* BridgeModule -- Allows for simple network bridge management
-------------------------------------------------------------
功能:操作网桥
方法:
list() Returns a dictionary containing the bridges and their connected interfaces.
add_bridge(brname) Creates a new bridge named brname.
add_interface(brname, ifname) Adds interface ifname to bridge brname.
delete_bridge(brname) Deletes bridge brname.
delete_interface(brname, ifname) Removes interface ifname from bridge brname.
add_promisc_bridge(brname, ifname) Creates a new bridge brname, attaches interface ifname to it and sets the MAC address of the connected interface to FE:FF:FF:FF:FF:FF, so traffic can flow freely through the bridge. This is required for use with Xen.
up_bridge(brname) Marks bridge brname and all it's connected interfaces as up.
down_bridge(brname) Marks bridge brname and all it's connected interfaces as down
-------------------------------------------------------------
-------------------------------------------------------------
功能:操作网桥
方法:
list() Returns a dictionary containing the bridges and their connected interfaces.
add_bridge(brname) Creates a new bridge named brname.
add_interface(brname, ifname) Adds interface ifname to bridge brname.
delete_bridge(brname) Deletes bridge brname.
delete_interface(brname, ifname) Removes interface ifname from bridge brname.
add_promisc_bridge(brname, ifname) Creates a new bridge brname, attaches interface ifname to it and sets the MAC address of the connected interface to FE:FF:FF:FF:FF:FF, so traffic can flow freely through the bridge. This is required for use with Xen.
up_bridge(brname) Marks bridge brname and all it's connected interfaces as up.
down_bridge(brname) Marks bridge brname and all it's connected interfaces as down
-------------------------------------------------------------
一、故障现象
1、在客户端安装好func及certmaster,配好certmaster参数。
2、service funcd start,端口及进程都起来了。
3、在certmaster server 运行certmaster-ca --list死活看不到客户端的主机名。
排查过程
1、将certmaster的主机名换成IP,无效。
2、更新客户端的func及certmaster版本,无效。
3、运行/usr/bin/certmaster-request,提示:socket.error: (111, 'Connection refused'),将certmaster修改成localhost就正常了。原因可以就在这里,因为certmaster是双向的,发现在/etc/hosts中有主机名指向127.0.0.1,此时连接不上certmaster server了。将/etc/hosts中的主机名删除,再用/usr/bin/certmaster-request来测试连接,成功!!在certmaster也能看到主机了,大功告成。
二、故障现象
#/usr/local/bin/certmaster-request 被控端证书请求
certificate does not match key (run certmaster-ca --clean first?)
排查过程
1、删除/etc/pki/certmaster/证书文件再试,无效
2、分别重启certmaster、funcd服务,无效
3、删除服务器证书文件.cert后再请求正常。
原因为主机名称发生变更时服务器端certmaster-ca -c "servername"没有成功删除.cert文件导致。
二、后续问题
1、ImportError: No module named dbm (NetSeek提供)
解决:
yum -y install gdbm gdbm-devel
1、在客户端安装好func及certmaster,配好certmaster参数。
2、service funcd start,端口及进程都起来了。
3、在certmaster server 运行certmaster-ca --list死活看不到客户端的主机名。
排查过程
1、将certmaster的主机名换成IP,无效。
2、更新客户端的func及certmaster版本,无效。
3、运行/usr/bin/certmaster-request,提示:socket.error: (111, 'Connection refused'),将certmaster修改成localhost就正常了。原因可以就在这里,因为certmaster是双向的,发现在/etc/hosts中有主机名指向127.0.0.1,此时连接不上certmaster server了。将/etc/hosts中的主机名删除,再用/usr/bin/certmaster-request来测试连接,成功!!在certmaster也能看到主机了,大功告成。
二、故障现象
#/usr/local/bin/certmaster-request 被控端证书请求
certificate does not match key (run certmaster-ca --clean first?)
排查过程
1、删除/etc/pki/certmaster/证书文件再试,无效
2、分别重启certmaster、funcd服务,无效
3、删除服务器证书文件.cert后再请求正常。
原因为主机名称发生变更时服务器端certmaster-ca -c "servername"没有成功删除.cert文件导致。
二、后续问题
1、ImportError: No module named dbm (NetSeek提供)
解决:
yum -y install gdbm gdbm-devel
