|
Func : Install
2016/09/29 |
|
Install Func (Fedora Unified Network Controller).
It's possible to operate remote servers (called Minion) from an admin server (called Certmaster) by Func.
This example shows to configure on the environment like follows. (possible to set more than 2 Minions, of course) +----------------------+ | +----------------------+ | [ Certmaster ] |10.0.0.30 | 10.0.0.51| [ Minion ] | | dlp.srv.world +----------+----------+ node01.srv.world | | | | | +----------------------+ +----------------------+ |
| [1] | Install Func on all Node for Certmaster / Minion. |
|
# install from EPEL [root@dlp ~]# yum --enablerepo=epel -y install func
|
| [2] | Start "certmaster" service on Certmaster Server. |
|
[root@dlp ~]# systemctl start certmaster [root@dlp ~]# systemctl enable certmaster
|
| [3] | On Certmaster, If Firewalld is running, allow ports like follows. |
|
[root@dlp ~]# firewall-cmd --add-port=51235/tcp --permanent success [root@dlp ~]# firewall-cmd --reload success |
| [4] | Start funcd service on Minion Server. Configure Certmaster Server,too as a Minion. |
|
[root@node01 ~]#
vi /etc/certmaster/minion.conf
# configuration for minions
[main]
[root@node01 ~]# # Certmaster's hostname or IP address certmaster = dlp.srv.world certmaster_port = 51235 log_level = DEBUG cert_dir = /etc/pki/certmaster systemctl start funcd [root@node01 ~]# systemctl enable funcd
|
| [5] | On Minion Server, if Firewalld is running, allow ports like follows. |
|
[root@node01 ~]# firewall-cmd --add-port=51234/tcp --permanent success [root@node01 ~]# firewall-cmd --reload success |
| [6] | When Funcd initially starts on Minion, it needs to sign to certificates for Minion like follows. |
|
# show requests [root@dlp ~]# certmaster-ca --list dlp.srv.world node01.srv.world # sign to them [root@dlp ~]# certmaster-ca --sign dlp.srv.world /var/lib/certmaster/certmaster/csrs/dlp.srv.world.csr signed - cert located at /var/lib/certmaster/certmaster/certs/dlp.srv.world.cert [root@dlp ~]# certmaster-ca --sign node01.srv.world /var/lib/certmaster/certmaster/csrs/node01.srv.world.csr signed - cert located at /var/lib/certmaster/certmaster/certs/node01.srv.world.cert # show Minions [root@dlp ~]# func "*" list_minions dlp.srv.world node01.srv.world |