Saltstack_使用指南18_API
1. 主機規劃
salt 版本html
1 [root@salt100 ~]# salt --version 2 salt 2018.3.3 (Oxygen) 3 [root@salt100 ~]# salt-minion --version 4 salt-minion 2018.3.3 (Oxygen)
netapi modulesnode
https://docs.saltstack.com/en/latest/ref/netapi/all/index.html
rest_cherrypypython
https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html
文章參考:ios
參考GitHubgithub
https://github.com/yueyongyue/saltshaker
2. 必要的準備
2.1. 安裝部署Python3
1 [root@salt100 Python-3.7.3]# yum install -y libffi-devel # 提早安裝 2 [root@salt100 Python-3.7.3]# pwd 3 /root/software/ 4 [root@salt100 software]# ll 5 total 22436 6 -rw-r--r-- 1 root root 22973527 Apr 1 00:15 Python-3.7.3.tgz 7 [root@salt100 software]# tar xf Python-3.7.3.tgz 8 [root@salt100 software]# cd Python-3.7.3/ 9 [root@salt100 Python-3.7.3]# ./configure # 配置 10 [root@salt100 Python-3.7.3]# make && make install # 編譯 與 安裝 11 # 創建軟鏈接 12 [root@salt100 ~]# ln -s /usr/local/bin/python3.7 /usr/bin/python3 13 [root@salt100 ~]# ll /usr/bin/python3 14 lrwxrwxrwx 1 root root 24 Apr 1 20:33 /usr/bin/python3 -> /usr/local/bin/python3.7
2.2. 安裝salt-api
等到配置完畢後才能啓動salt-apiweb
1 [root@salt100 ~]# yum install -y salt-api 2 [root@salt100 ~]# systemctl enable salt-api.service # 開機自啓動
2.3. 新建saltapi用戶
[root@salt100 ~]# useradd -M -s /sbin/nologin -u 1010 saltapi && echo '123456' | /usr/bin/passwd --stdin saltapi
2.4. 安裝pip和CherryPy
1 [root@salt100 software]# wget https://bootstrap.pypa.io/get-pip.py 2 [root@salt100 software]# python3 get-pip.py 3 [root@salt100 software]# pip -V # 查看pip版本 4 [root@salt100 software]# pip install CherryPy==3.2.6 # 注意版本
3. 添加https證書
1 [root@salt100 certs]# pwd 2 /etc/pki/tls/certs 3 [root@salt100 certs]# ll 4 total 12 5 lrwxrwxrwx. 1 root root 49 Nov 14 05:41 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem 6 lrwxrwxrwx. 1 root root 55 Nov 14 05:41 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt 7 -rwxr-xr-x. 1 root root 610 Apr 11 2018 make-dummy-cert 8 -rw-r--r--. 1 root root 2516 Apr 11 2018 Makefile 9 -rwxr-xr-x. 1 root root 829 Apr 11 2018 renew-dummy-cert 10 [root@salt100 certs]# make testcert 11 umask 77 ; \ 12 /usr/bin/openssl genrsa -aes128 2048 > /etc/pki/tls/private/localhost.key 13 Generating RSA private key, 2048 bit long modulus 14 .........................................................................+++ 15 ........................+++ 16 e is 65537 (0x10001) 17 Enter pass phrase: # 鍵入加密短語 18 Verifying - Enter pass phrase: # 確認加密短語 19 umask 77 ; \ 20 /usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days 365 -out /etc/pki/tls/certs/localhost.crt 21 Enter pass phrase for /etc/pki/tls/private/localhost.key: # 再次輸入相同的加密短語 22 You are about to be asked to enter information that will be incorporated 23 into your certificate request. 24 What you are about to enter is what is called a Distinguished Name or a DN. 25 There are quite a few fields but you can leave some blank 26 For some fields there will be a default value, 27 If you enter '.', the field will be left blank. 