\ ether 08:00:27:ec:61:38 txqueuelen 1000 (Ethernet)\n RX packets\
\ 41175 bytes 7055302 (6.7 MiB)\n RX errors 0 dropped 0 overruns 0 \
\ frame 0\n TX packets 3239 bytes 669239 (653.5 KiB)\n TX errors\
\ 0 dropped 0 overruns 0 carrier 0 collisions 0\n\nenp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>\
\ mtu 1500\n inet 192.168.56.151 netmask 255.255.255.0 broadcast 192.168.56.255\n\
\ inet6 fe80::a00:27ff:fead:cf4f prefixlen 64 scopeid 0x20<link>\n \
\ ether 08:00:27:ad:cf:4f txqueuelen 1000 (Ethernet)\n RX packets\
\ 6 bytes 360 (360.0 B)\n RX errors 0 dropped 0 overruns 0 frame 0\n\
\ TX packets 10 bytes 744 (744.0 B)\n TX errors 0 dropped 0 overruns\
\ 0 carrier 0 collisions 0\n\nenp0s9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>\
\ mtu 1500\n inet 192.168.57.105 netmask 255.255.255.0 broadcast 192.168.57.255\n\
\ inet6 fe80::a00:27ff:fe5a:e546 prefixlen 64 scopeid 0x20<link>\n \
\ ether 08:00:27:5a:e5:46 txqueuelen 1000 (Ethernet)\n RX packets\
\ 6 bytes 360 (360.0 B)\n RX errors 0 dropped 0 overruns 0 frame 0\n\
\ TX packets 10 bytes 744 (744.0 B)\n TX errors 0 dropped 0 overruns\
\ 0 carrier 0 collisions 0\n\nenp0s10: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>\
\ mtu 1500\n inet 192.168.58.105 netmask 255.255.255.0 broadcast 192.168.58.255\n\
\ inet6 fe80::a00:27ff:fe6a:fec6 prefixlen 64 scopeid 0x20<link>\n \
\ ether 08:00:27:6a:fe:c6 txqueuelen 1000 (Ethernet)\n RX packets\
\ 18 bytes 8500 (8.3 KiB)\n RX errors 0 dropped 0 overruns 0 frame\
\ 0\n TX packets 10 bytes 744 (744.0 B)\n TX errors 0 dropped\
\ 0 overruns 0 carrier 0 collisions 0\n\nlo: flags=73<UP,LOOPBACK,RUNNING> \
\ mtu 65536\n inet 127.0.0.1 netmask 255.0.0.0\n inet6 ::1 prefixlen\
\ 128 scopeid 0x10<host>\n loop txqueuelen 0 (Local Loopback)\n \
\ RX packets 2121 bytes 188757 (184.3 KiB)\n RX errors 0 dropped 0\
\ overruns 0 frame 0\n TX packets 2121 bytes 188757 (184.3 KiB)\n \
\ TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0"
3.使用state.sls
下面功能类似于“salt '*' state.sls ifconfig”
4.使用Targeting
下面功能类似于“salt -L '192.168.90.61,192.168.90.63' test.ping”
下面功能类似于“salt -N test2 test.ping”
5.以json格式输出
问题1:在执行“service salt-api stop”后再执行“service salt-api start”启动服务失败,或执行“service salt-apirestart”时,启动服务也有出现失败现象
解决办法:salt-api每次启动默认开启两个进程,执行“service salt-api stop”后每次只能杀死一个进程,造成服务再次启动失败。修改/etc/init.d/salt-api中stop函数如下(也可自己重写此脚本,这里是省事,直接改原脚本)