Simple Architecture Diagram?

Discussion:

Joel Krauska

2011-02-10 21:21:58 UTC

Can someone throw together a simple diagram explaining how func should
be setup?

Questions I have that a nice diagram would explain in 10 seconds:

- Does certmaster daemon need to be running on minions and the overlord
or just the overlord?

- Does funcd daemon need to be running on minions and the overlord or
just the minions?

Re: Configs:

I put the hostname of the overlord in the /etc/certmaster/minion.conf on
a minon, but how else do I signal to funcd who's supposed to be acting
as a minion and who's supposed to be acting as an overlord?

Any help here?

Much thanks,

Joel

Greg Swift

2011-02-10 22:55:36 UTC

Permalink

I don't know that I can do a diagram for you at the moment, but i can try

Can someone throw together a simple diagram explaining how func should be
setup?
- Does certmaster daemon need to be running on minions and the overlord or
just the overlord?

Short Answer: certmaster should only be running on overlord(s).

Long Answer that you can ignore if 1 overlord is enough for you: You can
have multiple levels deep via delegation, meaning that several overlords can
act as minions of a higher overlord. However at this point I do not suggest
more than 2 level of overlords deep based on my current experiences (and if
anyone is doing so please contact me, I'd love to talk!)

- Does funcd daemon need to be running on minions and the overlord or just
the minions?

Short answer: funcd only runs on minions.

Long Answer that you can ignore if 1 overlord is enough for you: If you use
delegation then then any overlord that reports back to another overlord
should be running both certmaster and funcd. It acts as a minion to the
higher overlord (thus funcd), and an overlord to its minions (thus
certmaster).

I put the hostname of the overlord in the /etc/certmaster/minion.conf on a
minon, but how else do I signal to funcd who's supposed to be acting as a
minion and who's supposed to be acting as an overlord?

Your overlord is running certmaster, and its name is placed as the
certmaster in /etc/certmaster/minion.conf on all of its minions. that is
all you should have to do to assign the relationship. To make it function
you must either enable autosign or manually sign the certificate requests.
The InstallAndSetupGuide shows you the individual commands.
https://fedorahosted.org/func/wiki/InstallAndSetupGuide

If you have a fairly flat network with minimal WAN attached systems that you
are attempting to control you are probably good without delegation, so as I
suggested above, ignore those statements.

does this help?

-greg

Joel Krauska

2011-02-10 23:17:22 UTC

Permalink

Post by Greg Swift
does this help?

Sure.

So here's where I'm at:

The overlord host is running certmaster.

The minion host is running funcd.

func "*" check
and
func "*" ping
and
func "*" list_minions

all return nothing...

For that matter,
func "hello" ping
and
func "*" isthisthingon

also return nothing..

There doesn't appear to be a verbose or debug option to pass to see
what's going on beneath...

None of the imports appear to be failing...

func -h
gives usage help..

certmaster-ca --list-signed
is showing the minion hostname I signed...

I feel close..

Help?

Joel Krauska

2011-02-11 00:11:15 UTC

Permalink

More debugging..

python

import func.overlord.client as fc
import func.utils as utils
info = fc.Overlord("*").smart.info()
info

{'HOSTNAMEFOO': ['REMOTE_ERROR',
'func.minion.codes.ModuleNotFoundException', '', ' File
"/usr/local/lib/python2.6/dist-packages/func/minion/server.py", line
316, in _dispatch\n return
self.get_dispatch_method(method)(*params)\n File
"/usr/local/lib/python2.6/dist-packages/func/minion/server.py", line
160, in get_dispatch_method\n raise codes.ModuleNotFoundException\n'],

'HOSTNAMEFUM': ['REMOTE_ERROR',
'func.minion.codes.ModuleNotFoundException', '', ' File
"/usr/local/lib/python2.6/dist-packages/func/minion/server.py", line
316, in _dispatch\n return
self.get_dispatch_method(method)(*params)\n File
"/usr/local/lib/python2.6/dist-packages/func/minion/server.py", line
160, in get_dispatch_method\n raise codes.ModuleNotFoundException\n'],

'HOSTNAMETHREE': ['REMOTE_ERROR', 'socket.error', '[Errno 111]
Connection refused', ' File
"/usr/local/lib/python2.6/dist-packages/func/overlord/client.py", line
861, in process_server\n retval = getattr(conn, meth)(*args[:])\n
File "/usr/lib/python2.6/xmlrpclib.py", line 1199, in __call__\n
return self.__send(self.__name, args)\n File
"/usr/lib/python2.6/xmlrpclib.py", line 1489, in __request\n
verbose=self.__verbose\n File "/usr/lib/python2.6/xmlrpclib.py", line
1235, in request\n self.send_content(h, request_body)\n File
"/usr/lib/python2.6/xmlrpclib.py", line 1349, in send_content\n
connection.endheaders()\n File "/usr/lib/python2.6/httplib.py", line
904, in endheaders\n self._send_output()\n File
"/usr/lib/python2.6/httplib.py", line 776, in _send_output\n
self.send(msg)\n File "/usr/lib/python2.6/httplib.py", line 735, in
send\n self.connect()\n File
"/usr/local/lib/python2.6/dist-packages/certmaster/SSLCommon.py", line
109, in connect\n self.sock.connect((self.host, self.port))\n File
"<string>", line 1, in connect\n']}

server.py exists on both minon and overlord..

md5sum
9087810c02a8065fd949ebff8e14873a
/usr/local/lib/python2.6/dist-packages/func/minion/server.py

Why don't REMOTE_ERRORs float up to the cli?

