I. Introduction
SaltStack officially provides a Salt API project with REST API format, which will make integration between Salt and third-party systems easier. This article will show you how to install and configure the Salt API, and how to use the Salt API to get the information you want
Two, text
View salt master version, kernel information and system version
[root@coms ~]# rpm -qa |grep salt-mastersalt-master-2018.3.2-1.el7.noarch [root@coms ~]# uname -aLinux coms 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux[root@coms ~]# [root@coms ~]# cat /etc/redhat-release CentOS Linux release 7.5.1804 (Core)
One, install it on the salt master
[root@coms ~]# yum -y install salt-api
Second, check whether the cherry package is installed
Note: salt API is a Rest API program based on cherry (a web framework of python). The cherry package needs to be installed in advance
[root@linux-node1 ~]# rpm -qa |grep cherry python-cherrypy-3.2.2-4.el7.noarch
3. Install pyOpenSSL package
[root@coms ~]# rpm -qa|grep -i pyOpenSSL pyOpenSSL-0.13.1-3.el7.x86_64 [root@coms ~]#
4. Self signed certificate. We can purchase the certificate in the production environment
[root@coms ~]# salt-call --local tls.create_self_signed_cert local: Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt." [root@coms ~]#
V. on the salt master, open the include function to facilitate management
[root@coms ~]# grep ^default /etc/salt/master [root@coms ~]# vim /etc/salt/master [root@coms ~]# grep ^default /etc/salt/master default_include: master.d/*.conf [root@coms ~]#
Vi. add api configuration to salt master configuration file
[root@coms ~]# cd /etc/salt/master.d/ [root@coms master.d]# ls [root@coms master.d]# vim api.conf [root@coms master.d]# cat api.conf rest_cherrypy: host: 192.168.137.137 port: 9000 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/certs/localhost.key [root@coms master.d]#
VII. Create user - M do not create home directory, and set password
[root@coms master.d]# useradd -M -s /sbin/nologin saltapi [root@coms master.d]# echo "saltapi" | passwd saltapi --stdin Change the password of user 'saltapi'. passwd: all authentication tokens have been successfully updated. [root@coms master.d]#
8. Add validation to the salt master configuration file and create a new file in the directory of include
[root@coms master.d]# vim auth.conf [root@coms master.d]# cat auth.conf external_auth: pam: saltapi: - .* - '@wheel' - '@runner' - '@jobs' [root@coms master.d]#
IX. restart salt master and start salt API
[root@linux-node1 master.d]# systemctl restart salt-master [root@linux-node1 master.d]# systemctl start salt-api
X. check the salt API port listening
[root@coms master.d]# netstat -na|grep 9000 tcp 0 0 192.168.137.137:9000 0.0.0.0:* LISTEN tcp 514 0 192.168.137.137:9000 192.168.137.1:11277 CLOSE_WAIT [root@coms master.d]#
Xi. Verify login login to obtain token string
[root@coms ~]# curl -sSk https://192.168.137.137:9000/login -H 'Accept: application/x-yaml' -d username='saltapi' -d password='saltapi' -d eauth='pam' return: - eauth: pam expire: 1550865881.535046 perms: - .* - '@wheel' - '@runner' - '@jobs' start: 1550822681.535045 token: ade6ff420b11877a33a9f284e612cf72a5967510 user: saltapi [root@coms ~]#
12. Test connectivity by executing test.ping through api
