Salt-api use

Source: Internet
Author: User
Tags openssl rsa sapi

This time research operation and maintenance automation, the study to the SALT-API part encountered a lot of pits, here record, the front of the successive replenishment.

1, the process of the topic, the beginning of steps:

cd /etc/yum.repos.d/ && wget http: //dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -ivh epel-release- 6 - 8 .noarch.rpm yum -y install kernel-firmware kernel-headers perf e2fsprogs rpm -ivh libyaml- 0.1 . 3 - 1.4 .el6.x86_64.rpm  rpm -ivh PyYAML- 3.10 - 3.1 .el6.x86_64.rpm  yum -y install salt-master salt-api 

2.

#安装pip: wget https: //pypi.python.org/packages/source/p/pip/pip-1.5.6.tar.gz#md5=01026f87978932060cc86c1dc527903e --no-check-certificate tar xvfz pip- 1.5 . 6 .tar.gz cd pip- 1.5 . 6 python setup.py build && python setup.py install && pip freeze #使用pip安装cherrypy: pip install cherrypy== 3.2 . 3

3, install the OpenSSL certificate, because Salt-api is based on the certificate, the directory does not give the wrong:

[Email protected] tmp]# Cd/etc/pki/tls/certs

[email protected] certs]# make TestCert

Umask 77; \

/usr/bin/openssl genrsa-aes128 2048 >/etc/pki/tls/private/localhost.key

Generating RSA private key, 2048 bit long modulus

......................................................................................................................... .....................+++

........................................................+++

E is 65537 (0x10001)

Enter Pass phrase: #输入6位以上的秘钥

Verifying-enter Pass phrase: #再次输入

Umask 77; \

/usr/bin/openssl req-utf8-new-key/etc/pki/tls/private/localhost.key-x509-days 365-out/etc/pki/tls/certs/ Localhost.crt-set_serial 0

Enter Pass phrase For/etc/pki/tls/private/localhost.key: #再次输入

You is about-to is asked to-enter information that'll be incorporated

into your certificate request.

What's about-to-enter is called a distinguished Name or a DN.

There is quite a few fields but can leave some blank

For some fields there would be a default value,

If you enter '. ', the field would be a left blank.

-----

Country Name (2 letter code) [XX]:CN

State or province name (full name) []:nanning

Locality Name (eg, city) [Default city]:ninning

Organization Name (eg, company) [Default company LTD]:

Organizational Unit Name (eg, section) []:

Common name (eg, your name or your server ' s hostname) []:

Email Address []:[email protected]


[Email protected] certs]# CD. /private/

[email protected] private]# OpenSSL rsa-in localhost.key-out localhost_nopass.key

Enter Pass phrase for Localhost.key:

Writing RSA Key


Create a login account and password:

[Email protected] private]# useradd-m-s/sbin/nologin Xiaoluo

[Email protected] private]# passwd Xiaoluo


#salt master配置文件:/etc/salt/master  #取消注释 default_include: master.d/*.conf mkdir -p /etc/salt/master.d


#saltstack服务端配置: [[email protected] ~]# cat /etc/salt/master.d/api.conf  rest_cherrypy:    port:  8888    ssl_crt: /etc/pki/tls/certs/localhost.crt    ssl_key: /etc/pki/tls/ private /localhost_nopass.key [[email protected] ~]# cat /etc/salt/master.d/eauth.conf  external_auth:    pam:      xiaoluo:        - .*        ‘@wheel‘        ‘@runner‘   #重启salt-master和salt-api服务:  [[email protected] ~]# /etc/init.d/salt-master restart Stopping salt-master daemon:                               [FAILED] Starting salt-master daemon:                               [  OK  ]


Sign in to get tokens:

[Email protected] salt]# curl-k Https://192.168.10.205:8888/login-H "Accept:application/x-yaml"-D username= ' Xiaoluo '-D password= ' 123456 '-D eauth= ' Pam '

Return

-Eauth:pam

expire:1423599495.7932329

Perms

- .*

-' @wheel '

-' @runner '

start:1423556295.793232

token:38fc58406d4248abded1abbfa11ce83b68754975

User:xiaoluo

After obtaining tokens, you can use token communication:


[Email protected] salt]# curl-k https://192.168.10.205:8888/-H "accept:application/x-yaml"-H "x-auth-token:38fc5840 6d4248abded1abbfa11ce83b68754975 "-D client= ' local '-D tgt= ' * '-D fun= ' test.ping '

Return

-Monitor:true

The effect is the same as the salt ' * ' test.ping. This enables the communication of the Salt-api interface.


Of course, when developing access to data, such an approach is clearly not flexible enough. A Salt-api class is posted below:

#!/usr/bin/env python

#coding =utf-8


Import Urllib2, Urllib, JSON, re


Class Saltapi:

def __init__ (self):

Self.__url = ' https://192.168.10.205:8888 ' #salt-api monitored addresses and ports such as: ' https://192.168.186.134:8888 '

Self.__user = ' Xiaoluo ' #salt-api user name

Self.__password = ' 123456 ' #salt-api user password

self.__token_id = Self.salt_login ()


def salt_login (self):

params = {' Eauth ': ' Pam ', ' username ': self.__user, ' Password ': Self.__password}

encode = Urllib.urlencode (params)

obj = urllib.unquote (encode)

headers = {' X-auth-token ': '}

url = self.__url + '/login '

req = Urllib2. Request (URL, obj, headers)

Opener = Urllib2.urlopen (req)

Content = Json.loads (Opener.read ())

Try

token = content[' return '][0][' token ']

Return token

Except Keyerror:

Raise Keyerror


def postrequest (self, obj, prefix= '/'):

url = self.__url + prefix

headers = {' X-auth-token ': self.__token_id}

req = Urllib2. Request (URL, obj, headers)

Opener = Urllib2.urlopen (req)

Content = Json.loads (Opener.read ())

Return content[' return ']


def saltcmd (self, params):

obj = Urllib.urlencode (params)

obj, number = re.subn ("arg\d", ' arg ', obj)

res = self.postrequest (obj)

Print res[0][' monitor ' [' biosversion ']

Print res[0][' monitor ' [' Cpu_model ']



def main ():

#以下是用来测试saltAPI类的部分

SAPI = Saltapi ()

params = {' client ': ' Local ', ' fun ': ' Grains.items ', ' TGT ': ' * '}

Test = Sapi.saltcmd (params)

# #运行之后就会打印出grain的值. What values you need to print directly.

Test results:

[email protected] python]# python salt-api.py

2.2.2

Intel (R) Xeon (r) CPU e5-2603 v2 @ 1.80GHz


This article is from the "Little Luo" blog, please be sure to keep this source http://xiaoluoge.blog.51cto.com/9141967/1613353

Salt-api use

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.