一、执行模块开发
saltstack内置python模块存放路径:/usr/lib/python2.7/site-packages/salt/modules
1.1、自定义模块
#编写python模块 [root@salt-master ~]# mkdir -p /srv/salt/base/_modules [root@salt-master ~]# cd /srv/salt/base/_modules [root@salt-master _modules]# vim my_disk.py def list(): cmd = ‘df -h‘ ret = __salt__[‘cmd.run‘](cmd) return ret #同步minion [root@salt-master _modules]# salt ‘*‘ saltutil.sync_modules saltenv=base #可以指定环境 #minion上查看 [root@syndic modules]# pwd /var/cache/salt/minion/extmods/modules #master推过来的模块文件路径 [root@syndic modules]# ll -rw------- 1 root root 80 Sep 1 14:24 my_disk.py #执行测试 [root@salt-master _modules]# salt ‘*‘ my_disk.list salt-minion1-c7: Filesystem Size Used Avail Use% Mounted on /dev/sda2 48G 2.3G 46G 5% / devtmpfs 479M 0 479M 0% /dev tmpfs 489M 28K 489M 1% /dev/shm tmpfs 489M 6.7M 482M 2% /run tmpfs 489M 0 489M 0% /sys/fs/cgroup tmpfs 98M 0 98M 0% /run/user/0 salt-minion2-c7: Filesystem Size Used Avail Use% Mounted on /dev/sda2 48G 2.3G 46G 5% / devtmpfs 479M 0 479M 0% /dev tmpfs 489M 12K 489M 1% /dev/shm tmpfs 489M 6.7M 482M 2% /run tmpfs 489M 0 489M 0% /sys/fs/cgroup tmpfs 98M 0 98M 0% /run/user/0
二、salt API使用
文档:https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html
2.1、在master上安装及配置salt-api
#1、安装salt-api [root@salt-master ~]# yum install salt-api -y #2、生成自签名证书 [root@salt-master ~]# salt-call --local tls.create_self_signed_cert ‘tls‘ __virtual__ returned False: PyOpenSSL version 0.10 or later must be installed before this module can be used. #需要安装PyOpenSSL [root@salt-master ~]# curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py [root@salt-master ~]# sudo python get-pip.py #安装pip [root@salt-master ~]# pip install pyOpenSSL #安装pyOpenSSL [root@salt-master ~]# salt-call --local tls.create_self_signed_cert local: Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt." #3、编辑master配置文件 [root@salt-master ~]# vim /etc/salt/master default_include: master.d/*.conf #4、创建配置文件 [root@salt-master master.d]# pwd /etc/salt/master.d [root@salt-master master.d]# cat api.conf rest_cherrypy: host: 10.0.0.11 port: 8000 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/certs/localhost.key [root@salt-master master.d]# cat eauth.conf external_auth: pam: saltapi: - .* - ‘@wheel‘ - ‘@runner‘ - ‘@jobs‘ #5、创建saltapi用户 [root@salt-master master.d]# useradd -M -s /sbin/nologin saltapi [root@salt-master master.d]# echo saltapi|passwd saltapi --stdin #重启master,启动salt-api,并验证 [root@salt-master master.d]# systemctl restart salt-master [root@salt-master master.d]# systemctl start salt-api [root@salt-master master.d]# systemctl status salt-api [root@salt-master master.d]# netstat -lntup Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1137/sshd tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 27432/python tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 27438/python tcp 0 0 10.0.0.11:8000 0.0.0.0:* LISTEN 28552/python #salt-api监听8000端口 tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1352/mysqld tcp6 0 0 :::22 :::* LISTEN 1137/sshd udp 0 0 127.0.0.1:323 0.0.0.0:* 589/chronyd udp6 0 0 ::1:323 :::* 589/chronyd
2.2、api使用
1)登录测试
curl -sSk https://10.0.0.11:8000/login -H ‘Accept: application/x-yaml‘ -d username=saltapi -d password=saltapi -d eauth=pam #返回如下 return: - eauth: pam expire: 1567365276.108259 perms: - .* - ‘@wheel‘ - ‘@runner‘ - ‘@jobs‘ start: 1567322076.108258 token: 7b9b6ded39a094f931896fdae6585602469fb161 user: saltapi
2)查看grains
#json显示 curl -k https://10.0.0.11:8000/minions/salt-minion1-c7 -H "Accept: application/json" -H "X-Auth-Token: 7b9b6ded39a094f931896fdae6585602469fb161" #yaml显示 curl -k https://10.0.0.11:8000/minions/salt-minion1-c7 -H "Accept: application/x-yaml" -H "X-Auth-Token: 7b9b6ded39a094f931896fdae6585602469fb161"
3)执行模块
curl -k https://10.0.0.11:8000/ -H "Accept: application/x-yaml" -H "X-Auth-Token: 7b9b6ded39a094f931896fdae6585602469fb161" -d client=‘local‘ -d tgt=‘*‘ -d fun=‘test.ping‘ 异步执行模块 curl -k https://10.0.0.11:8000/ -H "Accept: application/x-yaml" -H "X-Auth-Token: 7b9b6ded39a094f931896fdae6585602469fb161" -d client=‘local_async‘ -d tgt=‘*‘ -d fun=‘state.highstate‘ 带参数的执行模块 curl -k https://10.0.0.11:8000/ -H "Accept: application/x-yaml" -H "X-Auth-Token: 7b9b6ded39a094f931896fdae6585602469fb161" -d client=‘local‘ -d tgt=‘*‘ -d fun=‘cmd.run‘ -d arg=‘df -h‘
4)获取Job列表
curl -k https://10.0.0.11:8000/jobs -H "Accept: application/x-yaml" -H "X-Auth-Token: 7b9b6ded39a094f931896fdae6585602469fb161" curl -k https://10.0.0.11:8000/jobs/20190901151911550580 -H "Accept: application/x-yaml" -H "X-Auth-Token: 7b9b6ded39a094f931896fdae6585602469fb161"