saltstack(十七):saltstack-API

saltstack-API

SaltStack 官方提供有REST API格式的 salt-api 项目,将使Salt与第三方系统集成变得尤为简单。本文讲带你了解如何安装配置Salt-API, 如何利用Salt-API获取想要的信息。

参考 https://www.cnblogs.com/shhnwangjian/p/6055342.html

官方文档 https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html

参数:http://salt-api.readthedocs.io/en/latest/ref/netapis/all/saltapi.netapi.rest_cherrypy.html#a-rest-api-for-salt

使用条件:1)https调用,或者需要生成证书  2)配置文件 3)使用PAM验证 4)启动salt-api

 

1.1          安装salt-api

yum install -y salt-api

1.2          生成自签名证书

#安装openssl
yum install pyOpenSSL -y
#生成自签名证书
salt-call --local tls.create_self_signed_cert

 

1.3          修改master文件

 

vi /etc/salt/master

default_include: master.d/*.conf

 

 

1.4          创建api配置文件

#[root@pe-jira master.d]# pwd

#/etc/salt/master.d

#[root@pe-jira master.d]# cat api.conf

rest_cherrypy:

  host: 10.6.76.27

  port: 8000

  ssl_crt: /etc/pki/tls/certs/localhost.crt

  ssl_key: /etc/pki/tls/certs/localhost.key

1.5          创建用户

useradd -M -s /sbin/nologin saltapi

1.6          设置密码

echo 'saltapi' | passwd saltapi --stdin

1.7          添加用户验证

#[root@pe-jira master.d]# pwd

#/etc/salt/master.d

#[root@pe-jira master.d]# cat auth.conf

external_auth:

  pam:

    saltapi:  #用户名

      - .*

      - '@wheel'

      - '@runner'

      - '@jobs'

 

# .*  # 所有模块可执行, '@wheel'  # salt key

1.8          重启salt-master

systemctl restart salt-master

1.9         启动salt-api

systemctl restart salt-ap

 

 

1.10 验证测试

1.10.1           curl登录测试

curl -sSk https://10.6.76.27:8000/login \

    -H 'Accept: application/x-yaml' \

    -d username='saltapi' \

    -d password='saltapi' \

    -d eauth=pam

 

1.10.2       获取minion资产数据测试

curl -sSk https://10.6.76.27:8000/minions/pe-db\

    -H 'Accept: application/x-yaml' \

    -H 'X-Auth-Token: f50d7d2aec0f61a0f3f007daee188ac451b0197d'   # token内容

 

 

[root@pe-jira master.d]# curl -sSk https://10.6.76.27:8000/minions/pe-db\

>     -H 'Accept: application/x-yaml' \

>     -H 'X-Auth-Token: f50d7d2aec0f61a0f3f007daee188ac451b0197d'

return:

- pe-db:

    SSDs:

    - dm-0

    - dm-1

    - dm-2

    - xvda

    biosreleasedate: 05/10/2016

    biosversion: 4.4.1-ws60

    cpu_flags:

    - fpu

    - vme

    - de

    - pse

    - tsc

    - msr

    - pae

    - mce

    - cx8

    - apic

    - sep

    - mtrr

    - pge

    - mca

    - cmov

    - pat

    - pse36

    - clflush

    - mmx

    - fxsr

    - sse

    - sse2

    - ht

    - syscall

    - nx

    - rdtscp

    - lm

    - constant_tsc

    - rep_good

    - nopl

    - pni

    - pclmulqdq

    - ssse3

    - cx16

    - pcid

    - sse4_1

    - sse4_2

    - x2apic

    - popcnt

    - tsc_deadline_timer

    - aes

    - rdrand

    - hypervisor

    - lahf_lm

    - fsgsbase

    - smep

    - erms

    cpu_model: Intel(R) Xeon(R) CPU E7-4830 v2 @ 2.20GHz

    cpuarch: x86_64

    domain: ''

    fqdn: pe-db

    fqdn_ip4:

    - 10.6.76.28

    fqdn_ip6:

    - fe80::38ce:bdff:fead:bddd

    gpus:

    - model: GD 5446

      vendor: unknown

    hello: HELLO WORLD

    host: pe-db

    hwaddr_interfaces:

      eth0: 3a:ce:bd:ad:bd:dd

      lo: 00:00:00:00:00:00

    id: pe-db

    init: systemd

    ip4_interfaces:

      eth0:

