salt-api现在已经正常运行,接下来则是实现通过调用salt-api来执行salt命令。
调用salt-api执行命令时,记得携带c_path参数
因为salt中自带了tornado这个库,所以决定基于tornado.httpclient来封装HTTP请求。
交互模式:
>>> import json
>>> from tornado.httpclient import HTTPClient, HTTPRequest
>>> client = HTTPClient()
# 请求头中声明通过json提交内容
>>> headers = {'Content-Type': 'application/json'}
>>> body1 = {'username': 'salttest', 'password': 'password', 'eauth': 'pam'}
>>> url = 'https://localhost:8090/'
# 这里指定需指定validate_vert=False, 否则HTTPClient无法访问https
>>> request1 = HTTPRequest(url=url+'login', method='POST', headers=headers, body=json.dumps(body), validate_cert=False)
>>> response1 = client.fetch(request1)
>>> response1.body
'{"return": [{"perms": [".*"], "start": 1488443323.968138,
"token": "0daf377b4611db***8419f515d18744338",
"expire": 1488486523.968139, "user": "uyun", "eauth": "pam"}]}'
>>> headers['X-Auth-Token'] = '0daf377b4611db***8419f515d18744338'
>>> body2 = {'client': 'local', 'tgt': '*', 'fun': 'test.ping', 'c_path': '/root/SaltWeb/conf'}
>>> request2 = HTTPRequest(url=url, method='POST', headers=headers, body=json.dumps(body), validate_cert=False)
>>> response2 = client.fetch(request2)
>>> response2.body
'{"return": [{"10.1.240.213": "localhost.localdomain"}]}'
以上就是大致流程,接下来对操作进行简单的封装。
# coding: utf-8
import json
from urlparse import urljoin
from tornado.httpclient import HTTPClient, HTTPRequest, HTTPError
class SaltClient(object):
def __init__(self, url, username, password, c_path=None):
self._url = url
self._un = username
self._pw = password
self._cpath = c_path
self._token = None
@property
def headers(self):
headers = {'Content-Type': 'application/json',
'Accept': 'application/json'}
if self._token:
headers['X-Auth-Token'] = self._token
return headers
def get_token(self):
url = urljoin(self._url, 'login')
params = {'username': self._un,
'password': self._pw,
'eauth': 'pam'}
response = self.post(url, params)
return response['return'][0]['token']
def _request(self, url, method, body, validate_cert=False, **kwargs):
return HTTPRequest(url=url,
method=method,
headers=self.headers,
body=json.dumps(body),
validate_cert=validate_cert,
**kwargs)
def post(self, url, params):
client = HTTPClient()
try:
request = self._request(url, 'POST', params)
response = client.fetch(request).body
except HTTPError as e:
if e.code == 401:
self._token = self.get_token()
response = self.post(url, params)
else:
raise
if isinstance(response, str):
response = json.loads(response)
return response
def cmd(self, client, tgt, fun, arg=None, **kwargs):
params = {'client': client, 'tgt': tgt, 'fun': fun}
if arg:
params['arg'] = arg
if self._cpath:
params['c_path'] = self._cpath
ret = self.post(self._url, params)
return ret['return']
逻辑很简单,主要通过调用cmd()方法执行命令,因为token存在时效性,当token过期时,
调用命令会抛出401错误授权的异常,捕获到之后重新获取一次token,依次循环。