以下操作均在master上操作
1. 安装api
netapi modules(httpapi)有三种,分别是rest_cherrypy、rest_tornado、rest_wsig,接下来要讲的是rest_cherrypy
doc:https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html
yum install -y salt-api
pip install cherrypy
2. 生成证书
[root@localhost ~]# yum install -y openssl [root@localhost ~]# cd /etc/salt/ [root@localhost salt]# mkdir keycrt [root@localhost salt]# cd keycrt/ [root@localhost keycrt]# openssl genrsa -out key.pem 4096 [root@localhost keycrt]# openssl req -new -x509 -key key.pem -out cert.pem -days 1826
3. 配置salt-api的配置文件
[root@localhost keycrt]# cd /etc/salt/master.d/ [root@localhost master.d]# cat api.conf rest_cherrypy: //还有好多可以写的参数,参考docport: 8000ssl_crt: /etc/salt/keycrt/cert.pemssl_key: /etc/salt/keycrt/key.pem------------------------------------------------------> [root@localhost master.d]# cat eauth.conf external_auth:pam:saltapi: //认证的用户名- .*- '@wheel'- '@runner'-----------------------------------------------------> //创建用户名 [root@localhost master.d]# useradd -M -s /sbin/nologin saltapi [root@localhost master.d]# echo "saltapi" |passwd saltapi --stdin
4. 启动api
[root@localhost master.d]# systemctl restart salt-master [root@localhost master.d]# systemctl start salt-api [root@localhost master.d]# netstat -lnp |grep 8000 tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 36821/python
5. 获取token
# Time (in seconds) for a newly generated token to live. Default: 12 hours
#token_expire: 43200
#token有效期为12个小时,可以在master配置文件更改
5.1 https方式
[root@localhost master.d]# curl -X POST -k https://192.168.123.106:8000/login -d username='saltapi' -d password='saltapi' -d eauth='pam' |python -m json.tool% Total % Received % Xferd Average Speed Time Time Time CurrentDload Upload Total Spent Left Speed 100 240 100 197 100 43 1450 316 --:--:-- --:--:-- --:--:-- 1459 {"return": [{"eauth": "pam","expire": 1517772071.637639,"perms": [".*","@wheel","@runner"],"start": 1517728871.637638,"token": "55d8ccc1ab3f8ba069b6fbe21cae1686c4d5823e","user": "saltapi"}] }
通过工具postman提交post请求,基本上是图片,懒得贴了
5.2 http方式
显式禁用证书验证,不需要生成证书
[root@localhost master.d]# cat api.conf //更改配置文件 rest_cherrypy:port: 8000disable_ssl: True # ssl_crt: /etc/salt/keycrt/cert.pem # ssl_key: /etc/salt/keycrt/key.pem--------------------------------------------------------------> [root@localhost master.d]# systemctl restart salt-master [root@localhost master.d]# systemctl restart salt-api-------------------------------------------------------------> [root@localhost master.d]# curl -X POST -k http://192.168.123.106:8000/login -d username='saltapi' -d password='saltapi' -d eauth='pam' |python -m json.tool% Total % Received % Xferd Average Speed Time Time Time CurrentDload Upload Total Spent Left Speed 100 240 100 197 100 43 2594 566 --:--:-- --:--:-- --:--:-- 2626 {"return": [{"eauth": "pam","expire": 1517774657.797506,"perms": [".*","@wheel","@runner"],"start": 1517731457.797506,"token": "62dbdca57f854b624802d44601426808c8855b3c","user": "saltapi"}] }
6. 执行模块
[root@localhost master.d]# curl -X POST -k https://192.168.123.106:8000/login -d username='saltapi' -d password='saltapi' -d eauth='pam' |python -m json.tool% Total % Received % Xferd Average Speed Time Time Time CurrentDload Upload Total Spent Left Speed 100 240 100 197 100 43 1281 279 --:--:-- --:--:-- --:--:-- 1287 {"return": [{"eauth": "pam","expire": 1517775225.766237,"perms": [".*","@wheel","@runner"],"start": 1517732025.766237,"token": "3643e2f1b04e3280e1aa9cffec9eaaab98feff13","user": "saltapi"}] }[root@localhost master.d]# curl -X POST -k https://192.168.123.106:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 3643e2f1b04e3280e1aa9cffec9eaaab98feff13' -d client='local' -d tgt='*' -d fun='test.ping' return: - 192.168.123.107: true[root@localhost master.d]# curl -X POST -k https://192.168.123.106:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 3643e2f1b04e3280e1aa9cffec9eaaab98feff13' -d client='local' -d tgt='*' -d fun='cmd.run' -d arg='uptime' return: - 192.168.123.107: ' 16:22:24 up 1 day, 1:40, 2 users, load average: 0.00, 0.01,0.05'
7. 执行runner
[root@localhost master.d]# curl -X POST -k https://192.168.123.106:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 3643e2f1b04e3280e1aa9cffec9eaaab98feff13' -d client='runner' -d fun='manage.status' return: - down: []up:- 192.168.123.107
_modules:
[root@bogon _modules]# cat jd.py #!/usr/bin/env pythonimport codecsdef hello(key ,value, param):return {'key': key, 'value': value, 'param': param}def world(name):return {'name': name}def meminfo():with codecs.open('/proc/meminfo') as fd:for line in fd:if line.startswith('MemAvailable'):result = str(int(line.split()[1])/1024.0) + 'M'return {'MemAvailable': result}
_runner:
[root@bogon _runner]# cat testparam.py #!/usr/bin/env pythonimport time import salt.clientdef get(minion, function, params):__opts__ = salt.config.client_config('/etc/salt/master')conf_file = __opts__['conf_file']localclient = salt.client.LocalClient(conf_file)jid = localclient.cmd_async(minion, function, params.split(','))wait_time = 0sleep_interval = 1while wait_time < __opts__['timeout']:print('wait {0} seconds'.format(wait_time))result = localclient.get_cache_returns(jid)if result:print(type(result))return resulttime.sleep(sleep_interval)wait_time += sleep_intervaldef get_no_param(minion, function):__opts__ = salt.config.client_config('/etc/salt/master')conf_file = __opts__['conf_file']localclient = salt.client.LocalClient(conf_file)jid = localclient.cmd_async(minion, function)wait_time = 0sleep_interval = 1while wait_time < __opts__['timeout']:print('wait {0} seconds'.format(wait_time))result = localclient.get_cache_returns(jid)if result:print(type(result))return resulttime.sleep(sleep_interval)wait_time += sleep_interval
8. 判断token是否过期
携带token访问https://192.168.123.106/stats,如果状态码为200,token没过期,状态码为401,token过期
![MASA MAUI Plugin (六)集成个推,实现本地消息推送[Android] 篇](http://pic.xiahunao.cn/MASA MAUI Plugin (六)集成个推,实现本地消息推送[Android] 篇)
)
