1. 部署api
server1:192.168.17.1
- 安装
yum install -y salt-api
- 生成SSL证书私钥
cd /etc/pki/tls/private/
openssl genrsa 1024
openssl genrsa 1024 > localhost.key
- 生成SSL证书
cd /etc/pki/tls/certs/
make testcert
- 编辑主配置文件
vim /etc/salt/master.d/api.conf
rest_cherrypy:##调用的模块
port: 8000##监听端口
ssl_crt: /etc/pki/tls/certs/localhost.crt##ssl证书路径
ssl_key: /etc/pki/tls/private/localhost.key##SSL证书私钥的路径
vim /etc/salt/master.d/auth.conf
external_auth:
pam:
saltapi: #用户
- .*
- '@wheel'
- '@runner'
- '@jobs'
- 创建用户
useradd saltapi
echo westos | passwd --stdin saltapi
- 开启服务
systemctl restart salt-master
systemctl enable --now salt-api
- 生成令牌
[root@server1 master.d]# curl -sSk https://localhost:8000/login \
> -H 'Accept: application/x-yaml' \
> -d username=saltapi \
> -d password=westos \
> -d eauth=pam
- 使用令牌值发送请求
[root@server1 master.d]# curl -sSk https://localhost:8000 \
> -H 'Accept: application/x-yaml' \
> -H 'X-Auth-Token: 84ca20692852c6ee9b89d6d4a8bd1454f59e4a56' \
> -d client=local \
> -d tgt='*' \
> -d fun=test.ping
2. 测试
- 编写好python类
- 在minion端关闭Apache服务
- 在master端执行此python
- 在minion端发现httpd服务成功开启
# -*- coding: utf-8 -*-
import urllib2,urllib
import time
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
try:
import json
except I