Any help debugging this?

--Joel

seth vidal

2011-02-25 21:03:50 UTC

Permalink

Post by Joel Krauska
More debugging..
python

import func.overlord.client as fc
import func.utils as utils
info = fc.Overlord("*").smart.info()
info

smart.info couldn't be found on the minion

Post by Joel Krauska
'HOSTNAMEFUM': ['REMOTE_ERROR',
'func.minion.codes.ModuleNotFoundException', '', ' File
"/usr/local/lib/python2.6/dist-packages/func/minion/server.py", line
316, in _dispatch\n return
self.get_dispatch_method(method)(*params)\n File
"/usr/local/lib/python2.6/dist-packages/func/minion/server.py", line
160, in get_dispatch_method\n raise codes.ModuleNotFoundException\n'],

ditto above.

Post by Joel Krauska
'HOSTNAMETHREE': ['REMOTE_ERROR', 'socket.error', '[Errno 111]
Connection refused', ' File
"/usr/local/lib/python2.6/dist-packages/func/overlord/client.py", line
861, in process_server\n retval = getattr(conn, meth)(*args[:])\n
File "/usr/lib/python2.6/xmlrpclib.py", line 1199, in __call__\n
return self.__send(self.__name, args)\n File
"/usr/lib/python2.6/xmlrpclib.py", line 1489, in __request\n
verbose=self.__verbose\n File "/usr/lib/python2.6/xmlrpclib.py", line
1235, in request\n self.send_content(h, request_body)\n File
"/usr/lib/python2.6/xmlrpclib.py", line 1349, in send_content\n
connection.endheaders()\n File "/usr/lib/python2.6/httplib.py", line
904, in endheaders\n self._send_output()\n File
"/usr/lib/python2.6/httplib.py", line 776, in _send_output\n
self.send(msg)\n File "/usr/lib/python2.6/httplib.py", line 735, in
send\n self.connect()\n File
"/usr/local/lib/python2.6/dist-packages/certmaster/SSLCommon.py", line
109, in connect\n self.sock.connect((self.host, self.port))\n File
"<string>", line 1, in connect\n']}

couldn't connect to this minion/refused by iptables?

Post by Joel Krauska
server.py exists on both minon and overlord..
md5sum
9087810c02a8065fd949ebff8e14873a
/usr/local/lib/python2.6/dist-packages/func/minion/server.py
Why don't REMOTE_ERRORs float up to the cli?

b/c the cli is kinda weak. That's one of the reasons why I've been doing
more and more work in specific tools rather than the catch-all tool of
'func'.

-sv

Joel Krauska

2011-02-25 21:29:54 UTC

Permalink

The root cause of this was that NO modules were loading because of how
Ubuntu and Centos differ on module paths.

(/local) -- see my other thread.

Post by seth vidal

Post by Joel Krauska
More debugging..
python

import func.overlord.client as fc
import func.utils as utils
info = fc.Overlord("*").smart.info()
info

smart.info couldn't be found on the minion

ditto above.

couldn't connect to this minion/refused by iptables?

b/c the cli is kinda weak. That's one of the reasons why I've been doing
more and more work in specific tools rather than the catch-all tool of
'func'.
-sv

seth vidal

2011-02-25 21:52:24 UTC

Permalink

Post by Joel Krauska
The root cause of this was that NO modules were loading because of how
Ubuntu and Centos differ on module paths.
(/local) -- see my other thread.

changes I checked in yesterday:

funcd --info

and func '*' dump_config

will definitely help you in detecting problems with module loading in
the future.

-sv

Greg Swift

2011-02-11 00:15:00 UTC

Permalink

I'm not at a pc anymore to look up what to suggest, but i would try
using the interactive python shell and see if you are ableto gather
and better view or errors.

You can chec /var/log/funcd.log on the minion or
instead of usingthe service funcd on the minion, stop it, and then
try just running funcd manually. Then run the commands from the
overlord. if there is a cert, or other obvious error it should
display some to the console.

Post by Joel Krauska

Post by Greg Swift
does this help?

Sure.
The overlord host is running certmaster.
The minion host is running funcd.
func "*" check
and
func "*" ping
and
func "*" list_minions
all return nothing...
For that matter,
func "hello" ping
and
func "*" isthisthingon
also return nothing..
There doesn't appear to be a verbose or debug option to pass to see
what's going on beneath...
None of the imports appear to be failing...
func -h
gives usage help..
certmaster-ca --list-signed
is showing the minion hostname I signed...
I feel close..
Help?