Red Hat Summit第3章 Authenticating API Calls
Interaction with the Satellite API requires SSL authentication with Satellite Server CA certificate and authentication with valid Satellite user credentials. This chapter outlines the authenticating methods you can use.
3.1. SSL Authentication Overview
Red Hat Satellite uses HTTPS, which provides a degree of encryption and identity verification when communicating with a Red Hat Satellite Server. Satellite 6.8 does not support non-SSL communications.
Each Red Hat Satellite Server uses a self-signed certificate. This certificate acts as both the server certificate to verify the encryption key and the certificate authority (CA) to trust the identity of Satellite Server.
3.1.1. Configuring SSL Authentication
Use the following procedure to configure an SSL authentication for the API requests to Satellite Server.
Procedure
Obtain a certificate from the Satellite Server with which you want to communicate using one of the following options:
If you execute the command from a remote server, obtain a certificate using SSH:
scp root@satellite.example.com:/var/www/html/pub/katello-server-ca.crt ./
$ scp root@satellite.example.com:/var/www/html/pub/katello-server-ca.crt ./Copy to Clipboard Copied! Toggle word wrap Toggle overflow If you execute the command directly on the Satellite Server, copy the certificate to the current directory:
cp /var/www/html/pub/katello-server-ca.crt ./
$ cp /var/www/html/pub/katello-server-ca.crt ./Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Use the API request with the
--cacert katello-server-ca.crtoption to verify the identity of the Satellite Server:Copy to Clipboard Copied! Toggle word wrap Toggle overflow Create a Network Security Services (NSS) database to store the
katello-server-ca.crtcertificate:certutil -N -d sql:$HOME/.pki/nssdb
$ certutil -N -d sql:$HOME/.pki/nssdbCopy to Clipboard Copied! Toggle word wrap Toggle overflow Permanently include the certificate in the NSS database:
certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "Red Hat Satellite" \ -i katello-server-ca.crt
$ certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "Red Hat Satellite" \ -i katello-server-ca.crtCopy to Clipboard Copied! Toggle word wrap Toggle overflow Verify that the certificate is present in the NSS database by entering the API request without the
--cacertoption:curl --request GET \ --user sat_username:sat_password \ https://satellite.example.com/api/v2/hosts
$ curl --request GET \ --user sat_username:sat_password \ https://satellite.example.com/api/v2/hostsCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}