salt api
2019年3月18日 ⋅ 浏览量: 48
部署
版本
代码语言:javascript复制salt --version
# 查看当前版本安装软件
代码语言:javascript复制yum install salt-api
# pip install -i http://mirrors.aliyun.com/pypi/simple --trusted-host mirrors.aliyun.com cherrypy账号
代码语言:javascript复制useradd -M -s /sbin/nologin saltapi
passwd saltapi配置修改
/etc/salt/master
代码语言:javascript复制default_include: master.d/*.conf
# 添加include扩展mkdir /etc/salt/master.d # 新建目录/etc/salt/master.d/auth.conf
代码语言:javascript复制external_auth:
pam:
saltapi: # 用户名
- .* # 给予saltapi用户所有模块使用权限,安全考虑一般只给特定模块使用
权限/etc/salt/master.d/api.conf
代码语言:javascript复制rest_cherrypy:
port: 8888
ssl_crt: /etc/pki/tls/certs/saltapi.crt
ssl_key: /etc/pki/tls/certs/saltapi.key生成ssl
官方建议使用https协议
代码语言:javascript复制openssl genrsa -out /etc/pki/tls/certs/saltapi.key 4096
openssl req -new -x509 -key /etc/pki/tls/certs/saltapi.key -out /etc/pki/tls/certs/saltapi.crt -days 1826Country Name (2 letter code) [XX]:cn State or Province Name (full name) []:zhejiang Locality Name (eg, city) [Default City]:hangzhou Organization Name (eg, company) [Default Company Ltd]:Anonymous Organizational Unit Name (eg, section) []:attacker.club Common Name (eg, your name or your server's hostname) []:*.ops.net Email Address []:admin@attacker.club
检查校验
代码语言:javascript复制netstat -pntl|grep 8888 # 查看端口curl -k https://10.0.1.19:8888/login -H "Accept: application/x-yaml" -d username='saltapi' -d password='123456' -d eauth='pam'
# 获取tokenreturn: - eauth: pam expire: 1552924704.414527 perms: - .* start: 1552881504.414526 token: 82d8c2dfb9787a23b4169a90606fxxxx user: saltapi