      - 10.6.76.28

      lo:

      - 127.0.0.1

    ip6_interfaces:

      eth0:

      - fe80::38ce:bdff:fead:bddd

      lo:

      - ::1

    ip_interfaces:

      eth0:

      - 10.6.76.28

      - fe80::38ce:bdff:fead:bddd

      lo:

      - 127.0.0.1

      - ::1

    ipv4:

    - 10.6.76.28

    - 127.0.0.1

    ipv6:

    - ::1

    - fe80::38ce:bdff:fead:bddd

    kernel: Linux

    kernelrelease: 3.10.0-123.el7.x86_64

    locale_info:

      defaultencoding: UTF-8

      defaultlanguage: zh_CN

      detectedencoding: UTF-8

    localhost: pe-db

    lsb_distrib_id: CentOS Linux

    machine_id: 6a0204048ec74c879526b4a6bc131c07

    manufacturer: Xen

    master: 10.6.76.27

    mdadm: []

    mem_total: 7567

    nodename: pe-db

    num_cpus: 4

    num_gpus: 1

    os: CentOS

    os_family: RedHat

    osarch: x86_64

    oscodename: Core

    osfinger: CentOS Linux-7

    osfullname: CentOS Linux

    osmajorrelease: '7'

    osrelease: 7.0.1406

    osrelease_info:

    - 7

    - 0

    - 1406

    path: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin

    productname: HVM domU

    ps: ps -efH

    pythonexecutable: /usr/bin/python

    pythonpath:

    - /usr/bin

    - /usr/lib64/python27.zip

    - /usr/lib64/python2.7

    - /usr/lib64/python2.7/plat-linux2

    - /usr/lib64/python2.7/lib-tk

    - /usr/lib64/python2.7/lib-old

    - /usr/lib64/python2.7/lib-dynload

    - /usr/lib64/python2.7/site-packages

    - /usr/lib/python2.7/site-packages

    pythonversion:

    - 2

    - 7

    - 5

    - final

    - 0

    saltpath: /usr/lib/python2.7/site-packages/salt

    saltversion: 2015.5.10

    saltversioninfo:

    - 2015

    - 5

    - 10

    - 0

    selinux:

      enabled: false

      enforced: Disabled

    serialnumber: f802aaa8-a2c8-dcf3-0249-518d38f43005

    server_id: 22552689

    shell: /bin/sh

    systemd:

      features: +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP

        +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN

      version: '219'

    virtual: xen

    virtual_subtype: Xen PV DomU

    yun: openstack

    zmqversion: 3.2.5

[root@pe-jira master.d]#
View Code

 

1.10.3       查看所有minion存活主机

 curl -sSk https://10.6.76.27:8000/ \

    -H 'Accept: application/x-yaml' \

    -H 'X-Auth-Token: f50d7d2aec0f61a0f3f007daee188ac451b0197d' \

    -d client='runner' \

    -d fun='manage.status'

备注:client='runner'指的是在master执行,client='local'指的是在minion执行

 

 

1.10.4       ping测试

curl -sSk https://10.6.76.27:8000/     -H 'Accept: application/x-yaml'     -H 'X-Auth-Token: f50d7d2aec0f61a0f3f007daee188ac451b0197d'     -d client='local'     -d tgt='test*' -d fun='test.ping'

 

 

1.10.5       远程命令

curl -sSk https://10.6.76.27:8000/     -H 'Accept: application/x-yaml'     -H 'X-Auth-Token: f50d7d2aec0f61a0f3f007daee188ac451b0197d'     -d client='local'     -d tgt='test*' -d fun='cmd.run'  -d arg='uptime'

 

 

1.10.6       查询所有的jobs

curl -sSk https://10.6.76.27:8000/jobs\

    -H 'Accept: application/x-yaml' \

-H 'X-Auth-Token: f50d7d2aec0f61a0f3f007daee188ac451b0197d'

 

1.10.7       查询job执行结果

curl -sSk https://10.6.76.27:8000/jobs/job_id\

    -H 'Accept: application/x-yaml' \

-H 'X-Auth-Token: f50d7d2aec0f61a0f3f007daee188ac451b0197d'

 

 

posted on 2019-06-13 14:20  光阴8023  阅读(446)  评论(0编辑  收藏  举报