SALT-API Installation and Configuration

One, the installation part
[[Email protected] ~] #wget https://pypi.python.org/packages/source/p/pip/pip-1.5.6.tar.gz#md5= 01026f87978932060cc86c1dc527903e--no-check-certificate
[[Email protected] ~] #tar XVFZ pip-1.5.6.tar.gz
[[Email protected] ~] #cd pip-1.5.6
[[email protected] pip-1.5.6] #python setup.py Build
[[email protected] pip-1.5.6] #python setup.py Install
#安装完成后可以用pip freeze to view installed packages
[[email protected] pip-1.5.6] #pip freeze
Pip Install cherrypy==3.2.3
Yum Install Salt-api
You can also use Pip install salt-api==0.8.3, I am here to prompt installation is not, so useless,

Second, certificate configuration
Cd/etc/pki/tls/certs
[email protected] certs]# make TestCert
Umask 77; \
/usr/bin/openssl genrsa-aes128 2048 >/etc/pki/tls/private/localhost.key
Generating RSA private key, 2048 bit long modulus
...+++
..................................................................+++
E is 65537 (0x10001)
Enter Pass phrase: #键入加密短语, 4 to 8,191 characters
Verifying-enter Pass phrase: #确认加密短语
Umask 77; \
/usr/bin/openssl req-utf8-new-key/etc/pki/tls/private/localhost.key-x509-days 365-out/etc/pki/tls/certs/ Localhost.crt-set_serial 0
Enter Pass phrase For/etc/pki/tls/private/localhost.key: #再次输入相同的加密短语
You is about-to is asked to-enter information that'll be incorporated
into your certificate request.
What's about-to-enter is called a distinguished Name or a DN.
There is quite a few fields but can leave some blank
For some fields there would be a default value,
If you enter '. ', the field would be a left blank.
-----
Country Name (2 letter code) [XX]:CN #都可以选填
State or province name (full name) []:shanghai
Locality Name (eg, city) [Default City]:shanghai
Organization Name (eg, company) [Default company LTD]:
Organizational Unit Name (eg, section) []:
Common name (eg, your name or your server ' s hostname) []:
Email Address []:[email protected]
[Email protected] certs]# CD. /private/
[email protected] private]# OpenSSL rsa-in localhost.key-out localhost_nopass.key
Enter Pass phrase for Localhost.key: #输入之前的加密短语
Writing RSA Key


Third, Salt-api account permissions Configuration
[[Email protected] ~] #useradd-M-s/sbin/nologin deployer
#由于是测试, so the use of weak password "password", the formal environment must use strong passwords, more special characters
[Email protected] ~]# passwd deployer

Configure api.conf
[email protected] master.d]# cat api.conf
Rest_cherrypy:
port:8888
Debug:true
SSL_CRT:/ETC/PKI/TLS/CERTS/LOCALHOST.CRT
Ssl_key:/etc/pki/tls/private/localhost_nopass.key
Configure eauth.conf
[email protected] master.d]# cat eauth.conf
External_auth:
Pam:
Deployer
- .*
-' @wheel '
-' @runner '


Step over the pit, if you do not configure/etc/salt/master, get token will prompt 401, insufficient permissions
#vi/etc/salt/master Configure permissions
External_auth:
Pam:
Deployer
- .*
-' @wheel '
-' @runner '
-test.*


Get token
[Email protected] master.d]# curl-k https://localhost:8888/login-H "Accept:application/x-yaml" \
>-D username= ' deployer ' \
>-D password= ' deployer.123 ' \
>-D eauth= ' Pam '
Return
-Eauth:pam
expire:1497638824.219074
Perms
- .*
-' @wheel '
-' @runner '
start:1497595624.2190731
token:7abfbf28e7337188c28edcfa6f77424b93ba7908
User:deployer

Appears as follows, indicating success
#curl-K https://172.16.250.34:8888/-H "accept:application/x-yaml"-H "X-auth-token: 7abfbf28e7337188c28edcfa6f77424b93ba7908 "-D client= ' local '-D tgt= ' * '-D fun= ' test.ping '
Return
-Lcb-u-assets01-124:true
Lcb-u-assets02-125:true
Lcb-u-assetsht-126:true
Lcb-u-fdfs01-141:true
Lcb-u-fdfs02-142:true
Lcb-u-ha01-120:true
Lcb-u-ha02-121:true
Lcb-u-ht01-32:true

SALT-API Installation and Configuration