saltstack api wheel模块报错HTTP/1.1 401 Unauthorized

当使用saltstack api调用wheel模块的时候会出现没有权限的报错

[root@ntest1 ~]# curl -k -v https://localhost:8000     -H "Accept: application/x-yaml"      -H "X-Auth-Token: 65198e689eb5e720ce75970a4b10da91dc003211"      -d client='wheel'     -d fun='key.list_all'
* About to connect() to localhost port 8000 (#0)
*   Trying ::1... Connection refused
*   Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 8000 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* subject: O=Default Company Ltd,L=Default City,C=XX
* start date: Feb 15 09:34:13 2016 GMT
* expire date: Feb 14 09:34:13 2017 GMT
* common name: (nil)
* issuer: O=Default Company Ltd,L=Default City,C=XX
> POST / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh3/1.4.2
> Host: localhost:8000
> Accept: application/x-yaml
> X-Auth-Token: 65198e689eb5e720ce75970a4b10da91dc003211
> Content-Length: 29
> Content-Type: application/x-www-form-urlencoded
> 
< HTTP/1.1 401 Unauthorized
< Content-Length: 735
< Access-Control-Expose-Headers: GET, POST
< Access-Control-Allow-Credentials: true
< Vary: Accept-Encoding
< Server: CherryPy/3.2.2
< Allow: GET, HEAD, POST
< Cache-Control: private
< Date: Fri, 05 May 2017 15:16:50 GMT
< Access-Control-Allow-Origin: *
< Content-Type: text/html;charset=utf-8
< Set-Cookie: session_id=65198e689eb5e720ce75970a4b10da91dc003211; expires=Sat, 06 May 2017 01:16:50 GMT; Path=/
< 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta>
    <title>401 Unauthorized</title>
    <style type="text/css">
    #powered_by {
        margin-top: 20px;
        border-top: 2px solid black;
        font-style: italic;
    }
    #traceback {
        color: red;
    }
    </style>
</head>
    <body>
        <h3>401 Unauthorized</h3>
        <p>No permission -- see authorization schemes</p>
        <pre id="traceback"></pre>
    <div id="powered_by">
    <span>Powered by <a href="http://www.cherrypy.org">CherryPy 3.2.2</a></span>
    </div>
    </body>
</html>
* Connection #0 to host localhost left intact
* Closing connection #0

需要修改master的配置对saltapi用户进行授权

[root@test1 ~]# vim /etc/salt/master
external_auth:
  pam:
    saltapi:
      - .*
      - '@wheel'
[root@test1 ~]# /etc/init.d/salt-master restart
Stopping salt-master daemon:                               [  OK  ]
Starting salt-master daemon:                               [  OK  ]

重新执行命令，执行成功

[root@ntest1 ~]# curl -k https://localhost:8000     -H "Accept: application/x-yaml"      -H "X-Auth-Token: bb8bc594d3e9d7de6105046a07c9b2ba619161b2"      -d client='wheel'     -d fun='key.list_all'
return:
- data:
    _stamp: '2017-05-05T15:19:47.532569'
    fun: wheel.key.list_all
    jid: '20170505231946757429'
    return:
      local:
      - master.pem
      - master.pub
      minions:
      - test1.nginxs.net
      - test2.nginxs.net
      - test3.nginxs.net
      - test4.nginxs.net
      minions_denied: []
      minions_pre:
      - test5.nginxs.net
      - test6.nginxs.net
      - test7.nginxs.net
      - test8.nginxs.net
      minions_rejected: []
    success: true
    tag: salt/wheel/20170505231946757429
    user: saltapi
  tag: salt/wheel/20170505231946757429