文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >配置Salt API - Java

配置Salt API - Java
EN

Stack Overflow用户
提问于 2017-01-16 13:53:36
回答 2查看 1.4K关注 0票数 8

我尝试使用Salt-Api,所以我在/etc/salt/master.d/中创建了一个salt-api.conf,如下所示:

代码语言:javascript
复制
external_auth:
  pam:
    saltuser:
      - .*
      - '@wheel'   # to allow access to all wheel modules
      - '@runner'  # to allow access to all runner modules
      - '@jobs'    # to allow access to the jobs runner and/or wheel module

rest_cherrypy:
  port: 8000
  ssl_crt: /etc/pki/tls/certs/localhost.crt
  ssl_key: /etc/pki/tls/certs/localhost.key
  disable_ssl: True
  webhook_disable_auth: True
  webhook_url: /hook

/etc/salt/master中的用户设置为user: root。因此,当我尝试在本地使用pam进行身份验证时,它可以工作:

代码语言:javascript
复制
sudo salt -a pam '*' test.ping
username: saltuser
password: saltuser

minion:
    True

但是,当我尝试使用curl时,它失败了:

代码语言:javascript
复制
curl -i http://localhost:8000/login -H "Accept: application/json" -d username='saltuser' -d password='saltuser' -d eauth='pam'
HTTP/1.1 401 Unauthorized
Content-Length: 760
Access-Control-Expose-Headers: GET, POST
Vary: Accept-Encoding
Server: CherryPy/3.5.0
Allow: GET, HEAD, POST
Access-Control-Allow-Credentials: true
Date: Mon, 16 Jan 2017 05:51:48 GMT
Access-Control-Allow-Origin: *
Content-Type: text/html;charset=utf-8
Set-Cookie: session_id=f4c747f23e95ea7742a11a6e6cef146b91a31737; expires=Mon, 16 Jan 2017 15:51:48 GMT; Path=/

<!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta>
    <title>401 Unauthorized</title>
    <style type="text/css">
    #powered_by {
        margin-top: 20px;
        border-top: 2px solid black;
        font-style: italic;
    }

    #traceback {
        color: red;
    }
    </style>
</head>
    <body>
        <h2>401 Unauthorized</h2>
        <p>Could not authenticate using provided credentials</p>
        <pre id="traceback"></pre>
    <div id="powered_by">
      <span>
        Powered by <a href="http://www.cherrypy.org">CherryPy 3.5.0</a>
      </span>
    </div>
    </body>
</html>

因此,我既无法连接Java客户端,也无法连接Python客户端。我的配置中遗漏了什么?salt-master已经以根用户身份运行。在我的Java代码中:

代码语言:javascript
复制
import com.suse.salt.netapi.AuthModule;
import com.suse.salt.netapi.calls.WheelResult;
import com.suse.salt.netapi.calls.wheel.Key;
import com.suse.salt.netapi.client.SaltClient;
import com.suse.salt.netapi.exception.SaltException;

import java.net.URI;
import java.util.Optional;

/**
 * Example code calling wheel functions.
 */
public class Salt {

    private static final String SALT_API_URL = " http://localhost:8000";
    private static final String USER = "saltuser";
    private static final String PASSWORD = "saltuser";

    public static void main(String[] args) throws SaltException {
        // Init the client
        SaltClient client = new SaltClient(URI.create(SALT_API_URL));

        // List accepted and pending minion keys
        WheelResult<Key.Names> keyResults = Key.listAll().callSync(
                client, USER, PASSWORD, AuthModule.AUTO);
        Key.Names keys = keyResults.getData().getResult();

        System.out.println("\n--> Accepted minion keys:\n");
        keys.getMinions().forEach(System.out::println);
        System.out.println("\n--> Pending minion keys:\n");
        keys.getUnacceptedMinions().forEach(System.out::println);

        // Generate a new key pair and accept the public key
        WheelResult<Key.Pair> genResults = Key.genAccept("new.minion.id", Optional.empty())
                .callSync(client, USER, PASSWORD, AuthModule.AUTO);
        Key.Pair keyPair = genResults.getData().getResult();

        System.out.println("\n--> New key pair:");
        System.out.println("\nPUB:\n\n" + keyPair.getPub());
        System.out.println("\nPRIV:\n\n" + keyPair.getPriv());
    }
}

com.suse.salt.netapi.exception.SaltUserUnauthorizedException: Salt user does not have sufficient permissions
    at com.suse.salt.netapi.client.impl.HttpClientConnection.createSaltException(HttpClientConnection.java:217)
    at com.suse.salt.netapi.client.impl.HttpClientConnection.executeRequest(HttpClientConnection.java:204)
    at com.suse.salt.netapi.client.impl.HttpClientConnection.request(HttpClientConnection.java:85)
    at com.suse.salt.netapi.client.impl.HttpClientConnection.getResult(HttpClientConnection.java:73)
java
python
salt-stack
EN

回答 2

Stack Overflow用户

发布于 2017-02-14 16:57:23

尽管使用了登录端点,我还是遇到了同样的问题,正如sahama的回答中所解释的。我通过显式设置"eauth": "pam"解决了这个问题。下面是我的请求现在的样子:

代码语言:javascript
复制
curl -si localhost:8000/login \
-c ~/cookies.txt \
-H "Accept: application/json" \
-H "Content-type: application/json" \
-d '{
    "username": "saltuser",
    "password": "saltuser",
    "eauth": "pam"
}'
票数 4
EN

Stack Overflow用户

发布于 2017-01-22 16:50:48

你得到了401未经授权,因为你没有通过认证。

根据此页面salt.netapi.rest_cherrypy,首先您必须请求登录URL并获取访问令牌,然后才能通过此令牌访问其他功能。

如果你需要,我会解释更多。

编辑:更多解释:

通过curl的示例请求:

代码语言:javascript
复制
curl -si localhost:8000/login \
-c ~/cookies.txt \
-H "Accept: application/json" \
-H "Content-type: application/json" \
-d '{
    "username": "saltuser",
    "password": "saltuser",
    "eauth": "auto"
}'

通过这个curl命令,你可以发送这个请求

代码语言:javascript
复制
POST / HTTP/1.1
Host: localhost:8000
Content-Length: 42
Content-Type: application/json
Accept: application/json

{"username": "saltuser", "password": "saltuser", "eauth": "auto"}

作为回应,你会得到

代码语言:javascript
复制
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 206
X-Auth-Token: 6d1b722e
Set-Cookie: session_id=6d1b722e; expires=Sat, 17 Nov 2012 03:23:52 GMT; Path=/

{"return": {
"token": "6d1b722e",
"start": 1363805943.776223,
"expire": 1363849143.776224,
"user": "saltuser",
"eauth": "pam",
"perms": [
    "grains.*",
    "status.*",
    "sys.*",
    "test.*"
]
}}

您可以在其中看到token“”:"6d1b722e"

现在您可以发送您的请求包含令牌解释为Auth- token 的弓。

编辑2:

请记住,您使用pam进行身份验证,这意味着您的os EDIT 3中必须有相同的用户:

在不工作时,使用这个最小的conf作为salt-api conf

代码语言:javascript
复制
  external_auth:
    pam:
      saltuser:
        - .*

  rest_cherrypy:
    port: 8000
    disable_ssl: True
    host: 0.0.0.0
票数 3
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/41670221

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档