如下操做均在master上操做html
1. 安裝apipython
netapi modules(httpapi)有三種,分別是rest_cherrypy、rest_tornado、rest_wsig,接下來要講的是rest_cherrypy
yum install -y salt-api pip install cherrypy
2. 生成證書json
[root@localhost ~]# yum install -y openssl [root@localhost ~]# cd /etc/salt/ [root@localhost salt]# mkdir keycrt [root@localhost salt]# cd keycrt/ [root@localhost keycrt]# openssl genrsa -out key.pem 4096 [root@localhost keycrt]# openssl req -new -x509 -key key.pem -out cert.pem -days 1826
3. 配置salt-api的配置文件api
[root@localhost keycrt]# cd /etc/salt/master.d/ [root@localhost master.d]# cat api.conf rest_cherrypy: //還有好多能夠寫的參數,參考doc port: 8000 ssl_crt: /etc/salt/keycrt/cert.pem ssl_key: /etc/salt/keycrt/key.pem ------------------------------------------------------> [root@localhost master.d]# cat eauth.conf external_auth: pam: saltapi: //認證的用戶名 - .* - '@wheel' - '@runner' -----------------------------------------------------> //建立用戶名 [root@localhost master.d]# useradd -M -s /sbin/nologin saltapi [root@localhost master.d]# echo "saltapi" |passwd saltapi --stdin
4. 啓動apiapp
[root@localhost master.d]# systemctl restart salt-master [root@localhost master.d]# systemctl start salt-api [root@localhost master.d]# netstat -lnp |grep 8000 tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 36821/python
5. 獲取tokencurl
# Time (in seconds) for a newly generated token to live. Default: 12 hours
#token_expire: 43200
#token有效期爲12個小時,能夠在master配置文件更改
5.1 https方式async
[root@localhost master.d]# curl -X POST -k https://192.168.123.106:8000/login -d username='saltapi' -d password='saltapi' -d eauth='pam' |python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 240 100 197 100 43 1450 316 --:--:-- --:--:-- --:--:-- 1459 { "return": [ { "eauth": "pam", "expire": 1517772071.637639, "perms": [ ".*", "@wheel", "@runner" ], "start": 1517728871.637638, "token": "55d8ccc1ab3f8ba069b6fbe21cae1686c4d5823e", "user": "saltapi" } ] }
經過工具postman提交post請求,基本上是圖片,懶得貼了tcp
5.2 http方式tornado
顯式禁用證書驗證,不須要生成證書工具
[root@localhost master.d]# cat api.conf //更改配置文件 rest_cherrypy: port: 8000 disable_ssl: True # ssl_crt: /etc/salt/keycrt/cert.pem # ssl_key: /etc/salt/keycrt/key.pem --------------------------------------------------------------> [root@localhost master.d]# systemctl restart salt-master [root@localhost master.d]# systemctl restart salt-api -------------------------------------------------------------> [root@localhost master.d]# curl -X POST -k http://192.168.123.106:8000/login -d username='saltapi' -d password='saltapi' -d eauth='pam' |python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 240 100 197 100 43 2594 566 --:--:-- --:--:-- --:--:-- 2626 { "return": [ { "eauth": "pam", "expire": 1517774657.797506, "perms": [ ".*", "@wheel", "@runner" ], "start": 1517731457.797506, "token": "62dbdca57f854b624802d44601426808c8855b3c", "user": "saltapi" } ] }
6. 執行模塊
[root@localhost master.d]# curl -X POST -k https://192.168.123.106:8000/login -d username='saltapi' -d password='saltapi' -d eauth='pam' |python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 240 100 197 100 43 1281 279 --:--:-- --:--:-- --:--:-- 1287 { "return": [ { "eauth": "pam", "expire": 1517775225.766237, "perms": [ ".*", "@wheel", "@runner" ], "start": 1517732025.766237, "token": "3643e2f1b04e3280e1aa9cffec9eaaab98feff13", "user": "saltapi" } ] } [root@localhost master.d]# curl -X POST -k https://192.168.123.106:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 3643e2f1b04e3280e1aa9cffec9eaaab98feff13' -d client='local' -d tgt='*' -d fun='test.ping' return: - 192.168.123.107: true [root@localhost master.d]# curl -X POST -k https://192.168.123.106:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 3643e2f1b04e3280e1aa9cffec9eaaab98feff13' -d client='local' -d tgt='*' -d fun='cmd.run' -d arg='uptime' return: - 192.168.123.107: ' 16:22:24 up 1 day, 1:40, 2 users, load average: 0.00, 0.01, 0.05'
7. 執行runner
[root@localhost master.d]# curl -X POST -k https://192.168.123.106:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 3643e2f1b04e3280e1aa9cffec9eaaab98feff13' -d client='runner' -d fun='manage.status' return: - down: [] up: - 192.168.123.107
_modules:
[root@bogon _modules]# cat jd.py #!/usr/bin/env python import codecs def hello(key ,value, param): return {'key': key, 'value': value, 'param': param} def world(name): return {'name': name} def meminfo(): with codecs.open('/proc/meminfo') as fd: for line in fd: if line.startswith('MemAvailable'): result = str(int(line.split()[1])/1024.0) + 'M' return {'MemAvailable': result}
_runner:
[root@bogon _runner]# cat testparam.py #!/usr/bin/env python import time import salt.client def get(minion, function, params): __opts__ = salt.config.client_config('/etc/salt/master') conf_file = __opts__['conf_file'] localclient = salt.client.LocalClient(conf_file) jid = localclient.cmd_async(minion, function, params.split(',')) wait_time = 0 sleep_interval = 1 while wait_time < __opts__['timeout']: print('wait {0} seconds'.format(wait_time)) result = localclient.get_cache_returns(jid) if result: print(type(result)) return result time.sleep(sleep_interval) wait_time += sleep_interval def get_no_param(minion, function): __opts__ = salt.config.client_config('/etc/salt/master') conf_file = __opts__['conf_file'] localclient = salt.client.LocalClient(conf_file) jid = localclient.cmd_async(minion, function) wait_time = 0 sleep_interval = 1 while wait_time < __opts__['timeout']: print('wait {0} seconds'.format(wait_time)) result = localclient.get_cache_returns(jid) if result: print(type(result)) return result time.sleep(sleep_interval) wait_time += sleep_interval
8. 判斷token是否過時
攜帶token訪問https://192.168.123.106/stats,若是狀態碼爲200,token沒過時,狀態碼爲401,token過時