SaltStack官方提供有REST API格式的api项目,使得salt与第三方系统集成变得更加简单。
以下操作前提是您已经安装好salt-master和salt-api服务1、配置salt-master,开启rest_cherrypy服务这里偷懒,没有使用ssl,所以直接禁用ssl了,线上环境建议使用ssl
rest_cherrypy:
port:8181
host:0.0.0.0
disable_ssl:True
2、配置pam验证,
external_auth:
pam:
saltuser:
-.*
-'@runner'
-'@wheel'
-'@jobs'
以上两个修改都是在/etc/salt/master文件中
3、创建认证用户,并设置密码
useradd-M-s/sbin/nologinsaltuser
4、重启salt-master和启动salt-api
systemctlrestartsalt-master
systemctlrestartsalt-api
5、查看salt监听端口
[root@qd01-stop-saltmaster001~]#ss-ltnp
StateRecv-QSend-QLocalAddress:PortPeerAddress:Port
LISTEN030*:8181*:*users:(("salt-api",pid=13833,fd=11))
LISTEN01000*:4505*:*users:(("salt-master",pid=12235,fd=18))
LISTEN01000*:4506*:*users:(("salt-master",pid=12332,fd=32))
6、验证login登录,获取token字符串
[root@saltmaster001~]#curl-sShttp://localhost:8181/login-H'Accept:application/x-yaml'-dusername=saltuser-dpassword=saltuser-deauth=pam
return:
-eauth:pam
expire:1610484091.7311294
perms:
-.*
-'@runner'
-'@wheel'
-'@jobs'
start:1610440891.731129
token:49d2bedbddf71dd6c4af3c2f5e09797b2cf0d9aa
user:saltuser
7、通过api执行test.ping测试
[root@saltmaster001~]#curl-sSkhttp://localhost:8181-H'Accept:application/x-yaml'-H'X-Auth-Token:49d2bedbddf71dd6c4af3c2f5e09797b2cf0d9aa'-dclient=local-dtgt='*monitor004*'-dfun=test.ping
return:
-monitor004:true
可以看到,返回值和直接在cmd执行test.ping一样
8、通过api执行cmd.run
[root@saltmaster001~]#curl-sSkhttp://localhost:8181-H'Accept:application/x-yaml'-H'X-Auth-Token:49d2bedbddf71dd6c4af3c2f5e09797b2cf0d9aa'-dclient=local-dtgt='qd01-stop-monitor004*'-dfun=cmd.run-darg='uptime'
return:
-monitor004:'16:44:51up586days,12:47,0users,load
average:0.00,0.00,0.00'
更多信息请参见https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#a-rest-api-for-salt