标签:master etc oca localhost 表示 lin run job .com
Saltstack-API
官方文档 https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html
使用条件:1)https调用,需要生成证书 2)配置文件 3)使用PAM验证 4)启动salt-api
yum install -y salt-api
1)创建用户useradd -M -s /sbin/nologin saltapi
2)设置密码passwd saltapi
3)生成自签名证书
cd /etc/pki/tls/certs
mv localhost.crt /tmp
make testcert
cd /etc/pki/tls/private
如果上面生成证书时输入了密码,需要取消密码
openssl rsa -in localhost.key -out salt_nopass.key
4)安装Cherrypy模块,版本3.2.6
pip install Cherrypy==3.2.6
5)修改master配置文件
vi /etc/salt/master default_include: master.d/*.conf
6)创建api配置文件
cd /etc/salt/master.d/ vi api.conf rest_cherrypy: host: 192.168.137.11 port: 8000 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/private/salt_nopass.key
7)认证文件
vi eauth.conf external_auth: pam: saltapi: - .* - ‘@wheel‘ - ‘@runner‘
备注: .* # 所有模块可执行, ‘@wheel‘ # salt key
8)重启master
systemctl restart salt-master.service
1)登录测试,使用curl请求
curl -k https://192.168.137.11:8000/login -H ‘Accept: application/x-yaml‘ -d username=saltapi -d password=saltapi -d eauth=pam
登录成功后系统返回token,用于后续交互使用。
2)获取minion资产数据测试,节点为linux-node1.example.com主机
curl -k https://192.168.137.11:8000/minions/linux-node1.example.com -H ‘Accept: application/x-yaml‘ -H ‘X-Auth-Token: token内容‘
3)查看所有minion存活主机
curl -k https://192.168.137.11:8000/ -H ‘Accept: application/x-yaml‘ -H ‘X-Auth-Token: token内容‘ -d client=‘runner‘ -d fun=‘manage.status‘
备注:client=‘runner‘指的是在master执行,client=‘local‘指的是在minion执行
4)ping测试
curl -k https://192.168.137.11:8000/ -H ‘Accept: application/x-yaml‘ -H ‘X-Auth-Token: token内容‘ -d client=‘local‘ -d tgt=‘*‘ -d fun=‘test.ping‘
tgt表示目标,可以指定某一台minion
5)查看jobs
curl -k https://192.168.137.11:8000/jobs -H ‘Accept: application/x-yaml‘ -H ‘X-Auth-Token: token内容‘
6)查看具体一个jobs的执行结果
curl -k https://192.168.137.11:8000/jobs/jobid -H ‘Accept: application/x-yaml‘ -H ‘X-Auth-Token: token内容‘
标签:master etc oca localhost 表示 lin run job .com
原文地址:http://www.cnblogs.com/shhnwangjian/p/6055342.html