修改puppet配置文件实现自动给客户端签名。
1.编辑 /etc/puppet/puppet.conf
添加如下内容:
[master]
autosign=true
autosign = /etc/puppet/autosign.conf
2.再编辑 /etc/puppet/autosign.conf
添加 * 表示所有,或者添加域名,举例:
*.example.com
3.重新启动puppetmaster
上面的配置,由于自己的环境存储一定的问题,自定义的内部域名混乱,未能测试成功
是参考:http://www.mysqlops.com/2011/09/14/puppet-%E4%B8%AD%E6%96%87%E6%8A%80%E5%B7%A7-puppet-%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98.html 而来,不过原文中给出配置puppet.conf的[puppetmaster]节,但是查看了下puppet用户手册,没发现有这个小节,只有[master],[main],[agent]等
使用puppet时间不长,最开始还不知道其具有自动认证的机制,打算通过写第三方监控程序实现。
思路如下:
ubuntu server 12.04环境下,监控/var/lib/puppet/ssl/ca/requests/ 目录,如果发现有新文件创建,则执行 puppetca -s -a
python实现:
import os
import time
import pyinotify
from pyinotify import WatchManager, Notifier, ThreadedNotifier, EventsCodes,ProcessEvent
"""
environment:
1.sudo apt-get install python-pyinotify
"""
wm = WatchManager()
mask = pyinotify.IN_CREATE #| pyinotify.IN_DELETE # watched events
class PTmp(ProcessEvent):
def process_IN_CREATE(self, event):
print "Create: %s" % os.path.join(event.path, event.name)
def process_IN_DELETE(self, event):
print "Remove: %s" % os.path.join(event.path, event.name)
notifier = Notifier(wm, PTmp())
wdd = wm.add_watch('/var/lib/puppet/ssl/ca/requests', mask, rec=True)
while True: # loop forever
try:
notifier.process_events()
if notifier.check_events():
# read notified events and enqeue them
notifier.read_events()
print "monitor success!"
rst=popen("puppetca -s -a")
file_object = open('log.txt','a')
try:
file_object.write(time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(time.time())))
file_object.write('\n')
file_object.writelines(rst)
file_object.write('\n')
finally:
file_object.close( )
except KeyboardInterrupt:
# destroy the inotify's instance on this interrupt (stop monitoring)
notifier.stop()
print "Server for Fail Protection Stopped"
break
以上代码测试过监听 /etc/test/ 文件夹,执行 ls -l命令,确认成功
对于puppet认证请求的监听,未进行测试。
![TestLink导出用例转换工具(XML2Excel)[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)