2019年3月18日 ⋅ 浏览量: 48
salt --version
# 查看当前版本
yum install salt-api
# pip install -i http://mirrors.aliyun.com/pypi/simple --trusted-host mirrors.aliyun.com cherrypy
useradd -M -s /sbin/nologin saltapi
passwd saltapi
/etc/salt/master
default_include: master.d/*.conf
# 添加include扩展
mkdir /etc/salt/master.d # 新建目录
/etc/salt/master.d/auth.conf
external_auth:
pam:
saltapi: # 用户名
- .* # 给予saltapi用户所有模块使用权限,安全考虑一般只给特定模块使用
权限
/etc/salt/master.d/api.conf
rest_cherrypy:
port: 8888
ssl_crt: /etc/pki/tls/certs/saltapi.crt
ssl_key: /etc/pki/tls/certs/saltapi.key
官方建议使用https协议
openssl genrsa -out /etc/pki/tls/certs/saltapi.key 4096
openssl req -new -x509 -key /etc/pki/tls/certs/saltapi.key -out /etc/pki/tls/certs/saltapi.crt -days 1826
Country Name (2 letter code) [XX]:cn State or Province Name (full name) []:zhejiang Locality Name (eg, city) [Default City]:hangzhou Organization Name (eg, company) [Default Company Ltd]:Anonymous Organizational Unit Name (eg, section) []:attacker.club Common Name (eg, your name or your server's hostname) []:*.ops.net Email Address []:admin@attacker.club
netstat -pntl|grep 8888 # 查看端口
curl -k https://10.0.1.19:8888/login -H "Accept: application/x-yaml" -d username='saltapi' -d password='123456' -d eauth='pam'
# 获取token
return: - eauth: pam expire: 1552924704.414527 perms: - .* start: 1552881504.414526 token: 82d8c2dfb9787a23b4169a90606fxxxx user: saltapi