Salt API configuration of saltstack

Posted by tachekent on Tue, 19 Nov 2019 19:31:25 +0100

I. Introduction
SaltStack officially provides a Salt API project with REST API format, which will make integration between Salt and third-party systems easier. This article will show you how to install and configure the Salt API, and how to use the Salt API to get the information you want

Two, text
View salt master version, kernel information and system version

[root@coms ~]#  rpm -qa |grep salt-mastersalt-master-2018.3.2-1.el7.noarch
[root@coms ~]#  uname -aLinux coms 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux[root@coms ~]# 
[root@coms ~]#  cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core)


One, install it on the salt master

[root@coms ~]#  yum -y install salt-api


Second, check whether the cherry package is installed
Note: salt API is a Rest API program based on cherry (a web framework of python). The cherry package needs to be installed in advance

[root@linux-node1 ~]# rpm -qa |grep  cherry
python-cherrypy-3.2.2-4.el7.noarch


3. Install pyOpenSSL package

[root@coms ~]# rpm -qa|grep -i pyOpenSSL
pyOpenSSL-0.13.1-3.el7.x86_64
[root@coms ~]#


4. Self signed certificate. We can purchase the certificate in the production environment

[root@coms ~]# salt-call --local tls.create_self_signed_cert
local:
     Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt."
[root@coms ~]#


V. on the salt master, open the include function to facilitate management

[root@coms ~]# grep ^default /etc/salt/master 
[root@coms ~]# vim /etc/salt/master
[root@coms ~]# grep ^default /etc/salt/master 
default_include: master.d/*.conf
[root@coms ~]#


Vi. add api configuration to salt master configuration file

[root@coms ~]# cd /etc/salt/master.d/
[root@coms master.d]# ls
[root@coms master.d]# vim api.conf
[root@coms master.d]# cat api.conf 
rest_cherrypy:
   host: 192.168.137.137
   port: 9000
   ssl_crt: /etc/pki/tls/certs/localhost.crt
   ssl_key: /etc/pki/tls/certs/localhost.key 
[root@coms master.d]#



VII. Create user - M do not create home directory, and set password

[root@coms master.d]# useradd -M -s /sbin/nologin saltapi
[root@coms master.d]# echo "saltapi" | passwd saltapi --stdin
 Change the password of user 'saltapi'.
passwd: all authentication tokens have been successfully updated.
[root@coms master.d]#


8. Add validation to the salt master configuration file and create a new file in the directory of include

[root@coms master.d]# vim auth.conf
[root@coms master.d]# cat auth.conf 
external_auth:
   pam:
     saltapi:
       - .*
       - '@wheel'
       - '@runner'
       - '@jobs' 
[root@coms master.d]#


IX. restart salt master and start salt API

[root@linux-node1 master.d]# systemctl  restart salt-master
[root@linux-node1 master.d]# systemctl start salt-api


X. check the salt API port listening

[root@coms master.d]# netstat -na|grep 9000
tcp        0      0 192.168.137.137:9000    0.0.0.0:*               LISTEN     
tcp      514      0 192.168.137.137:9000    192.168.137.1:11277     CLOSE_WAIT 
[root@coms master.d]#


Xi. Verify login login to obtain token string

[root@coms ~]# curl -sSk 
https://192.168.137.137:9000/login
  -H 'Accept: application/x-yaml' -d username='saltapi' -d password='saltapi' -d eauth='pam'
return:
- eauth: pam
   expire: 1550865881.535046
   perms:
   - .*
   - '@wheel'
   - '@runner'
   - '@jobs'
   start: 1550822681.535045
   token: ade6ff420b11877a33a9f284e612cf72a5967510
   user: saltapi
[root@coms ~]#


12. Test connectivity by executing test.ping through api

[root@coms master.d]# curl -sSk 
https://192.168.137.137:9000/
 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 6c59bb8f62ee7324debe45c6a83a1ec0c92cd018' -d client=local -d tgt='*' -d fun=test.ping
return:
- coms: true
[root@coms master.d]#


XIII. Execute cmd.run

[root@coms master.d]# curl -sSk 
https://192.168.137.137:9000/
 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 6c59bb8f62ee7324debe45c6a83a1ec0c92cd018' -d client=local -d tgt='*' -d fun='cmd.run' -d arg='uptime'
return:
- coms: ' 23:50:32 up  2:14,  3 users,  load average: 0.38, 0.12, 0.14'
[root@coms master.d]#


XIV. Output in json format

[root@coms master.d]# curl -sSk 
https://192.168.137.137:9000/
 -H 'Accept: application/json' -H 'X-Auth-Token: 6c59bb8f62ee7324debe45c6a83a1ec0c92cd018' -d client=local -d tgt='*' -d fun='cmd.run' -d arg='uptime' | python -mjson.tool
{
     "return": [
         {
             "coms": " 23:51:52 up  2:16,  3 users,  load average: 0.10, 0.10, 0.13"
         }
     ]
}
[root@coms master.d]#


