CentOS 7
Sponsored Link

Func : Install
2016/09/29
 
Install Func (Fedora Unified Network Controller).
It's possible to operate remote servers (called Minion) from an admin server (called Certmaster) by Func.
This example shows to configure on the environment like follows. (possible to set more than 2 Minions, of course)
+----------------------+          |          +----------------------+
| [    Certmaster    ] |10.0.0.30 | 10.0.0.51| [      Minion      ] |
|    dlp.srv.world     +----------+----------+   node01.srv.world   |
|                      |                     |                      |
+----------------------+                     +----------------------+

[1] Install Func on all Node for Certmaster / Minion.
# install from EPEL

[[email protected] ~]#
yum --enablerepo=epel -y install func
[2] Start "certmaster" service on Certmaster Server.
[[email protected] ~]#
systemctl start certmaster

[[email protected] ~]#
systemctl enable certmaster
[3] On Certmaster, If Firewalld is running, allow ports like follows.
[[email protected] ~]#
firewall-cmd --add-port=51235/tcp --permanent

success
[[email protected] ~]#
firewall-cmd --reload

success
[4] Start funcd service on Minion Server. Configure Certmaster Server,too as a Minion.
[[email protected] ~]#
vi /etc/certmaster/minion.conf
# configuration for minions
[main]
# Certmaster's hostname or IP address

certmaster =
dlp.srv.world

certmaster_port = 51235
log_level = DEBUG
cert_dir = /etc/pki/certmaster
[[email protected] ~]#
systemctl start funcd

[[email protected] ~]#
systemctl enable funcd
[5] On Minion Server, if Firewalld is running, allow ports like follows.
[[email protected] ~]#
firewall-cmd --add-port=51234/tcp --permanent

success
[[email protected] ~]#
firewall-cmd --reload

success
[6] When Funcd initially starts on Minion, it needs to sign to certificates for Minion like follows.
# show requests

[[email protected] ~]#
certmaster-ca --list

dlp.srv.world
node01.srv.world
# sign to them

[[email protected] ~]#
certmaster-ca --sign dlp.srv.world

/var/lib/certmaster/certmaster/csrs/dlp.srv.world.csr signed - cert located at /var/lib/certmaster/certmaster/certs/dlp.srv.world.cert
[[email protected] ~]#
certmaster-ca --sign node01.srv.world

/var/lib/certmaster/certmaster/csrs/node01.srv.world.csr signed - cert located at /var/lib/certmaster/certmaster/certs/node01.srv.world.cert
# show Minions

[[email protected] ~]#
func "*" list_minions

dlp.srv.world
node01.srv.world