Func

introduce

以下内容部分转自知道分子的BLOG

我们经常需要编写内容重复的脚本,使用大同小异的正则表达式,解析花样百出的各种命令输出。我们为了实现操作审计,建立了命令行监控系统,但实际上只能起到事后追查责任的作用。我们想要监控所有新增系统,但完全依靠人执行的制度流程,难免会出现疏漏。

这 些令系统管理员头疼不已的问题,可能已经有了终极解决方案。Red Hat 最近正式发布的 Fedora 统一网络控制器 Func(Fedora Unified Network Controller https://fedorahosted.org/func),就是为了解决这一系列统一管理监控问题,而设计开发的系统管理基础框架。

Func 有一个长长的功能特性列表,大致要点如下:

• Func 可以让你在主控机上一次管理任意多台服务器,或任意多个服务器组。 • Func 基于 Certmaster(https://fedorahosted.org/certmaster/)建立了 Master - Slaves 主从 SSL 证书管控体系,可以将证书自动分发到所有受控服务器。新装服务器也可以在 Kickstart 文件中自动安装 Func,自动注册到主控服务器。 • Func 命令行可以直接发送远程命令或者远程获取数据。 • Func 开发者已经完成了大多数常用任务模块的开发: CommandModule、FileTrackerModule、JBossModule、IPtablesModule、HardwareModule、MountModule、NagiosCheck、NetappModule、 NetworkTest、ProcessModule、ServiceModule、SysctlModule、RebootModule、 RpmModule、VirtModule、YumModule 等等,这些模块的作用都可以顾名思义,或者参考: https://fedorahosted.org/func/wiki/ModulesList 。 • 任何人都可以通过 Func 提供的 Python API 轻松编写自己的模块,以实现具体功能扩展。而且任何 Func 命令行能完成的工作,都能通过 API 编程实现。 • Func 通讯基于 XMLRPC 和 SSL 标准协议。

Install

以下安装方法转自官网,测试OK!

InstallAndSetupGuide

Establish The Master

1. Install the “func” package on your master control machine. This is included in Fedora and EPEL for your favorite platform (see GetReleases). For other distros, you may want to rebuild from the source RPM see GetReleases for those instructions as well. This will automatically pull in the required package certmaster which handles certificate distribution. Certmaster is also packaged in Fedora and EPEL, just like Func. Certmaster has it's own setup instructions, but you really should only need this document. For completeness, they are here.

yum install func

If you want, edit /etc/certmaster/certmaster.conf to enable auto-signing. It is off by default. You should not have to change any other settings here.

2. Engage the certmaster service, which hands out certificates to the machines you will manage:

/sbin/chkconfig --level 345 certmaster on
/sbin/service certmaster start

Ready The Minions

1. Install the “func” package on all the machines you want to manage. This would be a good thing to add to all of your kickstart files.

yum install func

2. Edit /etc/certmaster/minion.conf to specify which certmaster they will get certificates from.

[main]
certmaster = yourcertmaster.example.org
log_level = DEBUG
cert_dir = /etc/pki/certmaster

3. Enable and run the the funcd service:

/sbin/chkconfig --level 345 funcd on
/sbin/service funcd start

4. On your certmaster system run:

certmaster-ca --list

then sign keys for the systems you want

certmaster-ca --sign hostname

If you have turned on autosigning, this will be done automatically.

Usage

func “*” call hardware info #运行报错的话因为缺少smolt支持

解决方法

func "*" call command run "yum -y install smolt"
func "*" call command run "yum -y install smolt-server"
func "*" call service start haldaemon
#执行后返回值为0,则为正常运行.
func "*" call command exists /sbin/ifconfig  #确认文件是否存在
func "*.example.org" copyfile --file=/tmp/foo --remotepath=/tmp/foo  #复制文件到各远程服务器
func "*" call networktest isportopen localhost 80  #确认80端口是否开放

重新注册管理客户端

在管理服务器端,删除目录上服务器的证书
/var/lib/certmaster/certmaster/certs
 
客户端重新启动服务注册到管理服务器
service funcd restart

组管理

cat /etc/func/groups

[demogroupA]
host = area94101.mobcon.inside; area94102.mobcon.inside; jack94056.mobcon.inside

[groupA]
host = area90101.mobcon.inside; area90102.mobcon.inside; area90103.mobcon.inside

使い方

func @groupA ping

timeout setting

/usr/local/lib/python2.7/site-packages/func/overlord/client.py

#override in /etc/func/overlord.conf.
DEFAULT_TIMEOUT = None

需要修改client.py文件

/var/lib/openshift/bccd8eac1968476490eaee9ced33c7bf/app-root/runtime/repo/php/data/pages/func.txt · 最后更改: 2012/12/14 02:42 由 admin
到顶部
CC Attribution-Noncommercial-Share Alike 3.0 Unported
chimeric.de = chi`s home Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0