salt-api安装配置
2017-02-22 13:48
447 查看
salt-api安装配置
安装
#我使用的安装方式 yum -y install salt-api
#这种安装方式没有尝试;没有理解是个啥意思 [root@saltstack ~]#wget https://pypi.python.org/packages/source/p/pip/pip-1.5.6.tar.gz#md5=01026f87978932060cc86c1dc527903e --no-check-certificate [root@saltstack ~]#tar xvfz pip-1.5.6.tar.gz [root@saltstack ~]#cd pip-1.5.6 [root@saltstack pip-1.5.6]#python setup.py build [root@saltstack pip-1.5.6]#python setup.py install #安装完成后可以用pip freeze查看已安装的packages [root@saltstack pip-1.5.6]#pip freeze 安装CherryPy,版本3.2.3 [root@saltstack ~]#pip install cherrypy==3.2.3 安装salt-api,版本0.8.3 [root@saltstack ~]#pip install salt-api==0.8.3
配置
生成自签名证书(用于ssl)
cd /etc/pki/tls/certs make testcert cd ../private/ #openssl rsa -in localhost.key openssl rsa -in localhost.key -out localhost_nopass.key
输出
[root@saltstack ~]# cd /etc/pki/tls/certs [root@saltstack certs]# make testcert umask 77 ; \ /usr/bin/openssl genrsa -aes128 2048 > /etc/pki/tls/private/localhost.key Generating RSA private key, 2048 bit long modulus ...+++ ..................................................................+++ e is 65537 (0x10001) Enter pass phrase: #键入加密短语,4到8191个字符 Verifying - Enter pass phrase: #确认加密短语 umask 77 ; \ /usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days 365 -out /etc/pki/tls/certs/localhost.crt -set_serial 0 Enter pass phrase for /etc/pki/tls/private/localhost.key: #再次输入相同的加密短语 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN #都可以选填 State or Province Name (full name) []:Shanghai Locality Name (eg, city) [Default City]:Shanghai Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []:1989051805@qq.com [root@saltstack certs]# cd ../private/ [root@saltstack private]# openssl rsa -in localhost.key -out localhost_nopass.key Enter pass phrase for localhost.key: #输入之前的加密短语 writing RSA key
如果遇到这样的错误
删掉文件/etc/pki/tls/private/localhost.key文件,然后再make testcert。
创建用于salt-api的用户
salt-api创建用户并设定密码,saltapiuseradd -M -s /sbin/nologin saltapi #由于是测试,故采用了弱密码"123456",正式环境必须采用强密码,多用特殊字符 passwd 123456
注意:
测试环境; 给saltapi 用户一个root 权限;不然执行会报错
vim /etc/sudoers #添加如下配置 saltapi ALL=(ALL) NOPASSWD:ALL
新增加配置文件
/etc/salt/master.d/api.conf/etc/salt/master.d/eauth.conf
配置eauth, /etc/salt/master.d/eauth.conf
external_auth: pam: saltapi: - .* - '@wheel' - '@runner' - '@jobs'
配置Salt-API, /etc/salt/master.d/api.conf
rest_cherrypy: port: 8888 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/private/localhost_nopass.key
禁用https服务;测试环境方便,上线建议调试为https
rest_cherrypy: port: 8888 disable_ssl: True
启动Salt-API
#service salt-master restart service salt-api start #安装完成salt api 之后,需要重启salt master 服务 #否则会出现 http(401) #Failed to authenticate! This is most likely because this user is not permitted to execute commands, but there is a small possibility that a disk error occurred (check disk/inode usage).
