saltstack api安装使用
# yum install pyOpenSSL salt-api –y# salt-call --local tls.create_self_signed_cert
local:
Created Private Key: "/etc/pki/tls/certs/localhost.key." Created Certificate: "/etc/pki/tls/certs/localhost.crt."
# vim /etc/salt/master
# grep "^" /etc/salt/master
default_include: master.d/*.conf # 打开这个
file_roots:
# cd /etc/salt/master.d/
# cat api.conf # 定义key存放位置与提供端口
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/certs/localhost.key
# cat auth.conf # 定义权限
external_auth:
pam:
saltapi:
- .*
- '@wheel'
- '@runner'
- '@wheel'
# systemctl restart salt-master.service
# systemctl restart salt-api
# netstat -tpln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 998/sshd
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 92795/python
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 92801/python
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 93821/python
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 998/sshd
# useradd -M -s /sbin/nologin saltapi # 正式环境指定guid
# passwd saltapi
Changing password for user saltapi.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
页:
[1]