saltstack使用api接口实现推送
2019-06-19 21:31
197 查看
我们前面讲过了saltstack的c/s,ssh等推送方式,其实我们还可以使用api推送的方式来馆及节点,下面我们就来部署一下api接口的saltstack推送
1.之前因为使用ssh关掉了minion,我们重新先开启
[root@server2 minion]# systemctl start salt-minion [root@server3 minion]# systemctl start salt-minion
2.配置签名证书
由于现在大多数的api接口使用https的方式,那么我们就来创建证书
[root@server1 salt]# cd /etc/pki/tls/private/ [root@server1 private]# openssl genrsa 1024 我们使用rsa加密,加密位数为1024 Generating RSA private key, 1024 bit long modulus ..............++++++ ........................++++++ e is 65537 (0x10001) -----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQCrpYOCQdtD0AX7FBdBQxpWJjcv++XcD/GSwJAgPZRs+DLsyTyM YWKyxVroGte3X2vD2XZfoh9tEOK80b/xC6bPaBCGIuSWu6YYp74TgRzCOTP8Fav9 rh8KuO+GR7czFkf/2YHXRNB4b0PBJkQKB9yBiLFNniR20yurGln4G/5gxwIDAQAB AoGAS0/E4tsobJmSdja7eVwK6y+7WSdqFGM+eEhbNHowbJt+JJyrH2D/YDbtixdz /LY2X2lD4fQNW9pj0bsqP4YAOxqIz1nB+TaYDssEL9tAOol0n5V8A9sHmf0Y1rBP Cd+WISMKbpoddazSQq4GBw7s4mP2FBhJs3dspPp3T7qb4NECQQDW7nEe1QDu7rxP kwLnovpqfn4qshIv+Yfzp09p24rA+MFkY2ZYKzwgktbD9NDGHqinnC5QeGBJWWBF jYinZWdJAkEAzHHBF9A01ZAvWVf0Mhh70yr2xb1J7uoKOrq3ExTWrz7fyuInj3oj lPGSd2KPT8psjSSKmwfMR2xjJNB5uuE3jwJAePFnuh/GDK1OTcC967ZsDyzqtf/J +DED7XmCWGDvrTLNMD42wvphNTsrmszSBgoOgXKDJUj3dY7Te4/vC7Ml8QJAcDAA EMw9IfBUO0fLhe3vjQpnjkz4FDWz1VR+f+cQg+wRrGh74vzYJ7SEdiTMlbFz7ePe d4JI8+yjXyFTm1xZOwJAHheLXSk5c7DcW/VKiWe03yU9z+CMHfSEKL2qLdg2wtZi SFEi3ioaS6NZYCHXwUGeHnU5MmOahMve3/yUZg0hUA== -----END RSA PRIVATE KEY----- [root@server1 private]# openssl genrsa 1024 > localhost.key [root@server1 private]# ls localhost.key [root@server1 private]# cd .. [root@server1 tls]# cd certs/ [root@server1 certs]# ls ca-bundle.crt ca-bundle.trust.crt make-dummy-cert Makefile renew-dummy-cert [root@server1 certs]# make testcert 因为这里有makefile的脚本文件,所以我们直接使用它来创建证书
3.编辑api.conf和auth.conf配置文件
[root@server1 certs]# cd /etc/salt/master.d/ [root@server1 master.d]# ls [root@server1 master.d]# vim api.conf [root@server1 master.d]# cat api.conf rest_cherrypy: port: 8000 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/private/localhost.key [root@server1 master.d]# vim auth.conf [root@server1 master.d]# cat auth.conf external_auth: pam: saltapi: - .* - '@wheel' - '@runner' - '@jobs'
4.创建一个saltapi用户(一会儿测试使用)
[root@server1 master.d]# useradd saltapi [root@server1 master.d]# passwd saltapi
5.打开salt-api,重起master,查看8000端口是否开启
[root@server1 master.d]# systemctl restart salt-api [root@server1 master.d]# systemctl restart salt-master [root@server1 master.d]# netstat -antlp | grep 8000 tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 14614/salt-api tcp 0 0 127.0.0.1:51028 127.0.0.1:8000 TIME_WAIT -
6.在物理机进行测试
1.验证服务并获取token
[root@foundation66 ~]# curl -sSk https://172.25.66.1:8000/login -H 'Accept: application/x-yaml' -d username=saltapi -d password=redhat -d eauth=pam return: - eauth: pam expire: 1561022083.921096 perms: - .* - '@wheel' - '@runner' - '@jobs' start: 1560978883.921095 token: 74dd0818ddf78811b3840444d8b04785dc121e82 user: saltapi
2.利用token号进行测试
[root@foundation66 ~]# curl -sSk https://172.25.66.1:8000 -H 'Accept: application/x-yaml' -H 'X-Auth- Token: 74dd0818ddf78811b3840444d8b04785dc121e82' -d client=local -d tgt='*' -d fun=test.ping return: - server2: true server3: true
3.配置python脚本测试能否成功
[root@foundation66 ~]# vim saltapi.py # -*- coding: utf-8 -*- import urllib2,urllib import time try: import json except ImportError: import simplejson as json class SaltAPI(object): __token_id = '' def __init__(self,url,username,password): self.__url = url.rstrip('/') self.__user = username self.__password = password def token_id(self): ''' user login and get token id ''' params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password} encode = urllib.urlencode(params) obj = urllib.unquote(encode) content = self.postRequest(obj,prefix='/login') try: self.__token_id = content['return'][0]['token'] except KeyError: raise KeyError def postRequest(self,obj,prefix='/'): url = self.__url + prefix headers = {'X-Auth-Token' : self.