查看官方文档的帮助
server1
1.安装salt-api
yum install -y salt-api
2.建立认证,生成密钥和证书
生成密钥
cd /etc/pki/tls/private/
openssl genrsa 1024 > localhost.key
[root@server1 private]# ls
localhost.key
生成证书
cd /etc/pki/tls/certs/
[root@server1 certs]#
make testcert
生成证书 (必须在/etc/pki/tls/certs/
目录下,调用的是Makefile里面的东西)
3.编辑配置文件
vim /etc/salt/master.d/api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt ##生成的证书和密钥
ssl_key: /etc/pki/tls/private/localhost.key
注释
port
Required
The port for the webserver to listen on.
ssl_crt
The path to a SSL certificate. (See below)
ssl_key
The path to the private key for your SSL certificate. (See below)
vim /etc/salt/master.d/auth.conf
external_auth:
pam:
saltapi:
- .*
- '@wheel'
- '@runner'
- '@jobs'
以saltapi身份进行
useradd saltapi
echo westos | passwd --stdin saltapi
4. 重启服务
systemctl restart salt-master.service
systemctl enable --now salt-api.service
查看端口 8000
5.login得到所要执行的token,运行指令
[root@server1 master.d]# curl -sSk https://localhost:8000/login \
-H ‘Accept: application/x-yaml’
-d username=saltapi
-d password=westos
-d eauth=pam
salt '*' test.ping
[root@server1 master.d]# curl -sSk https://localhost:8000 \
-H ‘Accept: application/x-yaml’
-H ‘X-Auth-Token: 443768cf691c2710ac2931c996b61de1c9821f3f’
-d client=local
-d tgt=’*’
-d fun=test.ping
6.拓展学习
这种命令行执行salt-api的方式国语繁琐,可以继续开发其便利应用,python函数的形式, 在github上有多种案例
https://github.com/saltstack/pepper
待更新