TLS证书生成

文章目录

  • TLS证书生成
    • 简介
    • 工具下载
    • 创建CA认证中心
      • CA证书申请文件
      • 生成CA证书和私钥
      • 配置证书生成策略
      • 证书验证
        • 查看证书
        • 验证证书
    • 生成ETCD集群的TLS证书
      • 服务端证书(etcd)
        • etcd 证书申请文件
        • 利用CA证书和私钥生成ETCD的服务端证书和私钥
      • 客户端证书(etcdctl)
        • etcdctl 证书申请文件
        • 利用CA证书和私钥生成ETCD的客户端证书和私钥
      • 对等证书(peer)
        • peer 证书申请文件
        • 利用CA证书和私钥生成ETCD的对等证书和私钥
      • 证书验证
        • 使用`cfssl-certinfo`工具验证证书
        • 使用 `openssl x509`命令验证证书

简介

安全传输层协议(TLS)用于在两个通信应用程序之间提供保密性和数据完整性。
可以用Linux开源OpenSSL工具链或者CFSSL工具生成,本文采用后者。

工具下载

  • 参考链接
    GitHub地址: https://github.com/cloudflare/cfssl
    下载地址:https://pkg.cfssl.org/

  • 下载安装

    wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
chmod +x cfssl*
mv cfssl* /usr/local/bin

创建CA认证中心

CA证书申请文件

  • 生成CA证书申请文件

    # 生成签名申请模板文件
cfssl print-defaults csr > ca-csr.json
cat > ca-csr.json << EOF
{"CN": "CA","key": {"algo": "ecdsa","size": 256},"names": [{"C": "CN","L": "ChengDu","ST": "SiChuan"}]
}
EOF
  • 名词解释

    CN,通用名称,kube-apiserver提取作为请求的用户名,浏览器用于验证网站是否合法;
algo,加密方式;
size,证书大小;
hosts,主机列表,如果不为空则指定授权使用该证书的IP或域名列表,必须包含服务器的本地主机名,`127.0.0.1`,主机私有IP地址;
C,国家;
L,城市;
O,单位,kube-apiserver 从证书中提取该字段作为请求用户所属的组 (Group);
OU,部门;
ST,省份或州。

生成CA证书和私钥

  • 参考链接
    公钥基础设施(PKI)/CFSSL证书生成工具的使用:https://blog.51cto.com/liuzhengwei521/2120535?utm_source=oschina-app

  • 证书生成

    cfssl gencert --initca ca-csr.json | cfssljson -bare ca

  • 文件查看

    [root@master ssl]# ls ca*
ca.csr  ca-csr.json  ca-key.pem  ca.pem

  • 文件说明

      ca-csr.json,证书申请文件ca.csr, 证书签名请求,用于交叉签名或重新签名ca-key.pem, 私钥ca.pem, 证书

配置证书生成策略

  • 生成策略文件

     cfssl print-defaults config > ca-config.json # 生成证书策略模板文件cat > ca-config.json << EOF{"signing": {"default": {"expiry": "8760h"},"profiles": {"server": {"expiry": "8760h","usages": ["signing","key encipherment","server auth"]},"client": {"expiry": "8760h","usages": ["signing","key encipherment","client auth"]},"peer": {"expiry": "8760h","usages": ["signing","key encipherment","server auth","client auth"]}}}}
EOF
  • 名词解释

        默认策略(default),指定了证书的有效期是一年(8760h);expiry,证书的有效期;signing, 表示该证书可用于签名其它证书;生成的 ca.pem 证书中 CA=TRUE;server auth,表示 client 可以用该 CA 对 server 提供的证书进行验证;client auth,表示 server 可以用该 CA 对 client 提供的证书进行验证;profiles,定义具体证书生成策略,名称可以自定义,建议与功能相关;生成证书的时候用'--profile=名称'进行指定;服务端证书,profiles用途包含"server auth";客户端证书,profiles用途包含"client auth";对等证书或双向证书,profiles用途包含"server auth"和"client auth"。

