salt-api 安装使用

http://blog.csdn.net/hnhuangyiyang/article/details/50667000 


一、安装：
yum -y install salt-api pyOpenSS
systemctl status  salt-api.service
二、配置：
修改/etc/salt/master文件
[root@controller2 ~]# sed -i '/#default_include/s/#default/default/g' /etc/salt/master
[root@controller2 ~]# mkdir /etc/salt/master.d


创建用于salt-api的用户
[root@controller2 ~]# useradd -M -s /sbin/nologin hyxc
[root@controller2 ~]# echo '123456' | passwd hyxc --stdin
Changing password for user hyxc.
passwd: all authentication tokens updated successfully.




新增配置文件/etc/salt/master.d/api.conf
[root@controller2 ~]# cat /etc/salt/master.d/api.conf
rest_cherrypy:  
  port: 8000  
  ssl_crt: /etc/pki/tls/certs/localhost.crt  
  ssl_key: /etc/pki/tls/certs/localhost.key




新增配置文件/etc/salt/master.d/eauth.conf
[root@controller2 ~]# cat  /etc/salt/master.d/eauth.conf
external_auth:  
  pam:  
    hyxc:  
      - .*  
      - '@wheel'  
      - '@runner' 


生成自签名证书
[root@controller2 ~]# salt-call tls.create_self_signed_cert  
local:
    Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt."


重启salt-master
[root@controller2 ~]# service salt-master restart
Redirecting to /bin/systemctl restart  salt-master.service


启动salt-api
[root@controller2 ~]# service salt-api start  
Redirecting to /bin/systemctl start  salt-api.service


三、Salt-api的使用
1、使用curl 获取token


[root@controller2 ~]# curl -k https://172.16.142.45:8000/login -H "Accept: application/x-yaml"  -d username='hyxc' -d password='123456'  -d eauth='pam'
return:
- eauth: pam
  expire: 1497906533.304127
  perms:
  - .*
  - '@wheel'
  - '@runner'
  start: 1497863333.304126
  token: 3f007802587e3a3b2a0e2a9e6d1f56a7d5a5c42b
  user: hyxc
获取token后就可以使用token通信
注：重启salt-api后token改变


2、测试minion端的联通性
下面功能类似于“salt '*' test.ping”
[root@controller2 ~]# curl -k https://172.16.142.45:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 3f007802587e3a3b2a0e2a9e6d1f56a7d5a5c42b" -d client='local' -d tgt='*' -d fun='test.ping'
return:
- controller2: true


3.执行远程命令
下面功能类似于“salt '*' cmd.run ifconfig”


