api的使用
1.安装salt-api
[root@server1 ~]# yum install -y salt-api##安装api
2.生成证书和秘钥
[root@server1 ~]# cd /etc/pki/tls/private/##生成证书和私钥
[root@server1 private]# openssl genrsa 2048 > localhost.key
[root@server1 private]# cd …
[root@server1 tls]# cd certs
[root@server1 certs]# make testcert
3.编辑api的配置文件并添加证书和秘钥
[root@server1 certs]# cd /etc/salt
[root@server1 salt]# vim master
[root@server1 salt]# pwd
/etc/salt
[root@server1 salt]# cd master.d
[root@server1 master.d]# vim api.conf
[root@server1 master.d]# cat api.conf ##api.conf文件
rest_cherrypy:
port: 8000##端口
ssl_crt: /etc/pki/tls/certs/localhost.crt ##证书
ssl_key: /etc/pki/tls/private/localhost.key##秘钥
4.编辑授权文件
[root@server1 master.d]# vim auth.conf
[root@server1 master.d]# cat auth.conf
external_auth:
pam:
saltapi:##授权用户(以下四行都为权限)
- .*
- '@wheel'
- '@runner'
- '@jobs'
5.建立授权用户并修改密码
[root@server1 master.d]# useradd saltapi
[root@server1 master.d]# passwd saltapi
6.重启salt-master服务并开启api服务
[root@server1 master.d]# systemctl restart salt-master
[root@server1 master.d]# systemctl start salt-api
7.查看监听端口(8000)是否开启
8.获取api值(使用自己授权的用户进行登陆即可获取api值)
[root@server1 master.d]# curl -sSk https://172.25.32.1:8000/login -H ‘Accept: application/x-yaml’ -d username=saltapi -d password=redhat -d eauth=pam##获取api
上图中‘token’对应一栏为api值
9.以api值使用ping命令卡能否成功
[root@server1 master.d]# curl -sSk https://172.25.42.1:8000 -H ‘Accept: application/x-yaml’ -H ‘X-Auth-Token: b182ffb020daa4110dbcc0815cb678e265a34fa4’ -d client=local -d tgt=’*’ -d fun=test.ping##使用api执行ping命令
可以成功表示连接正确建立
- server1上编辑脚本进行测试
[root@server1 ~]# vim saltapi.sh
[root@server1 ~]# cat saltapi.sh
# -*- coding: utf-8 -*-
import urllib2,urllib
import time
try:
import json
except ImportError:
import simplejson as json
class SaltAPI(object):
__token_id = ''
def __init__(self,url,username,password):
self.__url = url.rstrip('/')
self.__user = username
self.__password = password
def token_id(self):
''' user login and get token id '''
params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password}
encode = urllib.urlencode(params)
obj = urllib.unquote(encode)
content = self.postRequest(obj,prefix='/login')
try:
self.__token_id = content['return'][0]['token']
except KeyError:
raise KeyError
def postRequest(self,obj,prefix='/'):
url = self.__url + prefix
headers = {'X-Auth-Token' : self.__token_id}
req = urllib2.Request(url, obj, headers)
opener = urllib2.urlopen(req)
content = json.loads(opener.read())
return content
def list_all_key(self):
params = {'client': 'wheel', 'fun': 'key.list_all'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
minions = content['return'][0]['data']['return']['minions']
minions_pre = content['return'][0]['data']['return']['minions_pre']
return minions,minions_pre
def delete_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.delete', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def accept_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.accept', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def remote_noarg_execution(self,tgt,fun):
''' Execute commands without parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret
def remote_execution(self,tgt,fun,arg):
''' Command execution with parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret
def target_remote_execution(self,tgt,fun,arg):
''' Use targeting for remote execution '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def deploy(self,tgt,arg):
''' Module deployment '''
params = {'client': 'local', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
return content
def async_deploy(self,tgt,arg):
''' Asynchronously send a command to connected minions '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def target_deploy(self,tgt,arg):
''' Based on the node group forms deployment '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def main():
sapi = SaltAPI(url="https://172.25.32.1:8000",username="saltapi",password="redhat")
#sapi.token_id()
print sapi.list_all_key() ##打开该端口查看key设为A
#sapi.delete_key('test-01')
#sapi.accept_key('test-01')
sapi.deploy('server3','nginx.service') ##打开该端口指定主机安装相应的服务B
#print sapi.remote_noarg_execution('test-01','grains.items')
if __name__ == '__main__':
main()
修改以下部分即可
def main():
sapi = SaltAPI(url="https://172.25.32.1:8000",username="saltapi",password="redhat")
#sapi.token_id()
print sapi.list_all_key() ##打开该端口查看所有key
#sapi.delete_key('test-01')
#sapi.accept_key('test-01')
sapi.deploy('server3','nginx.service') ##在server3推送nginx
#print sapi.remote_noarg_execution('test-01','grains.items')
执行后查看结果:
打印出的key值
检测server3是否推送nginx服务
来源:https://blog.csdn.net/windowsworld/article/details/99546077