1. 部署api
server1:192.168.17.1
- 安装
yum install -y salt-api
- 生成SSL证书私钥
cd /etc/pki/tls/private/
openssl genrsa 1024
openssl genrsa 1024 > localhost.key
- 生成SSL证书
cd /etc/pki/tls/certs/
make testcert
- 编辑主配置文件
vim /etc/salt/master.d/api.conf
rest_cherrypy:##调用的模块
port: 8000##监听端口
ssl_crt: /etc/pki/tls/certs/localhost.crt##ssl证书路径
ssl_key: /etc/pki/tls/private/localhost.key##SSL证书私钥的路径
vim /etc/salt/master.d/auth.conf
external_auth:
pam:
saltapi: #用户
- .*
- '@wheel'
- '@runner'
- '@jobs'
- 创建用户
useradd saltapi
echo westos | passwd --stdin saltapi
- 开启服务
systemctl restart salt-master
systemctl enable --now salt-api
- 生成令牌
[root@server1 master.d]# curl -sSk https://localhost:8000/login \
> -H 'Accept: application/x-yaml' \
> -d username=saltapi \
> -d password=westos \
> -d eauth=pam
- 使用令牌值发送请求
[root@server1 master.d]# curl -sSk https://localhost:8000 \
> -H 'Accept: application/x-yaml' \
> -H 'X-Auth-Token: 84ca20692852c6ee9b89d6d4a8bd1454f59e4a56' \
> -d client=local \
> -d tgt='*' \
> -d fun=test.ping
2. 测试
- 编写好python类
- 在minion端关闭Apache服务
- 在master端执行此python
- 在minion端发现httpd服务成功开启
# -*- coding: utf-8 -*-
import urllib2,urllib
import time
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
try:
import json
except ImportError:
import simplejson as json
class SaltAPI(object):
__token_id = ''
def __init__(self,url,username,password):
self.__url = url.rstrip('/')
self.__user = username
self.__password = password
def token_id(self):
''' user login and get token id '''
params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password}
encode = urllib.urlencode(params)
obj = urllib.unquote(encode)
content = self.postRequest(obj,prefix='/login')
try:
self.__token_id = content['return'][0]['token']
except KeyError:
raise KeyError
def postRequest(self,obj,prefix='/'):
url = self.__url + prefix
headers = {'X-Auth-Token' : self.__token_id}
req = urllib2.Request(url, obj, headers)
opener = urllib2.urlopen(req)
content = json.loads(opener.read())
return content
def list_all_key(self):
'''
获取包括认证、未认证salt主机
'''
params = {'client': 'wheel', 'fun': 'key.list_all'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
minions = content['return'][0]['data']['return']['minions']
minions_pre = content['return'][0]['data']['return']['minions_pre']
return minions,minions_pre
def delete_key(self,node_name):
'''
拒绝salt主机,删除主机
'''
params = {'client': 'wheel', 'fun': 'key.delete', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def accept_key(self,node_name):
'''
接受salt主机
'''
params = {'client': 'wheel', 'fun': 'key.accept', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def remote_noarg_execution(self,tgt,fun):
'''
执行命令没有参数
tgt:目标主机
fun: 执行模块,例如“test.ping”
'''
params = {'client': 'local', 'tgt': tgt, 'fun': fun}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0].values()
return ret
def remote_execution(self,tgt,fun,arg):
''' 执行命令有参数 '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret
def target_remote_execution(self,tgt,fun,arg):
''' 异步执行远程命令,执行模块 '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def deploy(self,tgt,arg):
''' 状态管理 '''
params = {'client': 'local', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
return content
def async_deploy(self,tgt,arg):
''' 异步状态管理 '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def main():
sapi = SaltAPI(url='https://192.168.17.1:8000',username='saltapi',password='westos')
#sapi.token_id()
#print sapi.list_all_key()
#sapi.delete_key('test-01')
#sapi.accept_key('test-01')
sapi.deploy('server2','apache')
#print sapi.remote_noarg_execution('test','grains.items')
if __name__ == '__main__':
main()
版权声明:本文为weixin_46069582原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。