15. Get the node grains information

[root@coms master.d]# curl -sSk 
https://192.168.137.137:9000/minions/coms
 -H 'Accept: application/json' -H 'X-Auth-Token: 6c59bb8f62ee7324debe45c6a83a1ec0c92cd018' | python -mjson.tool
{
     "return": [
         {
             "coms": {
                 "SSDs": [],
                 "biosreleasedate": "07/02/2015",
                 "biosversion": "6.00",
                 "cpu_flags": [
                     "fpu",
                     "vme",
                     "de",
                     "pse",
                     "tsc",
                     "msr",
                     "pae",
                     "mce",
                     "cx8",
                     "apic",
                     "sep",
                     "mtrr",
                     "pge",
                     "mca",
                     "cmov",
                     "pat",
                     "pse36",
                     "clflush",
                     "dts",
                     "mmx",
                     "fxsr",
                     "sse",
                     "sse2",
                     "ss",
                     "syscall",
                     "nx",
                     "pdpe1gb",
                     "rdtscp",
                     "lm",
                     "constant_tsc",
                     "arch_perfmon",
                     "pebs",
                     "bts",
                     "nopl",
                     "xtopology",
                     "tsc_reliable",
                     "nonstop_tsc",
                     "aperfmperf",
                     "eagerfpu",
                     "pni",
                     "pclmulqdq",
                     "ssse3",
                     "fma",
                     "cx16",
                     "pcid",
                     "sse4_1",
                     "sse4_2",
                     "x2apic",
                     "movbe",
                     "popcnt",
                     "tsc_deadline_timer",
                     "xsave",
                     "avx",
                     "f16c",
                     "rdrand",
                     "hypervisor",
                     "lahf_lm",
                     "abm",
                     "3dnowprefetch",
                     "epb",
                     "fsgsbase",
                     "tsc_adjust",
                     "bmi1",
                     "hle",
                     "avx2",
                     "smep",
                     "bmi2",
                     "invpcid",
                     "rtm",
                     "rdseed",
                     "adx",
                     "smap",
                     "xsaveopt",
                     "dtherm",
                     "ida",
                     "arat",
                     "pln",
                     "pts"
                 ],
                 "cpu_model": "Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz",
                 "cpuarch": "x86_64",
                 "disks": [
                     "sda",
                     "sr0",
                     "dm-0",
                     "dm-1"
                 ],
                 "dns": {
                     "domain": "",
                     "ip4_nameservers": [
                         "8.8.8.8"
                     ],
                     "ip6_nameservers": [],
                     "nameservers": [
                         "8.8.8.8"
                     ],
                     "options": [],
                     "search": [],
                     "sortlist": []
                 },
                 "domain": "",
                 "fqdn": "coms",
                 "fqdn_ip4": [
                     "192.168.137.137",
                     "192.168.122.1"
                 ],
                 "fqdn_ip6": [
                     "fe80::20c:29ff:fe89:255f"
                 ],
                 "gid": 0,
                 "gpus": [
                     {
                         "model": "SVGA II Adapter",
                         "vendor": "unknown"
                     }
                 ],
                 "groupname": "root",
                 "host": "coms",
                 "hwaddr_interfaces": {
                     "ens33": "00:0c:29:89:25:5f",
                     "lo": "00:00:00:00:00:00",
                     "virbr0": "52:54:00:50:d4:e0",
                     "virbr0-nic": "52:54:00:50:d4:e0"
                 },
                 "id": "coms",
                 "init": "systemd",
                 "ip4_gw": "192.168.137.1",
                 "ip4_interfaces": {
                     "ens33": [
                         "192.168.137.137"
                     ],
                     "lo": [
                         "127.0.0.1"
                     ],
                     "virbr0": [
                         "192.168.122.1"
                     ],
                     "virbr0-nic": []
                 },
                 "ip6_gw": false,
                 "ip6_interfaces": {
                     "ens33": [
                         "fe80::20c:29ff:fe89:255f"
                     ],
                     "lo": [
                         "::1"
                     ],
                     "virbr0": [],
                     "virbr0-nic": []
                 },
                 "ip_gw": true,
                 "ip_interfaces": {
                     "ens33": [
                         "192.168.137.137",
                         "fe80::20c:29ff:fe89:255f"
                     ],
                     "lo": [
                         "127.0.0.1",
                         "::1"
                     ],
                     "virbr0": [
                         "192.168.122.1"
                     ],
                     "virbr0-nic": []
                 },
                 "ipv4": [
                     "127.0.0.1",
                     "192.168.122.1",
                     "192.168.137.137"
                 ],
                 "ipv6": [
                     "::1",
                     "fe80::20c:29ff:fe89:255f"
                 ],
                 "kernel": "Linux",
                 "kernelrelease": "3.10.0-862.el7.x86_64",
