CentOS 7 版本配置salt-master salt-minion

  • 下载saltshaker_api.git

    [root@linux-node1 salt]# cd $HOME
    [root@linux-node1 salt]# git clone https://github.com/saltshaker-plus/saltshaker_api.git
  • saltstack利用AES加密

   [root@linux-node1 salt]#yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
   [root@linux-node1 salt]#yum install salt-master salt-minion salt-api -y

   [root@linux-node2 salt]#yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm

   [root@linux-node2 salt]#yum install salt-minion -y

  • 配置Salt Master
      [root@linux-node1 salt]# systemctl start salt-master
  • 配置Salt Minion
    [root@linux-node2 salt# vim /etc/salt/minion
      master: 192.168.2.187  #设置master的IP
    [root@linux-node2 salt# systemctl start salt-minion
     
     
  • [root@linux-node1 salt]# tree ./pki/
    ./pki/
    ├── master
    │   ├── master.pem
    │   ├── master.pub
    │   ├── minions
    │   ├── minions_autosign
    │   ├── minions_denied
    │   ├── minions_pre
    │   │   └── linux-node2
    │   └── minions_rejected
    └── minion
        ├── minion_master.pub
        ├── minion.pem
        └── minion.pub
    •  
  • [root@linux-node1 salt]# salt-key
    Accepted Keys:
    Denied Keys:
    Unaccepted Keys:
    linux-node2
    Rejected Keys:
    •  
  • salt master 注册 node

 

  [root@linux-node1 salt]# salt-key -a linux-node2

 

  • [root@linux-node1 salt]# salt-key
  Accepted Keys:
  linux-node2
  Denied Keys:
  Unaccepted Keys:
  Rejected Keys:
 
  • 创建salt api 认证用户名密码,使用pam认证方式

    [root@linux-node1 salt]# sudo useradd admin          # 必须是admin,如果是其他用户,需要对应修改$HOME/saltshaker_api/saltapi.conf里面的admin
    [root@linux-node1 salt]# sudo passwd admin           # 记住admin的密码,稍后配置产品线的时候需要填写

  • 配置saltstack api 拷贝 saltshaker_api/saltapi.conf 到 master配置文件下,开启salt-api的Restful接口(端口为8000)

  sudo cp $HOME/saltshaker_api/saltapi.conf /etc/salt/master.d/

  sudo systemctl restart salt-master

  sudo systemctl restart salt-api

  • salt-api认证确认

  生成token
  curl -sSk http://localhost:8000/login -H 'Accept: application/x-yaml' -d username=saltapi -d password=saltapi -d eauth=pam
  tooken:57dc38ed5ca40e6efe4b4b8636af71df654a5166

  curl -sSk http://localhost:8000/login -H 'Accept: application/x-yaml' -d username=admin -d password=admin -d eauth=pam
  tooken:be81ae5c449222b5dfcf9ae1501585e862d6469a



  携带token进行测试
  curl -sSk http://localhost:8000 \
      -H 'Accept: application/x-yaml' \
      -H 'X-Auth-Token:be81ae5c449222b5dfcf9ae1501585e862d6469a' \
      -d client=local \
      -d tgt='*' \
      -d fun=test.ping

posted @ 2019-12-27 11:02  flytoyou  阅读(741)  评论(0编辑  收藏  举报