Online to find a lot of documents can not access Salt-api, made a long time, finally fix, write a note, convenient later query
If you need to call Saltstack through a third party, the Python API that comes with Saltstack does not meet your needs well. You can use the Saltstack based RESTful style HTTP API. The API module is not built-in and needs to be installed separately.
Introduction to Salt REST API
Here is a simple explanation, Saltstack officially support three kinds of rest API, respectively, is rest_cherry; Rest_tonado and Rest_wsgi
Installing the SALT-API Service
shell> yum-y Install gcc make python-devel libffi-devel
shell> pip install pyopenssl==0.15. 1
Using the salt tool to generate certificates
shell> Salt-call--local Tls.create_self_signed_cert
Salt-call is the Salt-minion tool, if you do not have this command, you can install Minion on the master side, and then execute the above command
Configure Users and Permissions
- s /sbin/nologin SA
Echo "Sapassword" | passwd SA--stdin
At the end of the Salt-master configuration file, add the following configuration
External_auth:
Pam: #认证模式, Pam refers to the user authentication mode of Linux itself
SA: #Linux系统中真实存在的用户名
- ' * ': #设置用户的权限, which hosts the user is allowed to manipulate, * represents all
- test.* #允许操作的模块及方法
- cmd.*
Configuring the SALT-API Service
at the end of the Salt-master configuration file, add the following configuration
Rest_cherrypy:
1559 #默认监听所有IP的1559 Port
SSL_CRT:/etc/pki/tls/certs/localhost.crt #引用的正是前面创建的证书
Ssl_key:/etc/pki/tls/certs/localhost.key
Start the service
Shell> Service Salt-api Start
Login to get token
- S Sk https://www. 20150509. CN:1559/login \
' Accept:application/x-yaml ' \
- d username=sa \
- d password=sapassword \
- D eauth=pam
Copy the token that gets
Curl- sSk https://localhost:8000 \
- H ' Accept:application/x-yaml ' \
- H ' x-auth-token:697adbdc8fe971d09ae4c2a3add7248859c87079 '\
- D client=local \
- D tgt=' * ' \
- d fun=test.ping
Accessing the API using Python scripts
Import json
Import urllib
Import urllib2
#在python2.6x, the following two lines are not required
import SSL
Ssl._create_default_https_context = Ssl._create_unverified_context
url= 'https://www.20150509.cn:1559 ' #salt coordinates of-API
def test():
Pre_data = [{"client":"local", "TGT":"*", "Fun":"test.ping" }] #根据上面官方文档的要求组成数组嵌套字典的形式
json_data = json.dumps (pre_data) #将其转化为json格式
Header = {"Content-type":"Application/json", "Accept":"Application/json", "X-auth-token":"697adbdc8fe971d09ae4c2a3add7248859c87079"}
#这里说明下, Content-type is the format that declares what data is passed to the API, which is specified in JSON, because the Pre_data data above is converted into JSON format by me
#Accept是声明返回结果以什么样的格式显示, this also specifies the JSON format to display the returned results
request = Urllib2. Request (URL, json_data, header) #构造一次请求
response = Urllib2.urlopen (request) #构造一次HTTP访问
html = response.read ()
print HTML
if __name__=="__main__":
Test ()
This article is from the "Linux is belong to You" blog, make sure to keep this source http://jwh5566.blog.51cto.com/7394620/1760855
SALT-API Study Note One