修改puppet配置檔案實作自動給用戶端簽名。
1.編輯 /etc/puppet/puppet.conf
添加如下内容:
[master]
autosign=true
autosign = /etc/puppet/autosign.conf
2.再編輯 /etc/puppet/autosign.conf
添加 * 表示所有,或者添加域名,舉例:
*.example.com
3.重新啟動puppetmaster
上面的配置,由于自己的環境存儲一定的問題,自定義的内部域名混亂,未能測試成功
是參考:http://www.mysqlops.com/2011/09/14/puppet-%E4%B8%AD%E6%96%87%E6%8A%80%E5%B7%A7-puppet-%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98.html 而來,不過原文中給出配置puppet.conf的[puppetmaster]節,但是檢視了下puppet使用者手冊,沒發現有這個小節,隻有[master],[main],[agent]等
使用puppet時間不長,最開始還不知道其具有自動認證的機制,打算通過寫第三方監控程式實作。
思路如下:
ubuntu server 12.04環境下,監控/var/lib/puppet/ssl/ca/requests/ 目錄,如果發現有新檔案建立,則執行 puppetca -s -a
python實作:
import os
import time
import pyinotify
from pyinotify import WatchManager, Notifier, ThreadedNotifier, EventsCodes,ProcessEvent
"""
environment:
1.sudo apt-get install python-pyinotify
"""
wm = WatchManager()
mask = pyinotify.IN_CREATE #| pyinotify.IN_DELETE # watched events
class PTmp(ProcessEvent):
def process_IN_CREATE(self, event):
print "Create: %s" % os.path.join(event.path, event.name)
def process_IN_DELETE(self, event):
print "Remove: %s" % os.path.join(event.path, event.name)
notifier = Notifier(wm, PTmp())
wdd = wm.add_watch('/var/lib/puppet/ssl/ca/requests', mask, rec=True)
while True: # loop forever
try:
notifier.process_events()
if notifier.check_events():
# read notified events and enqeue them
notifier.read_events()
print "monitor success!"
rst=popen("puppetca -s -a")
file_object = open('log.txt','a')
try:
file_object.write(time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time())))
file_object.write('\n')
file_object.writelines(rst)
file_object.write('\n')
finally:
file_object.close( )
except KeyboardInterrupt:
# destroy the inotify's instance on this interrupt (stop monitoring)
notifier.stop()
print "Server for Fail Protection Stopped"
break
以上代碼測試過監聽 /etc/test/ 檔案夾,執行 ls -l指令,确認成功
對于puppet認證請求的監聽,未進行測試。
![TestLink導出用例轉換工具(XML2Excel)[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)