Saltstack学习（六）-执行模块开发及API使用

一、执行模块开发

saltstack内置python模块存放路径：/usr/lib/python2.7/site-packages/salt/modules

1.1、自定义模块

#编写python模块
[root@salt-master ~]# mkdir -p /srv/salt/base/_modules
[root@salt-master ~]# cd /srv/salt/base/_modules
[root@salt-master _modules]# vim my_disk.py
def list():
    cmd = 'df -h'
    ret = __salt__['cmd.run'](cmd)
    return ret

#同步minion
[root@salt-master _modules]# salt '*' saltutil.sync_modules saltenv=base  #可以指定环境

#minion上查看
[root@syndic modules]# pwd
/var/cache/salt/minion/extmods/modules   #master推过来的模块文件路径
[root@syndic modules]# ll
-rw------- 1 root root 80 Sep  1 14:24 my_disk.py

#执行测试
[root@salt-master _modules]# salt '*' my_disk.list
salt-minion1-c7:
    Filesystem      Size  Used Avail Use% Mounted on
    /dev/sda2        48G  2.3G   46G   5% /
    devtmpfs        479M     0  479M   0% /dev
    tmpfs           489M   28K  489M   1% /dev/shm
    tmpfs           489M  6.7M  482M   2% /run
    tmpfs           489M     0  489M   0% /sys/fs/cgroup
    tmpfs            98M     0   98M   0% /run/user/0
salt-minion2-c7:
    Filesystem      Size  Used Avail Use% Mounted on
    /dev/sda2        48G  2.3G   46G   5% /
    devtmpfs        479M     0  479M   0% /dev
    tmpfs           489M   12K  489M   1% /dev/shm
    tmpfs           489M  6.7M  482M   2% /run
    tmpfs           489M     0  489M   0% /sys/fs/cgroup
    tmpfs            98M     0   98M   0% /run/user/0

二、salt API使用

文档：https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html

2.1、在master上安装及配置salt-api

#1、安装salt-api
[root@salt-master ~]# yum install salt-api -y

#2、生成自签名证书
[root@salt-master ~]# salt-call --local tls.create_self_signed_cert
'tls' __virtual__ returned False: PyOpenSSL version 0.10 or later must be installed before this module can be used.     #需要安装PyOpenSSL
[root@salt-master ~]# curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
[root@salt-master ~]#  sudo python get-pip.py   #安装pip
[root@salt-master ~]# pip install pyOpenSSL   #安装pyOpenSSL
[root@salt-master ~]# salt-call --local tls.create_self_signed_cert
local:
    Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt."

#3、编辑master配置文件
[root@salt-master ~]# vim /etc/salt/master
default_include: master.d/*.conf

#4、创建配置文件
[root@salt-master master.d]# pwd
/etc/salt/master.d
[root@salt-master master.d]# cat api.conf 
rest_cherrypy:
  host: 10.0.0.11
  port: 8000
  ssl_crt: /etc/pki/tls/certs/localhost.crt
  ssl_key: /etc/pki/tls/certs/localhost.key
[root@salt-master master.d]# cat eauth.conf 
external_auth:
  pam:
    saltapi:
      - .*
      - '@wheel'
      - '@runner'
      - '@jobs'

#5、创建saltapi用户
[root@salt-master master.d]# useradd -M -s /sbin/nologin saltapi
[root@salt-master master.d]# echo saltapi|passwd saltapi --stdin

#重启master，启动salt-api，并验证
[root@salt-master master.d]# systemctl restart salt-master
[root@salt-master master.d]# systemctl start salt-api
[root@salt-master master.d]# systemctl status salt-api
[root@salt-master master.d]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1137/sshd           
tcp        0      0 0.0.0.0:4505            0.0.0.0:*               LISTEN      27432/python        
tcp        0      0 0.0.0.0:4506            0.0.0.0:*               LISTEN      27438/python        
tcp        0      0 10.0.0.11:8000          0.0.0.0:*               LISTEN      28552/python    #salt-api监听8000端口    
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      1352/mysqld         
tcp6       0      0 :::22                   :::*                    LISTEN      1137/sshd           
udp        0      0 127.0.0.1:323           0.0.0.0:*                           589/chronyd         
udp6       0      0 ::1:323                 :::*                                589/chronyd 

2.2、api使用

1）登录测试

curl -sSk https://10.0.0.11:8000/login 
     -H 'Accept: application/x-yaml' 
     -d username=saltapi 
     -d password=saltapi 
     -d eauth=pam

#返回如下
return:
- eauth: pam
  expire: 1567365276.108259
  perms:
  - .*
  - '@wheel'
  - '@runner'
  - '@jobs'
  start: 1567322076.108258
  token: 7b9b6ded39a094f931896fdae6585602469fb161
  user: saltapi

2）查看grains

#json显示  
curl -k https://10.0.0.11:8000/minions/salt-minion1-c7 
-H "Accept: application/json" 
-H "X-Auth-Token: 7b9b6ded39a094f931896fdae6585602469fb161"

#yaml显示
curl -k https://10.0.0.11:8000/minions/salt-minion1-c7 
-H "Accept: application/x-yaml" 
-H "X-Auth-Token: 7b9b6ded39a094f931896fdae6585602469fb161"

3）执行模块

curl -k https://10.0.0.11:8000/ 
-H "Accept: application/x-yaml" 
-H "X-Auth-Token: 7b9b6ded39a094f931896fdae6585602469fb161" 
-d client='local' 
-d tgt='*' 
-d fun='test.ping'

异步执行模块
curl -k https://10.0.0.11:8000/ 
-H "Accept: application/x-yaml" 
-H "X-Auth-Token: 7b9b6ded39a094f931896fdae6585602469fb161" 
-d client='local_async' 
-d tgt='*' 
-d fun='state.highstate'

带参数的执行模块
curl -k https://10.0.0.11:8000/ 
-H "Accept: application/x-yaml" 
-H "X-Auth-Token: 7b9b6ded39a094f931896fdae6585602469fb161" 
-d client='local' 
-d tgt='*' 
-d fun='cmd.run' 
-d arg='df -h'

4）获取Job列表

curl -k https://10.0.0.11:8000/jobs 
-H "Accept: application/x-yaml" 
-H "X-Auth-Token: 7b9b6ded39a094f931896fdae6585602469fb161"

curl -k https://10.0.0.11:8000/jobs/20190901151911550580 
-H "Accept: application/x-yaml" 
-H "X-Auth-Token: 7b9b6ded39a094f931896fdae6585602469fb161"