证书验证

查看证书

[root@master ssl]# cat ca.pem
-----BEGIN CERTIFICATE-----
MIIB5DCCAYqgAwIBAgIUMQub+ffiyuBoHVU0UdSw7JUAqvswCgYIKoZIzj0EAwIw
PjELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB1NpQ2h1YW4xEDAOBgNVBAcTB0NoZW5n
RHUxCzAJBgNVBAMTAkNBMB4XDTE5MDgwODAyNDUwMFoXDTI0MDgwNjAyNDUwMFow
PjELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB1NpQ2h1YW4xEDAOBgNVBAcTB0NoZW5n
RHUxCzAJBgNVBAMTAkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhaqjeY78
qkf71qIF5K8DpIpQ0HStsWhz4Aw8Yi1UNR6Gul1+YNgnxHp7nNNU6h+RV9Tx9FhR
idY6ztKYxTYlOKNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
AQIwHQYDVR0OBBYEFJrE1TyOPe5SrXO55cjsArL5b0luMB8GA1UdIwQYMBaAFJrE
1TyOPe5SrXO55cjsArL5b0luMAoGCCqGSM49BAMCA0gAMEUCIH/K8Cy2PAvtdnUw
JhvLql+uzKoqfMgHNr6uE93VMtP0AiEA/Fl1ae+gkRSWy8585ZwhHqtoFr9qyKyz
HQ6JuhyBnGc=
-----END CERTIFICATE-----

[root@master ssl]# cat ca.csr
-----BEGIN CERTIFICATE REQUEST-----
MIH6MIGgAgEAMD4xCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdTaUNodWFuMRAwDgYD
VQQHEwdDaGVuZ0R1MQswCQYDVQQDEwJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABIWqo3mO/KpH+9aiBeSvA6SKUNB0rbFoc+AMPGItVDUehrpdfmDYJ8R6e5zT
VOofkVfU8fRYUYnWOs7SmMU2JTigADAKBggqhkjOPQQDAgNJADBGAiEA/IB2yWKJ
iaTDra/lTNJhrIxWyBFXppSnW5c/+6zzej8CIQD8bHr12WgCi6+5yFYsfmW0lqnw
SF2hBGnGNV6H+QqItQ==
-----END CERTIFICATE REQUEST-----

验证证书

  • 验证工具

    • 使用openssl工具的x509命令

      openssl x509命令介绍

    • 使用cfssl-certinfo工具
    • 使用cfssl工具的certinfo命令

  • 证书文件验证

    [root@master ssl]# cfssl certinfo --cert=ca.pem
{"subject": {"common_name": "CA","country": "CN","locality": "ChengDu","province": "SiChuan","names": ["CN","SiChuan","ChengDu","CA"]},"issuer": {"common_name": "CA","country": "CN","locality": "ChengDu","province": "SiChuan","names": ["CN","SiChuan","ChengDu","CA"]},"serial_number": "279999443431677648568861906718192795627229850363","not_before": "2019-08-08T02:45:00Z","not_after": "2024-08-06T02:45:00Z","sigalg": "ECDSAWithSHA256","authority_key_id": "9A:C4:D5:3C:8E:3D:EE:52:AD:73:B9:E5:C8:EC:2:B2:F9:6F:49:6E","subject_key_id": "9A:C4:D5:3C:8E:3D:EE:52:AD:73:B9:E5:C8:EC:2:B2:F9:6F:49:6E","pem": "-----BEGIN CERTIFICATE-----\nMIIB5DCCAYqgAwIBAgIUMQub+ffiyuBoHVU0UdSw7JUAqvswCgYIKoZIzj0EAwIw\nPjELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB1NpQ2h1YW4xEDAOBgNVBAcTB0NoZW5n\nRHUxCzAJBgNVBAMTAkNBMB4XDTE5MDgwODAyNDUwMFoXDTI0MDgwNjAyNDUwMFow\nPjELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB1NpQ2h1YW4xEDAOBgNVBAcTB0NoZW5n\nRHUxCzAJBgNVBAMTAkNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhaqjeY78\nqkf71qIF5K8DpIpQ0HStsWhz4Aw8Yi1UNR6Gul1+YNgnxHp7nNNU6h+RV9Tx9FhR\nidY6ztKYxTYlOKNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C\nAQIwHQYDVR0OBBYEFJrE1TyOPe5SrXO55cjsArL5b0luMB8GA1UdIwQYMBaAFJrE\n1TyOPe5SrXO55cjsArL5b0luMAoGCCqGSM49BAMCA0gAMEUCIH/K8Cy2PAvtdnUw\nJhvLql+uzKoqfMgHNr6uE93VMtP0AiEA/Fl1ae+gkRSWy8585ZwhHqtoFr9qyKyz\nHQ6JuhyBnGc=\n-----END CERTIFICATE-----\n"
}

