Saltstack之Salt-api安装使用

安装salt api

yum -y install salt-api pyOpenSSL
chkconfig salt-api on

创建用户，saltapi认证使用

useradd -M -s /sbin/nologin kbson
echo 'kbson' | passwd kbson --stdin

添加salt api配置

[root@operation ops]# cat /etc/salt/master.d/api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/certs/localhost.key
external_auth:
pam:
kbson:
- .*
- '@wheel'
- '@runner'

不使用ssl

rest_cherrypy:
port: 8000
#ssl_crt: /etc/pki/tls/certs/localhost.crt
#ssl_key: /etc/pki/tls/private/localhost.key
disable_ssl: True
external_auth:
pam:
kbson:
- .*
- '@wheel'
- '@runner'

生成自签名证书

[root@operation ops]# salt-call tls.create_self_signed_cert
local:
    Certificate "localhost" already exists

提示已经存在时，可以删除/etc/pki/tls/certs/localhost.crt  /etc/pki/tls/certs/localhost.key重新生成

获取token

[root@operation ops]# curl -k https://192.168.62.200:8000/login  -H "Accept: application/x-yaml" -d username='kbson' -d password='kbson' -d eauth='pam'
return:
- eauth: pam
expire: 1480714218.787106
perms:
- .*
- '@wheel'
- '@runner'
start: 1480671018.787106
token: ab3749a9a0fe83386b8a5d558d10e346c252e336
user: kbson

重启salt-api后token会改变

执行models，test.ping测试minion连通性

[root@operation ops]# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='local' -d tgt='*' -d fun='test.ping'
return:
- operation: true

远程执行命令

[root@operation ops]# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='local' -d tgt='*' -d fun='cmd.run'   -d arg='free -m'
return:
- operation: '             total       used       free     shared    buffers     cached

Mem:           988        932         56          1         19        107

-/+ buffers/cache:        805        182

Swap:         1983        382       1601'

远程执行多个minion命令

[root@operation ops]# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336"  -d client='local' -d tgt='operation,slave01'  -d expr_form='list'  -d fun='cmd.run' -d arg='free -m'
return:
- operation: '             total       used       free     shared    buffers     cached

    Mem:           988        925         63          1         21         81

    -/+ buffers/cache:        821        166

    Swap:         1983        393       1590'
  slave01: '             total       used       free     shared    buffers     cached

    Mem:          1870        622       1248          6         79        300

    -/+ buffers/cache:        242       1628

    Swap:         2047          0       2047'
[root@operation ops]#

执行wheel

查看minion key状态

[root@operation ops]# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='wheel'  -d fun='key.list_all'
return:
- data:
_stamp: '2016-12-02T09:30:35.235660'
fun: wheel.key.list_all
jid: '20161202173034905379'
return:
local:
- master.pem
- master.pub
minions:
- operation
- slave01
minions_denied: []
minions_pre: []
minions_rejected: []
success: true
tag: salt/wheel/20161202173034905379
user: kbson
tag: salt/wheel/20161202173034905379

查看sls模块信息

wheel.file_roots.list_roots

# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 2ea1a20373900c311cf4ab1a707da5de4c9c44fc" -d client='wheel'  -d fun='file_roots.list_roots'
return:
- data:
_stamp: '2016-12-16T16:16:46.198753'
fun: wheel.file_roots.list_roots
jid: '20161217001646168084'
return:
app:
- /data/salt/app:
memcached:
file:
install_memcached-1.4.15.tar.gz: f
init.sls: f
install.sls: f
nginx:
conf.sls: f
file:
nginx: f
nginx-1.2.5.tar.gz: f
nginx.conf: f
nginx_log_cut.sh: f
vhost.conf: f
init.sls: f
install.sls: f
vhost.sls: f

执行runner

查看saltenv环境配置

# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 2ea1a20373900c311cf4ab1a707da5de4c9c44fc" -d client='runner'  -d fun='fileserver.envs'
return:
- - app
- base
- online

查看minion运行状态

[root@operation ops]# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ab3749a9a0fe83386b8a5d558d10e346c252e336" -d client='runner'  -d fun='manage.status'
return:
- down:
- slave01
up:
- operation

异步执行命令job

# curl -k https://192.168.62.200:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 14e719b94839b680e7860bfa34db7a385070dd53" -d client="local_async" -d expr_form="glob" -d tgt="operation"   -d fun="cmd.run" -d  arg="free -m"
return:
- jid: '20161205111629216443'
minions:
- operation

# curl -k https://192.168.62.200:8000/jobs/20161205111629216443 -H "Accept: application/x-yaml" -H "X-Auth-Token: 14e719b94839b680e7860bfa34db7a385070dd53"
info:
- Arguments:
- free -m
Function: cmd.run
Minions:
- operation
Result:
operation:
return: '             total       used       free     shared    buffers     cached

Mem:           988        928         59          1         17         75

-/+ buffers/cache:        836        152

Swap:         1983        330       1653'
StartTime: 2016, Dec 05 11:16:29.216443
Target: operation
Target-type: glob
User: kbson
jid: '20161205111629216443'
return:
- operation: '             total       used       free     shared    buffers     cached

Mem:           988        928         59          1         17         75

-/+ buffers/cache:        836        152

Swap:         1983        330       1653'