1、安装

[root@localhost yum.repos.d]# cat /etc/yum.repos.d/salt.repo

[saltstack-repo]

name=SaltStack repo for Red Hat Enterprise Linux $releasever

baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest

enabled=1

gpgcheck=1

gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub

https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/base/RPM-GPG-KEY-CentOS-7

yum makecache

yum -y install salt-master salt-minion salt-api openssl openssl-devel

2、配置

Salt master:

[root@localhost ~]# egrep -v '^#|^$'  /etc/salt/master

default_include: master.d/*.conf

interface: 0.0.0.0

file_roots:

base:

- /srv/salt

Salt minion:

[root@localhost ~]# egrep -v '^#|^$'  /etc/salt/minion

master: 192.168.32.135

id: 192.168.32.135

启动服务:

systemctl start salt-master

systemctl start salt-minion

提示:安装遇到如下问题的解决办法:

2017-05-03 14:31:57,705 [salt.utils.network][WARNING ][15848] Cannot resolve address None info via socket: <class 'socket.gaierror'>

这个错误,更改主机名即可;

2017-05-03 14:59:14,999 [salt.utils.parsers][WARNING ][35108] Master received a SIGINT. Exiting.

2017-05-03 15:01:02,633 [salt.utils.verify][WARNING ][36608] Insecure logging configuration detected! Sensitive data may be logged.

貌似是默认的启动脚本问题,我这里直接用命令启动的,如下:

nohup salt-master -l all &

nohup salt-minion -l all &

3、测试

###查看salt-key

salt-key list

###验证通过

salt-key -a 192.168.28.135

###相关测试

salt '*' test.ping

4、配置salt-master 与 salt-api

###生成SSL自签发证书

[root@localhost ~]# cd /etc/pki/tls/certs/

[root@localhost certs]# make testcert

umask 77 ; \

/usr/bin/openssl genrsa -aes128 2048 > /etc/pki/tls/private/localhost.key

Generating RSA private key, 2048 bit long modulus

...+++

..................................................................+++

e is 65537 (0x10001)

Enter pass phrase:    #键入加密短语,4到8191个字符

Verifying - Enter pass phrase:    #确认加密短语

umask 77 ; \

/usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days 365 -out /etc/pki/tls/certs/localhost.crt -set_serial 0

Enter pass phrase for /etc/pki/tls/private/localhost.key:    #再次输入相同的加密短语

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN    #都可以选填

State or Province Name (full name) []:Shanghai

Locality Name (eg, city) [Default City]:Shanghai

Organization Name (eg, company) [Default Company Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:

Email Address []:972711021@qq.com

提示:如果遇到相关错误,删掉文件/etc/pki/tls/private/localhost.key文件,然后再make testcert。

[root@localhost certs]# cd ../private

[root@localhost private]# openssl rsa -in localhost.key -out localhost_nopass.key

Enter pass phrase for localhost.key:    #输入之前的加密短语

writing RSA key

###创建salt-api用户

[root@localhost private]# useradd -M -s /sbin/nologin saltapi

[root@localhost private]# passwd saltapi

更改用户 saltapi 的密码 。

新的 密码:

无效的密码: 密码包含用户名在某些地方

重新输入新的 密码:

passwd:所有的身份验证令牌已经成功更新。

###创建相关配置文件

新增加配置文件/etc/salt/master.d/api.conf和/etc/salt/master.d/eauth.conf

#该配置文件给予saltapi用户所有模块使用权限,出于安全考虑一般只给予特定模块使用权限

[root@saltstack master.d]# cat eauth.conf

external_auth:

pam:

saltapi:

- .*

[root@saltstack master.d]#

[root@saltstack master.d]# cat api.conf

rest_cherrypy:

port: 8888

ssl_crt: /etc/pki/tls/certs/localhost.crt

ssl_key: /etc/pki/tls/private/localhost_nopass.key

[root@saltstack master.d]#

systemctl restart salt-master

systemctl start salt-api

5、测试salt-api

###获取token

curl -k https://192.168.32.147:8888/login -H "Accept: application/x-yaml" -d username='saltapi' -d password='saltapi@123' -d eauth='pam'

###获取token后,执行相关操作

curl -k https://192.168.32.147:8888/ -H "Accept: application/x-yaml" -H "X-Auth-Token: 281bb65bdeca73a4dcee13cdcbfe5b47553ce82e" -d client='local' -d tgt='*' -d fun='test.ping'

curl -k https://192.168.32.135:8888/ -H "Accept: application/x-yaml" -H "X-Auth-Token: 281bb65bdeca73a4dcee13cdcbfe5b47553ce82e" -d client='local' -d tgt='*' -d fun='test.echo' -d arg='hello world'

最新文章

  1. eclipse 突然 一直在loading descriptor for XXX (XXX为工程名)Cancel Requested
  2. js实现css、addClass、removeClass和toggleClass
  3. [知识整理]Java集合(一) - List
  4. 2-python学习——hello world
  5. linux SVNUP显示无法连接主机
  6. winform(MDI窗体容器、权限设置)
  7. Effective Java之最佳建议
  8. hbase(ERROR: org.apache.hadoop.hbase.ipc.ServerNotRunningYetException: Server is not running yet)
  9. c#中文件上传(1)
  10. HeadFirst设计模式之门面模式
  11. HDU 3427
  12. MVC中的HtmlHelper
  13. 关于.NET中的验证码
  14. xx通CGI流量控制
  15. USB HID介绍
  16. unity3D的FingerGestures小工具
  17. ABP文档笔记 - 规约
  18. Android studio - Failed to find target android-18
  19. 解决使用redis作为session缓存 报错 Error: no such key 的问题
  20. memcached、cookie、session

热门文章

  1. filebeat过滤
  2. tomcat启动时,内存溢出,Exception: java.lang.OutOfMemoryError thrown from the UncaughtExceptionHandler in thread &quot;main&quot;
  3. call 大佬 三分姿势
  4. 关于mysql 5.7版本“报[Err] 1093 - You can&#39;t specify target table &#39;XXX&#39; for update in FROM clause”错误的bug
  5. SpringCloud (十) Hystrix Dashboard单体监控、集群监控、与消息代理结合
  6. scrapy爬取天气数据
  7. 如何写一个好bug
  8. CSS只改变背景透明度,不改变子元素透明度
  9. 汇编与C语句
  10. 解决多个python的兼容问题