__token_id} req = urllib2.Request(url, obj, headers) opener = urllib2.urlopen(req) content = json.loads(opener.read()) return content def list_all_key(self): params = {'client': 'wheel', 'fun': 'key.list_all'} obj = urllib.urlencode(params) self.token_id() content = self.postRequest(obj) minions = content['return'][0]['data']['return']['minions'] minions_pre = content['return'][0]['data']['return']['minions_pre'] return minions,minions_pre def delete_key(self,node_name): params = {'client': 'wheel', 'fun': 'key.delete', 'match': node_name} obj = urllib.urlencode(params) self.token_id() content = self.postRequest(obj) ret = content['return'][0]['data']['success'] return ret def accept_key(self,node_name): params = {'client': 'wheel', 'fun': 'key.accept', 'match': node_name} obj = urllib.urlencode(params) self.token_id() content = self.postRequest(obj) ret = content['return'][0]['data']['suc 4000 cess'] return ret def remote_noarg_execution(self,tgt,fun): ''' Execute commands without parameters ''' params = {'client': 'local', 'tgt': tgt, 'fun': fun} obj = urllib.urlencode(params) self.token_id() content = self.postRequest(obj) ret = content['return'][0][tgt] return ret def remote_execution(self,tgt,fun,arg): ''' Command execution with parameters ''' params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg} obj = urllib.urlencode(params) self.token_id() content = self.postRequest(obj) ret = content['return'][0][tgt] return ret def target_remote_execution(self,tgt,fun,arg): ''' Use targeting for remote execution ''' params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg, 'expr_form': 'nodegroup'} obj = urllib.urlencode(params) self.token_id() content = self.postRequest(obj) jid = content['return'][0]['jid'] return jid def deploy(self,tgt,arg): ''' Module deployment ''' params = {'client': 'local', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg} obj = urllib.urlencode(params) self.token_id() content = self.postRequest(obj) return content def async_deploy(self,tgt,arg): ''' Asynchronously send a command to connected minions ''' params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg} obj = urllib.urlencode(params) self.token_id() content = self.postRequest(obj) jid = content['return'][0]['jid'] return jid def target_deploy(self,tgt,arg): ''' Based on the node group forms deployment ''' params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg, 'expr_form': 'nodegroup'} obj = urllib.urlencode(params) self.token_id() content = self.postRequest(obj) jid = content['return'][0]['jid'] return jid def main(): sapi = SaltAPI(url='https://172.25.66.1:8000',username='saltapi',password='redhat') 设置api接口,用户及用户密码 #sapi.token_id() print sapi.list_all_key() 列出所有节点 #sapi.delete_key('test-01') #sapi.accept_key('test-01') #sapi.deploy('*','httpd.apache') #print sapi.remote_noarg_execution('test-01','grains.items') if __name__ == '__main__': main()
这里的各种python脚本利用api接口的文件再github上有很多,可以自己下载一个,或者直接用我的这个进行测试也可以
[root@foundation66 ~]# python saltapi.py ([u'server2', u'server3'], [])
成功列出节点
修改python文件的主方法继续进行测试
def main(): sapi = SaltAPI(url='https://172.25.66.1:8000',username='saltapi',password='redhat') #sapi.token_id() #print sapi.list_all_key() #sapi.delete_key('test-01') #sapi.accept_key('test-01') sapi.deploy('server3','nginx.service') 注意这里使用的deploy我们使用的是我们之前写的部署nginx的sls文件,我们再server3上部署nginx #print sapi.remote_noarg_execution('test-01','grains.items')
为了消除实验影响,我们关闭server3上的nginx(无论其是否开启)
[root@server3 salt]# systemctl stop nginx [root@server3 salt]# curl server3 curl: (7) Failed connect to server3:80; Connection refused
测试
相关文章推荐
- SaltStack使用教程(五):命令拉取和推送文件
- saltstack多节点推送实现haproxy负载均衡集群
- SaltStack使用教程(六):管理服务妙用pillar实现centos6和centos7通配
- java中使用LinkedList实现stack机制
- 如何使用androidpn实现android手机消息推送(简单的源码分析)
- Android Push Notification实现信息推送使用
- 使用dwr Reverse AJAX实现数据推送
- Android Push Notification实现信息推送使用
- 使用Google Cloud Messaging (GCM)服务实现Android消息推送
- 使用Saltstack的ssh模块实现key的集中式管理 [salt.modules.ssh]
- 使用SignalR实现asp.net服务器端的推送(Server Push)
- Android Push Notification实现推送的使用过程
- Android Push Notification实现信息推送使用
- AndroidPn项目实现推送的使用过程
- 使用Pushlet实现后台信息推送(一)
- Android Push Notification实现信息推送使用(二)
- 使用GCM服务(Google Cloud Messaging)实现Android消息推送
- 使用Pushlet实现后台信息推送(一)一对多的信息推送
- Android Push Notification实现信息推送使用
- 如何使用androidpn实现android手机消息推送(简单的源码分析)