介绍

官方提供有REST API格式的 项目，将使Salt与第三方系统集成变得尤为简单。本文讲带你了解如何安装配置Salt-API, 如何利用Salt-API获取想要的信息

步骤

安装

查看salt-master版本，内核信息及系统版本

[root@linux-node1 master.d]# rpm -qa |grep salt-mastersalt-master-2015.5.10-2.el7.noarch[root@linux-node1 master.d]# more /etc/redhat-release CentOS Linux release 7.2.1511 (Core)

一，在salt-master上面安装

[root@linux-node1 ~]# yum -y install salt-api

二，检查cherry包是否安装

[root@linux-node1 ~]# rpm -qa |grep  cherrypython-cherrypy-3.2.2-4.el7.noarch

三，安装pyOpenSSL包

[root@linux-node1 ~]# yum list |grep -i pyOpenSSLpyOpenSSL.x86_64                         0.13.1-3.el7                   base    pyOpenSSL-doc.noarch                     0.13.1-3.el7                   base  [root@linux-node1 ~]# yum install pyOpenSSL

四，自签名证书，生产环境我们可以购买证书

[root@linux-node1 ~]# salt-call --local tls.create_self_signed_cert  #下面有版本提示 暂时忽略[ERROR   ] You should upgrade pyOpenSSL to at least 0.14.1 to enable the use of X509 extensionslocal:    Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt."

五，在salt-master上，打开include功能方便管理

[root@linux-node1 ~]# grep ^default /etc/salt/master default_include: master.d/*.conf

六，添加api配置到salt-master配置文件

 

[root@linux-node1 salt]# mkdir master.d #如果是新版本会自动生成此目录[root@linux-node1 salt]# cd master.d/[root@linux-node1 master.d]# vim api.conf[root@linux-node1 master.d]# cat api.conf rest_cherrypy:  host: 192.168.56.11  port: 8000  ssl_crt: /etc/pki/tls/certs/localhost.crt  ssl_key: /etc/pki/tls/certs/localhost.key

 

七，创建用户 -M不创建家目录 ，并设置密码

[root@linux-node1 master.d]# useradd -M -s /sbin/nologin saltapi[root@linux-node1 master.d]# echo "saltapi" | passwd saltapi --stdinChanging password for user saltapi.passwd: all authentication tokens updated successfully.

八，在salt-master配置文件里添加验证，在include的目录下创建新文件

 

[root@linux-node1 master.d]# pwd/etc/salt/master.d[root@linux-node1 master.d]# vi auth.conf[root@linux-node1 master.d]# cat auth.conf external_auth:  pam:    saltapi:      - .*      - '@wheel'      - '@runner'      - '@jobs'

 

九，重启salt-master和启动salt-api

[root@linux-node1 master.d]# systemctl  restart salt-master[root@linux-node1 master.d]# systemctl start salt-api

十，查看salt-api端口监听

[root@linux-node1 master.d]# netstat -an |grep 8000tcp        0      0 192.168.56.11:8000      0.0.0.0:*               LISTEN     tcp        0      0 192.168.56.11:45196     192.168.56.11:8000      TIME_WAIT

十一，验证login登陆，获取token字符串

 

[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000/login \>     -H 'Accept: application/x-yaml' \>     -d username='saltapi' \>     -d password='saltapi' \>     -d eauth='pam'return:- eauth: pam  expire: 1508781206.155773  perms:  - .*  - '@wheel'  - '@runner'  - '@jobs'  start: 1508738006.155772  token: 097e62c6b81ad08019905f55799971a146b392a9  user: saltapi

 

十二，通过api执行test.ping测试连通性

 

[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000 \>     -H 'Accept: application/x-yaml' \>     -H 'X-Auth-Token: 097e62c6b81ad08019905f55799971a146b392a9'\>     -d client=local \>     -d tgt='*' \>     -d fun=test.pingreturn:- linux-node1.example.com: true  linux-node2.example.com: true

 

十三，执行cmd.run

 

[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000 \>     -H 'Accept: application/x-yaml' \>     -H 'X-Auth-Token: 097e62c6b81ad08019905f55799971a146b392a9'\>     -d client=local \>     -d tgt='*' \>     -d fun='cmd.run' -d arg='date'return:- linux-node1.example.com: Mon Oct 23 02:00:16 EDT 2017  linux-node2.example.com: Mon Oct 23 02:00:16 EDT 2017

 

十四，执行状态模块

 View Code

十五，以json格式输出

 

[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000 \>     -H 'Accept: application/json' \>     -H 'X-Auth-Token: 097e62c6b81ad08019905f55799971a146b392a9'\>     -d client=local \>     -d tgt='*' \>     -d fun='cmd.run' -d arg='w'{"return": [{"linux-node1.example.com": " 02:06:05 up 20:29,  1 user,  load average: 0.00, 0.03, 0.05\nUSER     TTY      FROM   LOGIN@   IDLE   JCPU   PCPU WHAT\nroot  pts/0   192.168.56.1     21:41    5.00s  2.75s  0.10s curl -sSk https://192.168.56.11:8000 -H Accept: application/json -H X-Auth-Token: 097e62c6b81ad08019905f55799971a146b392a9 -d client=local -d tgt=* -d fun=cmd.run -d arg=w", "linux-node2.example.com": " 02:06:06 up 20:29,  0 users,  load average: 0.02, 0.02, 0.05\nUSER   TTY   FROM  LOGIN@   IDLE   JCPU   PCPU WHAT"}]}

