Install and configure the func unified network controller

Source: Internet
Author: User
Tags ssl certificate certmaster

Func is the unified network controller of the red hat company Fedora platform.

FuncFedora UnifiedNetwork Controller https://fedorahosted.org/func), designed to solve this series of unified management and monitoring issues and developed the basic framework of system management. Tools that can effectively simplify the management of multi-server systems are easy to learn, easy to use, easy to expand, and powerful.

Func has the following features:

1. Func can manage any number of server groups at a time on the master machine.

2. Func has established a Master-Slaves Master-slave SSL Certificate Control System Based on Certmasterhttps: // fedorahosted.org/certmaster/) to automatically distribute certificates to all controlled servers.

3. the Func command line can directly send remote commands or obtain data remotely.

4. Func developers have developed most common task modules, it includes the command execution module, file transmission module, IPtables module, view hardware information module, Mount module, process module, service module, and restart system module.

5. You can easily compile the extension module through the Python API provided by Func to implement specific function extension. In addition, any work that can be done by the Func command line can be implemented through API programming.

6. Func communication is based on XMLRPC and SSL standard protocols.


System: Master: centos 5.8x86

Minion: centos 6.3x86

Configure the hosts file so that the master and minions can parse each other.

Func Installation

1. Master control side configuration

1. Install the epel yum source released by fedora,

Rpm-Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

If it fails, you can download your own version from here.

Http://fedoraproject.org/wiki/EPEL

2. Install func

Func is based on certmaster. It will be installed together in the epel source. When I install it here, I will prompt python-simplejson, I searched one on the Internet (if your source has one, you don't need to download it)

Wget ftp://ftp.pbone.net/mirror/ftp.centos.org/5.9/ OS /i386/CentOS/python-simplejson-2.0.9-8.el5.i386.rpm

Rpm-ivh python-simplejson-2.0.9-8.el5.i386.rpm

Yum install func

3. Configure certmaster

Vi/etc/certmaster. conf

# Configuration for certmasterd and certmaster-ca


[Main]

Autosign = no

Listen_addr = 192.168.15.188 # Listen to the IP address, or do not write

Listen_port = 51235 # listener port, defined by yourself

Cadir =/etc/pki/certmaster/ca

Cert_dir =/etc/pki/certmaster

Certroot =/var/lib/certmaster/certs

Csrroot =/var/lib/certmaster/csrs

Cert_extension = cert

Sync_certs = False

######################################## #######################


4. iptables allows you to start the certmaster service.

# Func

/Sbin/iptables-a input-s 192.168.15.183-p tcp -- dport 51235-j ACCEPT

/Sbin/iptables-a input-s 192.168.1.200-p tcp -- dport 51235-j ACCEPT

Note: The Master server starts the certmaster service and the control server starts the funcd service.

#/Etc/init. d/certmaster start


2 minionControlled end

1. Install epel

Version 5

Wgethttp: // mirrors.yun-idc.com/epel/5/ I #/epel-release-5-4.noarch.rpm

Rpm-ivh epel-release-5-4.noarch.rpm


Version 6

Rpm-Uvh http://mirrors.yun-idc.com/epel/6/i386/epel-release-6-8.noarch.rpm


2. Install func

Similarly, if this package is still missing, it should be less than 5.5 or below.] If your system does not report an error or missing, you can skip this step.

Wget ftp://ftp.pbone.net/mirror/ftp.centos.org/5.9/ OS /i386/CentOS/python-simplejson-2.0.9-8.el5.i386.rpm

Rpm-ivh python-simplejson-2.0.9-8.el5.i386.rpm

Yum install func


3. Mini-ons client Configuration

Vi/etc/func/minion. conf

# Configuration for minions


[Main]

Log_level = INFO # The default log level is debug.

Acl_dir =/etc/func/minion-acl.d


Listen_addr =

Listen_port = 51234 # default port monitored by the host

Minion_name =

Method_log_dir =/var/log/func/methods/


The minion listener address can be configured here. In the/etc/func/minion. conf file, this listener port is used to respond to commands sent by the master. This modification must be completed before the certificate is applied. We do not recommend that you modify the port because you do not know more about it. Retain the default port 51234 .]


Associated configuration with certmaster

Vi/etc/certmaster/minion. conf

# Configuration for minions


[Main]

Certmaster = server.puppet.com # configure the master Address or master host name to be able to parse each other]

Certmaster_port = 51235 # server listening port

Log_level = DEBUG

Cert_dir =/etc/pki/certmaster


4. Start the funcd Service

/Sbin/iptables-a input-s 192.168.15.188-p tcp -- dport 51234-j ACCEPT # Allow the master to access minions

/Etc/init. d/funcd start

After the service is started, it will automatically submit a certificate application to the master server

If the service is successfully started, no error will be reported. If any error is reported, it will be in the log/var/log/func. log,


Note: When the master connects to minions, the minions must be listened on the same port.

Funcd's listening port can be configured in/etc/func/minion. conf inthe listen_port option.

Overlord's will also check this file and setting todetermine which ports to connect to the minions with. Note that currentlyoverlord requires all minions to be listening on the same port.


If no error is reported, you can sign the certificate in step 3.


3.Certificate Signing and Verification

1. master server

Certmaster-ca-l view certificate requests

Certmaster-ca-s hostname signs the certificate. This hostname is listed in-l) signs the certificate for the client.

Certmaster-ca -- list-signed check which certificates have been signed

2. the above operations can be seen in the log. The involved logs include:

/Var/log/certmaster /*

/Var/log/func /*

3. Use the master end of the simple example)

1. List the number of minions

[Root @ Master_station ~] # Func "*" list_minions

Myvmware_station.example.com

Myvmware_station2.example.com

2. check whether all minions are online.

[Root @ Master_station ~] # Func "*" ping

[OK...] myvmware_station.example.com

[OK...] myvmware_station2.example.com

3. [root @ server ~] # Func "myvmware_station2.example.com" call cpu usage

If data is returned, the installation is normal. For more information about the syntax, see.

4. Run funcd -- list-modules on the master side to view the existing modules.

4. Command example

You can use regular expression matching to list multiple operation objects separated by semicolons]

View existing modules

Funcd -- list-modules

View the list of minions hosts

Func "*" list_minions

Copy an object [copy to the remote end]

Func "myvmware_statio *" copyfile-f/tmp/check_disk.sh -- remotepath =/tmp/file1


Determine whether a file exists

Func "myvmware_statio *" call command exists/tmp/file1


Execute scripts

Func "myvmware_statio *" call command run "/tmp/file1"


Delete temporary files used

Func "myvmware_statio *" call command run "rm/tmp/file1"



This article from "Liu Yuan's blog" blog, please be sure to keep this source http://colynn.blog.51cto.com/5971950/1303808

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.