saltstack -API调用，Syndic配置

最新推荐文章于 2021-08-05 11:46:22 发布

原创最新推荐文章于 2021-08-05 11:46:22 发布 · 187 阅读

0 ·

CC 4.0 BY-SA版权

本文详细介绍如何配置和使用Salt-API进行远程执行、模块部署等操作。从生成私钥、认证证书到配置Salt-API，再到Python脚本调用，最后实现通过Syndic配置进行跨主机管理。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

salt-api调用

1、生成私钥

cd /etc/pki/tls/
[root@server1 private]# openssl genrsa 2048 > localhost.key

在这里插入图片描述

2、认证证书

cd /etc/pki/tls/certs
[root@server1 certs]# make testcert

在这里插入图片描述

3、配置salt-api

cd /etc/salt/master.d/
[root@server1 master.d]# vim api.conf
[root@server1 master.d]# cat api.conf 
rest_cherrypy:
  port: 8000
  ssl_crt: /etc/pki/tls/certs/localhost.crt
  ssl_key: /etc/pki/tls/private/localhost.key

[root@server1 master.d]# vim auth.conf
[root@server1 master.d]# cat auth.conf 
external_auth:
  pam:
    saltapi:
      -  .*
      - '@wheel'   # to allow access to all wheel modules
      - '@runner'  # to allow access to all runner modules
      - '@jobs'    # to

4、添加用户

useradd saltapi
passwd westos

5、生成token

 curl -sSk https://localhost:8000/login -H 'Accept: application/x-yaml'  -d username=saltapi  -d password=westos -d eauth=pam

在这里插入图片描述

6、获取token

[root@server1 certs]# curl -sSk https://localhost:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 1418c69a5515fd25c5423944e66eacafcfdfb835' -d client=local -d tgt='*' -d fun=test.ping

在这里插入图片描述

7、编写python脚本调用api

# -*- coding: utf-8 -*-

import urllib2,urllib
import time

try:
    import json
except ImportError:
    import simplejson as json

class SaltAPI(object):
    __token_id = ''
    def __init__(self,url,username,password):
        self.__url = url.rstrip('/')
        self.__user = username
        self.__password = password

    def token_id(self):
        ''' user login and get token id '''
        params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password}
        encode = urllib.urlencode(params)
        obj = urllib.unquote(encode)
        content = self.postRequest(obj,prefix='/login')
	try:
            self.__token_id = content['return'][0]['token']
        except KeyError:
            raise KeyError

    def postRequest(self,obj,prefix='/'):
        url = self.__url + prefix
        headers = {'X-Auth-Token'   : self.__token_id}
        req = urllib2.Request(url, obj, headers)
        opener = urllib2.urlopen(req)
        content = json.loads(opener.read())
        return content

    def list_all_key(self):
        params = {'client': 'wheel', 'fun': 'key.list_all'}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        minions = content['return'][0]['data']['return']['minions']
        minions_pre = content['return'][0]['data']['return']['minions_pre']
        return minions,minions_pre

    def delete_key(self,node_name):
        params = {'client': 'wheel', 'fun': 'key.delete', 'match': node_name}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        ret = content['return'][0]['data']['success']
        return ret

    def accept_key(self,node_name):
        params = {'client': 'wheel', 'fun': 'key.accept', 'match': node_name}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        ret = content['return'][0]['data']['success']
        return ret

    def remote_noarg_execution(self,tgt,fun):
        ''' Execute commands without parameters '''
        params = {'client': 'local', 'tgt': tgt, 'fun': fun}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        ret = content['return'][0][tgt]
        return ret

    def remote_execution(self,tgt,fun,arg):
        ''' Command execution with parameters '''        
        params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        ret = content['return'][0][tgt]
        return ret

    def target_remote_execution(self,tgt,fun,arg):
        ''' Use targeting for remote execution '''
        params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg, 'expr_form': 'nodegroup'}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        jid = content['return'][0]['jid']
        return jid

    def deploy(self,tgt,arg):
        ''' Module deployment '''
        params = {'client': 'local', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        return content

    def async_deploy(self,tgt,arg):
        ''' Asynchronously send a command to connected minions '''
        params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        jid = content['return'][0]['jid']
        return jid

    def target_deploy(self,tgt,arg):
        ''' Based on the node group forms deployment '''
        params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg, 'expr_form': 'nodegroup'}
        obj = urllib.urlencode(params)
        self.token_id()
        content = self.postRequest(obj)
        jid = content['return'][0]['jid']
        return jid

def main():
    sapi = SaltAPI(url='https://172.25.14.1:8000',username='saltapi',password='westos')
    sapi.token_id()
    print sapi.list_all_key()  #打印hostname
    #sapi.delete_key('test-01')
    #sapi.accept_key('test-01')
    sapi.deploy('server2','httpd')  ##部署httpd
    #print sapi.remote_noarg_execution('test-01','grains.items')

if __name__ == '__main__':
    main()

在这里插入图片描述
server2已经部署完成httpd

Syndic配置

1、topmaster去激活master

# vim /etc/salt/master
order_masters: True  #当需要syndic时激活master

2、master：配置syndic

# vim /etc/salt/master
syndic_master: 172.25.14.4

3、topmaster
4、测试，topmaster发送指令，通过syndic去告知master，master再去管理所连接的minion