安装salt-api 环境 centos7
1、导入repo key:
rpm --import https://repo.saltstack.com/yum/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub2、/etc/yum.repos.d/saltstack.repo 添加如下内容:
[saltstack-repo]
name=SaltStack repo for RHEL/CentOS $releasever
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
enabled=1
gpgcheck=1
gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub3、执行以下命令安装:
yum clean expire-cache
yum update
yum install salt-master
yum install salt-minion # master 端需要salt-call 生成salt-api 的crt,key 就要安装。
yum install salt-api
yum install gcc make python-devel libffi-devel -y
yum install pyOpenSSL 4、配置文件修改:
/etc/salt/master
interface: 192.168.90.135 # 填写本机对外服务ip。5、生成key 和 crt:
salt-call --local tls.create_self_signed_cert
local:
Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt."6、/etc/salt/master.d/api.conf:
rest_cherrypy:
host: 192.168.90.135
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt # 刚生成的crt文件
ssl_key: /etc/pki/tls/certs/localhost.key # 生成的key 文件7、/etc/salt/master.d/auth.conf:
external_auth:
pam: # 使用用Linux系统用户进行验证
saltapi:
- .* # 设置用户的权限,允许该用户操作哪些主机,*代表全部
- '@wheel' # 允许访问所有的wheel模块
- '@runner' # 允许访问所有的runner模块
- '@jobs' # 允许访问所有的job runner或wheel模块8、添加认证的用户-nologin
useradd -M -s /sbin/nologin saltapi
echo "saltapi" | passwd saltapi --stdin #设置用户名和密码都是:saltapi,等会获取token 用的到。9、启动服务并测试api:
systemctl start salt-api
systemctl start salt-master
curl -k https://192.168.90.135:8000/login -H 'Accept: application/x-yaml' -d username='saltapi' -d password='saltapi' -d eauth='pam' #执行命令
# ---->
return:
- eauth: pam
expire: 1617078491.248806
perms:
- .*
- '@wheel'
- '@runner'
- '@jobs'
start: 1617035291.248805
token: ee729ada7f08181a89d22b13b4f9f4d8555b5041
user: saltapi获取到token 说明api 已经OK了。
python
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。