1 安装:
环境 Linux hadoop2 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 11:36:42 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
yum install func
或者
安装rpm,包含了依赖。
certmaster-0.28-12.el7.noarch.rpm
func-0.30-8.el7.noarch.rpm
python-simplejson-3.3.3-1.el7.x86_64.rpm
2 配置:
首先要配置主控和被控机器的hosts,使用hostname。
主控:master,被控:minion。master上需要注册所有的minon,我理解minion上只需要配置master即可。
Master:
/etc/certmaster/minion.conf中配置:
[root@hadoop1 certmaster]# more minion.conf
# configuration for minions
[main]
certmaster = 主控机器名
certmaster_port = 51235
log_level = DEBUG
cert_dir = /etc/pki/certmaster启动证书服务:service certmaster start。这里也可以配置certmaster服务的级别,比如开机启动。
Minion:
/etc/certmaster/minion.conf中配置如下:
[root@hadoop1 certmaster]# more minion.conf
# configuration for minions
[main]
certmaster = 主控机器名
certmaster_port = 51235
log_level = DEBUG
cert_dir = /etc/pki/certmaster/etc/func/minion.conf中配置:
# configuration for minions
[main]
log_level = INFO
acl_dir = /etc/func/minion-acl.d
listen_addr =
listen_port = 51234
minion_name = 被控机器名
method_log_dir = /var/log/func/methods/minion上开启func服务。service func start。如果是使用rpm包安装,则没有funcd这个service,可以自己制作service脚本,或者使用命令。
/usr/bin/python /usr/bin/funcd --daemon注意,需要时开启并配置iptables。端口号51234。
iptables -I INPUT -s 192.168.1.20 -p tcp --dport 51234 -j ACCEPT这个未测试。
master上获取请求证书签名的主机清单:
[root@hadoop1 certmaster]# certmaster-ca --list
hadoop2
hadoop4
[root@hadoop1 certmaster]# 使证书签名通过:
[root@hadoop1 certmaster]# certmaster-ca --sign hadoop2
/var/lib/certmaster/certmaster/csrs/hadoop2.csr signed - cert located at /var/lib/certmaster/certmaster/certs/hadoop2.cert
[root@hadoop1 certmaster]# certmaster-ca --sign hadoop4
/var/lib/certmaster/certmaster/csrs/hadoop4.csr signed - cert located at /var/lib/certmaster/certmaster/certs/hadoop4.cert
[root@hadoop1 certmaster]# certmaster-ca --list
No certificates to sign
[root@hadoop1 certmaster]# 还可以使用 certmaster-ca --sign `certmaster-ca --list`。
查看已经完成签名的主机:
[root@hadoop1 certmaster]# func "*" list_minions
hadoop2
hadoop3
hadoop4
[root@hadoop1 certmaster]# 查看已经完成签名的主机。
[root@hadoop1 certmaster]# func "*" list_minions
hadoop2
hadoop3
hadoop4
[root@hadoop1 certmaster]# 删除(注销)主机签名。
[root@hadoop1 certmaster]# certmaster-ca -c hadoop4
Cleaning out /var/lib/certmaster/certmaster/certs/hadoop4.cert for host matching hadoop4
[root@hadoop1 certmaster]# 恢复删除签名的主机:
在minion主机上删除签名证书文件。
[root@hadoop4 certmaster]# pwd
/etc/pki/certmaster
[root@hadoop4 certmaster]# ll
total 16
-rw-------. 1 root root 1367 Aug 5 10:50 ca.cert
-rw-r--r--. 1 root root 1338 Aug 5 10:50 hadoop4.cert
-rw-r--r--. 1 root root 1054 Aug 5 10:50 hadoop4.csr
-rw-------. 1 root root 1704 Aug 5 10:50 hadoop4.pem
[root@hadoop4 certmaster]# rm -fr hadoop4*
[root@hadoop4 certmaster]# 运行/bin/certmaster-request命令,然后重新注册。
[root@hadoop1 certmaster]# certmaster-ca --list
hadoop4
[root@hadoop1 certmaster]# certmaster-ca -s hadoop4
/var/lib/certmaster/certmaster/csrs/hadoop4.csr signed - cert located at /var/lib/certmaster/certmaster/certs/hadoop4.cert
[root@hadoop1 certmaster]# certmaster-ca -l
No certificates to sign
[root@hadoop1 certmaster]# 3 使用func。
命令行调用格式:
func <目标主机> call <module_name模块名> <method_name方法名> <module_args模块参数>
模块:
command:
func "*" call command run 'df -h'
func hadoop3 call command run 'uptime'
func hadoop3 copyfile -f /etc/sysctl.conf --remotepath /etc/sysctl.conf
func hadoop3 call cpu usage
func hadoop3 call cpu usage 10
func hadoop3 call disk usage
func hadoop3 call disk usage /data
func hadoop3 call iptables.port drop_to 53 192.168.0.0/24 udp src
func hadoop3 call iptables drop_from 192.168.0.10
func hadoop3 call hardware info
func hadoop3 call hardware hal_info
func hadoop3 call mount list
func hadoop3 call mount mount /dev/sda3 /data
func hadoop3 call mount umount '/data'
func hadoop3 call process info 'aux'
func hadoop3 call process pkill nginx -9
func hadoop3 call process kill nginx SIGHUP
func hadoop3 call service start nginix
func hadoop3 call sysctl list
func hadoop3 call sysctl get net.nf_conntrack_max
func hadoop3 call sysctl set net.nf_conntrack_max 15449
func -t 3 '*' call --forks='5' --async command run '/usr/bin/uptim'
func -t 3 '*' call --forks='5' --json --async command run '/usr/bin/uptime'
import func.overlord.client as func
client=func.Client('hadoop3')
print client.command.run('free -m')
print client.local.copyfile.send('/etc/sysctl.conf','/tmp/sysctl.conf')
print client.cpu.usage(10)
print client.disk.usage('/dev/sda3')
print client.local.getfile.get('/etc/sysctl.conf','/tmp/')
#print client.iptables.port.drop_to(8080,'192.168.0.123','tcp','dst')
#print client.hardware.info(with_devices=True)
print client.hardware.info()
print client.hardware.hal_info()
print client.mount.list()
#print client.mount.umount('')
#print client.mount.mount('','')
print client.process.info('aux')
print client.process.pkill('nginx','-9')
print client.process.kill('nginx','SIGHUP')
print client.service.start('nginx')
print client.sysctl.list()
#print client.sysctl.get('net.ipv4.icmp_echo_ignore_broadcasts')
#print client.sysctl.set('net.ipv4.tcp_syncookies',1)
4 定制Func模块。
待续。
扫一扫
3293
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
