I. Saltstack's api
Salt-api has two ways, one is in the form of functions, there are well-defined functions, we can call directly, directly write python code to call functions or classes. The second form is that salt-api has an encapsulated http protocol. We need to start a server.
Installation:
yum install –y salt-api
1. Loading master's configuration file
import salt.config
master_opts = salt.config.client_config('/etc/salt/master')
print('master_opts')
2. Loading configuration files for minion
import salt.config
Minion_opts = salt.config.minion_config('/etc/salt/minion')
3. Execute various modules on master:
>>> import salt.client
>>> local = salt.client.LocalClient('/etc/salt/minion')#It's OK if you don't add it, plus the best.
>>> local.cmd('*', "test.ping")
{'192.168.48.129': True}
>> local.cmd('*', "cmd.run", "w")
{'192.168.48.129': ' 12:17:38 up 5:58, 1 user, load average: 0.00, 0.01, 0.05\nUSER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT\nroot pts/0 192.168.48.1 11:14 2:50 0.89s 0.89s python'}
If multiple modules are to be executed at a time
local.cmd('*', 'cmd.run', ['ifconfig']) ##Execute one
local.cmd('*', ['test.ping', 'cmd.run'], [[], [ifconfig]]) ## test.ping The parameter is empty. cmd.run The parameters areifconfig
{'192.168.48.129': {'test.ping': True, 'cmd.run': 'root'}}
Custom modules:
>>> local.cmd('*', "jd.meminfo", "")
{'192.168.48.129': {'meminfo': '0.31'}}
4. If the execution time is too long to return directly, we can return it by asynchronous execution.
cmd_asyncandget_cache_returns(jid)
The following code can only be inmasterExecution on, and only onmasterUpper can be used
__opts__ = salt.config.minion_config('/etc/salt/minion')
conf_file = __opts__['conf_file']
client = salt.client.LocalClient(conf_file)
jid = client.cmd_async(minion, function, params)
wait_time = 0
sleep_interval = 1
while wait_time < timeout:
print('wait {0} seconds'.format(sleep_interval))
time.sleep(sleep_interval)
returns = client.get_cache_returns(jid)
if returns:
return returns
wait_time += sleep_interval
5. The client executes the salt command:
>>> import salt.config
>>> import salt.client
>>> caller = salt.client.Caller('/etc/salt/minion')
>>> caller.cmd("test.ping")
True
salt-call, similar to shell commands, can execute salt commands on the minion side to test connectivity or something.
- Master side performs salt-run
>>> import salt.config
>>> import salt.runner
>>> __opts__ = salt.config.client_config('/etc/salt/master')
>>> runermaster = salt.runner.RunnerClient(__opts__)
>>> runnerMaster.cmd('jobs.list_jobs', [])
Look at all of them
>>>runnerMaster.cmd('manage.status')
down:
up:
- 192.168.48.129
{'down': [], 'up': ['192.168.48.129']}
2. httpapi of Saltstack
1. On the official website and the new yum source information:
2. yum Installation
yum install -y gcc make python-devel libffi-devel salt-api openssl
Pip install cherrypy
Generate certificates:
#cd /etc/salt
#mkdir keycrt
#cd keycrt
#openssl genrsa –out key.pem 4098
#openssl req –new –x 509 –key key.pem –out cert.pem –days 1826
- Configure users and permissions:
First, you need to check the configuration file on the master:
default_include: master.d/*.conf
interface: 192.168.48.128
conf_file: /etc/salt/master
pki_dir: /etc/salt/pki/master
auto_accept: True
file_roots:
base:
- /srv/salt/
log_file: /var/log/salt/master
log_level_logfile: debug
b. Configuration file for salt-api:
[root@localhost master.d]# cd /etc/salt/master.d/
[root@localhost master.d]# ls
api.conf eauth.conf
[root@localhost master.d]#
[root@localhost master.d]# cat api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/salt/keycrt/cert.pem
ssl_key: /etc/salt/keycrt/key.pem
[root@localhost master.d]# cat eauth.conf
external_auth:
pam:
saltapi:
- .*
- '@wheel'
- '@runner'
Create Users: c. Create Users
useradd -M -s /sbin/nologin/ saltapi
echo "saltapi" |passwd saltapi --stdin
Note that the application name should correspond to the saltapi above.
Start salt-api
systemctl restart salt-api
netstat –anp |grep 8000
Get tocken:
http protocol:
curl -X POST -k http://192.168.48.134:8000/login -d username='saltapi' -d password='saltapi' -d eauth='pam' |python -mjson.tool
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 240 100 197 100 43 45 9 0:00:04 0:00:04 --:--:-- 45
{
"return": [
{
"eauth": "pam",
"expire": 1517235285.554001,
"perms": [
".*",
"@wheel",
"@runner"
],
"start": 1517192085.554001,
"token": "105ee1f28109d67855ce7898e75e173a678f5174",
"user": "saltapi"
}
]
}
Get tocken:
https protocol:
[root@localhost master.d]# curl -X POST -k https://192.168.48.131:8000/login -d username='saltapi' -d password='saltapi' -d eauth='pam' |python -mjson.tool
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 240 100 197 100 43 908 198 --:--:-- --:--:-- --:--:-- 912
{
"return": [
{
"eauth": "pam",
"expire": 1517235312.537542,
"perms": [
".*",
"@wheel",
"@runner"
],
"start": 1517192112.537541,
"token": "bd5922438e9ae10db039816728c2b86f9462a0bb",
"user": "saltapi"
}
]
}
Get tocken by postman:
Headers are used to store headers'information. The data stored in Body is x-www-form-urlencoded. form-data is used to store form data on pages As long as the salt-api is not restarted, the tocken will not expire. When the salt-api is restarted, the tocken will expire.
Get the execution module through postman:
Get the execution module through curl:
root@ling-virtual-machine:/etc/salt/master.d# curl -k http://192.168.48.134:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ec623ed62de7dd62cfdadb94ad0044b7f46c9549" -d client='local' -d tgt='*' -d fun='test.ping'
return:
192.168.48.129: true
Running runner
root@ling-virtual-machine:/etc/salt/master.d# curl -k http://192.168.48.134:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ec623ed62de7dd62cfdadb94ad0044b7f46c9549" -d client='runner' -d fun='manage.status'
return:
- down: []
up:
- 192.168.48.129