使用cfengine来实现服务器的自动化配置(4)-测试新加入一台客户机

5.新加入一台客户机

现在新加入一台客户端机器名centos3 ip 地址 192.168.0.116;

在它上面安装好cfengine,好准备工作:禁用服务,拷贝程序;

要让它能连上服务器的cfservd,那么必须在服务器上添加它的dns记录,在服务器上

#Vi /etc/hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1               centos1 localhost.localdomain localhost

::1             localhost6.localdomain6 localhost6

192.168.0.115   centos2.yahoon.org

192.168.0.116   centos3.yahoon.org 加上粗体的这行.

然后从centos2上拷贝update.conf到新客户端上,当然是使用sftp是最快的

先切换到inputs目录下

cd /var/cfengine/inputs

运行sftp(过程如下:粗体部分是输入的命令)

sftp 192.168.0.115

Connecting to 192.168.0.115…

The authenticity of host ‘192.168.0.115 (192.168.0.115)’ can’t be established.

RSA key fingerprint is 62:ef:31:0b:ee:89:74:f8:94:4d:ec:11:ee:fa:18:79.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘192.168.0.115’ (RSA) to the list of known hosts.

root@192.168.0.115’s password: 输入115的密码

sftp> cd /var/cfengine/inputs

sftp> dir

cfagent.conf             cfagent.conf.cfsaved     cfservd.conf             update.conf             

sftp> get update.conf

Fetching /var/cfengine/inputs/update.conf to update.conf

/var/cfengine/inputs/update.conf                      100% 774     0.8KB/s   00:00   

sftp> bye

现在就可以测试运行了

[root@centos3 inputs]# cfagent -v -n

输出报错

Checking copy from 192.168.0.114:/masterfile/inputs to /var/cfengine/inputs

Connect to 192.168.0.114 = 192.168.0.114 on port 5308

cfengine:centos3: BAD: keys did not match

cfengine:centos3: Authentication dialogue with 192.168.0.114 failed

cfengine:centos3: Unable to establish connection with 192.168.0.114 (failover)

看来是key的问题, 从服务器和客户端上删掉相关的公钥文件(/var/cfengine/ppkeys目录下)

服务器上删掉root-192.168.0.116.pub

客户端上删掉root-192.168.0.114.pub

重新执行cfagent –v –n

Checking copy from 192.168.0.114:/masterfile/inputs to /var/cfengine/inputs

Connect to 192.168.0.114 = 192.168.0.114 on port 5308

cfengine:centos3: Trusting server identity and willing to accept key from 192.168.0.114=192.168.0.114

Saving public key /var/cfengine/ppkeys/root-192.168.0.114.pub

cfengine:centos3: /var/cfengine/inputs/cfagent.conf wasn’t at destination (copying)

cfengine:centos3: Copying from 192.168.0.114:/masterfile/inputs/cfagent.conf

cfengine:centos3: Object /var/cfengine/inputs/cfagent.conf had permission 600, changed it to 700

cfengine:centos3: Object /var/cfengine/inputs had permission 755, changed it to 700

Performance(Copy(192.168.0.114:/masterfile/inputs > /var/cfengine/inputs)): time=0.4462 secs, av=0.4462 +/- 0.0316

Saving the setuid log in /var/cfengine/cfagent.centos3.log

运行成功!

接下来的工作就又很简单了,加入启动项,加入crontab等.

从加入第二台机器的排错过程,我们可以看到,在cfservd建立连接的时候,有一个交换key的过程

一般在安装好了后在/var/ppkey的目录下已经有了localhost.priv和localhost.pub

上面所说的客户端115连到服务器114的过程就是:

115将自己的localhost.pub给114,

114将其改名为root-192.168.0.115.pub;

同样:114将自己的localhost.pub给115,

115将其改名为root-192.168.0.114.pub

不信的话可以查看115上的localhost.pub与114上的root-192.168.0.115.pub,内容是一样的。

小结:

要跟cfservd建立连接需要两个过程:首先是交换和验证公钥(如果是第一次连接没有对方的公钥就要交换,以后的连接就只需要验证就可以了),然后是服务器对客户机做DNS反向查询(文档里面说的是两次)