2009-02-14 02:13:25

Func and CertMaster

One of the major complications with dealing with large server farms is the easy distributing and executing of arbitrary commands.

The most common solution for this issue is SSH key pair exchanges. I've built a few solutions using that design, and it works quite well ... to a point. Things like key revocation, meta-character handling, error and exception handling, and so forth are a bit of a pain to deal with in that sort of solution. Scale it up to a few hundred servers, and now you have a problem manging the whole thing. Working within a structured language like Python, using the Paramiko SSH module, you can largely mitigate most of those issues, but it's not perfect. Your keypair administration is still overly complicated. Enter Func and CertMaster.

CertMaster is an SSL certificate server ... long story short, it handles the authentication piece that replaces the SSH keypairs. Func (Fedora Unified Network Controller) is a program which grabs the server SSL cert from the CertMaster server, and allows you to run arbitrary commands through SSL encrypted channels. Overall, that doesn't get you much more than the old way of using the SSH keypairs ... but there's a twist.

Func includes a Python API, simplifying the entire process of executing arbitrary commands, and also enables the ability to easily add modules for frequently used processes, or very large processes. Couple that into the ability to execute asynchronously, and you've got an interesting solution. Fun stuff.

Tags:   python     |    Perm Link:   Func and CertMaster



James Conner