一、介绍
SaltStack 官方提供有REST API格式的 salt-api 项目,将使Salt与第三方系统集成变得尤为简单。本文讲带你了解如何安装配置Salt-API, 如何利用Salt-API获取想要的信息
二、正文
查看salt-master版本,内核信息及系统版本
[root@coms ~]# rpm -qa |grep salt-mastersalt-master-2018.3.2-1.el7.noarch [root@coms ~]# uname -aLinux coms 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux[root@coms ~]# [root@coms ~]# cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core)
一,在salt-master上面安装
[root@coms ~]# yum -y install salt-api
二,检查cherry包是否安装
注: salt-api是一个基于Cherrypy(python的一个web框架)的Rest API程序,cherry包需要事先安装
[root@linux-node1 ~]# rpm -qa |grep cherry python-cherrypy-3.2.2-4.el7.noarch
三,安装pyOpenSSL包
[root@coms ~]# rpm -qa|grep -i pyOpenSSL pyOpenSSL-0.13.1-3.el7.x86_64 [root@coms ~]#
四,自签名证书,生产环境我们可以购买证书
[root@coms ~]# salt-call --local tls.create_self_signed_cert local: Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt." [root@coms ~]#
五,在salt-master上,打开include功能方便管理
[root@coms ~]# grep ^default /etc/salt/master [root@coms ~]# vim /etc/salt/master [root@coms ~]# grep ^default /etc/salt/master default_include: master.d/*.conf [root@coms ~]#
六,添加api配置到salt-master配置文件
[root@coms ~]# cd /etc/salt/master.d/ [root@coms master.d]# ls [root@coms master.d]# vim api.conf [root@coms master.d]# cat api.conf rest_cherrypy: host: 192.168.137.137 port: 9000 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/certs/localhost.key [root@coms master.d]#
七,创建用户 -M不创建家目录 ,并设置密码
[root@coms master.d]# useradd -M -s /sbin/nologin saltapi [root@coms master.d]# echo "saltapi" | passwd saltapi --stdin 更改用户 saltapi 的密码 。 passwd:所有的身份验证令牌已经成功更新。 [root@coms master.d]#
八,在salt-master配置文件里添加验证,在include的目录下创建新文件
[root@coms master.d]# vim auth.conf [root@coms master.d]# cat auth.conf external_auth: pam: saltapi: - .* - '@wheel' - '@runner' - '@jobs' [root@coms master.d]#
九,重启salt-master和启动salt-api
[root@linux-node1 master.d]# systemctl restart salt-master [root@linux-node1 master.d]# systemctl start salt-api
十,查看salt-api端口监听
[root@coms master.d]# netstat -na|grep 9000 tcp 0 0 192.168.137.137:9000 0.0.0.0:* LISTEN tcp 514 0 192.168.137.137:9000 192.168.137.1:11277 CLOSE_WAIT [root@coms master.d]#
十一、验证login登陆,获取token字符串
[root@coms ~]# curl -sSk https://192.168.137.137:9000/login -H 'Accept: application/x-yaml' -d username='saltapi' -d password='saltapi' -d eauth='pam' return: - eauth: pam expire: 1550865881.535046 perms: - .* - '@wheel' - '@runner' - '@jobs' start: 1550822681.535045 token: ade6ff420b11877a33a9f284e612cf72a5967510 user: saltapi [root@coms ~]#
十二、通过api执行test.ping测试连通性
[root@coms master.d]# curl -sSk https://192.168.137.137:9000/ -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 6c59bb8f62ee7324debe45c6a83a1ec0c92cd018' -d client=local -d tgt='*' -d fun=test.ping return: - coms: true [root@coms master.d]#
十三、执行cmd.run
[root@coms master.d]# curl -sSk https://192.168.137.137:9000/ -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 6c59bb8f62ee7324debe45c6a83a1ec0c92cd018' -d client=local -d tgt='*' -d fun='cmd.run' -d arg='uptime' return: - coms: ' 23:50:32 up 2:14, 3 users, load average: 0.38, 0.12, 0.14' [root@coms master.d]#
