The use of saltstack's api

Keywords: vim Nginx JSON curl

The use of api
1. Install salt-api
[root@server1 ~]# Yum install-y salt-api # install API
2. Generating certificates and secret keys
[root@server1~] # cd/etc/pki/tls/private/# generates certificates and private keys
[root@server1 private]# openssl genrsa 2048 > localhost.key

[root@server1 private]# cd ...
[root@server1 tls]# cd certs
[root@server1 certs]# make testcert

3. Edit the api configuration file and add certificates and keys

[root@server1 certs]# cd /etc/salt
[root@server1 salt]# vim master
[root@server1 salt]# pwd
/etc/salt
[root@server1 salt]# cd master.d
[root@server1 master.d]# vim api.conf
[root@server1 master.d]# cat api.conf ##api.conf file
rest_cherrypy:
  port: 8000##port
  ssl_crt: /etc/pki/tls/certs/localhost.crt ##certificate
  ssl_key: /etc/pki/tls/private/localhost.key##Secret key

4. Editing Authorization Documents

[root@server1 master.d]# vim auth.conf
[root@server1 master.d]# cat auth.conf 
external_auth:
  pam:
    saltapi:##Authorized users (all four lines below are privileges)
      - .*
      - '@wheel'
      - '@runner'
      - '@jobs'


5. Establish authorized users and modify passwords
[root@server1 master.d]# useradd saltapi
[root@server1 master.d]# passwd saltapi

6. Restart the salt-master service and open the api service
[root@server1 master.d]# systemctl restart salt-master
[root@server1 master.d]# systemctl start salt-api

7. Check if the listening port (8000) is open

8. Get the api value (you can get the api value by logging in with your authorized user)
[root@server1 master.d]# curl -sSk https://172.25.32.1:8000/login - H'Accept: application/x-yaml'-d username = saltapi-d password = redhat-d eauth = pam_ # Get api

In the figure above,'token'corresponds to a column with api values
9. Success of using ping command card with api value
[root@server1 master.d]# curl -sSk https://172.25.42.1:8000 - H'Accept: application/x-yaml'-H'X-Auth-Token: b182ffb020daa4110 dbcc0815cb678e265a34fa4'-d client=local-d tgt='*'-d fun=test.ping\\\\\\\\

Successfully indicate that the connection is established correctly

  • Editing scripts on server 1 for testing
[root@server1 ~]# vim saltapi.sh 
[root@server1 ~]# cat saltapi.sh 
# -*- coding: utf-8 -*-

import urllib2,urllib
import time

try:
    import json
except ImportError:
    import simplejson as json

class SaltAPI(object):
    __token_id = ''
    def __init__(self,url,username,password):
        self.__url = url.rstrip('/')
        self.__user = username
        self.__password = password

    def token_id(self):
        ''' user login and get token id '''
        params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password}
        encode = urllib.urlencode(params)
        obj = urllib.unquote(encode)
        content = self.postRequest(obj,prefix='/login')
	try:
            self.__token_id = content['return'][0]['token']
        except KeyError:
            raise KeyError

    def postRequest(self,obj,prefix='/'):
        url = self.__url + prefix
        headers = {'X-Auth-Token'   : self.__token_id}
        req = urllib2.Request(url, obj, headers)
        opener = urllib2.urlopen(req)
        content = json.loads(opener.read())
        return content

    def list_all_key(self):
        params = {'client': 'wheel', 'fun': 'key.list_all'}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        minions = content['return'][0]['data']['return']['minions']
        minions_pre = content['return'][0]['data']['return']['minions_pre']
        return minions,minions_pre

    def delete_key(self,node_name):
        params = {'client': 'wheel', 'fun': 'key.delete', 'match': node_name}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        ret = content['return'][0]['data']['success']
        return ret

    def accept_key(self,node_name):
        params = {'client': 'wheel', 'fun': 'key.accept', 'match': node_name}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        ret = content['return'][0]['data']['success']
        return ret

    def remote_noarg_execution(self,tgt,fun):
        ''' Execute commands without parameters '''
        params = {'client': 'local', 'tgt': tgt, 'fun': fun}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        ret = content['return'][0][tgt]
        return ret

    def remote_execution(self,tgt,fun,arg):
        ''' Command execution with parameters '''        
        params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        ret = content['return'][0][tgt]
        return ret

    def target_remote_execution(self,tgt,fun,arg):
        ''' Use targeting for remote execution '''
        params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg, 'expr_form': 'nodegroup'}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        jid = content['return'][0]['jid']
        return jid

    def deploy(self,tgt,arg):
        ''' Module deployment '''
        params = {'client': 'local', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        return content

    def async_deploy(self,tgt,arg):
        ''' Asynchronously send a command to connected minions '''
        params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        jid = content['return'][0]['jid']
        return jid

    def target_deploy(self,tgt,arg):
        ''' Based on the node group forms deployment '''
        params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg, 'expr_form': 'nodegroup'}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        jid = content['return'][0]['jid']
        return jid

def main():
    sapi = SaltAPI(url="https://172.25.32.1:8000",username="saltapi",password="redhat")
    #sapi.token_id()
    print sapi.list_all_key()  ##Open this port to see that key is set to A
    #sapi.delete_key('test-01')
    #sapi.accept_key('test-01')
    sapi.deploy('server3','nginx.service')  ##Open this port to specify the host to install the corresponding service B
    #print sapi.remote_noarg_execution('test-01','grains.items')

if __name__ == '__main__':
       main()

Modify the following sections

def main():
    sapi = SaltAPI(url="https://172.25.32.1:8000",username="saltapi",password="redhat")
    #sapi.token_id()
    print sapi.list_all_key()  ##Open this port to view all key s
    #sapi.delete_key('test-01')
    #sapi.accept_key('test-01')
    sapi.deploy('server3','nginx.service')  ##Push nginx in server 3
    #print sapi.remote_noarg_execution('test-01','grains.items')

View the results after execution:
Printed key value

Check whether server3 pushes nginx services

Posted by shonuff on Mon, 07 Oct 2019 08:57:52 -0700