Saltstack API installation using

Salt naturally also provides the API, the use of the API for Automation is very helpful, we use the rest-style API, of course, everyone knows that the salt is written by Python, then naturally provided the corresponding API, but not recommended, because the call Python API's program must be running on master, and this API is not friendly to Python3

1[Email protected] ~]#Yum InstallPyopenssl salt-Api–y2[Email protected] ~]# Salt-call--Local Tls.create_self_signed_cert3 Local:4Created Private Key:"/etc/pki/tls/certs/localhost.key."Created Certificate:"/ETC/PKI/TLS/CERTS/LOCALHOST.CRT."5[Email protected] ~]# vim/etc/salt/Master6[Email protected] ~]#grep "^[a-z]"/etc/salt/Master7Default_include:master.d/*. conf # Open this8 file_roots:9 [email protected] master.d]# cd/etc/salt/master.d/Ten [[email protected] master.d]# Cat api.conf # define key storage location and provide port One Rest_cherrypy: A port:8000 - SSL_CRT:/etc/pki/tls/certs/localhost.crt - Ssl_key:/etc/pki/tls/certs/localhost.key the [[email protected] master.d]# Cat auth.conf # define Permissions - External_auth: - Pam: - Thatch: + -' @wheel ' # to allow access to all wheel modules - -' @runner ' # to allow access to all runner modules + -' @jobs ' # to allow access to the Jobs runner and/or wheel module A [[email protected] master.d]# Cat pam.conf # Definition Certification at External_auth: - Pam: - Saltapi: -       - .* - [email protected] master.d]# systemctl restart Salt-master.service - [email protected] master.d]# systemctl restart Salt-api in [email protected] master.d]# NETSTAT-TPLN - Active Internet connections (only servers) to Proto recv-q send-q Local address Foreign address State Pid/program name + TCP 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd - TCP 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 998/sshd the TCP 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 92795/python * TCP 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 92801/python $ TCP 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 93821/pythonPanax Notoginseng TCP6 0 0::: 111:::* LISTEN 1/systemd - TCP6 0 0::: $:::* LISTEN 998/sshd the [[email protected] master.d]# useradd-m-s/sbin/nologin SALTAPI # official environment specified GUID + [email protected] master.d]# passwd saltapi A changing password for user Saltapi. the New Password: + Bad password:the PASSWORD is shorter than 8 characters - Retype new Password: $ Passwd:all authentication Tokens updated successfully.

Test the machine for a change.

1[[email protected] tmp]# CURL-SSK https://192.168.56.11:8000/login \2>-H'Accept:application/x-yaml'\ # Return to YAML format, read intuitively3>-D username='Saltapi' 4>-D password='Saltapi' 5>-D eauth='Pam'# Authentication Mode is Pam6 return:7-Eauth:pam8Expire1511276286.304869# The token Expiration time9 perms: {}TenStart1511233086.304869 One Token:9374cd95e861ba80cda73375b50917446d7a45f2 # This is important . A User:saltapi -[[email protected] tmp]# CURL-SSK https://192.168.56.11:8000 \ ->-H'Accept:application/x-yaml'  the>-H'x-auth-token:9374cd95e861ba80cda73375b50917446d7a45f2'\ # token ->-D client=Local ->-D tgt='*'  ->-D fun=test.Ping + Return : # The information returned is intuitive --Linux-node1.example.com:true +Linux-node2.example.com:true A[[email protected] ~]# CURL-SSK https://192.168.56.11:8000/login \ at>-H'Accept:application/json'\ # Return JSON format, easy to parse ->-D username='Saltapi'  ->-D password='Saltapi'  ->-D eauth=Pam -{"return": [{"perms": [".*"],"Start":1511235669.459298,"token":"9374cd95e861ba80cda73375b50917446d7a45f2 '","expire":1511278869.459298,"User":"Saltapi","Eauth":"Pam"}]}  -[[email protected] ~]# CURL-SSK https://192.168.56.11:8000 \ in>-H'Accept:application/json'  ->-H'x-auth-token:9374cd95e861ba80cda73375b50917446d7a45f2' to>-D client=Local +>-D tgt='*'  ->-D fun=test.Ping the{"return": [{"linux-node1.example.com":true,"linux-node2.example.com":true}]}

Saltstack API installation using