10、salt-api，配置文件include

方便二次开发调用

https://www.unixhot.com/docs/saltstack/ref/netapi/all/salt.netapi.rest_cherrypy.html#a-rest-api-for-salt

 

执行参考

https://www.unixhot.com/docs/saltstack/ref/netapi/all/salt.netapi.rest_cherrypy.html#a-rest-api-for-salt

 

安装salt-api并配置

yum install -y salt-api

yum install -y pyOpenSSL

salt-call --local tls.create_self_signed_cert

[root@linux-node1 ~]# vim /etc/salt/master

打开这行配置，include配置文件

default_include: master.d/*.conf

cd /etc/salt/master.d/

useradd -M -s /sbin/nologin saltapi
echo "saltapi" | passwd saltapi --stdin

 

cat api.conf 

rest_cherrypy:
  host: 192.168.1.61
  port: 8000
  ssl_crt: /etc/pki/tls/certs/localhost.crt
  ssl_key: /etc/pki/tls/certs/localhost.key

cat auth.conf

external_auth:
  pam:
    saltapi:
      - .*
      - '@wheel'   # to allow access to all wheel modules
      - '@runner'  # to allow access to all runner modules
      - '@jobs'    # to allow access to the jobs runner and/or wheel module

systemctl restart salt-master
systemctl start salt-api.service

测试使用

curl -sSk https://192.168.1.61:8000/login \
    -H 'Accept: application/x-yaml' \
    -d username=saltapi \
    -d password=saltapi \
    -d eauth=pam
    
    
    
return:
- eauth: pam
  expire: 1614280132.851175
  perms:
  - .*
  - '@wheel'
  - '@runner'
  - '@jobs'
  start: 1614236932.851172
  token: 7cd1f9a18f502094e624abd4cf6873778567bdb8
  user: saltapi
  

curl -sSk https://192.168.1.61:8000 \
    -H 'Accept: application/x-yaml' \
    -H 'X-Auth-Token: 7cd1f9a18f502094e624abd4cf6873778567bdb8'\
    -d client=local \
    -d tgt='*' \
    -d fun=test.ping

curl -sSk https://192.168.1.61:8000 \
    -H 'Accept: application/x-yaml' \
    -H 'X-Auth-Token: 7cd1f9a18f502094e624abd4cf6873778567bdb8'\
    -d client=local \
    -d tgt='*' \
    -d fun=cmd.run -d arg='uptime'