1、安装salt-api、

[root@cenots7 salt]# yum -y install salt-api

2、添加调用api用户、

[root@cenots7 salt]# useradd -M test && echo test | passwd test --stdin

3、生成加密证书、

[root@cenots7 salt]# salt-call --local tls.create_self_signed_cert

'tls' __virtual__ returned False: ['PyOpenSSL version 0.10 or later must be installed before this module can be used.']

报错了、

4、根据报错安装PyOpenSSL、

4.1 将pip源指向阿里云、

[root@cenots7 salt]# cat /etc/pip.conf 

[global]

index-url = https://mirrors.aliyun.com/pypi/simple/

[install]

trusted-host=mirrors.aliyun.com

4.2、安装PyOpenSSL

[root@cenots7 salt]# pip install PyOpenSSL

----省略输出----

Successfully installed PyOpenSSL-19.0.0 asn1crypto-0.24.0 cffi-1.12.2 cryptography-2.6.1

5、修改配置文件、

[root@cenots7 salt]# tail -15 /etc/salt/master

#####      Returner settings          ######

############################################

# Which returner(s) will be used for minion's result:

#return: mysql

rest_cherrypy:

    port: 8000

    debug: True

    ssl_crt: /etc/pki/tls/certs/localhost.crt

    ssl_key: /etc/pki/tls/certs/localhost.key

external_auth:

    pam:

        test:

            - .*

            - '@whell'

            - '@runner'

6、重启下salt-master和salt-api

[root@cenots7 salt]# systemctl restart salt-master salt-api

[root@cenots7 salt]# ps -ef | grep api

root      38644      1 22 23:52 ?        00:00:00 /usr/bin/python /usr/bin/salt-api

root      38653  38644  9 23:52 ?        00:00:00 /usr/bin/python /usr/bin/salt-api

root      38760   9267  0 23:52 pts/1    00:00:00 grep --color=auto api

[root@cenots7 salt]# netstat -anp | grep :8000

tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN      38653/python        

tcp        0      0 127.0.0.1:39240         127.0.0.1:8000          TIME_WAIT   -                   

tcp        0      0 127.0.0.1:39242         127.0.0.1:8000          TIME_WAIT   -                   

tcp        0      0 127.0.0.1:39248         127.0.0.1:8000          TIME_WAIT   - 

7、编写获取api token的脚本、和使用api的脚本、

更多帮助信息查看：/usr/lib/python2.7/site-packages/salt/netapi/rest_cherrypy/app.py

[root@cenots7 salt]# cat login_api.sh 

curl -sSk https://localhost:8000/login \

-H 'Accept: application/x-yaml' \

-d username=test \

-d password=test \

-d eauth=pam

[root@cenots7 salt]# cat use_api.sh 

curl -sSk https://localhost:8000 \

    -H 'Accept: application/x-yaml' \

    -H "X-Auth-Token: $1"\

    -d client=local \

    -d tgt='*' \

    -d fun=test.ping

8、获取api token、

[root@cenots7 salt]# sh login_api.sh 

return:

- eauth: pam

  expire: 1553488982.633511

  perms:

  - .*

  - '@whell'

  - '@runner'

  start: 1553445782.633511

  token: 059a295bef677e06ee173bc79c4f38450f65e06e

  user: test

9、通过获取的token调用api、

[root@cenots7 salt]# sh use_api.sh 059a295bef677e06ee173bc79c4f38450f65e06e

return:

- minion103: true

  minion104: true