CentOS 7
Ads

Func : Install
2016/09/29
 
Install Func (Fedora Unified Network Controller).
It's possible to operate remote servers (called Minion) from an admin server (called Certmaster) by Func.
This example shows to configure on the environment like follows. (possible to set more than 2 Minions, of course)
+----------------------+          |          +----------------------+
| [    Certmaster    ] |10.0.0.30 | 10.0.0.51| [      Minion      ] |
|    dlp.srv.world     +----------+----------+   node01.srv.world   |
|                      |                     |                      |
+----------------------+                     +----------------------+

[1] Install Func on all Node for Certmaster / Minion.
# install from EPEL

[root@dlp ~]#
yum --enablerepo=epel -y install func
[2] Start "certmaster" service on Certmaster Server.
[root@dlp ~]#
systemctl start certmaster

[root@dlp ~]#
systemctl enable certmaster
[3] On Certmaster, If Firewalld is running, allow ports like follows.
[root@dlp ~]#
firewall-cmd --add-port=51235/tcp --permanent

success
[root@dlp ~]#
firewall-cmd --reload

success
[4] Start funcd service on Minion Server. Configure Certmaster Server,too as a Minion.
[root@node01 ~]#
vi /etc/certmaster/minion.conf
# configuration for minions
[main]
# Certmaster's hostname or IP address

certmaster =
dlp.srv.world

certmaster_port = 51235
log_level = DEBUG
cert_dir = /etc/pki/certmaster
[root@node01 ~]#
systemctl start funcd

[root@node01 ~]#
systemctl enable funcd
[5] On Minion Server, if Firewalld is running, allow ports like follows.
[root@node01 ~]#
firewall-cmd --add-port=51234/tcp --permanent

success
[root@node01 ~]#
firewall-cmd --reload

success
[6] When Funcd initially starts on Minion, it needs to sign to certificates for Minion like follows.
# show requests

[root@dlp ~]#
certmaster-ca --list

dlp.srv.world
node01.srv.world
# sign to them

[root@dlp ~]#
certmaster-ca --sign dlp.srv.world

/var/lib/certmaster/certmaster/csrs/dlp.srv.world.csr signed - cert located at /var/lib/certmaster/certmaster/certs/dlp.srv.world.cert
[root@dlp ~]#
certmaster-ca --sign node01.srv.world

/var/lib/certmaster/certmaster/csrs/node01.srv.world.csr signed - cert located at /var/lib/certmaster/certmaster/certs/node01.srv.world.cert
# show Minions

[root@dlp ~]#
func "*" list_minions

dlp.srv.world
node01.srv.world
 
Tweet