当使用saltstack api调用wheel模块的时候会出现没有权限的报错
[root@ntest1 ~]# curl -k -v https://localhost:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: 65198e689eb5e720ce75970a4b10da91dc003211" -d client='wheel' -d fun='key.list_all' * About to connect() to localhost port 8000 (#0) * Trying ::1... Connection refused * Trying 127.0.0.1... connected * Connected to localhost (127.0.0.1) port 8000 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * warning: ignoring value of ssl.verifyhost * skipping SSL peer certificate verification * SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA * Server certificate: * subject: O=Default Company Ltd,L=Default City,C=XX * start date: Feb 15 09:34:13 2016 GMT * expire date: Feb 14 09:34:13 2017 GMT * common name: (nil) * issuer: O=Default Company Ltd,L=Default City,C=XX > POST / HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh3/1.4.2 > Host: localhost:8000 > Accept: application/x-yaml > X-Auth-Token: 65198e689eb5e720ce75970a4b10da91dc003211 > Content-Length: 29 > Content-Type: application/x-www-form-urlencoded > < HTTP/1.1 401 Unauthorized < Content-Length: 735 < Access-Control-Expose-Headers: GET, POST < Access-Control-Allow-Credentials: true < Vary: Accept-Encoding < Server: CherryPy/3.2.2 < Allow: GET, HEAD, POST < Cache-Control: private < Date: Fri, 05 May 2017 15:16:50 GMT < Access-Control-Allow-Origin: * < Content-Type: text/html;charset=utf-8 < Set-Cookie: session_id=65198e689eb5e720ce75970a4b10da91dc003211; expires=Sat, 06 May 2017 01:16:50 GMT; Path=/ < <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta> <title>401 Unauthorized</title> <style type="text/css"> #powered_by { margin-top: 20px; border-top: 2px solid black; font-style: italic; } #traceback { color: red; } </style> </head> <body> <h3>401 Unauthorized</h3> <p>No permission -- see authorization schemes</p> <pre id="traceback"></pre> <div id="powered_by"> <span>Powered by <a href="http://www.cherrypy.org">CherryPy 3.2.2</a></span> </div> </body> </html> * Connection #0 to host localhost left intact * Closing connection #0
需要修改master的配置对saltapi用户进行授权
[root@test1 ~]# vim /etc/salt/master external_auth: pam: saltapi: - .* - '@wheel' [root@test1 ~]# /etc/init.d/salt-master restart Stopping salt-master daemon: [ OK ] Starting salt-master daemon: [ OK ]
重新执行命令,执行成功
[root@ntest1 ~]# curl -k https://localhost:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: bb8bc594d3e9d7de6105046a07c9b2ba619161b2" -d client='wheel' -d fun='key.list_all' return: - data: _stamp: '2017-05-05T15:19:47.532569' fun: wheel.key.list_all jid: '20170505231946757429' return: local: - master.pem - master.pub minions: - test1.nginxs.net - test2.nginxs.net - test3.nginxs.net - test4.nginxs.net minions_denied: [] minions_pre: - test5.nginxs.net - test6.nginxs.net - test7.nginxs.net - test8.nginxs.net minions_rejected: [] success: true tag: salt/wheel/20170505231946757429 user: saltapi tag: salt/wheel/20170505231946757429
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。