- [Show pagesource]
- [Old revisions]
- [[unknown link type]]
- []
Table of Contents
Predpekli (Void)
gpg --recv-key 7638D0442B90D010 --keyserver key.ubuntu.com gpg --export 7638D0442B90D010 | apt-key add - apt-get install puppet fail2ban cryptosetup-luks
Ekvivalent watch
while true; do iptables -L -n; sleep 2;clear; done
Client side
1. add puppet to your /etc/hosts
10.0.4.60 puppet puppet.starlab.cz
or
212.20.102.91 puppet puppet.starlab.cz
xen-starlab:~# puppetd --server puppet --test info: Creating a new SSL key for xen-jpcomp.jpcomp.cz info: Caching certificate for ca info: Creating a new SSL certificate request for xen-jpcomp.jpcomp.cz info: Certificate Request fingerprint (md5): AA:A6:EA:69:9A:35:91:C2:EA:8B:CF:B4:70:8E:2E:4B Exiting; no certificate found and waitforcert is disabled
server side
The service seems to be running properly netstat's output - port 8140
tcp 0 0 0.0.0.0:8140 0.0.0.0:* LISTEN 22428/ruby1.8
Hey! We have a new client
root@ibm:~# puppetca --list "xen-jpcomp.jpcomp.cz" (AA:A6:EA:69:9A:35:91:C2:EA:8B:CF:B4:70:8E:2E:4B)
So sign it!
puppetca --sign xen-jpcomp.jpcomp.cz notice: Signed certificate request for xen-jpcomp.jpcomp.cz notice: Removing file Puppet::SSL::CertificateRequest xen-jpcomp.jpcomp.cz at '/path/to.pem'
Client side again
puppetd --server puppet --waitforcert 80 --test
Warning –test doesn't mean 'test', it is a short for:
´onetime´, ´verbose´, ´ignorecache´, ´no-daemonize´, ´no-usecacheonfailure´, ´detailed-exit-codes´, ´no-splay´, and ´show_diff´
Here is the output:
xen-jpcomp:~# puppetd --server puppet --waitforcert 80 --test info: Caching catalog for xen-jpcomp.jpcomp.cz info: Applying configuration version '1413471896' notice: /Stage[main]//File[nrpe_local.cfg]/content: --- /etc/nagios/nrpe_local.cfg 2013-03-09 08:53:33.000000000 +0100 +++ /tmp/puppet-file20141106-21693-vorhz2-0 2014-11-06 20:57:19.823561813 +0100 @@ -1,3 +1,10 @@ -###################################### -# Do any local nrpe configuration here -###################################### +command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10 +command[check_load]=/usr/lib/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 +command[check_disk]=/usr/lib/nagios/plugins/check_disk -w 8% -c 4% +command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z +command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 150 -c 200 +command[check_apt]=/usr/lib/nagios/plugins/check_apt +command[check_linux_raid]=/usr/lib/nagios/plugins/check_linux_raid +command[check_rdiff]=sudo /usr/lib/nagios/plugins/check_backup_storage +command[check_smart]=sudo /usr/lib/nagios/plugins/check_smart +command[check_ipmi]=/usr/lib/nagios/plugins/check_ipmi info: FileBucket adding {md5}19c1c67393a0b6002f4595b535c71cc2 info: /Stage[main]//File[nrpe_local.cfg]: Filebucketed /etc/nagios/nrpe_local.cfg to puppet with sum 19c1c67393a0b6002f4595b535c71cc2 notice: /Stage[main]//File[nrpe_local.cfg]/content: content changed '{md5}19c1c67393a0b6002f4595b535c71cc2' to '{md5}d8116d9a68b755368037d6bc08d3f1db' notice: Finished catalog run in 0.44 seconds
Create a cron job
puppet resource cron puppet-agent ensure=present user=root minute=30 command='/usr/bin/puppet agent --onetime --no-daemonize --splay'
Output:
notice: /Cron[puppet-agent]/ensure: created cron { 'puppet-agent': ensure => 'present', command => '/usr/bin/puppet agent --onetime --no-daemonize --splay', minute => ['30'], target => 'root', user => 'root', }
and the cron line is not system wide, but root's
server:~# crontab -l # HEADER: This file was autogenerated at Thu Nov 06 21:21:15 +0100 2014 by puppet. # HEADER: While it can still be managed manually, it is definitely not recommended. # HEADER: Note particularly that the comments starting with 'Puppet Name' should # HEADER: not be deleted, as doing so could cause duplicate cron jobs. # Puppet Name: puppet-agent 30 * * * * /usr/bin/puppet agent --onetime --no-daemonize --splay
Why cron job instead of daemon? Cron job can sometimes perform better and use less memory.
linux/skoleni/hromadna_bezpecnost.txt · Last modified: 2017/03/22 19:26 by admin