十四、以json格式输出
[root@coms master.d]# curl -sSk
https://192.168.137.137:9000/
-H 'Accept: application/json' -H 'X-Auth-Token: 6c59bb8f62ee7324debe45c6a83a1ec0c92cd018' -d client=local -d tgt='*' -d fun='cmd.run' -d arg='uptime' | python -mjson.tool
{
"return": [
{
"coms": " 23:51:52 up 2:16, 3 users, load average: 0.10, 0.10, 0.13"
}
]
}
[root@coms master.d]#
十五、获取节点grains信息
[root@coms master.d]# curl -sSk
https://192.168.137.137:9000/minions/coms
-H 'Accept: application/json' -H 'X-Auth-Token: 6c59bb8f62ee7324debe45c6a83a1ec0c92cd018' | python -mjson.tool
{
"return": [
{
"coms": {
"SSDs": [],
"biosreleasedate": "07/02/2015",
"biosversion": "6.00",
"cpu_flags": [
"fpu",
"vme",
"de",
"pse",
"tsc",
"msr",
"pae",
"mce",
"cx8",
"apic",
"sep",
"mtrr",
"pge",
"mca",
"cmov",
"pat",
"pse36",
"clflush",
"dts",
"mmx",
"fxsr",
"sse",
"sse2",
"ss",
"syscall",
"nx",
"pdpe1gb",
"rdtscp",
"lm",
"constant_tsc",
"arch_perfmon",
"pebs",
"bts",
"nopl",
"xtopology",
"tsc_reliable",
"nonstop_tsc",
"aperfmperf",
"eagerfpu",
"pni",
"pclmulqdq",
"ssse3",
"fma",
"cx16",
"pcid",
"sse4_1",
"sse4_2",
"x2apic",
"movbe",
"popcnt",
"tsc_deadline_timer",
"xsave",
"avx",
"f16c",
"rdrand",
"hypervisor",
"lahf_lm",
"abm",
"3dnowprefetch",
"epb",
"fsgsbase",
"tsc_adjust",
"bmi1",
"hle",
"avx2",
"smep",
"bmi2",
"invpcid",
"rtm",
"rdseed",
"adx",
"smap",
"xsaveopt",
"dtherm",
"ida",
"arat",
"pln",
"pts"
],
"cpu_model": "Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz",
"cpuarch": "x86_64",
"disks": [
"sda",
"sr0",
"dm-0",
"dm-1"
],
"dns": {
"domain": "",
"ip4_nameservers": [
"8.8.8.8"
],
"ip6_nameservers": [],
"nameservers": [
"8.8.8.8"
],
"options": [],
"search": [],
"sortlist": []
},
"domain": "",
"fqdn": "coms",
"fqdn_ip4": [
"192.168.137.137",
"192.168.122.1"
],
"fqdn_ip6": [
"fe80::20c:29ff:fe89:255f"
],
"gid": 0,
"gpus": [
{
"model": "SVGA II Adapter",
"vendor": "unknown"
}
],
"groupname": "root",
"host": "coms",
"hwaddr_interfaces": {
"ens33": "00:0c:29:89:25:5f",
"lo": "00:00:00:00:00:00",
"virbr0": "52:54:00:50:d4:e0",
"virbr0-nic": "52:54:00:50:d4:e0"
},
"id": "coms",
"init": "systemd",
"ip4_gw": "192.168.137.1",
"ip4_interfaces": {
"ens33": [
"192.168.137.137"
],
"lo": [
"127.0.0.1"
],
"virbr0": [
"192.168.122.1"
],
"virbr0-nic": []
},
"ip6_gw": false,
"ip6_interfaces": {
"ens33": [
"fe80::20c:29ff:fe89:255f"
],
"lo": [
"::1"
],
"virbr0": [],
"virbr0-nic": []
},
"ip_gw": true,
"ip_interfaces": {
"ens33": [
"192.168.137.137",
"fe80::20c:29ff:fe89:255f"
],
"lo": [
"127.0.0.1",
"::1"
],
"virbr0": [
"192.168.122.1"
],
"virbr0-nic": []
},
"ipv4": [
"127.0.0.1",
"192.168.122.1",
"192.168.137.137"
],
"ipv6": [
"::1",
"fe80::20c:29ff:fe89:255f"
],
"kernel": "Linux",
"kernelrelease": "3.10.0-862.el7.x86_64",
"kernelversion": "#1 SMP Fri Apr 20 16:44:24 UTC 2018",
"locale_info": {
"defaultencoding": "UTF-8",
"defaultlanguage": "zh_CN",
"detectedencoding": "UTF-8"
},
"localhost": "coms",
"lsb_distrib_codename": "CentOS Linux 7 (Core)",
"lsb_distrib_id": "CentOS Linux",
"machine_id": "51c5e9520d814f29b2dc273eac744beb",
"manufacturer": "VMware, Inc.",
