安装
参考:
- https://docs.saltproject.io/en/latest/topics/installation/index.html
- https://repo.saltproject.io/#rhel
rpm 安装。
下载地址清单:
下载完 rpm 包后使用 rpm -i
安装。
salt-api
注意:
salt-api
必须使用https
- 当
salt-api
服务重启后原token
失效
参考:
-
自签名证书:
# salt-call --local tls.create_self_signed_cert local: Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt."
如果报错:
'tls' __virtual__ returned False: PyOpenSSL version 0.10 or later must be installed before this module can be used.
解:
pip install PyOpenSSL
-
配置 master 加载子配置:
# vim /etc/salt/master default_include: master.d/*.conf
-
配置 salt-api:
# vim /etc/salt/master.d/api.conf rest_cherrypy: host: 192.168.1.30 port: 8000 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/certs/localhost.key
-
创建认证用户并设置密码:
useradd -M -s /sbin/nologin saltapi echo 'saltapi' | passwd --stdin saltapi
-
创建认证配置文件:
# vim /etc/salt/master.d/auth.conf external_auth: pam: saltapi: - .* - '@wheel' - '@runner' - '@jobs'
-
重启 salt-master 和启动 salt-api:
# systemctl restart salt-master # systemctl start salt-api
-
测试 login 登录,获取 token:
# curl -sSk https://192.168.1.30:8000/login \ # > -H 'Accept: application/x-yaml' \ # > -d username=saltapi \ # > -d password=saltapi \ # > -d eauth=pam return: - eauth: pam expire: 1558663247.869537 perms: - .* - '@wheel' - '@runner' - '@jobs' start: 1558620047.869536 token: e8330f642a3addd853c723d63844d29a12de9484 user: saltapi