28 ----- 29 Country Name (2 letter code) [XX]: 30 State or Province Name (full name) []: 31 Locality Name (eg, city) [Default City]: 32 Organization Name (eg, company) [Default Company Ltd]: 33 Organizational Unit Name (eg, section) []: 34 Common Name (eg, your name or your server's hostname) []: 35 Email Address []: 36 [root@salt100 certs]# ll 37 total 16 38 lrwxrwxrwx. 1 root root 49 Nov 14 05:41 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem 39 lrwxrwxrwx. 1 root root 55 Nov 14 05:41 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt 40 -rw------- 1 root root 1220 Mar 31 22:53 localhost.crt 41 -rwxr-xr-x. 1 root root 610 Apr 11 2018 make-dummy-cert 42 -rw-r--r--. 1 root root 2516 Apr 11 2018 Makefile 43 -rwxr-xr-x. 1 root root 829 Apr 11 2018 renew-dummy-cert 44 [root@salt100 certs]# cd /etc/pki/tls/private/ # 進入目錄 45 [root@salt100 private]# ll 46 total 4 47 -rw------- 1 root root 1766 Mar 31 22:52 localhost.key 48 [root@salt100 private]# openssl rsa -in localhost.key -out localhost_nopass.key # 生成無密碼祕鑰 49 Enter pass phrase for localhost.key: # 輸入和以前同樣的加密短語 50 writing RSA key 51 [root@salt100 private]# ll 52 total 8 53 -rw------- 1 root root 1766 Mar 31 22:52 localhost.key 54 -rw-r--r-- 1 root root 1679 Mar 31 22:56 localhost_nopass.key
4. 添加配置文件
配置文件存放位置express
1 [root@salt100 ~]# vim /etc/salt/master 2 ##### Primary configuration settings ##### 3 ########################################## 4 # This configuration file is used to manage the behavior of the Salt Master. 5 # Values that are commented out but have an empty line after the comment are 6 # defaults that do not need to be set in the config. If there is no blank line 7 # after the comment then the value is presented as an example and is not the 8 # default. 9 10 # Per default, the master will automatically include all config files 11 # from master.d/*.conf (master.d is a directory in the same directory 12 # as the main master config file). 13 #default_include: master.d/*.conf # 默認配置便可 14 …………
添加配置文件apache
1 [root@salt100 master.d]# pwd 2 /etc/salt/master.d 3 [root@salt100 master.d]# ll 4 total 8 5 -rw-r--r-- 1 root root 126 Mar 31 23:29 api.conf 6 -rw-r--r-- 1 root root 239 Mar 31 23:38 eauth.conf 7 [root@salt100 master.d]# cat eauth.conf 8 external_auth: 9 pam: 10 saltapi: 11 - .* 12 - '@wheel' # to allow access to all wheel modules 13 - '@runner' # to allow access to all runner modules 14 - '@jobs' # to allow access to the jobs runner and/or wheel module 15 [root@salt100 master.d]# cat api.conf 16 rest_cherrypy: 17 port: 8000 18 ssl_crt: /etc/pki/tls/certs/localhost.crt 19 ssl_key: /etc/pki/tls/private/localhost_nopass.key
5. 重啓salt-master
[root@salt100 ~]# systemctl restart salt-master.service # 使配置生效
6. 啓動salt-api
1 [root@salt100 master.d]# systemctl start salt-api.service 2 [root@salt100 ~]# netstat -lntup | grep 'salt' # 端口查看 3 tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 22078/salt-api 4 tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 19802/salt-master Z 5 tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 19808/salt-master M
7. 使用PAM進行登陸驗證
