2. it
  3. saltstack二次开发(二)

saltstack二次开发(二)

mac2022-06-30  23

 

Saltstack的api

Salt-api有两种方式,一种是函数的形式,有人家定义好的函数,我们可以直接调用,直接写python代码调用函数或者类就可以了。第二种形式是salt-api有封装好的http协议的,我们需要启动一个服务端。

 

安装

yum install –y salt-api

加载master的配置文件

>>> import salt.config >>> master_opts = salt.config.client_config("/etc/salt/master") >>> print(master_opts)

加载minion的配置文件

>>> import salt.config >>> minion_opts = salt.config.minion_config('/etc/salt/minion') >>> print(minion_opts)

在master上执行各种模块

>>> import salt.client >>> local = salt.client.LocalClient("/etc/salt/master") >>> local.cmd("*","test.ping") {'k8s-node1': True} >>> local.cmd("*","cmd.run","w") {'k8s-node1': ' 21:54:47 up 1:01, 2 users, load average: 0.00, 0.01, 0.05\nUSER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT\nroot pts/0 192.168.127.1 06Feb18 145days 0.02s 0.02s -bash\nroot pts/1 192.168.127.1 21:03 7:51 0.26s 0.21s python'} >>> local.cmd("*","cmd.run",["ifconfig"]) {'k8s-node1': 'ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500\n inet 192.168.127.166 netmask 255.255.255.0 broadcast 192.168.127.255\n inet6 fe80::4bc6:5d64:e3cd:13a2 prefixlen 64 ......}

如果一次要执行多个模块

local.cmd('*', ['test.ping', 'cmd.run'], [[], ['whoami']]) {'192.168.48.129': {'test.ping': True, 'cmd.run': 'root'}}

自定义的模块

>>> local.cmd('*', "jd.meminfo", "") {'192.168.48.129': {'meminfo': '0.31'}}

如果对于执行时间过长,没法直接返回的,我们就可以通过异步执行的形式进行返回。

cmd_async和get_cache_returns(jid)

以下代码只能在master上执行,而且是只能在master上才可以使用。

>>> local.cmd_async("*","cmd.run",["ifconfig"]) '20180701220048685512' >>> local.get_cache_returns("20180701220048685512") {'k8s-node1': {'ret': 'ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500\n inet 192.168.127.166 netmask 255.255.255.0 broadcast 192.168.127.255\n......}

客户端执行salt命令

>>> import salt.config >>> import salt.client >>> caller = salt.client.Caller('/etc/salt/minion') >>> caller.cmd("test.ping") True

类似shell命令的salt-call,可以在minion端执行salt的命令,测试连通性等。

master端执行salt-run

>>> import salt.config >>> import salt.runner >>> __opts__ = salt.config.client_config("/etc/salt/master") >>> runnermaster = salt.runner.RunnerClient(__opts__) >>> runnermaster.cmd("jobs.list_jobs",[]) >>> runnermaster.cmd("manage.status") down: up: - k8s-node1

 

Grains

>>> import salt.config >>> import salt.loader >>> __opts__ = salt.config.minion_config("/etc/salt/minion") >>> __grains__ = salt.loader.grains(__opts__) >>> __grains__['id'] '192.168.127.166' 其他的一些变量 import salt.config import salt.loader __opts__ = salt.config.minion_config('/etc/salt/minion') __grains__ = salt.loader.grains(__opts__) __opts__['grains'] = __grains__ __utils__ = salt.loader.utils(__opts__) __salt__ = salt.loader.minion_mods(__opts__, utils=__utils__) __salt__['test.ping']()

 

Salt的内置环境变量

在python的交互环境中,这些变量是不生效的,只有在自定义的模块,或者salt执行时才生效。

__opts__ 配置文件,类型 __salt__ 执行modules __salt__['cmd.run']('fdisk -l') __salt__['network.ip_addrs']() __pillar__ pillar __grains__ grains __context__ if not 'cp.fileclient' in __context__: __context__['cp.fileclient'] = salt.fileclient.get_file_client(__opts__)

 

Saltstack的httpapi

安装

yum install -y gcc make python-devel libffi-devel salt-api openssl pip install cherrypy

 

生成证书

cd /etc/salt mkdir keycrt cd keycrt openssl genrsa -out key.pem 4096 openssl req -new -x509 -key key.pem -out cert.pem -days 1826

配置用户以及权限

首先需要在master上检查配置文件

default_include: master.d/*.conf interface: 192.168.127.165 conf_file: /etc/salt/master pki_dir: /etc/salt/pki/master auto_accept: True file_roots: base: - /srv/salt/ log_file: /var/log/salt/master log_level_logfile: debug

配置salt-api的配置文件

[root@localhost master.d]# cd /etc/salt/master.d/ [root@localhost master.d]# ls api.conf eauth.conf [root@localhost master.d]# [root@localhost master.d]# cat api.conf rest_cherrypy: port: 8000 ssl_crt: /etc/salt/keycrt/cert.pem ssl_key: /etc/salt/keycrt/key.pem [root@localhost master.d]# cat eauth.conf external_auth: pam: saltapi: - .* - '@wheel' - '@runner'

创建用户

useradd -M -s /sbin/nologin/ saltapi echo "saltapi" |passwd saltapi --stdin

 

启动salt-api

systemctl restart salt-api netstat –anp |grep 8000

 

获取token

curl -X POST -k http://192.168.127.165:8000/login -d username='saltapi' -d password='saltapi' -d eauth='pam' |python -mjson.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 240 100 197 100 43 45 9 0:00:04 0:00:04 --:--:-- 45 { "return": [ { "eauth": "pam", "expire": 1517235285.554001, "perms": [ ".*", "@wheel", "@runner" ], "start": 1517192085.554001, "token": "105ee1f28109d67855ce7898e75e173a678f5174", "user": "saltapi" } ] }

只要salt-api不重启,tocken就不会过期,salt-api重启以后,tocken就会过期。

通过curl来获取执行module

curl -k http://192.168.127.165:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ec623ed62de7dd62cfdadb94ad0044b7f46c9549" -d client='local' -d tgt='*' -d fun='test.ping' return: 192.168.127.166: true

运行runner

curl -k http://192.168.127.165:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: ec623ed62de7dd62cfdadb94ad0044b7f46c9549" -d client='runner' -d fun='manage.status' return: - down: [] up: - 192.168.127.166

 

转载于:https://www.cnblogs.com/yangjian319/p/9255144.html

相关资源:JAVA上百实例源码以及开源项目
最新回复(0)