• salt-api安装与配置

    一,安装部分
    [root@LCB-U-syng01 ~]#wget https://pypi.python.org/packages/source/p/pip/pip-1.5.6.tar.gz#md5=01026f87978932060cc86c1dc527903e --no-check-certificate
    [root@LCB-U-syng01 ~]#tar xvfz pip-1.5.6.tar.gz
    [root@LCB-U-syng01 ~]#cd pip-1.5.6
    [root@LCB-U-syng01 pip-1.5.6]#python setup.py build
    [root@LCB-U-syng01 pip-1.5.6]#python setup.py install
    #安装完成后可以用pip freeze查看已安装的packages
    [root@LCB-U-syng01 pip-1.5.6]#pip freeze
    pip install cherrypy==3.2.3
    yum install salt-api      
    也可以用pip install salt-api==0.8.3,我这里提示安装不上,所以没用,

    二、证书配置
    cd /etc/pki/tls/certs
    [root@LCB-U-syng01 certs]# make testcert
    umask 77 ;
        /usr/bin/openssl genrsa -aes128 2048 > /etc/pki/tls/private/localhost.key
    Generating RSA private key, 2048 bit long modulus
    ...+++
    ..................................................................+++
    e is 65537 (0x10001)
    Enter pass phrase:    #键入加密短语,4到8191个字符
    Verifying - Enter pass phrase:    #确认加密短语
    umask 77 ;
        /usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days 365 -out /etc/pki/tls/certs/localhost.crt -set_serial 0
    Enter pass phrase for /etc/pki/tls/private/localhost.key:    #再次输入相同的加密短语
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [XX]:CN    #都可以选填
    State or Province Name (full name) []:Shanghai
    Locality Name (eg, city) [Default City]:Shanghai
    Organization Name (eg, company) [Default Company Ltd]:
    Organizational Unit Name (eg, section) []:
    Common Name (eg, your name or your server's hostname) []:
    Email Address []:1989051805@qq.com
    [root@LCB-U-syng01 certs]# cd ../private/
    [root@LCB-U-syng01 private]# openssl rsa -in localhost.key -out localhost_nopass.key
    Enter pass phrase for localhost.key:    #输入之前的加密短语
    writing RSA key


    三、salt-api账号权限配置
    [root@LCB-U-syng01 ~]#useradd -M -s /sbin/nologin deployer
    #由于是测试,故采用了弱密码"password",正式环境必须采用强密码,多用特殊字符
    [root@LCB-U-syng01 ~]# passwd deployer

    配置api.conf
    [root@LCB-U-syng01 master.d]# cat api.conf
    rest_cherrypy:
      port: 8888
      debug: True
      ssl_crt: /etc/pki/tls/certs/localhost.crt
      ssl_key: /etc/pki/tls/private/localhost_nopass.key
    配置eauth.conf
    root@LCB-U-syng01 master.d]# cat eauth.conf
    external_auth:
        pam:
          deployer:
             - .*
             - '@wheel'
             - '@runner'

            
    踩过的坑,如果不配置/etc/salt/master,获取token时会提示    401,权限不足
    #vi /etc/salt/master配置权限
    external_auth:
      pam:
        deployer:
          - .*
          - '@wheel'
          - '@runner'
          - test.*

          
    获取token
    [root@LCB-U-syng01 master.d]# curl -k https://localhost:8888/login -H "Accept: application/x-yaml"
    >      -d username='deployer'
    >      -d password='deployer.123'
    >      -d eauth='pam'
    return:
    - eauth: pam
      expire: 1497638824.219074
      perms:
      - .*
      - '@wheel'
      - '@runner'
      start: 1497595624.2190731
      token: 7abfbf28e7337188c28edcfa6f77424b93ba7908
      user: deployer

     出现如下,表示成功
    #curl -k https://172.16.250.34:8888/ -H "Accept: application/x-yaml" -H "X-Auth-Token: 7abfbf28e7337188c28edcfa6f77424b93ba7908" -d client='local' -d tgt='*' -d fun='test.ping'
    return:
    - LCB-U-assets01-124: true
      LCB-U-assets02-125: true
      LCB-U-assetsht-126: true
      LCB-U-fdfs01-141: true
      LCB-U-fdfs02-142: true
      LCB-U-ha01-120: true
      LCB-U-ha02-121: true
      LCB-U-ht01-32: true

  • 相关阅读:
    asyncio异步IO--协程(Coroutine)与任务(Task)详解
    python爬虫实战:利用scrapy,短短50行代码下载整站短视频
    深入理解Git的实现原理
    Upsource 代码审查工具安装及使用
    MAC MAMP集成环境安装 PHP 扩展
    千万数据量数据表分表实践
    设计模式:序言
    设计模式 行为型
    PHP5底层原理之变量
    PHP5底层原理之垃圾回收机制
  • 原文地址:https://www.cnblogs.com/franjia/p/7027656.html
Copyright © 2020-2023  润新知