SALT-API Study Note One

Online to find a lot of documents can not access Salt-api, made a long time, finally fix, write a note, convenient later query

If you need to call Saltstack through a third party, the Python API that comes with Saltstack does not meet your needs well. You can use the Saltstack based RESTful style HTTP API. The API module is not built-in and needs to be installed separately.

Introduction to Salt REST API

Here is a simple explanation, Saltstack officially support three kinds of rest API, respectively, is rest_cherry; Rest_tonado and Rest_wsgi

• Rest_cherry and Rest_tonado Two modules enable listening on a specified port for all IPs receive requests

• Rest_wsgi only supports native access and binds only 127.0.0.1

Installing the SALT-API Service

shell> yum-y Install gcc make python-devel libffi-devel
shell> pip install pyopenssl==0.15. 1

Using the salt tool to generate certificates

shell> Salt-call--local Tls.create_self_signed_cert

Salt-call is the Salt-minion tool, if you do not have this command, you can install Minion on the master side, and then execute the above command

Configure Users and Permissions

- s /sbin/nologin SA
Echo "Sapassword" | passwd SA--stdin

At the end of the Salt-master configuration file, add the following configuration

External_auth:
Pam: #认证模式, Pam refers to the user authentication mode of Linux itself
SA: #Linux系统中真实存在的用户名
- ' * ': #设置用户的权限, which hosts the user is allowed to manipulate, * represents all 
- test.* #允许操作的模块及方法
 - cmd.* 

Configuring the SALT-API Service

at the end of the Salt-master configuration file, add the following configuration

Rest_cherrypy:
1559 #默认监听所有IP的1559 Port
SSL_CRT:/etc/pki/tls/certs/localhost.crt #引用的正是前面创建的证书
Ssl_key:/etc/pki/tls/certs/localhost.key

Start the service

Shell> Service Salt-api Start

Login to get token

- S Sk https://www. 20150509. CN:1559/login \
' Accept:application/x-yaml ' \
- d username=sa \
- d password=sapassword \
- D eauth=pam

Copy the token that gets

Curl- sSk https://localhost:8000 \
- H ' Accept:application/x-yaml ' \
- H ' x-auth-token:697adbdc8fe971d09ae4c2a3add7248859c87079 '\
-  D client=local \
-  D tgt=' * ' \
-  d fun=test.ping

Accessing the API using Python scripts

 Import json
 Import urllib
 Import urllib2

 #在python2.6x, the following two lines are not required 
 import SSL
Ssl._create_default_https_context = Ssl._create_unverified_context

url= 'https://www.20150509.cn:1559 ' #salt coordinates of-API 

 def test():
Pre_data = [{"client":"local", "TGT":"*", "Fun":"test.ping" }] #根据上面官方文档的要求组成数组嵌套字典的形式
json_data = json.dumps (pre_data) #将其转化为json格式
  
Header = {"Content-type":"Application/json", "Accept":"Application/json", "X-auth-token":"697adbdc8fe971d09ae4c2a3add7248859c87079"}
 #这里说明下, Content-type is the format that declares what data is passed to the API, which is specified in JSON, because the Pre_data data above is converted into JSON format by me 
 #Accept是声明返回结果以什么样的格式显示, this also specifies the JSON format to display the returned results 

request = Urllib2. Request (URL, json_data, header) #构造一次请求
response = Urllib2.urlopen (request) #构造一次HTTP访问

html = response.read ()
 print HTML


 if __name__=="__main__":
Test ()

This article is from the "Linux is belong to You" blog, make sure to keep this source http://jwh5566.blog.51cto.com/7394620/1760855

SALT-API Study Note One