cyb*_*ron 8 python java salt-stack
我试图用Salt-Api,所以我创建了一个salt-api.conf在/etc/salt/master.d/如下:
external_auth:
pam:
saltuser:
- .*
- '@wheel' # to allow access to all wheel modules
- '@runner' # to allow access to all runner modules
- '@jobs' # to allow access to the jobs runner and/or wheel module
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/certs/localhost.key
disable_ssl: True
webhook_disable_auth: True
webhook_url: /hook
用户输入/etc/salt/master设置为user: root.因此,当我尝试使用pam本地身份验证时,它可以工作:
sudo salt -a pam '*' test.ping
username: saltuser
password: saltuser
minion:
True
但是,当我尝试使用curl时,它会失败:
curl -i http://localhost:8000/login -H "Accept: application/json" -d username='saltuser' -d password='saltuser' -d eauth='pam'
HTTP/1.1 401 Unauthorized
Content-Length: 760
Access-Control-Expose-Headers: GET, POST
Vary: Accept-Encoding
Server: CherryPy/3.5.0
Allow: GET, HEAD, POST
Access-Control-Allow-Credentials: true
Date: Mon, 16 Jan 2017 05:51:48 GMT
Access-Control-Allow-Origin: *
Content-Type: text/html;charset=utf-8
Set-Cookie: session_id=f4c747f23e95ea7742a11a6e6cef146b91a31737; expires=Mon, 16 Jan 2017 15:51:48 GMT; Path=/
<!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta>
<title>401 Unauthorized</title>
<style type="text/css">
#powered_by {
margin-top: 20px;
border-top: 2px solid black;
font-style: italic;
}
#traceback {
color: red;
}
</style>
</head>
<body>
<h2>401 Unauthorized</h2>
<p>Could not authenticate using provided credentials</p>
<pre id="traceback"></pre>
<div id="powered_by">
<span>
Powered by <a href="http://www.cherrypy.org">CherryPy 3.5.0</a>
</span>
</div>
</body>
</html>
因此,我无法连接Java客户端或Python客户端.我的配置中缺少什么?在salt-master已经以root身份运行.从我的Java代码:
import com.suse.salt.netapi.AuthModule;
import com.suse.salt.netapi.calls.WheelResult;
import com.suse.salt.netapi.calls.wheel.Key;
import com.suse.salt.netapi.client.SaltClient;
import com.suse.salt.netapi.exception.SaltException;
import java.net.URI;
import java.util.Optional;
/**
* Example code calling wheel functions.
*/
public class Salt {
private static final String SALT_API_URL = " http://localhost:8000";
private static final String USER = "saltuser";
private static final String PASSWORD = "saltuser";
public static void main(String[] args) throws SaltException {
// Init the client
SaltClient client = new SaltClient(URI.create(SALT_API_URL));
// List accepted and pending minion keys
WheelResult<Key.Names> keyResults = Key.listAll().callSync(
client, USER, PASSWORD, AuthModule.AUTO);
Key.Names keys = keyResults.getData().getResult();
System.out.println("\n--> Accepted minion keys:\n");
keys.getMinions().forEach(System.out::println);
System.out.println("\n--> Pending minion keys:\n");
keys.getUnacceptedMinions().forEach(System.out::println);
// Generate a new key pair and accept the public key
WheelResult<Key.Pair> genResults = Key.genAccept("new.minion.id", Optional.empty())
.callSync(client, USER, PASSWORD, AuthModule.AUTO);
Key.Pair keyPair = genResults.getData().getResult();
System.out.println("\n--> New key pair:");
System.out.println("\nPUB:\n\n" + keyPair.getPub());
System.out.println("\nPRIV:\n\n" + keyPair.getPriv());
}
}
com.suse.salt.netapi.exception.SaltUserUnauthorizedException: Salt user does not have sufficient permissions
at com.suse.salt.netapi.client.impl.HttpClientConnection.createSaltException(HttpClientConnection.java:217)
at com.suse.salt.netapi.client.impl.HttpClientConnection.executeRequest(HttpClientConnection.java:204)
at com.suse.salt.netapi.client.impl.HttpClientConnection.request(HttpClientConnection.java:85)
at com.suse.salt.netapi.client.impl.HttpClientConnection.getResult(HttpClientConnection.java:73)
您收到401 Unauthorized因为您没有经过身份验证。
根据此页面salt.netapi.rest_cherrypy 首先,您必须请求登录 URL 并获取访问令牌,然后您可以通过此令牌访问其他功能。
如果您需要,我会解释更多。
编辑:更多解释:
通过curl请求的示例:
curl -si localhost:8000/login \
-c ~/cookies.txt \
-H "Accept: application/json" \
-H "Content-type: application/json" \
-d '{
"username": "saltuser",
"password": "saltuser",
"eauth": "auto"
}'
并通过这个curl命令发送这个请求
POST / HTTP/1.1
Host: localhost:8000
Content-Length: 42
Content-Type: application/json
Accept: application/json
{"username": "saltuser", "password": "saltuser", "eauth": "auto"}
作为回应你得到
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 206
X-Auth-Token: 6d1b722e
Set-Cookie: session_id=6d1b722e; expires=Sat, 17 Nov 2012 03:23:52 GMT; Path=/
{"return": {
"token": "6d1b722e",
"start": 1363805943.776223,
"expire": 1363849143.776224,
"user": "saltuser",
"eauth": "pam",
"perms": [
"grains.*",
"status.*",
"sys.*",
"test.*"
]
}}
你可以在其中看到令牌“token”:“6d1b722e”
现在您可以发送包含令牌的请求,将其解释为Auth-Token。
编辑2:
请记住,您使用 pam 进行身份验证,这意味着您的操作系统中必须有相同的用户编辑3:
并且在不工作时使用这个最小的 con 作为 salt-api conf
external_auth:
pam:
saltuser:
- .*
rest_cherrypy:
port: 8000
disable_ssl: True
host: 0.0.0.0
| 归档时间: |
|
| 查看次数: |
915 次 |
| 最近记录: |