SaltStack officially provides api projects in REST API format, which makes the integration of Salt and third-party systems easier.
The premise of the following operations is that you have installed the salt-master and salt-api services
1. Configure salt-master and enable rest_cherrypy service. I
’m lazy here, and SSL is not used, so SSL is disabled directly. It is recommended to use ssl in the online environment.
rest_cherrypy:
port: 8181
host: 0.0.0.0
disable_ssl: True
2. Configure pam authentication,
external_auth:
pam:
saltuser:
- .*
- '@runner'
- '@wheel'
- '@jobs'
The above two modifications are in the /etc/salt/master file
3. Create an authenticated user and set a password
useradd -M -s /sbin/nologin saltuser
4. Restart salt-master and start salt-api
systemctl restart salt-master
systemctl restart salt-api
5. View the salt listening port
[root@qd01-stop-saltmaster001 ~]# ss -ltnp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 30 *:8181 *:* users:(("salt-api",pid=13833,fd=11))
LISTEN 0 1000 *:4505 *:* users:(("salt-master",pid=12235,fd=18))
LISTEN 0 1000 *:4506 *:* users:(("salt-master",pid=12332,fd=32))
6. Verify login and get the token string
[root@saltmaster001 ~]# curl -sS http://localhost:8181/login -H 'Accept: application/x-yaml' -d username=saltuser -d password=saltuser -d eauth=pam
return:
- eauth: pam
expire: 1610484091.7311294
perms:
- .*
- '@runner'
- '@wheel'
- '@jobs'
start: 1610440891.731129
token: 49d2bedbddf71dd6c4af3c2f5e09797b2cf0d9aa
user: saltuser
7. Execute test.ping test through api
[root@saltmaster001 ~]# curl -sSk http://localhost:8181 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 49d2bedbddf71dd6c4af3c2f5e09797b2cf0d9aa' -d client=local -d tgt='*monitor004*' -d fun=test.ping
return:
- monitor004: true
As you can see, the return value is the same as executing test.ping directly in cmd
8. Execute cmd.run via api
[root@saltmaster001 ~]# curl -sSk http://localhost:8181 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 49d2bedbddf71dd6c4af3c2f5e09797b2cf0d9aa' -d client=local -d tgt='qd01-stop-monitor004*' -d fun=cmd.run -d arg='uptime'
return:
- monitor004: ' 16:44:51 up 586 days, 12:47, 0 users, load
average: 0.00, 0.00, 0.00'
For more information, please see https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#a-rest-api-for-salt