SaltStack 笔记

目录

安装

参考:

  1. https://docs.saltproject.io/en/latest/topics/installation/index.html
  2. https://repo.saltproject.io/#rhel

rpm 安装。

下载地址清单:

  1. salt
  2. salt-master
  3. salt-api
  4. salt-minion

下载完 rpm 包后使用 rpm -i 安装。

salt-api

注意:

  1. salt-api必须使用https
  2. salt-api服务重启后原token失效

参考:

  1. 自签名证书:

    # salt-call --local tls.create_self_signed_cert
    local:
        Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt."
    

    如果报错:

    'tls' __virtual__ returned False: PyOpenSSL version 0.10 or later must be installed before this module can be used.
    

    解: pip install PyOpenSSL

  2. 配置 master 加载子配置:

    # vim /etc/salt/master
    default_include: master.d/*.conf
    
  3. 配置 salt-api:

    # vim /etc/salt/master.d/api.conf
    rest_cherrypy:
      host: 192.168.1.30
      port: 8000
      ssl_crt: /etc/pki/tls/certs/localhost.crt
      ssl_key: /etc/pki/tls/certs/localhost.key
    
  4. 创建认证用户并设置密码:

    useradd -M -s /sbin/nologin saltapi
    echo 'saltapi' | passwd --stdin saltapi
    
  5. 创建认证配置文件:

    # vim /etc/salt/master.d/auth.conf
    external_auth:
      pam:
        saltapi:
          - .*
          - '@wheel'
          - '@runner'
          - '@jobs'
    
  6. 重启 salt-master 和启动 salt-api:

    # systemctl restart salt-master
    # systemctl start salt-api
    
  7. 测试 login 登录,获取 token:

    # curl -sSk https://192.168.1.30:8000/login \
    # >     -H 'Accept: application/x-yaml' \
    # >     -d username=saltapi \
    # >     -d password=saltapi \
    # >     -d eauth=pam
    return:
    - eauth: pam
      expire: 1558663247.869537
      perms:
      - .*
      - '@wheel'
      - '@runner'
      - '@jobs'
      start: 1558620047.869536
      token: e8330f642a3addd853c723d63844d29a12de9484
      user: saltapi
    
上一篇:ubuntu 搭建apache2+svn服务器实现http/https访问


下一篇:linux基础练习