• Salt 与Salt API配置


    1、安装

     

    [root@localhost yum.repos.d]# cat /etc/yum.repos.d/salt.repo 

    [saltstack-repo]

    name=SaltStack repo for Red Hat Enterprise Linux $releasever

    baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest

    enabled=1

    gpgcheck=1

    gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub

           https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/base/RPM-GPG-KEY-CentOS-7

     

    yum makecache

    yum -y install salt-master salt-minion salt-api openssl openssl-devel

     

    2、配置

    Salt master:

    [root@localhost ~]# egrep -v '^#|^$'  /etc/salt/master

    default_include: master.d/*.conf

    interface: 0.0.0.0

    file_roots:

      base:

        - /srv/salt

     

    Salt minion:

    [root@localhost ~]# egrep -v '^#|^$'  /etc/salt/minion

    master: 192.168.32.135

    id: 192.168.32.135

     

    启动服务:

    systemctl start salt-master

    systemctl start salt-minion

     

    提示:安装遇到如下问题的解决办法:

    2017-05-03 14:31:57,705 [salt.utils.network][WARNING ][15848] Cannot resolve address None info via socket: <class 'socket.gaierror'>

    这个错误,更改主机名即可;

     

    2017-05-03 14:59:14,999 [salt.utils.parsers][WARNING ][35108] Master received a SIGINT. Exiting.

    2017-05-03 15:01:02,633 [salt.utils.verify][WARNING ][36608] Insecure logging configuration detected! Sensitive data may be logged.

    貌似是默认的启动脚本问题,我这里直接用命令启动的,如下:

    nohup salt-master -l all &

    nohup salt-minion -l all &

     

     

    3、测试

    ###查看salt-key

    salt-key list

     

    ###验证通过

    salt-key -a 192.168.28.135

     

    ###相关测试

    salt '*' test.ping

     

    4、配置salt-master 与 salt-api

    ###生成SSL自签发证书

    [root@localhost ~]# cd /etc/pki/tls/certs/

    [root@localhost certs]# make testcert

    umask 77 ;

        /usr/bin/openssl genrsa -aes128 2048 > /etc/pki/tls/private/localhost.key

    Generating RSA private key, 2048 bit long modulus

    ...+++

    ..................................................................+++

    e is 65537 (0x10001)

    Enter pass phrase:    #键入加密短语,4到8191个字符

    Verifying - Enter pass phrase:    #确认加密短语

    umask 77 ;

        /usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days 365 -out /etc/pki/tls/certs/localhost.crt -set_serial 0

    Enter pass phrase for /etc/pki/tls/private/localhost.key:    #再次输入相同的加密短语

    You are about to be asked to enter information that will be incorporated

    into your certificate request.

    What you are about to enter is what is called a Distinguished Name or a DN.

    There are quite a few fields but you can leave some blank

    For some fields there will be a default value,

    If you enter '.', the field will be left blank.

    -----

    Country Name (2 letter code) [XX]:CN    #都可以选填

    State or Province Name (full name) []:Shanghai

    Locality Name (eg, city) [Default City]:Shanghai

    Organization Name (eg, company) [Default Company Ltd]:

    Organizational Unit Name (eg, section) []:

    Common Name (eg, your name or your server's hostname) []:

    Email Address []:972711021@qq.com

     

    提示:如果遇到相关错误,删掉文件/etc/pki/tls/private/localhost.key文件,然后再make testcert

     

    [root@localhost certs]# cd ../private

    [root@localhost private]# openssl rsa -in localhost.key -out localhost_nopass.key

    Enter pass phrase for localhost.key:    #输入之前的加密短语

    writing RSA key

     

     

    ###创建salt-api用户

    [root@localhost private]# useradd -M -s /sbin/nologin saltapi

    [root@localhost private]# passwd saltapi

    更改用户 saltapi 的密码

    新的 密码:

    无效的密码: 密码包含用户名在某些地方

    重新输入新的 密码:

    passwd:所有的身份验证令牌已经成功更新。

     

     

    ###创建相关配置文件

    新增加配置文件/etc/salt/master.d/api.conf和/etc/salt/master.d/eauth.conf

    #该配置文件给予saltapi用户所有模块使用权限,出于安全考虑一般只给予特定模块使用权限

    [root@saltstack master.d]# cat eauth.conf

    external_auth:

      pam:

        saltapi:

          - .*

    [root@saltstack master.d]#

    [root@saltstack master.d]# cat api.conf

    rest_cherrypy:

      port: 8888

      ssl_crt: /etc/pki/tls/certs/localhost.crt

      ssl_key: /etc/pki/tls/private/localhost_nopass.key

    [root@saltstack master.d]#

     

    systemctl restart salt-master

    systemctl start salt-api

     

    5、测试salt-api

     

    ###获取token

     

    curl -k https://192.168.32.147:8888/login -H "Accept: application/x-yaml" -d username='saltapi' -d password='saltapi@123' -d eauth='pam'        

     

    ###获取token后,执行相关操作

    curl -k https://192.168.32.147:8888/ -H "Accept: application/x-yaml" -H "X-Auth-Token: 281bb65bdeca73a4dcee13cdcbfe5b47553ce82e" -d client='local' -d tgt='*' -d fun='test.ping'

     

    curl -k https://192.168.32.135:8888/ -H "Accept: application/x-yaml" -H "X-Auth-Token: 281bb65bdeca73a4dcee13cdcbfe5b47553ce82e" -d client='local' -d tgt='*' -d fun='test.echo' -d arg='hello world'

  • 相关阅读:
    IOS中彻底删除mysql方法
    (iOS)Storyboard/xib小技巧
    (iOS)关于GCD死锁的问题
    android-通知Notification
    android-多线程
    android-服务Service
    android-OptionMenu
    android-SQLite 和 Content
    android-数据持久化
    Russia
  • 原文地址:https://www.cnblogs.com/yangxiaoyi/p/7093381.html
Copyright © 2020-2023  润新知