saltstack-api
saltstack-api
空灵飞渡 发表于11个月前
saltstack-api
  • 发表于 11个月前
  • 阅读 11
  • 收藏 0
  • 点赞 0
  • 评论 0

腾讯云 十分钟定制你的第一个小程序>>>   

机器:master上操作即可

1:salt-API 安装

1)  yum

yum install salt-api

2)  pip

wget https://pypi.python.org/packages/source/p/pip/pip-1.5.6.tar.gz#md5=01026f87978932060cc86c1dc527903e --no-check-certificate

 

tar xvfz pip-1.5.6.tar.gz

cd pip-1.5.6

python setup.py build

python setup.py install

   安装完成后可以用pip freeze查看已安装的packages

pip freeze

pip install cherrypy==3.2.3

pip install salt-api==0.8.3

 

2:创建证书与秘钥

         cd /etc/pki/tls/certs

[root@GZ-newzzb-207 certs]# make testcert

umask 77 ; \

/usr/bin/openssl genrsa -aes128 2048 > /etc/pki/tls/private/localhost.key

Generating RSA private key, 2048 bit long modulus

................+++

...........+++

e is 65537 (0x10001)

Enter pass phrase:

Verifying - Enter pass phrase:

umask 77 ; \

/usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days 365 -out /etc/pki/tls/certs/localhost.crt -set_serial 0

Enter pass phrase for /etc/pki/tls/private/localhost.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:guangzhou

Locality Name (eg, city) [Default City]:tianhe

Organization Name (eg, company) [Default Company Ltd]:bw

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:

Email Address []:

[root@GZ-newzzb-207 certs]#

 

 

cd ../private/

openssl rsa -in localhost.key -out localhost_nopass.key

useradd -M -s /sbin/nologin saltapi

passwd saltapi

 

3:创建文件并添加内容:

vim etc/salt/master.d/eauth.conf

external_auth:

       pam:

          saltapi:

             - .*

 

          

vim /etc/salt/master.d/api.conf

rest_cherrypy:

       port: 8888

       ssl_crt: /etc/pki/tls/certs/localhost.crt

       ssl_key: /etc/pki/tls/private/localhost_nopass.key

 

4:低版本的centos系统可以下载启动脚本

##下载压缩包,salt-api-0.8.4.1.tar.gz\salt-api-0.8.4.1\pkg\rpm此目录下有启动脚本

https://github.com/saltstack/salt-api/tags

 

 

5:启动服务,验证

   重启master和salt-API服务

systemctl  restart salt-master.service

systemctl  restart salt-api.service

 

         master上测试

salt \* test.ping

172.16.0.*:

    True

172.16.0.*:

    True

172.16.0.*:

True

  ###返回结果true表明正常

 

  ###获取token

curl -k https://192.168.186.134:8888/login -H "Accept: application/x-yaml" -d username='saltapi' -d password='password' -d eauth='pam'

return:

- eauth: pam

    expire: 1479416422.718242

    perms:

    - .*

  start: 1479373222.718241

  token: 6cc874de22fbfb9fa601cb2c775b2a9e40668a24

  user: saltapi

 

 

  ###根据token获取机器的详细信息

  curl -k https://172.16.0.*:8888/minions/172.16.0.*  -H "Accept: application/x-yaml"      -H "X-Auth-Token: 7844c6fd3a6c49915ad4dfa6c9e9aa51c6484edd"

共有 人打赏支持
粉丝 4
博文 85
码字总数 51015
×
空灵飞渡
如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!
* 金额(元)
¥1 ¥5 ¥10 ¥20 其他金额
打赏人
留言
* 支付类型
微信扫码支付
打赏金额:
已支付成功
打赏金额: