Generate client private key: Copy 1 openssl genrsa -out server.key 2048 Generate client certificate: Copy 1 openssl req -new -sha256 -x509 -days 3650 -key server.key -out server.crt Certificate application file: Copy 1 openssl req -new -key server.key -out server.csr Generate CA private key Use des3 encryption, and enter a password of more than 4 digits: Copy 1 openssl genrsa -des3 -out ca.key 4096 Generate CA certificate Copy 1 openssl req
Use OpenSSL to issue certificates
Saltstack - SaltAPI
Installation Copy 1 yum -y install salt-api Configuration cat /etc/salt/master.d/api.conf #Configure certificates and ports Copy 1 2 3 4 5 rest_cherrypy: port: 8888 debug: True ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/private/localhost_nopass.key cat /etc/salt/master.d/eauth.conf #Set permissions Copy 1 2 3 4 5 6 external_auth: pam: saltapi: - .* - '@wheel' - '@runner' Add an account Copy 1 2 useradd -M -s /sbin/nologin saltapi echo "saltapi_xxxxxx" | passwd saltapi --stdin Start the service Copy
saltstack--salt command list
Common commands Copy 1 2 3 4 5 6 7 8 9 salt -N 'ceph' test.ping #Test connectivity salt -E '^server10*' test.ping #Regular match connectivity salt -S 192.168.150.101 test.ping #Match and execute based on agent IP address salt -S 192.168.150.0/24 test.ping #Match and execute based on agent IP address salt -N 'ceph' cmd.run 'df -Th' #View disk usage by group salt -N 'ceph' cmd.exec_code python 'import os; print os.system("df -Th")'
Python Coding Standards
Encoding declaration Default is not set to ASCII, can be set to Copy 1 # coding=<encoding name> or Copy 1 2 #!/usr/bin/python # -*- coding: <encoding name> -*- or Copy 1 2 #!/usr/bin/python # coding: utf-8 Code layout Four spaces per indentation, tabs are not recommended, and mixed tabs and spaces are not recommended A single line can be up to 79 characters long, backslashes can be used for line