安装salt-api环境centos71,导入repokey:rpm--importhttps://repo.saltstack.com/yum/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub2,/etc/yum.repos.d/saltstack.repo添加以下内容:[saltstack-repo]name=SaltStackrepoforRHEL/CentOS$releaseverbaseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latestenabled=1gpgcheck=1gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub3.执行以下命令安装:yumcleanexpire-cacheyumupdateyuminstallsalt-masteryuminstallsalt-minion#master端需要salt-call生成salt-api的crt和key才能安装。yuminstallsalt-apiyuminstallgccmakepython-devellibffi-devel-yyuminstallpyOpenSSL4.配置文件修改:/etc/salt/masterinterface:192.168.90.135#填写本地对外服务ip。5.生成密钥和crt:salt-call--localtls.create_self_signed_certlocal:CreatedPrivateKey:"/etc/pki/tls/certs/localhost.key."创建的证书:“/etc/pki/tls/certs/localhost.crt”6,/etc/salt/master.d/api.conf:rest_cherrypy:host:192.168.90.135port:8000ssl_crt:/etc/pki/tls/certs/localhost.crt#刚刚生成的crt文件ssl_key:/etc/pki/tls/certs/localhost.key#生成的密钥文件7,/etc/salt/master.d/auth.conf:external_auth:pam:#使用Linux系统用户对saltapi进行认证:-.*#设置用户权限,允许用户操作哪些主机,*表示all-'@wheel'#允许访问所有wheel模块-'@runner'#允许访问所有runnermodules-'@jobs'#允许访问所有jobrunner或wheel模块8.添加经过身份验证的用户-nologinuseradd-M-s/sbin/nologinsaltapiecho"saltapi"|passwdsaltapi--stdin#设置用户名和密码:saltapi等将用于获取token。9.启动服务并测试api:systemctlstartsalt-apisystemctlstartsalt-mastercurl-khttps://192.168.90.135:8000/login-H'Accept:application/x-yaml'-dusername='saltapi'-dpassword='saltapi'-deauth='pam'#executecommand#---->return:-eauth:pamexpire:1617078491.248806perms:-.*-'@wheel'-'@runner'-'@jobs'start:1617035291.248805token:ee729ada7f08181a89d22b13b4f9f4d8555b5041user:saltapi拿到了token,说明api没问题。
