SaltStack--接口salt-api
程序员文章站
2022-09-15 18:46:07
SaltStack接口salt-api 介绍 参考官档参考官档 SaltStack官方提供有REST API格式的salt-api项目,将使salt与第三方系统集成变得更加简单。 salt-api安装配置 1)在salt-master上进行安装 2)自签名证书,生产环境可以购买(说明:如果没有sal ......
saltstack接口salt-api
介绍
saltstack官方提供有rest api格式的salt-api项目,将使salt与第三方系统集成变得更加简单。
salt-api安装配置
1)在salt-master上进行安装
[root@salt-master ~]# yum -y install salt-api
2)自签名证书,生产环境可以购买(说明:如果没有salt-call命令,装上salt-minion即可,依赖于该包)
[root@salt-master ~]# salt-call --local tls.create_self_signed_cert
local:
created private key: "/etc/pki/tls/certs/localhost.key." created certificate: "/etc/pki/tls/certs/localhost.crt."
3)打开include加载子配置文件,方便管理
[root@salt-master ~]# vim /etc/salt/master default_include: master.d/*.conf
4)配置api配置文件,将上面生成的证书写到配置文件
[root@salt-master ~]# vim /etc/salt/master.d/api.conf rest_cherrypy: host: 192.168.1.30 port: 8000 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/certs/localhost.key
5)创建认证用户,并设置密码
[root@salt-master ~]# useradd -m -s /sbin/nologin saltapi [root@salt-master ~]# echo 'saltapi' | passwd --stdin saltapi
6)创建认证配置文件
[root@salt-master ~]# vim /etc/salt/master.d/auth.conf
external_auth:
pam:
saltapi:
- .*
- '@wheel'
- '@runner'
- '@jobs'
7)重启salt-master和启动salt-api
[root@salt-master ~]# systemctl restart salt-master [root@salt-master ~]# systemctl start salt-api
8)查看salt-api监听端口
[root@salt-master ~]# netstat -anlutp |grep 8000 tcp 0 0 192.168.1.30:8000 0.0.0.0:* listen 10904/python tcp 0 0 192.168.1.30:53414 192.168.1.30:8000 time_wait -
9)验证login登录,获取token字符串
[root@salt-master ~]# curl -ssk https://192.168.1.30:8000/login \ > -h 'accept: application/x-yaml' \ > -d username=saltapi \ > -d password=saltapi \ > -d eauth=pam return: - eauth: pam expire: 1558663247.869537 perms: - .* - '@wheel' - '@runner' - '@jobs' start: 1558620047.869536 token: e8330f642a3addd853c723d63844d29a12de9484 user: saltapi
10)通过api执行test.ping测试连通性
[root@salt-master ~]# curl -ssk https://192.168.1.30:8000 \ > -h 'accept: application/x-yaml' \ > -h 'x-auth-token: e8330f642a3addd853c723d63844d29a12de9484'\ > -d client=local \ > -d tgt='*' \ > -d fun=test.ping return: - salt-minion01: true salt-minion02: true salt-minion03: true salt-minion04: true
11)通过api执行cmd.run
[root@salt-master ~]# curl -ssk https://192.168.1.30:8000 \ > -h 'accept: application/x-yaml' \ > -h 'x-auth-token: e8330f642a3addd853c723d63844d29a12de9484'\ > -d client=local \ > -d tgt='*' \ > -d fun='cmd.run' -d arg='uptime' return: - salt-minion01: ' 22:10:25 up 46 min, 1 user, load average: 0.00, 0.01, 0.05' salt-minion02: ' 22:10:25 up 7 min, 0 users, load average: 0.00, 0.18, 0.15' salt-minion03: ' 22:10:25 up 7 min, 0 users, load average: 0.06, 0.33, 0.26' salt-minion04: ' 22:10:25 up 7 min, 0 users, load average: 0.01, 0.21, 0.16'
12)通过api获取grains信息
[root@salt-master ~]# curl -ssk https://192.168.1.30:8000/minions/salt-minion01 \
> -h 'accept: application/x-yaml' \
> -h 'x-auth-token: e8330f642a3addd853c723d63844d29a12de9484'
return:
- salt-minion01:
ssds: []
biosreleasedate: 05/19/2017
biosversion: '6.00'
cpu_flags:
- fpu
- vme
- de
- pse
- tsc
.....
13)使用json格式
[root@salt-master ~]# curl -ssk https://192.168.1.30:8000/minions/salt-minion01 \
> -h 'accept: application/json' \
> -h 'x-auth-token: e8330f642a3addd853c723d63844d29a12de9484'
{"return": [{"salt-minion01": {"biosversion": "6.00", "kernel": "linux", "domain": "", "uid": 0, "zmqversion": "4.1.4", "kernelrelease": "3.10.0-693.el7.x86_64", "selinux": {"enforced": "disabled", "enabled": false}, "serialnumber": "vmware-56 4d 9e a0 21 56 90 87-cd 89 69 32 13 94 17 44", "pid": 1449, "fqdns": [], "ip_interfaces": {"lo": ["127.0.0.1", "::1"], "virbr0": ["192.168.122.1"], "virbr0-nic": [], "ens33": ["192.168.1.31", "192.168.1.100", "fe80::20c:29ff:fe94:1744"]}, "groupname": "root", "fqdn_ip6": ["fe80::20c:29ff:fe94:1744"],
.......
总结
salt-api必须使用https,生产环境建议使用可信证书
当salt-api服务重启后原token失效