                 "kernelversion": "#1 SMP Fri Apr 20 16:44:24 UTC 2018",
                 "locale_info": {
                     "defaultencoding": "UTF-8",
                     "defaultlanguage": "zh_CN",
                     "detectedencoding": "UTF-8"
                 },
                 "localhost": "coms",
                 "lsb_distrib_codename": "CentOS Linux 7 (Core)",
                 "lsb_distrib_id": "CentOS Linux",
                 "machine_id": "51c5e9520d814f29b2dc273eac744beb",
                 "manufacturer": "VMware, Inc.",
                 "master": "192.168.137.137",
                 "mdadm": [],
                 "mem_total": 1821,
                 "nodename": "coms",
                 "num_cpus": 1,
                 "num_gpus": 1,
                 "os": "CentOS",
                 "os_family": "RedHat",
                 "osarch": "x86_64",
                 "oscodename": "CentOS Linux 7 (Core)",
                 "osfinger": "CentOS Linux-7",
                 "osfullname": "CentOS Linux",
                 "osmajorrelease": 7,
                 "osrelease": "7.5.1804",
                 "osrelease_info": [
                     7,
                     5,
                     1804
                 ],
                 "path": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin",
                 "pid": 1788,
                 "productname": "VMware Virtual Platform",
                 "ps": "ps -efHww",
                 "pythonexecutable": "/usr/bin/python",
                 "pythonpath": [
                     "/usr/bin",
                     "/usr/lib/python2.7/site-packages/Django-1.11.18-py2.7.egg",
                     "/usr/lib/python2.7/site-packages/PyMySQL-0.9.3-py2.7.egg",
                     "/usr/lib64/python27.zip",
                     "/usr/lib64/python2.7",
                     "/usr/lib64/python2.7/plat-linux2",
                     "/usr/lib64/python2.7/lib-tk",
                     "/usr/lib64/python2.7/lib-old",
                     "/usr/lib64/python2.7/lib-dynload",
                     "/usr/lib64/python2.7/site-packages",
                     "/usr/lib64/python2.7/site-packages/gtk-2.0",
                     "/usr/lib/python2.7/site-packages"
                 ],
                 "pythonversion": [
                     2,
                     7,
                     5,
                     "final",
                     0
                 ],
                 "saltpath": "/usr/lib/python2.7/site-packages/salt",
                 "saltversion": "2018.3.2",
                 "saltversioninfo": [
                     2018,
                     3,
                     2,
                     0
                 ],
                 "selinux": {
                     "enabled": false,
                     "enforced": "Disabled"
                 },
                 "serialnumber": "VMware-56 4d 43 54 ca 1c a8 bd-2e a5 ab 9f 99 89 25 5f",
                 "server_id": 1180429514,
                 "shell": "/bin/sh",
                 "swap_total": 2047,
                 "systemd": {
                     "features": "+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN",
                     "version": "219"
                 },
                 "uid": 0,
                 "username": "root",
                 "uuid": "54434d56-1cca-bda8-2ea5-ab9f9989255f",
                 "virtual": "VMware",
                 "zfs_feature_flags": false,
                 "zfs_support": false,
                 "zmqversion": "4.1.4"
             }
         }
     ]
}
[root@coms master.d]#
[root@coms ~]# curl -sSk 
https://192.168.137.137:9000/
 -H 'Accept: application/json' -H 'x`: 1177497221780d4623088e48c63c32eb3560466a' |python -mjson.tool
{
     "clients": [
         "local",
         "local_async",
         "local_batch",
         "local_subset",
         "runner",
         "runner_async",
         "ssh",
         "wheel",
         "wheel_async"
     ],
     "return": "Welcome"
}
[root@coms ~]# curl -sSk 
https://192.168.137.137:9000/
 -H 'Accept: application/json' -H 'X-Auth-Token: 1177497221780d4623088e48c63c32eb3560466a' -d client=local -d tgt='*' -d fun=disk.usage | python -mjson.tool
{
     "return": [
         {
             "coms": {
                 "/": {
                     "1K-blocks": "17811456",
                     "available": "12365236",
                     "capacity": "31%",
                     "filesystem": "/dev/mapper/centos-root",
                     "used": "5446220"
                 },
                 "/boot": {
                     "1K-blocks": "1038336",
                     "available": "865172",
                     "capacity": "17%",
                     "filesystem": "/dev/sda1",
                     "used": "173164"
                 },
                 "/dev": {
                     "1K-blocks": "915508",
                     "available": "915508",
                     "capacity": "0%",
                     "filesystem": "devtmpfs",
                     "used": "0"
                 },
                 "/dev/shm": {
                     "1K-blocks": "932640",
                     "available": "932612",
                     "capacity": "1%",
                     "filesystem": "tmpfs",
                     "used": "28"
                 },
                 "/run": {
                     "1K-blocks": "932640",
                     "available": "922384",
                     "capacity": "2%",
                     "filesystem": "tmpfs",
                     "used": "10256"
                 },
                 "/run/user/1000": {
                     "1K-blocks": "186532",
                     "available": "186532",
                     "capacity": "0%",
                     "filesystem": "tmpfs",
                     "used": "0"
                 },
                 "/sys/fs/cgroup": {
                     "1K-blocks": "932640",
                     "available": "932640",
                     "capacity": "0%",
                     "filesystem": "tmpfs",
                     "used": "0"
                 }
             }
         }
     ]
}
[root@coms ~]#


Topics: Linux CentOS Python curl