On vsm1, add ssl tocentOS-6.5. SSL helps to encrypt the password before you send packages(maybeincluding the package) through theinternet.
Since we alreadyinstalled the vsm, so apache2(httpd) wasinstalled.
Step 1: config yum reposource
[root@vsm1 opt]# cat/etc/yum.repos.d/total.repo
[total]
name=total
baseurl=http://10.239.82.94/total/
gpgcheck=0
enabled=1
proxy=_none_
Step 2:
# yum makecache
Step 3: install mod_ssl
# yum installmod_ssl
Step 4:
# copyroot@jiyou-test-controller:/opt/vsmceph/source/vsm-deploy/keys to dest host.
Step 5:
# cd /opt/keys/
# ./exp_key generatekey file
# cp -rf server.keyserver.key.secure
# ./exp_sec avoidtyping password
# ./exp_csr generate request file
# ./exp_crt generate certificate file
Step 6:
Edit/etc/httpd/conf.d/ssl.conf
SSLCertificateKeyFile/opt/keys/server.key
Listen 443
SSLEngine on
SSLCertificateFile/opt/keys/server.crt
LoadModulessl_module modules/mod_ssl.so
Step 7: In file/etc/httpd/conf/httpd.conf, find lines with 80. then comment them out
You can check bycat /etc/httpd/conf/httpd.conf | grep -v"#" | grep 80. expect no output.
step8:restart httpd
service httpd restart
Step9: in thebrowser, type in "https://192.168.0.1/dashboard"
notice https, not http
Before the address,there is a lock, click it, you will see the certificate information.
配好ssl后,配置plink.
创建sqlrabkey_443.bat文件,内容如下:
plink.exe -N -L 443:10.239.131.212:443 jiyou@10.239.131.155 -pw zaq12wsx
其中包含的脚本:
exp_key:
#!/usr/bin/expect -f
#penssl genrsa -des3 -out server.key 1024
#Enter pass phrase for server.key:
#Verifying - Enter pass phrase for server.key:
spawn openssl genrsa -des3 -out server.key 1024
expect "Enter pass phrase for server.key:"
send "zaq12wsx\r"
expect "Verifying - Enter pass phrase for server.key:"
send "zaq12wsx\r"
expect eof
exp_crt:
#!/usr/bin/expect -f
#openssl x509 -req -days 7000 -in server.csr -signkey server.key -out server.crt
#Enter pass phrase for server.key:
#Verifying - Enter pass phrase for server.key:
spawn openssl x509 -req -days 7000 -in server.csr -signkey server.key -out server.crt
expect "Enter pass phrase for server.key:"
send "zaq12wsx\r"
expect eof
exp_csr:
#!/usr/bin/expect -f
#openssl req -new -key server.key -out server.csr
#Enter pass phrase for server.key:
#Country Name (2 letter code) [XX]:cn
#State or Province Name (full name) []:intel
#Locality Name (eg, city) [Default City]:it
#Organization Name (eg, company) [Default Company Ltd]:flex
#Organizational Unit Name (eg, section) []:cn
#Common Name (eg, your name or your server's hostname) []:intel
#Email Address []:intel@intel.com
#Please enter the following 'extra' attributes
#to be sent with your certificate request
#A challenge password []:zaq12wsx
#An optional company name []:intel
spawn openssl req -new -key server.key -out server.csr
expect "Enter pass phrase for server.key:"
send "zaq12wsx\r"
expect "Country Name*:"
send "CC\r"
expect "State or Province Name*:"
send "some\r"
expect "Locality Name*:"
send "ceph\r"
expect "Organization Name*:"
send "opensource\r"
expect "Organizational Unit Name*:"
send "storage\r"
expect "Common Name*:"
send "vsm\r"
expect "Email Address*:"
send "ceph@storage.com\r"
expect "A challenge password*:"
send "zaq12wsx\r"
expect "An optional company name*:"
send "cephsystem\r"
expect eof
exp_sec:
#!/usr/bin/expect -f
#openssl rsa -in server.key.secure -out server.key
#Enter pass phrase for server.key.secure:
#writing RSA key
spawn openssl rsa -in server.key.secure -out server.key
expect "Enter pass phrase for server.key.secure:"
send "zaq12wsx\r"
expect eof