[root@controller2 ~]# curl -k https://172.16.142.45:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 3f007802587e3a3b2a0e2a9e6d1f56a7d5a5c42b" -d client='local' -d tgt='*' -d fun='cmd.run' -d arg='ifconfig'
return:
- controller2: "enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500\n   \
    \     inet 172.16.142.45  netmask 255.255.255.0  broadcast 172.16.142.255\n  \
    \      inet6 fe80::a00:27ff:feec:6138  prefixlen 64  scopeid 0x20<link>\n    \
    \    ether 08:00:27:ec:61:38  txqueuelen 1000  (Ethernet)\n        RX packets\
    \ 41175  bytes 7055302 (6.7 MiB)\n        RX errors 0  dropped 0  overruns 0 \
    \ frame 0\n        TX packets 3239  bytes 669239 (653.5 KiB)\n        TX errors\
    \ 0  dropped 0 overruns 0  carrier 0  collisions 0\n\nenp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>\
    \  mtu 1500\n        inet 192.168.56.151  netmask 255.255.255.0  broadcast 192.168.56.255\n\
    \        inet6 fe80::a00:27ff:fead:cf4f  prefixlen 64  scopeid 0x20<link>\n  \
    \      ether 08:00:27:ad:cf:4f  txqueuelen 1000  (Ethernet)\n        RX packets\
    \ 6  bytes 360 (360.0 B)\n        RX errors 0  dropped 0  overruns 0  frame 0\n\
    \        TX packets 10  bytes 744 (744.0 B)\n        TX errors 0  dropped 0 overruns\
    \ 0  carrier 0  collisions 0\n\nenp0s9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>\
    \  mtu 1500\n        inet 192.168.57.105  netmask 255.255.255.0  broadcast 192.168.57.255\n\
    \        inet6 fe80::a00:27ff:fe5a:e546  prefixlen 64  scopeid 0x20<link>\n  \
    \      ether 08:00:27:5a:e5:46  txqueuelen 1000  (Ethernet)\n        RX packets\
    \ 6  bytes 360 (360.0 B)\n        RX errors 0  dropped 0  overruns 0  frame 0\n\
    \        TX packets 10  bytes 744 (744.0 B)\n        TX errors 0  dropped 0 overruns\
    \ 0  carrier 0  collisions 0\n\nenp0s10: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>\
    \  mtu 1500\n        inet 192.168.58.105  netmask 255.255.255.0  broadcast 192.168.58.255\n\
    \        inet6 fe80::a00:27ff:fe6a:fec6  prefixlen 64  scopeid 0x20<link>\n  \
    \      ether 08:00:27:6a:fe:c6  txqueuelen 1000  (Ethernet)\n        RX packets\
    \ 18  bytes 8500 (8.3 KiB)\n        RX errors 0  dropped 0  overruns 0  frame\
    \ 0\n        TX packets 10  bytes 744 (744.0 B)\n        TX errors 0  dropped\
    \ 0 overruns 0  carrier 0  collisions 0\n\nlo: flags=73<UP,LOOPBACK,RUNNING> \
    \ mtu 65536\n        inet 127.0.0.1  netmask 255.0.0.0\n        inet6 ::1  prefixlen\
    \ 128  scopeid 0x10<host>\n        loop  txqueuelen 0  (Local Loopback)\n    \
    \    RX packets 2121  bytes 188757 (184.3 KiB)\n        RX errors 0  dropped 0\
    \  overruns 0  frame 0\n        TX packets 2121  bytes 188757 (184.3 KiB)\n  \

    \      TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0"

3.使用state.sls

下面功能类似于“salt '*' state.sls ifconfig”

[html]  view plain  copy

1. curl -k https://192.168.90.62:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ca1e83b9ca3817d8333bd4054892bf3ac1b90b73" -d client='local' -d tgt='*' -d fun='state.sls' -d arg='ifconfig'  
2. return:  
3. - 192.168.90.63:  
4.     cmd_|-ifconfig_|-ifconfig_|-run:  
5.       __run_num__: 0  
6.       changes:  
7.         pid: 30954  
8.         retcode: 0  
9.         stderr: ''  
10.         stdout: "eth2      Link encap:Ethernet  HWaddr 00:50:56:B5:5C:28  \n     \  
11.           \     inet addr:192.168.90.63  Bcast:192.168.90.255  Mask:255.255.255.0\n\  
12.           \          inet6 addr: fe80::250:56ff:feb5:5c28/64 Scope:Link\n        \  
13.           \  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1\n          RX packets:825051\  
14.           \ errors:0 dropped:0 overruns:0 frame:0\n          TX packets:434351 errors:0\  
15.           \ dropped:0 overruns:0 carrier:0\n          collisions:0 txqueuelen:1000\  
16.           \ \n          RX bytes:60353823 (57.5 MiB)  TX bytes:27062672 (25.8 MiB)\n\  
17.           \nlo        Link encap:Local Loopback  \n          inet addr:127.0.0.1 \  
18.           \ Mask:255.0.0.0\n          inet6 addr: ::1/128 Scope:Host\n          UP\  
19.           \ LOOPBACK RUNNING  MTU:16436  Metric:1\n          RX packets:808 errors:0\  
20.           \ dropped:0 overruns:0 frame:0\n          TX packets:808 errors:0 dropped:0\  
21.           \ overruns:0 carrier:0\n          collisions:0 txqueuelen:0 \n         \  
22.           \ RX bytes:59931 (58.5 KiB)  TX bytes:59931 (58.5 KiB)"  
23.       comment: Command "ifconfig" run  
24.       duration: 11.991  
25.       name: ifconfig  
26.       result: true  
27.       start_time: '13:59:06.334112'  

