salt-api安装与配置

salt-api安装与配置

一，安装部分
[root@LCB-U-syng01 ~]#wget https://pypi.python.org/packages/source/p/pip/pip-1.5.6.tar.gz#md5=01026f87978932060cc86c1dc527903e --no-check-certificate
[root@LCB-U-syng01 ~]#tar xvfz pip-1.5.6.tar.gz
[root@LCB-U-syng01 ~]#cd pip-1.5.6
[root@LCB-U-syng01 pip-1.5.6]#python setup.py build
[root@LCB-U-syng01 pip-1.5.6]#python setup.py install
#安装完成后可以用pip freeze查看已安装的packages
[root@LCB-U-syng01 pip-1.5.6]#pip freeze
pip install cherrypy==3.2.3
yum install salt-api
也可以用pip install salt-api==0.8.3,我这里提示安装不上，所以没用，

二、证书配置
cd /etc/pki/tls/certs
[root@LCB-U-syng01 certs]# make testcert
umask 77 ;
    /usr/bin/openssl genrsa -aes128 2048 > /etc/pki/tls/private/localhost.key
Generating RSA private key, 2048 bit long modulus
...+++
..................................................................+++
e is 65537 (0x10001)
Enter pass phrase:    #键入加密短语，4到8191个字符
Verifying - Enter pass phrase:    #确认加密短语
umask 77 ;
    /usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days 365 -out /etc/pki/tls/certs/localhost.crt -set_serial 0
Enter pass phrase for /etc/pki/tls/private/localhost.key:    #再次输入相同的加密短语
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN    #都可以选填
State or Province Name (full name) []:Shanghai
Locality Name (eg, city) [Default City]:Shanghai
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:1989051805@qq.com
[root@LCB-U-syng01 certs]# cd ../private/
[root@LCB-U-syng01 private]# openssl rsa -in localhost.key -out localhost_nopass.key
Enter pass phrase for localhost.key:    #输入之前的加密短语
writing RSA key

三、salt-api账号权限配置
[root@LCB-U-syng01 ~]#useradd -M -s /sbin/nologin deployer
#由于是测试，故采用了弱密码"password"，正式环境必须采用强密码，多用特殊字符
[root@LCB-U-syng01 ~]# passwd deployer

配置api.conf
[root@LCB-U-syng01 master.d]# cat api.conf
rest_cherrypy:
port: 8888
debug: True
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/private/localhost_nopass.key
配置eauth.conf
root@LCB-U-syng01 master.d]# cat eauth.conf
external_auth:
    pam:
      deployer:
         - .*
         - '@wheel'
         - '@runner'


踩过的坑，如果不配置/etc/salt/master，获取token时会提示   401，权限不足
#vi /etc/salt/master配置权限
external_auth:
pam:
    deployer:
      - .*
      - '@wheel'
      - '@runner'
      - test.*


获取token
[root@LCB-U-syng01 master.d]# curl -k https://localhost:8888/login -H "Accept: application/x-yaml"
>      -d username='deployer'
>      -d password='deployer.123'
>      -d eauth='pam'
return:
- eauth: pam
expire: 1497638824.219074
perms:
- .*
- '@wheel'
- '@runner'
start: 1497595624.2190731
token: 7abfbf28e7337188c28edcfa6f77424b93ba7908
user: deployer

出现如下，表示成功
#curl -k https://172.16.250.34:8888/ -H "Accept: application/x-yaml" -H "X-Auth-Token: 7abfbf28e7337188c28edcfa6f77424b93ba7908" -d client='local' -d tgt='*' -d fun='test.ping'
return:
- LCB-U-assets01-124: true
LCB-U-assets02-125: true
LCB-U-assetsht-126: true
LCB-U-fdfs01-141: true
LCB-U-fdfs02-142: true
LCB-U-ha01-120: true
LCB-U-ha02-121: true
LCB-U-ht01-32: true
相关阅读:
each和foreach的区别
 apply和call的用法
 js小知识点
 关于react的一些疑问点
 c语言字符动画的实现
 解决'chromedriver' executable needs to be in PATH问题！
二叉树的创建和遍历
 dns和dhcp
编写一个application程序实现如下功能：接受命令行中给出的一个字符串，先将字符串原样输出，然后判断该穿的第一个字母是否为大写，若是大写则统计该串中大写字母的个数，并将所有大写字母输出。
学生成绩管理系统究极版
原文地址：https://www.cnblogs.com/franjia/p/7027656.html