1 [root@salt100 master.d]# curl -k https://172.16.1.100:8000/login \ 2 -H 'Accept: application/x-yaml' \ 3 -d username='saltapi' \ 4 -d password='123456' \ 5 -d eauth='pam' 6 return: 7 - eauth: pam 8 expire: 1554173316.621825 9 perms: 10 - .* 11 - '@wheel' 12 - '@runner' 13 - '@jobs' 14 start: 1554130116.621824 15 token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a 16 user: saltapi
這個token使咱們須要的,方便後文操做json
8. 獲得指定minion的grains信息
1 [root@salt100 master.d]# curl -k https://172.16.1.100:8000/minions/salt01 \ 2 -H 'Accept: application/x-yaml' \ 3 -H 'X-Auth-Token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a' 4 ## 返回以下信息 5 return: 6 - salt01: 7 SSDs: [] 8 biosreleasedate: 05/19/2017 9 biosversion: '6.00' 10 cpu_flags: 11 ………………
9. 獲取minion狀態【上下線狀態】
1 ## 備註: client='runner' 表明在master執行 client='local' 表明在minion執行 2 [root@salt100 ~]# curl -k https://172.16.1.100:8000/ \ 3 -H 'Accept: application/x-yaml' \ 4 -H 'X-Auth-Token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a' \ 5 -d client='runner' \ 6 -d fun='manage.status' 7 ## 返回以下信息 8 return: 9 - down: [] 10 up: 11 - salt01 12 - salt02 13 - salt03 14 - salt100
10. test.ping測試
1 curl -k https://172.16.1.100:8000 \ 2 -H 'Accept: application/x-yaml' \ 3 -H 'X-Auth-Token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a'\ 4 -d client=local \ 5 -d tgt='*' \ 6 -d fun=test.ping 7 ## 返回以下信息 8 return: 9 - salt01: true 10 salt02: true 11 salt03: true 12 salt100: true
11. 查看jobs信息
在標籤1執行
[root@salt100 ~]# salt 'salt01' cmd.run 'whoami && sleep 300'
在標籤2執行
1 [root@salt100 ~]# curl -k https://172.16.1.100:8000/jobs \ 2 > -H 'Accept: application/x-yaml' \ 3 > -H 'X-Auth-Token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a' 4 return: 5 - '20190401225621862530': 6 Arguments: [] 7 Function: test.ping 8 StartTime: 2019, Apr 01 22:56:21.862530 9 Target: '*' 10 Target-type: glob 11 User: sudo_yun 12 '20190401232000770358': 13 Arguments: [] 14 Function: test.ping 15 StartTime: 2019, Apr 01 23:20:00.770358 16 Target: '*' 17 Target-type: glob 18 User: saltapi 19 '20190401232353892493': 20 Arguments: 21 - whoami && sleep 300 22 Function: cmd.run 23 StartTime: 2019, Apr 01 23:23:53.892493 24 Target: salt01 25 Target-type: glob 26 User: sudo_yun 27 '20190401232358925816': 28 Arguments: 29 - '20190401232353892493' 30 Function: saltutil.find_job 31 StartTime: 2019, Apr 01 23:23:58.925816 32 Target: 33 - salt01 34 Target-type: list 35 User: sudo_yun 36 '20190401232406139505': 37 Arguments: [] 38 Function: saltutil.running 39 StartTime: 2019, Apr 01 23:24:06.139505 40 Target: '*' 41 Target-type: glob 42 User: root 43 '20190401232408955596': 44 Arguments: 45 - '20190401232353892493' 46 Function: saltutil.find_job 47 StartTime: 2019, Apr 01 23:24:08.955596 48 Target: 49 - salt01 50 Target-type: list 51 User: sudo_yun 52 '20190401232418970482': 53 Arguments: 54 - '20190401232353892493' 55 Function: saltutil.find_job 56 StartTime: 2019, Apr 01 23:24:18.970482 57 Target: 58 - salt01 59 Target-type: list 60 User: sudo_yun 61 [root@salt100 ~]# 62 [root@salt100 ~]# curl -k https://172.16.1.100:8000/jobs/20190401232353892493 \ 63 -H 'Accept: application/x-yaml' \ 64 -H 'X-Auth-Token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a' 65 ## 返回以下信息 66 info: 67 - Arguments: 68 - whoami && sleep 300 69 Function: cmd.run 70 Minions: 71 - salt01 72 Result: {} 73 StartTime: 2019, Apr 01 23:23:53.892493 74 Target: salt01 75 Target-type: glob 76 User: sudo_yun 77 jid: '20190401232353892493' 78 return: 79 - {}