调试
首先在 salt-master 上直接用命检验一下这个用户的权限。sudo salt -a pam '*' test.ping username: saltapi password:
Salt-API使用
登录
curl -k https://192.168.178.129:8888/login -H "Accept: application/x-yaml" -d username='saltapi' -d password='123456' -d eauth='pam'
return: - eauth: pam expire: 1461628036.919152 perms: - .* - '@wheel' - '@runner' - '@jobs' start: 1461584836.9191511 token: 9c8acb70007e91a5332b96a89ef8b285d8b44956 user: saltapi ```` 其中 token 后边的串为认证成功后获取的token串,之后可以不用再次输入密码,直接使用本Token即可 <div class="se-preview-section-delimiter"></div> ### 查询Minion(dev01)的信息 <div class="se-preview-section-delimiter"></div> ```bash curl -k https://192.168.178.129:8888/minions/dev01 -H "Accept: application/x-yaml" -H "X-Auth-Token: 9c8acb70007e91a5332b96a89ef8b285d8b44956"
return: - dev01: SSDs: [] cpu_flags: - fpu - vme ....
其中 X-Auth-Token 后边的串为之前Login获取到的Token串, 如果请求的URL不包含 dev01 ,则请求的为所有Minion的信息
job管理
获取缓存的jobs列表curl -k https://192.168.178.129:8888/jobs -H "Accept: application/x-yaml" -H "X-Auth-Token: 9c8acb70007e91a5332b96a89ef8b285d8b44956"
return: - '20160425071404030151': Arguments: [] Function: test.ping StartTime: 2016, Apr 25 07:14:04.030151 Target: 192.168.178.129 Target-type: glob User: root ... ...
查询指定的job
curl -k https://192.168.178.129:8888/jobs/20160425195411402340 -H "Accept: application/x-yaml" -H "X-Auth-Token: 9c8acb70007e91a5332b96a89ef8b285d8b44956"
info: - Arguments: [] Function: grains.items Minions: - dev01 Result: dev01: return: SSDs: [] cpu_flags: ... ...
远程执行模块
curl -k https://192.168.178.129:8888/ -H "Accept: application/x-yaml" -H "X-Auth-Token: 9c8acb70007e91a5332b96a89ef8b285d8b44956" -d client='local' -d tgt='*' -d fun='test.ping'
return: - dev00: true dev01: true dev02: true
运行runner
curl -k https://192.168.178.129:8888/ -H "Accept: application/x-yaml" -H "X-Auth-Token: 9c8acb70007e91a5332b96a89ef8b285d8b44956" -d client='runner' -d fun='age.status'
return: - down: [] up: - dev00 - dev01 - dev02
运行wheel
curl -k https://192.168.178.129:8888/ -H "Accept: application/x-yaml" -H "X-Auth-Token: 9c8acb70007e91a5332b96a89ef8b285d8b44956" -d client='wheel' -d fun='klist_all'
return: - data: _stamp: '2016-04-25T12:15:14.657980' fun: wheel.key.list_all jid: '20160425201334130905' return: local: - master.pem - master.pub minions: - dev00 - dev01 - dev02 minions_denied: [] minions_pre: [] minions_rejected: [] success: true tag: salt/wheel/20160425201334130905 user: saltapi tag: salt/wheel/20160425201334130905
总结
参考http://pylixm.cc/posts/2015-12-15-Salt-api.html
http://ohmystack.com/articles/salt-5-salt-api/
http://pengyao.org/salt-api-deploy-and-use.html
作者:{微尘大海}(weichenddahai),日期:2016-6-21, email:784456305@qq.com
相关文章推荐
- salt-api安装、配置、使用
- salt-api安装与配置
- 配置管理(3) salt-api安装、配置、使用
- salt-api安装、配置、使用
- Salt-API安装配置及使用
- Salt-API安装配置及使用
- Salt-API安装配置及使用
- salt-api安装与配置
- Salt-API安装配置及使用
- Salt-API安装配置及使用
- salt-api 安装配置
- Salt-API安装配置及使用
- saltstack - salt-api安装配置
- saltstack安装配置
- 学习一:saltstack安装及简单配置
- Sphinx中文分词详细安装配置及API调用实战
- saltstack的安装配置
- SaltStack实践(一)-- 安装配置HAproxy
- SaltStack使用教程(一):安装并简单配置使用
- (转)Sphinx中文分词安装配置及API调用