CentOS 7上安装配置salt-api

环境:CentOS 7,已配置网络yum源

 

安装salt-api

sudo yum install salt-api

安装CherryPy

pip install CherryPy

设置开机启动

systemctl enable salt-api.service
#chkconfig salt-api on    也行,在centos7中会自动转发请求到systemctl enable salt-api.service

 

生成自签名证书

[root@localhost melon]# cd /etc/pki/tls/certs/
[root@localhost certs]# ls
ca-bundle.crt  ca-bundle.trust.crt  make-dummy-cert  Makefile  renew-dummy-cert
[root@localhost certs]# make testcert
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > /etc/pki/tls/private/localhost.key
Generating RSA private key, 2048 bit long modulus
..................................................................+++
...................+++
e is 65537 (0x10001)
Enter pass phrase:           #输入密码
Verifying - Enter pass phrase:        #确认输入密码
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days 365 -out /etc/pki/tls/certs/localhost.crt -set_serial 0
Enter pass phrase for /etc/pki/tls/private/localhost.key:        #再次输入密码
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN        #填写资料,可选填
State or Province Name (full name) []:Hangzhou
Locality Name (eg, city) [Default City]:Hangzhou
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:851194999@qq.com

解密key文件,生成无密码的key文件

[root@localhost certs]# cd /etc/pki/tls/private/
[root@localhost private]# openssl rsa -in localhost.key -out localhost_nopass.key
Enter pass phrase for localhost.key:        #输入之前设置的密码
writing RSA key

 

为salt-api创建用户并设定密码,这里的用户名是saltapi

[root@localhost certs]# useradd -M -s /sbin/nologin saltapi
[root@localhost certs]# passwd saltapi

 

在/etc/salt/master.d下增加两个配置文件 api.conf 和 eauth.conf

api.conf

rest_cherrypy:
  port: 8888
  ssl_crt: /etc/pki/tls/certs/localhost.crt
  ssl_key: /etc/pki/tls/private/localhost_nopass.key

eauth.conf(该配置文件配置的是给予saltapi用户哪些模块的使用权限)

external_auth:
  pam:
    saltapi:
      - .*
      - '@wheel'
      - '@runner'

 

最后启动salt-api并重启salt-master,安装完成

systemctl start salt-api.service
systemctl restart salt-master.service

 

Salt-API测试

登录获取token

[root@localhost master.d]# curl -k https://192.168.0.104:8888/login -H "Accept: application/x-yaml" -d username='saltapi' -d password='123456' -d eauth='pam'
return:
- eauth: pam
  expire: 1479955477.95815
  perms:
  - .*
  - '@wheel'
  - '@runner'
  start: 1479912277.958149
  token: 6f2d635110d366bb0003824629f9ccad22f31c7b
  user: saltapi

 

获取token之后就可以拿着这个token进行通信

两者执行效果一样

[root@localhost private]# salt '*' test.ping
minion_104:
    True
[root@localhost private]# curl -k https://192.168.0.104:8888/ -H "Accept: application/x-yaml" -H "X-Auth-Token: 6f2d635110d366bb0003824629f9ccad22f31c7b" -d client='local' -d tgt='*' -d fun='test.ping'
return:
- minion_104: true
[root@localhost private]#

 

更多的可执行模块请查看官方文档

 

下面附上一个python中的salt-api类

#!/usr/bin/env python
#coding=utf-8
import json,re
import urllib
import urllib2

#import ssl
#ssl._create_default_https_context = ssl._create_unverified_context

class SaltAPI(object):
    def __init__(self,url,username,password):
        self.__url = url    #salt-api监控的地址和端口
        self.__user = username     #salt-api用户名
        self.__password = password     #salt-api用户密码
        self.__token_id = self.salt_login()

    def salt_login(self):
        '''获取token'''
        params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password}
        print(params)
        encode = urllib.urlencode(params)
        obj = urllib.unquote(encode)
        headers = {'X-Auth-Token':''}
        url = self.__url + '/login'
        print("url:",url)
        req = urllib2.Request(url, obj, headers)
        opener = urllib2.urlopen(req)
        print (opener)
        content = json.loads(opener.read())
        try:
            token = content['return'][0]['token']
            print("token:",token)
            return token
        except KeyError:
            raise KeyError

    def postRequest(self, obj, prefix='/'):
        '''发送请求'''
        url = self.__url + prefix
        headers = {'X-Auth-Token':self.__token_id,}
        req = urllib2.Request(url, obj, headers)
        opener = urllib2.urlopen(req)
        content = json.loads(opener.read())
        return content

    def saltCmd(self, params):
        '''命令执行'''
        obj = urllib.urlencode(params)
        obj, number = re.subn("arg\d", 'arg', obj)
        res = self.postRequest(obj)
        return res['return']

def main():
    sapi = SaltAPI(url='https://192.168.0.104:8888',username='saltapi',password='123456')
    #params = {'client':'local', 'fun':'test.ping', 'tgt':'某台服务器的key'}
    params = {'client':'local', 'fun':'test.ping', 'tgt':'*'}
    #params = {'client':'local', 'fun':'cmd.run', 'tgt':'*','arg1':'ifconfig'}
    test = sapi.saltCmd(params)
    print (test)

if __name__ == '__main__':
    main()
View Code

 

参考链接:https://www.xiaomastack.com/2014/11/18/salt-api/

posted @ 2016-11-24 22:44  J_hong  阅读(906)  评论(0)    收藏  举报