[root@coms master.d]# curl -sSk https://192.168.137.137:9000/ -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 6c59bb8f62ee7324debe45c6a83a1ec0c92cd018' -d client=local -d tgt='*' -d fun=test.ping return: - coms: true [root@coms master.d]#
XIII. Execute cmd.run
[root@coms master.d]# curl -sSk https://192.168.137.137:9000/ -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 6c59bb8f62ee7324debe45c6a83a1ec0c92cd018' -d client=local -d tgt='*' -d fun='cmd.run' -d arg='uptime' return: - coms: ' 23:50:32 up 2:14, 3 users, load average: 0.38, 0.12, 0.14' [root@coms master.d]#
XIV. Output in json format
[root@coms master.d]# curl -sSk
https://192.168.137.137:9000/
-H 'Accept: application/json' -H 'X-Auth-Token: 6c59bb8f62ee7324debe45c6a83a1ec0c92cd018' -d client=local -d tgt='*' -d fun='cmd.run' -d arg='uptime' | python -mjson.tool
{
"return": [
{
"coms": " 23:51:52 up 2:16, 3 users, load average: 0.10, 0.10, 0.13"
}
]
}
[root@coms master.d]#
15. Get the node grains information
[root@coms master.d]# curl -sSk
https://192.168.137.137:9000/minions/coms
-H 'Accept: application/json' -H 'X-Auth-Token: 6c59bb8f62ee7324debe45c6a83a1ec0c92cd018' | python -mjson.tool
{
"return": [
{
"coms": {
"SSDs": [],
"biosreleasedate": "07/02/2015",
"biosversion": "6.00",
"cpu_flags": [
"fpu",
"vme",
"de",
"pse",
"tsc",
"msr",
"pae",
"mce",
"cx8",
"apic",
"sep",
"mtrr",
"pge",
"mca",
"cmov",
"pat",
"pse36",
"clflush",
"dts",
"mmx",
"fxsr",
"sse",
"sse2",
"ss",
"syscall",
"nx",
"pdpe1gb",
"rdtscp",
"lm",
"constant_tsc",
"arch_perfmon",
"pebs",
"bts",
"nopl",
"xtopology",
"tsc_reliable",
"nonstop_tsc",
"aperfmperf",
"eagerfpu",
"pni",
"pclmulqdq",
"ssse3",
"fma",
"cx16",
"pcid",
"sse4_1",
"sse4_2",
"x2apic",
"movbe",
"popcnt",
"tsc_deadline_timer",
"xsave",
"avx",
"f16c",
"rdrand",
"hypervisor",
"lahf_lm",
"abm",
"3dnowprefetch",
"epb",
"fsgsbase",
"tsc_adjust",
"bmi1",
"hle",
"avx2",
"smep",
"bmi2",
"invpcid",
"rtm",
"rdseed",
"adx",
"smap",
"xsaveopt",
"dtherm",
"ida",
"arat",
"pln",
"pts"
],
"cpu_model": "Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz",
"cpuarch": "x86_64",
"disks": [
"sda",
"sr0",
"dm-0",
"dm-1"
],
"dns": {
"domain": "",
"ip4_nameservers": [
"8.8.8.8"
],
"ip6_nameservers": [],
"nameservers": [
"8.8.8.8"
],
"options": [],
"search": [],
"sortlist": []
},
"domain": "",
"fqdn": "coms",
"fqdn_ip4": [
"192.168.137.137",
"192.168.122.1"
],
"fqdn_ip6": [
"fe80::20c:29ff:fe89:255f"
],
"gid": 0,
"gpus": [
{
"model": "SVGA II Adapter",
"vendor": "unknown"
}
],
"groupname": "root",
"host": "coms",
"hwaddr_interfaces": {
"ens33": "00:0c:29:89:25:5f",
"lo": "00:00:00:00:00:00",
"virbr0": "52:54:00:50:d4:e0",
"virbr0-nic": "52:54:00:50:d4:e0"
},
"id": "coms",
"init": "systemd",
"ip4_gw": "192.168.137.1",
"ip4_interfaces": {
"ens33": [
"192.168.137.137"
],
"lo": [
"127.0.0.1"
],
"virbr0": [
"192.168.122.1"
],
"virbr0-nic": []
},
"ip6_gw": false,
"ip6_interfaces": {
"ens33": [
"fe80::20c:29ff:fe89:255f"
],
"lo": [
"::1"
],
"virbr0": [],
"virbr0-nic": []
},
"ip_gw": true,
"ip_interfaces": {
"ens33": [
"192.168.137.137",
"fe80::20c:29ff:fe89:255f"
],
"lo": [
"127.0.0.1",
"::1"
],
"virbr0": [
"192.168.122.1"
],
"virbr0-nic": []
},
"ipv4": [
"127.0.0.1",
"192.168.122.1",
"192.168.137.137"
],
"ipv6": [
"::1",
"fe80::20c:29ff:fe89:255f"
],
"kernel": "Linux",
"kernelrelease": "3.10.0-862.el7.x86_64",
"kernelversion": "#1 SMP Fri Apr 20 16:44:24 UTC 2018",
