salt-call --local tls.create_self_signed_cert
default_include: master.d/*.conf
/etc/salt/master.d/api.conf
rest_cherrypy:
host: 0.0.0.0
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/certs/localhost.key
useradd -M -s /sbin/nologin saltapi
echo 'saltapi' | passwd --stdin saltapi
/etc/salt/master.d/auth.conf
external_auth:
pam:
saltapi:
- .*
- '@wheel'
- '@runner'
- '@jobs'
systemctl restart salt-master
systemctl start salt-api
systemctl enable salt-api
curl -sSk https://localhost:8000/login \
-H 'Accept: application/x-yaml' \
-d username=saltapi \
-d password=saltapi \
-d eauth=pam