This time research operation and maintenance automation, the study to the SALT-API part encountered a lot of pits, here record, the front of the successive replenishment.
1, the process of the topic, the beginning of steps:
cd /etc/yum.repos.d/ && wget http:
//dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-
6
-
8
.noarch.rpm
yum -y install kernel-firmware kernel-headers perf e2fsprogs
rpm -ivh libyaml-
0.1
.
3
-
1.4
.el6.x86_64.rpm
rpm -ivh PyYAML-
3.10
-
3.1
.el6.x86_64.rpm
yum -y install salt-master salt-api
2.
#安装pip:
wget https:
//pypi.python.org/packages/source/p/pip/pip-1.5.6.tar.gz#md5=01026f87978932060cc86c1dc527903e --no-check-certificate
tar xvfz pip-
1.5
.
6
.tar.gz
cd pip-
1.5
.
6
python setup.py build && python setup.py install && pip freeze
#使用pip安装cherrypy:
pip install cherrypy==
3.2
.
3
3, install the OpenSSL certificate, because Salt-api is based on the certificate, the directory does not give the wrong:
[Email protected] tmp]# Cd/etc/pki/tls/certs
[email protected] certs]# make TestCert
Umask 77; \
/usr/bin/openssl genrsa-aes128 2048 >/etc/pki/tls/private/localhost.key
Generating RSA private key, 2048 bit long modulus
......................................................................................................................... .....................+++
........................................................+++
E is 65537 (0x10001)
Enter Pass phrase: #输入6位以上的秘钥
Verifying-enter Pass phrase: #再次输入
Umask 77; \
/usr/bin/openssl req-utf8-new-key/etc/pki/tls/private/localhost.key-x509-days 365-out/etc/pki/tls/certs/ Localhost.crt-set_serial 0
Enter Pass phrase For/etc/pki/tls/private/localhost.key: #再次输入
You is about-to is asked to-enter information that'll be incorporated
into your certificate request.
What's about-to-enter is called a distinguished Name or a DN.
There is quite a few fields but can leave some blank
For some fields there would be a default value,
If you enter '. ', the field would be a left blank.
-----
Country Name (2 letter code) [XX]:CN
State or province name (full name) []:nanning
Locality Name (eg, city) [Default city]:ninning
Organization Name (eg, company) [Default company LTD]:
Organizational Unit Name (eg, section) []:
Common name (eg, your name or your server ' s hostname) []:
Email Address []:[email protected]
[Email protected] certs]# CD. /private/
[email protected] private]# OpenSSL rsa-in localhost.key-out localhost_nopass.key
Enter Pass phrase for Localhost.key:
Writing RSA Key
Create a login account and password:
[Email protected] private]# useradd-m-s/sbin/nologin Xiaoluo
[Email protected] private]# passwd Xiaoluo
#salt master配置文件:/etc/salt/master
#取消注释
default_include: master.d/*.conf
mkdir -p /etc/salt/master.d
#saltstack服务端配置:
[[email protected] ~]# cat /etc/salt/master.d/api.conf
rest_cherrypy:
port:
8888
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/
private
/localhost_nopass.key
[[email protected] ~]# cat /etc/salt/master.d/eauth.conf
external_auth:
pam:
xiaoluo:
- .*
-
‘@wheel‘
-
‘@runner‘
#重启salt-master和salt-api服务:
[[email protected] ~]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [FAILED]
Starting salt-master daemon: [ OK ]
Sign in to get tokens:
[Email protected] salt]# curl-k Https://192.168.10.205:8888/login-H "Accept:application/x-yaml"-D username= ' Xiaoluo '-D password= ' 123456 '-D eauth= ' Pam '
Return
-Eauth:pam
expire:1423599495.7932329
Perms
- .*
-' @wheel '
-' @runner '
start:1423556295.793232
token:38fc58406d4248abded1abbfa11ce83b68754975
User:xiaoluo
After obtaining tokens, you can use token communication:
[Email protected] salt]# curl-k https://192.168.10.205:8888/-H "accept:application/x-yaml"-H "x-auth-token:38fc5840 6d4248abded1abbfa11ce83b68754975 "-D client= ' local '-D tgt= ' * '-D fun= ' test.ping '
Return
-Monitor:true
The effect is the same as the salt ' * ' test.ping. This enables the communication of the Salt-api interface.
Of course, when developing access to data, such an approach is clearly not flexible enough. A Salt-api class is posted below:
#!/usr/bin/env python
#coding =utf-8
Import Urllib2, Urllib, JSON, re
Class Saltapi:
def __init__ (self):
Self.__url = ' https://192.168.10.205:8888 ' #salt-api monitored addresses and ports such as: ' https://192.168.186.134:8888 '
Self.__user = ' Xiaoluo ' #salt-api user name
Self.__password = ' 123456 ' #salt-api user password
self.__token_id = Self.salt_login ()
def salt_login (self):
params = {' Eauth ': ' Pam ', ' username ': self.__user, ' Password ': Self.__password}
encode = Urllib.urlencode (params)
obj = urllib.unquote (encode)
headers = {' X-auth-token ': '}
url = self.__url + '/login '
req = Urllib2. Request (URL, obj, headers)
Opener = Urllib2.urlopen (req)
Content = Json.loads (Opener.read ())
Try
token = content[' return '][0][' token ']
Return token
Except Keyerror:
Raise Keyerror
def postrequest (self, obj, prefix= '/'):
url = self.__url + prefix
headers = {' X-auth-token ': self.__token_id}
req = Urllib2. Request (URL, obj, headers)
Opener = Urllib2.urlopen (req)
Content = Json.loads (Opener.read ())
Return content[' return ']
def saltcmd (self, params):
obj = Urllib.urlencode (params)
obj, number = re.subn ("arg\d", ' arg ', obj)
res = self.postrequest (obj)
Print res[0][' monitor ' [' biosversion ']
Print res[0][' monitor ' [' Cpu_model ']
def main ():
#以下是用来测试saltAPI类的部分
SAPI = Saltapi ()
params = {' client ': ' Local ', ' fun ': ' Grains.items ', ' TGT ': ' * '}
Test = Sapi.saltcmd (params)
# #运行之后就会打印出grain的值. What values you need to print directly.
Test results:
[email protected] python]# python salt-api.py
2.2.2
Intel (R) Xeon (r) CPU e5-2603 v2 @ 1.80GHz
This article is from the "Little Luo" blog, please be sure to keep this source http://xiaoluoge.blog.51cto.com/9141967/1613353
Salt-api use