Salt-api use

This time research operation and maintenance automation, the study to the SALT-API part encountered a lot of pits, here record, the front of the successive replenishment.

1, the process of the topic, the beginning of steps:

cd /etc/yum.repos.d/ && wget http: //dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -ivh epel-release- 6 - 8 .noarch.rpm yum -y install kernel-firmware kernel-headers perf e2fsprogs rpm -ivh libyaml- 0.1 . 3 - 1.4 .el6.x86_64.rpm  rpm -ivh PyYAML- 3.10 - 3.1 .el6.x86_64.rpm  yum -y install salt-master salt-api 

2.

#安装pip: wget https: //pypi.python.org/packages/source/p/pip/pip-1.5.6.tar.gz#md5=01026f87978932060cc86c1dc527903e --no-check-certificate tar xvfz pip- 1.5 . 6 .tar.gz cd pip- 1.5 . 6 python setup.py build && python setup.py install && pip freeze #使用pip安装cherrypy: pip install cherrypy== 3.2 . 3

3, install the OpenSSL certificate, because Salt-api is based on the certificate, the directory does not give the wrong:

[Email protected] tmp]# Cd/etc/pki/tls/certs

[email protected] certs]# make TestCert

Umask 77; \

/usr/bin/openssl genrsa-aes128 2048 >/etc/pki/tls/private/localhost.key

Generating RSA private key, 2048 bit long modulus

......................................................................................................................... .....................+++

........................................................+++

E is 65537 (0x10001)

Enter Pass phrase: #输入6位以上的秘钥

Verifying-enter Pass phrase: #再次输入

Umask 77; \

/usr/bin/openssl req-utf8-new-key/etc/pki/tls/private/localhost.key-x509-days 365-out/etc/pki/tls/certs/ Localhost.crt-set_serial 0

Enter Pass phrase For/etc/pki/tls/private/localhost.key: #再次输入

You is about-to is asked to-enter information that'll be incorporated

into your certificate request.

What's about-to-enter is called a distinguished Name or a DN.

There is quite a few fields but can leave some blank

For some fields there would be a default value,

If you enter '. ', the field would be a left blank.

-----

Country Name (2 letter code) [XX]:CN

State or province name (full name) []:nanning

Locality Name (eg, city) [Default city]:ninning

Organization Name (eg, company) [Default company LTD]:

Organizational Unit Name (eg, section) []:

Common name (eg, your name or your server ' s hostname) []:

Email Address []:[email protected]

[Email protected] certs]# CD. /private/

[email protected] private]# OpenSSL rsa-in localhost.key-out localhost_nopass.key

Enter Pass phrase for Localhost.key:

Writing RSA Key

Create a login account and password:

[Email protected] private]# useradd-m-s/sbin/nologin Xiaoluo

[Email protected] private]# passwd Xiaoluo

#salt master配置文件：/etc/salt/master  #取消注释 default_include: master.d/*.conf mkdir -p /etc/salt/master.d

#saltstack服务端配置: [[email protected] ~]# cat /etc/salt/master.d/api.conf  rest_cherrypy:    port:  8888    ssl_crt: /etc/pki/tls/certs/localhost.crt    ssl_key: /etc/pki/tls/ private /localhost_nopass.key [[email protected] ~]# cat /etc/salt/master.d/eauth.conf  external_auth:    pam:      xiaoluo:        - .*        -  ‘@wheel‘        -  ‘@runner‘   ＃重启salt－master和salt-api服务:  [[email protected] ~]# /etc/init.d/salt-master restart Stopping salt-master daemon:                               [FAILED] Starting salt-master daemon:                               [  OK  ]

Sign in to get tokens:

[Email protected] salt]# curl-k Https://192.168.10.205:8888/login-H "Accept:application/x-yaml"-D username= ' Xiaoluo '-D password= ' 123456 '-D eauth= ' Pam '

Return

-Eauth:pam

expire:1423599495.7932329

Perms

- .*

-' @wheel '

-' @runner '

start:1423556295.793232

token:38fc58406d4248abded1abbfa11ce83b68754975

User:xiaoluo

After obtaining tokens, you can use token communication:

[Email protected] salt]# curl-k https://192.168.10.205:8888/-H "accept:application/x-yaml"-H "x-auth-token:38fc5840 6d4248abded1abbfa11ce83b68754975 "-D client= ' local '-D tgt= ' * '-D fun= ' test.ping '

Return

-Monitor:true

The effect is the same as the salt ' * ' test.ping. This enables the communication of the Salt-api interface.

Of course, when developing access to data, such an approach is clearly not flexible enough. A Salt-api class is posted below:

#!/usr/bin/env python

#coding =utf-8

Import Urllib2, Urllib, JSON, re

Class Saltapi:

def __init__ (self):

Self.__url = ' https://192.168.10.205:8888 ' #salt-api monitored addresses and ports such as: ' https://192.168.186.134:8888 '

Self.__user = ' Xiaoluo ' #salt-api user name

Self.__password = ' 123456 ' #salt-api user password

self.__token_id = Self.salt_login ()

def salt_login (self):

params = {' Eauth ': ' Pam ', ' username ': self.__user, ' Password ': Self.__password}

encode = Urllib.urlencode (params)

obj = urllib.unquote (encode)

headers = {' X-auth-token ': '}

url = self.__url + '/login '

req = Urllib2. Request (URL, obj, headers)

Opener = Urllib2.urlopen (req)

Content = Json.loads (Opener.read ())

Try

token = content[' return '][0][' token ']

Return token

Except Keyerror:

Raise Keyerror

def postrequest (self, obj, prefix= '/'):

url = self.__url + prefix

headers = {' X-auth-token ': self.__token_id}

req = Urllib2. Request (URL, obj, headers)

Opener = Urllib2.urlopen (req)

Content = Json.loads (Opener.read ())

Return content[' return ']

def saltcmd (self, params):

obj = Urllib.urlencode (params)

obj, number = re.subn ("arg\d", ' arg ', obj)

res = self.postrequest (obj)

Print res[0][' monitor ' [' biosversion ']

Print res[0][' monitor ' [' Cpu_model ']

def main ():

#以下是用来测试saltAPI类的部分

SAPI = Saltapi ()

params = {' client ': ' Local ', ' fun ': ' Grains.items ', ' TGT ': ' * '}

Test = Sapi.saltcmd (params)

# #运行之后就会打印出grain的值. What values you need to print directly.

Test results:

[email protected] python]# python salt-api.py

2.2.2

Intel (R) Xeon (r) CPU e5-2603 v2 @ 1.80GHz

This article is from the "Little Luo" blog, please be sure to keep this source http://xiaoluoge.blog.51cto.com/9141967/1613353

Salt-api use