SaltStack api usage

SaltStack officially provides api projects in REST API format, which makes the integration of Salt and third-party systems easier.

The premise of the following operations is that you have installed the salt-master and salt-api services

1. Configure salt-master and enable rest_cherrypy service. I
’m lazy here, and SSL is not used, so SSL is disabled directly. It is recommended to use ssl in the online environment.

rest_cherrypy:
  port: 8181
  host: 0.0.0.0
  disable_ssl: True

2. Configure pam authentication,

external_auth:
  pam:
    saltuser:
      - .*
      - '@runner'
      - '@wheel'
      - '@jobs'

The above two modifications are in the /etc/salt/master file

3. Create an authenticated user and set a password

useradd -M -s /sbin/nologin saltuser

4. Restart salt-master and start salt-api

systemctl restart salt-master
systemctl restart salt-api

5. View the salt listening port

[root@qd01-stop-saltmaster001 ~]# ss -ltnp
State       Recv-Q Send-Q                                        Local Address:Port                                                       Peer Address:Port
LISTEN      0      30                                                        *:8181                                                                  *:*                   users:(("salt-api",pid=13833,fd=11))
LISTEN      0      1000                                                      *:4505                                                                  *:*                   users:(("salt-master",pid=12235,fd=18))
LISTEN      0      1000                                                      *:4506                                                                  *:*                   users:(("salt-master",pid=12332,fd=32))

6. Verify login and get the token string

[root@saltmaster001 ~]#  curl -sS http://localhost:8181/login -H 'Accept: application/x-yaml' -d username=saltuser -d password=saltuser  -d eauth=pam
return:
- eauth: pam
  expire: 1610484091.7311294
  perms:
  - .*
  - '@runner'
  - '@wheel'
  - '@jobs'
  start: 1610440891.731129
  token: 49d2bedbddf71dd6c4af3c2f5e09797b2cf0d9aa
  user: saltuser

7. Execute test.ping test through api

[root@saltmaster001 ~]# curl -sSk http://localhost:8181 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 49d2bedbddf71dd6c4af3c2f5e09797b2cf0d9aa'  -d client=local -d tgt='*monitor004*' -d fun=test.ping
return:
- monitor004: true

As you can see, the return value is the same as executing test.ping directly in cmd

8. Execute cmd.run via api

[root@saltmaster001 ~]# curl -sSk http://localhost:8181 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 49d2bedbddf71dd6c4af3c2f5e09797b2cf0d9aa'  -d client=local -d tgt='qd01-stop-monitor004*' -d fun=cmd.run -d arg='uptime'
return:
- monitor004: ' 16:44:51 up 586 days, 12:47,  0 users,  load
    average: 0.00, 0.00, 0.00'

For more information, please see https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#a-rest-api-for-salt