No permission error occurs when calling wheel module using the Saltstack API
[[email protected] ~]# curl -k -v https://localhost:8000 -H "Accept: application/x-yaml" -H "X-auth-token: 65198e689eb5e720ce75970a4b10da91dc003211 " -d client= ' wheel ' -d fun= ' Key.list_all ' * about to connect () to localhost port 8000 (#0) * trying ::1... connection refused* Trying 127.0.0.1... connected* Connected to localhost ( 127.0.0.1) port 8000 (#0) * initializing nss with certpath: sql:/etc/ pki/nssdb* warning: ignoring value of ssl.verifyhost* skipping ssl Peer certificate verification* ssl connection using tls_rsa_with_aes_256_cbc_sha * server certificate:* subJect: o=default company ltd,l=default city,c=xx* start date: feb 15 09:34:13 2016 gmt* expire date: feb 14 09:34:13 2017 gmt* common name: (nil) * issuer: o=default company ltd,l=default city,c=xx > POST / HTTP/1.1> User-Agent: curl/7.19.7 (X86_64-REDHAT-LINUX-GNU) libcurl/7.19.7 nss/3.21 basic ecc zlib/1.2.3 libidn/1.18 libssh2/1.4.2> host: localhost:8000> accept: application/x-yaml> x-auth-token: 65198e689eb5e720ce75970a4b10da91dc003211> content-length: 29> content-type: application/x-www-form-urlencoded> < http/1.1 401 unauthorized< content-length: 735< access-control-expose-headers: get, post< Access-control-allow-credentials: true< vary: accept-encoding< server: cherrypy/3.2.2< allow: get, head, post< cache-control: private< date: fri, 05 may 2017 15:16:50 gmt< Access-Control-Allow-Origin: *< Content-Type: text/html;charset=utf-8< set-cookie: session_id=65198e689eb5e720ce75970a4b10da91dc003211; expires=sat, 06 may 2017 01:16:50 gmt; path=/< <! doctype html public "-//w3c//dtd xhtml 1.0 transitional//en" "http://www.w3.org/ Tr/xhtml1/dtd/xhtml1-transitional.dtd ">Need to modify master's configuration to authorize SALTAPI users
[Email protected] ~]# VIM/ETC/SALT/MASTEREXTERNAL_AUTH:PAM:SALTAPI:-. *-' @wheel ' [[email protected] ~] #/etc/init.d/salt-master restartstopping salt-master daemon: [OK]starting salt-master D Aemon: [OK]
re-execute command, execution succeeded
[[Email protected] ~]# curl -k https://localhost:8000 -h "Accept: application/x-yaml" -H "x-auth-token: Bb8bc594d3e9d7de6105046a07c9b2ba619161b2 " -d client= ' wheel ' -d fun= ' Key.list_all ' return:- data: _stamp: ' 2017-05-05t15:19:47.532569 ' fun: wheel.key.list_all jid: ' 20170505231946757429 ' return: local: - master.pem - master.pub minions: - test1.nginxs.net - test2.nginxs.net - test3.nginxs.net - test4.nginxs.net minions_denied: [] minions_pre: - test5.nginxs.net - test6.nginxs.net - test7.nginxs.net - test8.nginxs.net minions_rejected: [] success: true tag: salt/wheel/20170505231946757429 user: saltapi tag: salt/wheel/20170505231946757429
This article from "Yun Koriyuki My Journey" blog, reproduced please contact the author!
Saltstack API Wheel Module error http/1.1 401 Unauthorized