saltstack(十七):saltstack-API
saltstack-API
SaltStack 官方提供有REST API格式的 salt-api 项目,将使Salt与第三方系统集成变得尤为简单。本文讲带你了解如何安装配置Salt-API, 如何利用Salt-API获取想要的信息。
参考 https://www.cnblogs.com/shhnwangjian/p/6055342.html
官方文档 https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html
使用条件:1)https调用,或者需要生成证书 2)配置文件 3)使用PAM验证 4)启动salt-api
1.1 安装salt-api
yum install -y salt-api
1.2 生成自签名证书
#安装openssl yum install pyOpenSSL -y #生成自签名证书 salt-call --local tls.create_self_signed_cert
1.3 修改master文件
vi /etc/salt/master
default_include: master.d/*.conf
1.4 创建api配置文件
#[root@pe-jira master.d]# pwd #/etc/salt/master.d #[root@pe-jira master.d]# cat api.conf rest_cherrypy: host: 10.6.76.27 port: 8000 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/certs/localhost.key
1.5 创建用户
useradd -M -s /sbin/nologin saltapi
1.6 设置密码
echo 'saltapi' | passwd saltapi --stdin
1.7 添加用户验证
#[root@pe-jira master.d]# pwd #/etc/salt/master.d #[root@pe-jira master.d]# cat auth.conf external_auth: pam: saltapi: #用户名 - .* - '@wheel' - '@runner' - '@jobs' # .* # 所有模块可执行, '@wheel' # salt key
1.8 重启salt-master
systemctl restart salt-master
1.9 启动salt-api
systemctl restart salt-ap
1.10 验证测试
1.10.1 curl登录测试
curl -sSk https://10.6.76.27:8000/login \ -H 'Accept: application/x-yaml' \ -d username='saltapi' \ -d password='saltapi' \ -d eauth=pam
1.10.2 获取minion资产数据测试
curl -sSk https://10.6.76.27:8000/minions/pe-db\
-H 'Accept: application/x-yaml' \
-H 'X-Auth-Token: f50d7d2aec0f61a0f3f007daee188ac451b0197d' # token内容
[root@pe-jira master.d]# curl -sSk https://10.6.76.27:8000/minions/pe-db\ > -H 'Accept: application/x-yaml' \ > -H 'X-Auth-Token: f50d7d2aec0f61a0f3f007daee188ac451b0197d' return: - pe-db: SSDs: - dm-0 - dm-1 - dm-2 - xvda biosreleasedate: 05/10/2016 biosversion: 4.4.1-ws60 cpu_flags: - fpu - vme - de - pse - tsc - msr - pae - mce - cx8 - apic - sep - mtrr - pge - mca - cmov - pat - pse36 - clflush - mmx - fxsr - sse - sse2 - ht - syscall - nx - rdtscp - lm - constant_tsc - rep_good - nopl - pni - pclmulqdq - ssse3 - cx16 - pcid - sse4_1 - sse4_2 - x2apic - popcnt - tsc_deadline_timer - aes - rdrand - hypervisor - lahf_lm - fsgsbase - smep - erms cpu_model: Intel(R) Xeon(R) CPU E7-4830 v2 @ 2.20GHz cpuarch: x86_64 domain: '' fqdn: pe-db fqdn_ip4: - 10.6.76.28 fqdn_ip6: - fe80::38ce:bdff:fead:bddd gpus: - model: GD 5446 vendor: unknown hello: HELLO WORLD host: pe-db hwaddr_interfaces: eth0: 3a:ce:bd:ad:bd:dd lo: 00:00:00:00:00:00 id: pe-db init: systemd ip4_interfaces: eth0: - 10.6.76.28 lo: - 127.0.0.1 ip6_interfaces: eth0: - fe80::38ce:bdff:fead:bddd lo: - ::1 ip_interfaces: eth0: - 10.6.76.28 - fe80::38ce:bdff:fead:bddd lo: - 127.0.0.1 - ::1 ipv4: - 10.6.76.28 - 127.0.0.1 ipv6: - ::1 - fe80::38ce:bdff:fead:bddd kernel: Linux kernelrelease: 3.10.0-123.el7.x86_64 locale_info: defaultencoding: UTF-8 defaultlanguage: zh_CN detectedencoding: UTF-8 localhost: pe-db lsb_distrib_id: CentOS Linux machine_id: 6a0204048ec74c879526b4a6bc131c07 manufacturer: Xen master: 10.6.76.27 mdadm: [] mem_total: 7567 nodename: pe-db num_cpus: 4 num_gpus: 1 os: CentOS os_family: RedHat osarch: x86_64 oscodename: Core osfinger: CentOS Linux-7 osfullname: CentOS Linux osmajorrelease: '7' osrelease: 7.0.1406 osrelease_info: - 7 - 0 - 1406 path: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin productname: HVM domU ps: ps -efH pythonexecutable: /usr/bin/python pythonpath: - /usr/bin - /usr/lib64/python27.zip - /usr/lib64/python2.7 - /usr/lib64/python2.7/plat-linux2 - /usr/lib64/python2.7/lib-tk - /usr/lib64/python2.7/lib-old - /usr/lib64/python2.7/lib-dynload - /usr/lib64/python2.7/site-packages - /usr/lib/python2.7/site-packages pythonversion: - 2 - 7 - 5 - final - 0 saltpath: /usr/lib/python2.7/site-packages/salt saltversion: 2015.5.10 saltversioninfo: - 2015 - 5 - 10 - 0 selinux: enabled: false enforced: Disabled serialnumber: f802aaa8-a2c8-dcf3-0249-518d38f43005 server_id: 22552689 shell: /bin/sh systemd: features: +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN version: '219' virtual: xen virtual_subtype: Xen PV DomU yun: openstack zmqversion: 3.2.5 [root@pe-jira master.d]#
1.10.3 查看所有minion存活主机
curl -sSk https://10.6.76.27:8000/ \ -H 'Accept: application/x-yaml' \ -H 'X-Auth-Token: f50d7d2aec0f61a0f3f007daee188ac451b0197d' \ -d client='runner' \ -d fun='manage.status'
备注:client='runner'指的是在master执行,client='local'指的是在minion执行
1.10.4 ping测试
curl -sSk https://10.6.76.27:8000/ -H 'Accept: application/x-yaml' -H 'X-Auth-Token: f50d7d2aec0f61a0f3f007daee188ac451b0197d' -d client='local' -d tgt='test*' -d fun='test.ping'
1.10.5 远程命令
curl -sSk https://10.6.76.27:8000/ -H 'Accept: application/x-yaml' -H 'X-Auth-Token: f50d7d2aec0f61a0f3f007daee188ac451b0197d' -d client='local' -d tgt='test*' -d fun='cmd.run' -d arg='uptime'
1.10.6 查询所有的jobs
curl -sSk https://10.6.76.27:8000/jobs\ -H 'Accept: application/x-yaml' \ -H 'X-Auth-Token: f50d7d2aec0f61a0f3f007daee188ac451b0197d'
1.10.7 查询job执行结果
curl -sSk https://10.6.76.27:8000/jobs/job_id\ -H 'Accept: application/x-yaml' \ -H 'X-Auth-Token: f50d7d2aec0f61a0f3f007daee188ac451b0197d'