"master": "192.168.137.137",
"mdadm": [],
"mem_total": 1821,
"nodename": "coms",
"num_cpus": 1,
"num_gpus": 1,
"os": "CentOS",
"os_family": "RedHat",
"osarch": "x86_64",
"oscodename": "CentOS Linux 7 (Core)",
"osfinger": "CentOS Linux-7",
"osfullname": "CentOS Linux",
"osmajorrelease": 7,
"osrelease": "7.5.1804",
"osrelease_info": [
7,
5,
1804
],
"path": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin",
"pid": 1788,
"productname": "VMware Virtual Platform",
"ps": "ps -efHww",
"pythonexecutable": "/usr/bin/python",
"pythonpath": [
"/usr/bin",
"/usr/lib/python2.7/site-packages/Django-1.11.18-py2.7.egg",
"/usr/lib/python2.7/site-packages/PyMySQL-0.9.3-py2.7.egg",
"/usr/lib64/python27.zip",
"/usr/lib64/python2.7",
"/usr/lib64/python2.7/plat-linux2",
"/usr/lib64/python2.7/lib-tk",
"/usr/lib64/python2.7/lib-old",
"/usr/lib64/python2.7/lib-dynload",
"/usr/lib64/python2.7/site-packages",
"/usr/lib64/python2.7/site-packages/gtk-2.0",
"/usr/lib/python2.7/site-packages"
],
"pythonversion": [
2,
7,
5,
"final",
0
],
"saltpath": "/usr/lib/python2.7/site-packages/salt",
"saltversion": "2018.3.2",
"saltversioninfo": [
2018,
3,
2,
0
],
"selinux": {
"enabled": false,
"enforced": "Disabled"
},
"serialnumber": "VMware-56 4d 43 54 ca 1c a8 bd-2e a5 ab 9f 99 89 25 5f",
"server_id": 1180429514,
"shell": "/bin/sh",
"swap_total": 2047,
"systemd": {
"features": "+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN",
"version": "219"
},
"uid": 0,
"username": "root",
"uuid": "54434d56-1cca-bda8-2ea5-ab9f9989255f",
"virtual": "VMware",
"zfs_feature_flags": false,
"zfs_support": false,
"zmqversion": "4.1.4"
}
}
]
}
[root@coms master.d]#
[root@coms ~]# curl -sSk
https://192.168.137.137:9000/
-H 'Accept: application/json' -H 'x`: 1177497221780d4623088e48c63c32eb3560466a' |python -mjson.tool
{
"clients": [
"local",
"local_async",
"local_batch",
"local_subset",
"runner",
"runner_async",
"ssh",
"wheel",
"wheel_async"
],
"return": "Welcome"
}
[root@coms ~]# curl -sSk
https://192.168.137.137:9000/
-H 'Accept: application/json' -H 'X-Auth-Token: 1177497221780d4623088e48c63c32eb3560466a' -d client=local -d tgt='*' -d fun=disk.usage | python -mjson.tool
{
"return": [
{
"coms": {
"/": {
"1K-blocks": "17811456",
"available": "12365236",
"capacity": "31%",
"filesystem": "/dev/mapper/centos-root",
"used": "5446220"
},
"/boot": {
"1K-blocks": "1038336",
"available": "865172",
"capacity": "17%",
"filesystem": "/dev/sda1",
"used": "173164"
},
"/dev": {
"1K-blocks": "915508",
"available": "915508",
"capacity": "0%",
"filesystem": "devtmpfs",
"used": "0"
},
"/dev/shm": {
"1K-blocks": "932640",
"available": "932612",
"capacity": "1%",
"filesystem": "tmpfs",
"used": "28"
},
"/run": {
"1K-blocks": "932640",
"available": "922384",
"capacity": "2%",
"filesystem": "tmpfs",
"used": "10256"
},
"/run/user/1000": {
"1K-blocks": "186532",
"available": "186532",
"capacity": "0%",
"filesystem": "tmpfs",
"used": "0"
},
"/sys/fs/cgroup": {
"1K-blocks": "932640",
"available": "932640",
"capacity": "0%",
"filesystem": "tmpfs",
"used": "0"
}
}
}
]
}
[root@coms ~]#