CentOS 安装及配置Salt api

安装

# yum -y install salt-api

更改配置

vim /etc/salt/master

把默认的注释掉  我们这边默认配置文件目录是/srv/salt

default_include: master.d/*.conf

创建目录

#cd /etc/salt
# mkdir master.d/
# cd master.d/

创建两个文件和添加配置

# cat api.conf 
rest_cherrypy:
  host: 0.0.0.0
  port: 8080
  debug: true
  disable_ssl: true

# cat eauch.conf 
external_auth:
  pam:
    saltapi:
      - .*
      - '@wheel'
      - '@runner'

创建用户

# useradd saltapi
# echo 123123 | passwd --stdin saltapi

重启salt-api

# /etc/init.d/salt-api restart
Stopping salt-api daemon:                                  [FAILED]
Starting salt-api daemon:                                  [  OK  ]

# /etc/init.d/salt-master restart
Stopping salt-master daemon:                               [FAILED]
Starting salt-master daemon:                               [  OK  ]

然后进行测试 是否安装成功

# curl -k http://10.20.0.100:8080/login -H "Accept: application/x-yaml" -d username='saltapi' -d password='123123'  -d eauth='pam'
return:
- eauth: pam
  expire: 1474258659.0838921
  perms:
  - .*
  - '@wheel'
  - '@runner'
  start: 1474215459.0838921
  token: 69bb58e4b6bb2026369a40fc40184a88e7472054
  user: saltapi

返回了token值 以后需要调用就可以直接用token值

我们试试 cmd.run模块

# curl -k http://10.20.0.100:8080 -H "Accept: application/x-yaml" -H "X-Auth-Token: 69bb58e4b6bb2026369a40fc40184a88e7472054" -d client='local' -d tgt='*' -d fun='cmd.run' -d arg='free -m'
return:
- salt-minion-01: '             total       used       free     shared    buffers     cached

    Mem:           980        913         67          0         55        184

    -/+ buffers/cache:        672        307

    Swap:         1983         20       1963'
  salt-minion-02: '             total       used       free     shared    buffers     cached

    Mem:           980        914         65          0         48        169

    -/+ buffers/cache:        696        284

    Swap:         1983         70       1913'

测试成功 可以返回信息

获取所有的minion_key 

# curl -k http://10.20.0.100:8080/ -H "Accept: application/x-yaml" -H  "X-Auth-Token: 69bb58e4b6bb2026369a40fc40184a88e7472054" -d client='wheel'  -d fun='key.list_all'
return:
- data:
    _stamp: '2016-09-18T17:14:28.666376'
    fun: wheel.key.list_all
    jid: '20160919011427038345'
    return:
      local:
      - master.pem
      - master.pub
      minions:
      - salt-minion-01
      - salt-minion-02
      minions_denied: []
      minions_pre: []
      minions_rejected: []
    success: true
    tag: salt/wheel/20160919011427038345
    user: saltapi
  tag: salt/wheel/20160919011427038345

写在第三方调用Salt Api接口 更方便

#!/usr/bin/env python
#_*_ coding:utf8 _*_

import urllib,urllib2,json
import ssl
import json
import re

class SaltAPI:
    __token_id = ''
    def __init__(self,url,username,password):
        self.__url = url.rstrip('/')  # 移除URL末尾的/
        self.__username = username
        self.__password = password
        # self.__token_id = self.SaltLogin()

    def token_id(self):
        #获取tokenid的请求数据
        '''
        /login
    ###########获取token链接###########
    curl -k http://10.20.0.100:8080/login -H "Accept: application/x-yaml" -d username='saltapi' -d password='123123'  -d eauth='pam'
    return:
    - eauth: pam
      expire: 1474612524.6610701
      perms:
      - .*
      - '@wheel'
      - '@runner'
      start: 1474569324.6610689
      token: a13e4a29020acc47c19f73a7337165280cbdfbd1
      user: saltapi

    返回的token
        '''
        params = {'eauth': 'pam', 'username': self.__username, 'password': self.__password}
        #讲请求的类型转成例如：
        #password=salt&eauth=pam&username=salt
        encode = urllib.urlencode(params)
        obj = urllib.unquote(encode)
        content = self.PostRequest(obj,prefix='/login')
        try:
            #获取到返回的token
            self.__token_id = content['return'][0]['token']
        except KeyError:
            raise KeyError

        #推送请求
    def PostRequest(self, obj, prefix='/'):
        url = self.__url + prefix
        headers = {'X-Auth-Token': self.__token_id}
        req = urllib2.Request(url,obj, headers)  # obj为传入data参数字典，data为None 则方法为get，有date为post方法
        response = urllib2.urlopen(req)
        content = json.loads(response.read())
        return content

    #获取所以的key的类型
    def list_all_key(self):
        params = {'client':'wheel','fun':'key.list_all'}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.PostRequest(obj)
        minions = content['return'][0]['data']['return']['minions']
        minions_pre = content['return'][0]['data']['return']['minions_pre']
        return minions,minions_pre
    #删除KEY 节点
    def delete_key(self,node_name):
        params = {'client': 'wheel', 'fun': 'key.delete', 'match': node_name}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.PostRequest(obj)
        ret = content['return'][0]['data']['success']
        return  ret

    #同意Key 节点
    def accept_key(self,node_name):
        params = {'client': 'wheel', 'fun': 'key.accept', 'match': node_name}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.PostRequest(obj)
        ret = content['return'][0]['data']['success']
        return ret

    def remote_noarg_execution(self,tgt,fun):
        params = {'client': 'local', 'tgt': tgt, 'fun': fun}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.PostRequest(obj)
        ret = content['return'][0][tgt]
        return ret

    def remote_exexution(self,tgt,fun,arg):
        params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.PostRequest(obj)
        ret = content['return'][0][tgt]
        return ret

    def target_remote_execution(self,tgt,fun,arg):
        params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg, 'expr_form': 'nodegroup'}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.PostRequest(obj)
        jid = content['return'][0]['jid']
        return jid


    #应用部署
    def app_deploy(self,tgt,arg):
        params = {'client': 'local', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.PostRequest(obj)
        return content

    def async_deploy(self,tgt,arg):
        params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.PostRequest(obj)
        jid = content['return'][0]['jid']
        return jid

    def target_deploy(self,tgt,arg):
        params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg, 'expr_form': 'nodegroup'}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.PostRequest(obj)
        jid = content['return'][0]['jid']
        return jid

    # # 获取grains
    # def SaltMinions(self, minion=''):
    #     if minion and minion != '*':
    #         prefix = '/minions/' + minion
    #     else:
    #         prefix = '/minions'
    #     res = self.PostRequest(None, prefix)
    #     return res
    #     # 获取events
    #
    #
    # def SaltEvents(self):
    #     prefix = '/events'
    #     res = self.PostRequest(None, prefix)
    #     return res


# def main():
#     sapi = SaltAPI(url='http://10.20.0.100:8080',username='saltapi',password='123123')
#     sapi.token_id()
#     print sapi.list_all_key()
#     #sapi.delete_key('test-01')
#     #sapi.accept_key('test-01')
#     #sapi.deploy('test-01','nginx')
#     print sapi.remote_noarg_execution('salt-minion-01','grains.items')
# 
# if __name__ == '__main__':
#     main()