我试图使用Salt-Api
,因此我在/etc/salt/master.d/
中创建了一个salt-api.conf
,如下所示:
external_auth:
pam:
saltuser:
- .*
- '@wheel' # to allow access to all wheel modules
- '@runner' # to allow access to all runner modules
- '@jobs' # to allow access to the jobs runner and/or wheel module
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/certs/localhost.key
disable_ssl: True
webhook_disable_auth: True
webhook_url: /hook
/etc/salt/master
中的用户被设置为user: root
。因此,当我尝试在本地使用pam
进行身份验证时,它可以工作:
但是,当我尝试使用curl时,它失败了:
curl -i http://localhost:8000/login -H "Accept: application/json" -d username='saltuser' -d password='saltuser' -d eauth='pam'
HTTP/1.1 401 Unauthorized
Content-Length: 760
Access-Control-Expose-Headers: GET, POST
Vary: Accept-Encoding
Server: CherryPy/3.5.0
Allow: GET, HEAD, POST
Access-Control-Allow-Credentials: true
Date: Mon, 16 Jan 2017 05:51:48 GMT
Access-Control-Allow-Origin: *
Content-Type: text/html;charset=utf-8
Set-Cookie: session_id=f4c747f23e95ea7742a11a6e6cef146b91a31737; expires=Mon, 16 Jan 2017 15:51:48 GMT; Path=/
<!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta>
<title>401 Unauthorized</title>
<style type="text/css">
#powered_by {
margin-top: 20px;
border-top: 2px solid black;
font-style: italic;
}
#traceback {
color: red;
}
</style>
</head>
<body>
<h2>401 Unauthorized</h2>
<p>Could not authenticate using provided credentials</p>
<pre id="traceback"></pre>
<div id="powered_by">
<span>
Powered by <a href="http://www.cherrypy.org">CherryPy 3.5.0</a>
</span>
</div>
</body>
</html>
因此,我无法连接Java
客户机或Python
客户机。我的配置中缺少什么?salt-master
已作为根用户运行。从我的Java代码:
import com.suse.salt.netapi.AuthModule;
import com.suse.salt.netapi.calls.WheelResult;
import com.suse.salt.netapi.calls.wheel.Key;
import com.suse.salt.netapi.client.SaltClient;
import com.suse.salt.netapi.exception.SaltException;
import java.net.URI;
import java.util.Optional;
/**
* Example code calling wheel functions.
*/
public class Salt {
private static final String SALT_API_URL = " http://localhost:8000";
private static final String USER = "saltuser";
private static final String PASSWORD = "saltuser";
public static void main(String[] args) throws SaltException {
// Init the client
SaltClient client = new SaltClient(URI.create(SALT_API_URL));
// List accepted and pending minion keys
WheelResult<Key.Names> keyResults = Key.listAll().callSync(
client, USER, PASSWORD, AuthModule.AUTO);
Key.Names keys = keyResults.getData().getResult();
System.out.println("\n--> Accepted minion keys:\n");
keys.getMinions().forEach(System.out::println);
System.out.println("\n--> Pending minion keys:\n");
keys.getUnacceptedMinions().forEach(System.out::println);
// Generate a new key pair and accept the public key
WheelResult<Key.Pair> genResults = Key.genAccept("new.minion.id", Optional.empty())
.callSync(client, USER, PASSWORD, AuthModule.AUTO);
Key.Pair keyPair = genResults.getData().getResult();
System.out.println("\n--> New key pair:");
System.out.println("\nPUB:\n\n" + keyPair.getPub());
System.out.println("\nPRIV:\n\n" + keyPair.getPriv());
}
}
com.suse.salt.netapi.exception.SaltUserUnauthorizedException: Salt user does not have sufficient permissions
at com.suse.salt.netapi.client.impl.HttpClientConnection.createSaltException(HttpClientConnection.java:217)
at com.suse.salt.netapi.client.impl.HttpClientConnection.executeRequest(HttpClientConnection.java:204)
at com.suse.salt.netapi.client.impl.HttpClientConnection.request(HttpClientConnection.java:85)
at com.suse.salt.netapi.client.impl.HttpClientConnection.getResult(HttpClientConnection.java:73)
尽管使用了sahama的答案中解释的登录端点,我还是遇到了同样的问题。我通过显式地设置
"eauth": "pam"
来解决这个问题。我的请求现在是这样的:因为你没有经过身份验证,所以你得到了未经授权的401。在
根据本页salt.netapi.rest_cherrypy 首先,您必须请求登录URL并获得访问令牌,然后您可以通过该令牌访问其他功能。在
如果你需要的话我会解释更多。在
编辑:更多解释:
通过curl请求示例:
通过这个curl命令发送这个请求
^{pr2}$回应你
您可以在其中看到token“token”:“6d1b722e”
现在你可以发送你的请求包含令牌解释为认证令牌。在
编辑2:
请记住,您使用pam进行身份验证,这意味着您的操作系统中必须有相同的用户 编辑3:
在not work中使用这个最小的con作为salt api conf
相关问题 更多 >
编程相关推荐