说明:
1.saltstack提供了三种方式获取minion信息:命令行、salt.client、netapi
2.实验环境:centos
一、效果如下
执行命令
curl -k https://localhost:8000/login -H "Accept: application/json" -d username='saltapi' -d password='Ctu800617Ctu' -d eauth=pam
结果:
{"return": [{"perms": ["*", "@wheel", "@runner"], "start": 1502781759.7395561, "token": "f65948d2ea5edc7ce0177872c28cd00dac346b02", "expire": 1502824959.7395561, "user": "saltapi", "eauth": "pam"}]}
使用token获取在线机器,执行以下命令
curl -ik https://localhost:8000/ -H "Accept: application/json" -H "X-Auth-Token:f65948d2ea5edc7ce0177872c28cd00dac346b02" -d client='local' -d tgt='*' -d fun="test.ping"
结果:
HTTP/1.1 200 OK
Content-Length: 37
Access-Control-Expose-Headers: GET, POST
Access-Control-Allow-Credentials: true
Vary: Accept-Encoding
Server: CherryPy/3.2.2
Allow: GET, HEAD, POST
Cache-Control: private
Date: Tue, 15 Aug 2017 07:22:52 GMT
Access-Control-Allow-Origin: *
Content-Type: application/json
Set-Cookie: session_id=f65948d2ea5edc7ce0177872c28cd00dac346b02; expires=Tue, 15 Aug 2017 17:22:52 GMT; Path=/
{"return": [{"test1.51du.cn": true}]}
二、搭建命令
1. 安装需要的软件
yum install -y salt-api cherrypy salt-master
2.创建saltapi用户
useradd -M -s /sbin/nologin saltapi
passwd saltapi
3.生成证书:
cd /etc/pki/tls/certs/
make testcert
一路回车
cd /etc/pki/tls/private/
openssl rsa -in localhost.key -out localhost_nopass.key
note: 如果不用localhost_nopass.key,每次启动salt-api都需要输入密码
4.tail -11 /etc/salt/master
rest_cherrypy:
port: 8000
host: 0.0.0.0
debug: True
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/private/localhost_nopass.key
external_auth:
pam:
saltapi:
- '*'
note:saltapi就是上面创建的用户名
5.启动salt-api
salt-api > /var/log/salt-api.log 2>&1 &
6.启动salt-master
service salt-master restart
三、参考资料:
- http://salt-api.readthedocs.io/en/latest/ref/netapis/all/saltapi.netapi.rest_cherrypy.html
- http://blog.csdn.net/hnhuangyiyang/article/details/50667000
- http://www.xiaomastack.com/2014/11/18/salt-api/
- http://xiaorui.cc/2014/11/12/%E4%BD%BF%E7%94%A8saltstack%E7%9A%84rest-api%E6%8E%A5%E5%8F%A3salt-api%E5%BC%80%E5%8F%91%E5%AE%9E%E4%BE%8B/