12. 其餘經常使用操做
1 # salt 'salt01' state.sls web.apache ,執行 apache.sls # yum 部署httpd 2 curl -k https://172.16.1.100:8000/ \ 3 -H 'Accept: application/x-yaml' \ 4 -H 'X-Auth-Token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a' \ 5 -d client=local \ 6 -d tgt='salt01' \ 7 -d fun=state.sls \ 8 -d arg='web.apache' 9 10 11 # salt -L 'salt01,salt02,salt03' test.ping 12 curl -k https://172.16.1.100:8000 \ 13 -H 'Accept: application/x-yaml' \ 14 -H 'X-Auth-Token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a'\ 15 -d client=local \ 16 -d tgt='salt01,salt02,salt03' \ 17 -d expr_form='list' \ 18 -d fun=test.ping 19 20 21 # salt -G 'host:salt01' cmd.run ifconfig 22 curl -k https://172.16.1.100:8000 \ 23 -H 'Accept: application/x-yaml' \ 24 -H 'X-Auth-Token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a'\ 25 -d client=local \ 26 -d tgt='host:salt01' \ 27 -d expr_form='grain' \ 28 -d fun=cmd.run \ 29 -d arg='ifconfig' 30 31 32 # 以json格式輸出 33 # salt -G 'host:salt01' cmd.run ifconfig 34 curl -k https://172.16.1.100:8000 \ 35 -H 'Accept: application/json' \ 36 -H 'X-Auth-Token: 6bb11fd17c3476cb7d07373113c93faaa9c27f9a'\ 37 -d client=local \ 38 -d tgt='host:salt01' \ 39 -d expr_form='grain' \ 40 -d fun=cmd.run \ 41 -d arg='ifconfig'
13. 參數解釋
1 client : 模塊,python處理salt-api的主要模塊,‘client interfaces <netapi-clients>’ 2 local : 使用‘LocalClient <salt.client.LocalClient>’ 發送命令給受控主機,等價於saltstack命令行中的'salt'命令 3 local_async : 和local不一樣之處在於,這個模塊是用於異步操做的,即在master端執行命令後返回的是一個jobid,任務放在後臺運行,經過產看jobid的結果來獲取命令的執行結果。 4 runner : 使用'RunnerClient<salt.runner.RunnerClient>' 調用salt-master上的runner模塊,等價於saltstack命令行中的'salt-run'命令 5 runner_async : 異步執行runner模塊 6 wheel : 使用'WheelClient<salt.wheel.WheelClient>', 調用salt-master上的wheel模塊,wheel模塊沒有在命令行端等價的模塊,但它一般管理主機資源,好比文件狀態,pillar文件,salt配置文件,以及關鍵模塊<salt.wheel.key>功能相似於命令行中的salt-key。 7 wheel_async : 異步執行wheel模塊 8 備註:通常狀況下local模塊,須要tgt和arg(數組),kwarg(字典),由於這些值將被髮送到minions並用於執行所請求的函數。而runner和wheel都是直接應用於master,不須要這些參數。 9 tgt : minions 10 fun : 函數 11 arg : 參數 12 expr_form : tgt的匹配規則 13 'glob' - Bash glob completion - Default 14 'pcre' - Perl style regular expression 15 'list' - Python list of hosts 16 'grain' - Match based on a grain comparison 17 'grain_pcre' - Grain comparison with a regex 18 'pillar' - Pillar data comparison 19 'nodegroup' - Match on nodegroup 20 'range' - Use a Range server for matching 21 'compound' - Pass a compound match string
相關文章
- 1. Saltstack_使用指南17_salt-ssh
- 2. Saltstack_使用指南16_syndic
- 3. Saltstack_使用指南14_無master
- 4. Saltstack_使用指南03_配置管理
- 5. Saltstack_使用指南15_多master
- 6. Saltstack_使用指南06_遠程執行-指定目標
- 7. Saltstack_使用指南09_遠程執行-編寫執行模塊
- 8. Saltstack_使用指南07_遠程執行-執行模塊
- 9. Saltstack_使用指南08_遠程執行-返回程序
- 10. Saltstack_使用指南05_數據系統-Pillar
- 更多相關文章...
- • SQL 指南 - 網站建設指南
- • HTML 指南 - 網站建設指南
- • Composer 安裝與使用
- • 算法總結-雙指針
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章