 

十六，获取grains信息

 

[root@linux-node1 master.d]# curl -sSk https://192.168.56.11:8000/minions/linux-node1.example.com \>     -H 'Accept: application/x-yaml' \>     -H 'X-Auth-Token: bfd71d03c3c933ae3ae496d27fb3a131a748723e'return:- linux-node1.example.com:    SSDs: []    biosreleasedate: 07/02/2015    biosversion: '6.00'    cpu_flags:    - fpu    - vme    - de    - pse    - tsc    - msr    - pae    - mce    - cx8    - apic    - sep    - mtrr    - pge    - mca    - cmov    - pat    - pse36    - clflush    - dts    - mmx    - fxsr    - sse    - sse2    - ss    - ht    - syscall    - nx    - pdpe1gb    - rdtscp    - lm    - constant_tsc    - arch_perfmon    - pebs    - bts    - nopl    - xtopology    - tsc_reliable    - nonstop_tsc    - aperfmperf    - eagerfpu    - pni    - pclmulqdq    - ssse3    - fma    - cx16    - pcid    - sse4_1    - sse4_2    - x2apic    - movbe    - popcnt    - tsc_deadline_timer    - aes    - xsave    - avx    - f16c    - rdrand    - hypervisor    - lahf_lm    - abm    - 3dnowprefetch    - ida    - arat    - epb    - pln    - pts    - dtherm    - hwp    - hwp_noitfy    - hwp_act_window    - hwp_epp    - fsgsbase    - tsc_adjust    - bmi1    - avx2    - smep    - bmi2    - invpcid    - rdseed    - adx    - smap    - xsaveopt    - xsavec    - xgetbv1    - xsaves    cpu_model: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz    cpuarch: x86_64    domain: example.com    fqdn: linux-node1.example.com    fqdn_ip4:    - 192.168.56.11    fqdn_ip6: []    gpus:    - model: SVGA II Adapter      vendor: unknown    host: linux-node1    hwaddr_interfaces:      eth0: 00:0c:29:3c:56:22      lo: 00:00:00:00:00:00    id: linux-node1.example.com    init: systemd    ip4_interfaces:      eth0:      - 192.168.56.11      lo:      - 127.0.0.1    ip6_interfaces:      eth0:      - fe80::20c:29ff:fe3c:5622      lo:      - ::1    ip_interfaces:      eth0:      - 192.168.56.11      - fe80::20c:29ff:fe3c:5622      lo:      - 127.0.0.1      - ::1    ipv4:    - 127.0.0.1    - 192.168.56.11    ipv6:    - ::1    - fe80::20c:29ff:fe3c:5622    kernel: Linux    kernelrelease: 3.10.0-327.28.2.el7.x86_64    locale_info:      defaultencoding: UTF-8      defaultlanguage: en_US      detectedencoding: UTF-8    localhost: linux-node1    lsb_distrib_id: CentOS Linux    machine_id: 14e217a8e7d7475391d62b10129baa2f    manufacturer: VMware, Inc.    master: 192.168.56.11    mdadm: []    mem_total: 1823    nodename: linux-node1    num_cpus: 2    num_gpus: 1    os: CentOS    os_family: RedHat    osarch: x86_64    oscodename: Core    osfinger: CentOS Linux-7    osfullname: CentOS Linux    osmajorrelease: '7'    osrelease: 7.2.1511    osrelease_info:    - 7    - 2    - 1511    path: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin    productname: VMware Virtual Platform    ps: ps -efH    pythonexecutable: /usr/bin/python    pythonpath:    - /usr/bin    - /usr/lib64/python27.zip    - /usr/lib64/python2.7    - /usr/lib64/python2.7/plat-linux2    - /usr/lib64/python2.7/lib-tk    - /usr/lib64/python2.7/lib-old    - /usr/lib64/python2.7/lib-dynload    - /usr/lib64/python2.7/site-packages    - /usr/lib/python2.7/site-packages    pythonversion:    - 2    - 7    - 5    - final    - 0    saltpath: /usr/lib/python2.7/site-packages/salt    saltversion: 2015.5.10    saltversioninfo:    - 2015    - 5    - 10    - 0    selinux:      enabled: false      enforced: Disabled    serialnumber: VMware-56 4d 7e 77 4c 73 98 a3-29 27 54 e4 0f 3c 56 22    server_id: 1981947194    shell: /bin/sh    systemd:      features: +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP        +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN      version: '219'    virtual: VMware    zmqversion: 3.2.5

 

总结

1.salt-api必须使用https，生产环境建议使用可信证书

2.当salt-api服务重启后原token失效