4.使用Targeting

下面功能类似于“salt -L '192.168.90.61,192.168.90.63' test.ping”

[html]  view plain  copy

1. curl -k https://192.168.90.62:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 8f0ced127b052abddccac723a990c0015cdce33a" -d client='local' -d tgt='192.168.90.61,192.168.90.63'  -d expr_form='list'  -d fun='test.ping'  
2. return:  
3. - 192.168.90.61: true  
4.   192.168.90.63: true  

下面功能类似于“salt -N test2 test.ping”

[html]  view plain  copy

1. curl -k https://192.168.90.62:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 8f0ced127b052abddccac723a990c0015cdce33a" -d client='local' -d tgt='test2'  -d expr_form='nodegroup'  -d fun='test.ping'  
2. return:  
3. - 192.168.90.61: true  
4.   192.168.90.63: true  

5.以json格式输出

[html]  view plain  copy

1. curl -k https://192.168.90.62:8000 -H "Accept: application/json" -H "X-Auth-Token: 8f0ced127b052abddccac723a990c0015cdce33a" -d client='local' -d tgt='*.63' -d fun='cmd.run' -d arg='ifconfig'  
2. {"return": [{"192.168.90.63": "eth2      Link encap:Ethernet  HWaddr 00:50:56:B5:5C:28  \n          inet addr:192.168.90.63  Bcast:192.168.90.255  Mask:255.255.255.0\n          inet6 addr: fe80::250:56ff:feb5:5c28/64 Scope:Link\n          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1\n          RX packets:826940 errors:0 dropped:0 overruns:0 frame:0\n          TX packets:435580 errors:0 dropped:0 overruns:0 carrier:0\n          collisions:0 txqueuelen:1000 \n          RX bytes:60495607 (57.6 MiB)  TX bytes:27156010 (25.8 MiB)\n\nlo        Link encap:Local Loopback  \n          inet addr:127.0.0.1  Mask:255.0.0.0\n          inet6 addr: ::1/128 Scope:Host\n          UP LOOPBACK RUNNING  MTU:16436  Metric:1\n          RX packets:808 errors:0 dropped:0 overruns:0 frame:0\n          TX packets:808 errors:0 dropped:0 overruns:0 carrier:0\n          collisions:0 txqueuelen:0 \n          RX bytes:59931 (58.5 KiB)  TX bytes:59931 (58.5 KiB)"}]}  

问题1：在执行“service salt-api stop”后再执行“service salt-api start”启动服务失败，或执行“service salt-apirestart”时，启动服务也有出现失败现象

解决办法：salt-api每次启动默认开启两个进程，执行“service salt-api stop”后每次只能杀死一个进程，造成服务再次启动失败。修改/etc/init.d/salt-api中stop函数如下(也可自己重写此脚本，这里是省事，直接改原脚本)

[html]  view plain  copy

1. vim /etc/init.d/salt-api  
2. stop() {  
3.     echo -n $"Stopping salt-api daemon: "  
4.     if [ -f $SUSE_RELEASE ]; then  
5.         killproc -TERM $SALTAPI  
6.         rc_status -v  
7.     elif [ -f $DEBIAN_VERSION ]; then  
8.         # Added this since Debian's start-stop-daemon doesn't support spawned processes  
9.         if ps -ef | grep "$PYTHON $SALTAPI" | grep -v grep | awk '{print $2}' | xargs kill &> /dev/null; then  
10.             echo -n "OK"  
11.             RETVAL=0  
12.         else  
13.             echo -n "Daemon is not started"  
14.             RETVAL=1  
15.         fi  
16.     else  
17.         killproc $PROCESS && killproc $PROCESS  
18.     fi  
19.     RETVAL=$?  
20.     echo  
21.     return $RETVAL  
22. }