"locale_info": {
"defaultencoding": "UTF-8",
"defaultlanguage": "zh_CN",
"detectedencoding": "UTF-8"
},
"localhost": "coms",
"lsb_distrib_codename": "CentOS Linux 7 (Core)",
"lsb_distrib_id": "CentOS Linux",
"machine_id": "51c5e9520d814f29b2dc273eac744beb",
"manufacturer": "VMware, Inc.",
"master": "192.168.137.137",
"mdadm": [],
"mem_total": 1821,
"nodename": "coms",
"num_cpus": 1,
"num_gpus": 1,
"os": "CentOS",
"os_family": "RedHat",
"osarch": "x86_64",
"oscodename": "CentOS Linux 7 (Core)",
"osfinger": "CentOS Linux-7",
"osfullname": "CentOS Linux",
"osmajorrelease": 7,
"osrelease": "7.5.1804",
"osrelease_info": [
7,
5,
1804
],
"path": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin",
"pid": 1788,
"productname": "VMware Virtual Platform",
"ps": "ps -efHww",
"pythonexecutable": "/usr/bin/python",
"pythonpath": [
"/usr/bin",
"/usr/lib/python2.7/site-packages/Django-1.11.18-py2.7.egg",
"/usr/lib/python2.7/site-packages/PyMySQL-0.9.3-py2.7.egg",
"/usr/lib64/python27.zip",
"/usr/lib64/python2.7",
"/usr/lib64/python2.7/plat-linux2",
"/usr/lib64/python2.7/lib-tk",
"/usr/lib64/python2.7/lib-old",
"/usr/lib64/python2.7/lib-dynload",
"/usr/lib64/python2.7/site-packages",
"/usr/lib64/python2.7/site-packages/gtk-2.0",
"/usr/lib/python2.7/site-packages"
],
"pythonversion": [
2,
7,
5,
"final",
0
],
"saltpath": "/usr/lib/python2.7/site-packages/salt",
"saltversion": "2018.3.2",
"saltversioninfo": [
2018,
3,
2,
0
],
"selinux": {
"enabled": false,
"enforced": "Disabled"
},
"serialnumber": "VMware-56 4d 43 54 ca 1c a8 bd-2e a5 ab 9f 99 89 25 5f",
"server_id": 1180429514,
"shell": "/bin/sh",
"swap_total": 2047,
"systemd": {
"features": "+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN",
"version": "219"
},
"uid": 0,
"username": "root",
"uuid": "54434d56-1cca-bda8-2ea5-ab9f9989255f",
"virtual": "VMware",
"zfs_feature_flags": false,
"zfs_support": false,
"zmqversion": "4.1.4"
}
}
]
}
[root@coms master.d]#
[root@coms ~]# curl -sSk
https://192.168.137.137:9000/
-H 'Accept: application/json' -H 'x`: 1177497221780d4623088e48c63c32eb3560466a' |python -mjson.tool
{
"clients": [
"local",
"local_async",
"local_batch",
"local_subset",
"runner",
"runner_async",
"ssh",
"wheel",
"wheel_async"
],
"return": "Welcome"
}
[root@coms ~]# curl -sSk
https://192.168.137.137:9000/
-H 'Accept: application/json' -H 'X-Auth-Token: 1177497221780d4623088e48c63c32eb3560466a' -d client=local -d tgt='*' -d fun=disk.usage | python -mjson.tool
{
"return": [
{
"coms": {
"/": {
"1K-blocks": "17811456",
"available": "12365236",
"capacity": "31%",
"filesystem": "/dev/mapper/centos-root",
"used": "5446220"
},
"/boot": {
"1K-blocks": "1038336",
"available": "865172",
"capacity": "17%",
"filesystem": "/dev/sda1",
"used": "173164"
},
"/dev": {
"1K-blocks": "915508",
"available": "915508",
"capacity": "0%",
"filesystem": "devtmpfs",
"used": "0"
},
"/dev/shm": {
"1K-blocks": "932640",
"available": "932612",
"capacity": "1%",
"filesystem": "tmpfs",
"used": "28"
},
"/run": {
"1K-blocks": "932640",
"available": "922384",
"capacity": "2%",
"filesystem": "tmpfs",
"used": "10256"
},
"/run/user/1000": {
"1K-blocks": "186532",
"available": "186532",
"capacity": "0%",
"filesystem": "tmpfs",
"used": "0"
},
"/sys/fs/cgroup": {
"1K-blocks": "932640",
"available": "932640",
"capacity": "0%",
"filesystem": "tmpfs",
"used": "0"
}
}
}
]
}
[root@coms ~]#