yum install salt-api -ycd /etc/pki/tls/certs
# 生成自签名证书, 过程中需要输入key密码及RDNs
make testcert
cd /etc/pki/tls/private/
# 解密key文件,生成无密码的key文件, 过程中需要输入key密码,该密码为之前生成证书时设置的密码
openssl rsa -in localhost.key -out localhost_nopass.keyuseradd -M -s /sbin/nologin salt-api
echo "salt-api" | passwd salt-api —stdinsed -i ‘/#default_include/s/#default/default/g‘ /etc/salt/master
mkdir /etc/salt/master.d cat /etc/salt/master.d/api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/private/localhost_nopass.keycat /etc/salt/master.d/eauth.conf
external_auth:
pam:
salt-api:
- .*
- ‘@wheel‘
- ‘@runner‘ systemctl start salt-master
systemctl start salt-apiyum install salt-minion -y
修改配置
sed -i "/^#master: salt/c master: 192.168.104.76" /etc/salt/minion
启动 client
systemctl start salt-minion[root@node76 salt]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
node76
Rejected Keys:
[root@node76 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
node76
Proceed? [n/Y] Y
Key for minion node76 accepted.
[root@node76 salt]# salt-key -L
Accepted Keys:
node76
Denied Keys:
Unaccepted Keys:
Rejected Keys:
curl -k https://192.168.104.76:8000/login -H "Accept: application/x-yaml" -d username=‘salt-api‘ -d password=‘salt-api‘ -d eauth=‘pam‘
return:
- eauth: pam
expire: 1520269544.2591
perms:
- .*
- ‘@wheel‘
- ‘@runner‘
start: 1520226344.259099
token: 593a7224f988f28b84d58b7cda38fe5e5ea07d98
user: salt-api
获取token后就可以使用token通信
==注==:重启salt-api后token改变
下面功能类似于“salt ‘*‘ test.ping”
curl -k https://192.168.104.76:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ded897184a942ca75683276c29d787ea71c207a9" -d client=‘local‘ -d tgt=‘*‘ -d fun=‘test.ping‘
return:
- node76: true
下面功能类似于“salt ‘*‘ cmd.run ifconfig”
curl -k https://192.168.104.76:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ded897184a942ca75683276c29d787ea71c207a9" -d client=‘local‘ -d tgt=‘*‘ -d fun=‘cmd.run‘ -d arg=‘uptime‘
return:
- node76: ‘ 13:18:46 up 161 days, 2:23, 1 user, load average: 0.15, 0.09, 0.10‘下面功能类似于“salt ‘*‘ state.sls ifconfig”
curl -k https://192.168.104.76:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ded897184a942ca75683276c29d787ea71c207a9" -d client=‘local‘ -d tgt=‘*‘ -d fun=‘state.sls‘ -d arg=‘ifconfig‘
return:
- node76:
cmd_|-ifconfig_|-ifconfig_|-run:
__run_num__: 0
changes:
pid: 30954
retcode: 0
stderr: ‘‘
stdout: "eth2 Link encap:Ethernet HWaddr 00:50:56:B5:5C:28 \n \
\ inet addr:192.168.90.63 Bcast:192.168.90.255 Mask:255.255.255.0\n\
\ inet6 addr: fe80::250:56ff:feb5:5c28/64 Scope:Link\n \
\ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\n RX packets:825051\
\ errors:0 dropped:0 overruns:0 frame:0\n TX packets:434351 errors:0\
\ dropped:0 overruns:0 carrier:0\n collisions:0 txqueuelen:1000\
\ \n RX bytes:60353823 (57.5 MiB) TX bytes:27062672 (25.8 MiB)\n\
\nlo Link encap:Local Loopback \n inet addr:127.0.0.1 \
\ Mask:255.0.0.0\n inet6 addr: ::1/128 Scope:Host\n UP\
\ LOOPBACK RUNNING MTU:16436 Metric:1\n RX packets:808 errors:0\
\ dropped:0 overruns:0 frame:0\n TX packets:808 errors:0 dropped:0\
\ overruns:0 carrier:0\n collisions:0 txqueuelen:0 \n \
\ RX bytes:59931 (58.5 KiB) TX bytes:59931 (58.5 KiB)"
comment: Command "ifconfig" run
duration: 11.991
name: ifconfig
result: true
start_time: ‘13:59:06.334112‘ 下面功能类似于"salt -L ‘192.168.90.61,192.168.90.63‘ test.ping"
curl -k https://192.168.104.76:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ded897184a942ca75683276c29d787ea71c207a9" -d client=‘local‘ -d tgt=‘node76‘ -d expr_form=‘list‘ -d fun=‘test.ping‘
return:
- node76: true
curl -k https://192.168.104.76:8000 -H "Accept: application/json" -H "X-Auth-Token: ded897184a942ca75683276c29d787ea71c207a9" -d client=‘local‘ -d tgt=‘node76‘ -d fun=‘cmd.run‘ -d arg=‘uptime‘
{"return": [{"node76": " 13:25:20 up 161 days, 2:30, 1 user, load average: 0.01, 0.06, 0.08"}]}原文地址:http://blog.51cto.com/9520268/2083035