  • 签名请求验证

    [root@master ssl]# cfssl certinfo --csr=ca.csr
{"Raw": "MIH6MIGgAgEAMD4xCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdTaUNodWFuMRAwDgYDVQQHEwdDaGVuZ0R1MQswCQYDVQQDEwJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIWqo3mO/KpH+9aiBeSvA6SKUNB0rbFoc+AMPGItVDUehrpdfmDYJ8R6e5zTVOofkVfU8fRYUYnWOs7SmMU2JTigADAKBggqhkjOPQQDAgNJADBGAiEA/IB2yWKJiaTDra/lTNJhrIxWyBFXppSnW5c/+6zzej8CIQD8bHr12WgCi6+5yFYsfmW0lqnwSF2hBGnGNV6H+QqItQ==","RawTBSCertificateRequest": "MIGgAgEAMD4xCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdTaUNodWFuMRAwDgYDVQQHEwdDaGVuZ0R1MQswCQYDVQQDEwJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIWqo3mO/KpH+9aiBeSvA6SKUNB0rbFoc+AMPGItVDUehrpdfmDYJ8R6e5zTVOofkVfU8fRYUYnWOs7SmMU2JTigAA==","RawSubjectPublicKeyInfo": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhaqjeY78qkf71qIF5K8DpIpQ0HStsWhz4Aw8Yi1UNR6Gul1+YNgnxHp7nNNU6h+RV9Tx9FhRidY6ztKYxTYlOA==","RawSubject": "MD4xCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdTaUNodWFuMRAwDgYDVQQHEwdDaGVuZ0R1MQswCQYDVQQDEwJDQQ==","Version": 0,"Signature": "MEYCIQD8gHbJYomJpMOtr+VM0mGsjFbIEVemlKdblz/7rPN6PwIhAPxsevXZaAKLr7nIVix+ZbSWqfBIXaEEacY1Xof5Coi1","SignatureAlgorithm": 10,"PublicKeyAlgorithm": 3,"PublicKey": {"Curve": {"P": 115792089210356248762697446949407573530086143415290314195533631308867097853951,"N": 115792089210356248762697446949407573529996955224135760342422259061068512044369,"B": 41058363725152142129326129780047268409114441015993725554835256314039467401291,"Gx": 48439561293906451759052585252797914202762949526041747995844080717082404635286,"Gy": 36134250956749795798585127919587881956611106672985015071877198253568414405109,"BitSize": 256,"Name": "P-256"},"X": 60459101124453114412169204472882317150580566743432206744033219809896960374046,"Y": 60939200533768908260916548677280659025495043715626863501784250257417707070776},"Subject": {"Country": ["CN"],"Organization": null,"OrganizationalUnit": null,"Locality": ["ChengDu"],"Province": ["SiChuan"],"StreetAddress": null,"PostalCode": null,"SerialNumber": "","CommonName": "CA","Names": [{"Type": [2,5,4,6],"Value": "CN"},{"Type": [2,5,4,8],"Value": "SiChuan"},{"Type": [2,5,4,7],"Value": "ChengDu"},{"Type": [2,5,4,3],"Value": "CA"}],"ExtraNames": null},"Attributes": null,"Extensions": null,"ExtraExtensions": null,"DNSNames": null,"EmailAddresses": null,"IPAddresses": null
}

生成ETCD集群的TLS证书

服务端证书(etcd)

etcd 证书申请文件

cat > etcd-csr.json << EOF
{"CN": "etcd","hosts": [192.168.159.3,192.168.159.4,192.168.159.5,127.0.0.1,localhost,localhost.localdomain], "key": {"algo": "ecdsa","size": 256},"names": [{"C": "CN","L": "ChengDu","O": "JSQ","OU": "devops","ST": "SiChuan"}]
}
EOF

利用CA证书和私钥生成ETCD的服务端证书和私钥

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=server etcd-csr.json | cfssljson -bare etcd
ls etcd*
>> etcd.csr  etcd-csr.json etcd-key.pem  etcd.pem

客户端证书(etcdctl)

etcdctl 证书申请文件

客户端证书在集群所有节点使用,所以不限定hosts列表。

cat > etcdctl-csr.json << EOF{"CN": "etcdctl","key": {"algo": "ecdsa","size": 256},"names": [{"C": "CN","L": "ChengDu","O": "JSQ","OU": "devops","ST": "SiChuan"}]}
EOF

利用CA证书和私钥生成ETCD的客户端证书和私钥

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client etcdctl-csr.json | cfssljson -bare etcdctl
ls etcdctl*
>> etcdctl.csr  etcdctl-csr.json  etcdctl-key.pem  etcdctl.pem

对等证书(peer)

peer 证书申请文件

cat > peer-csr.json << EOF
{"CN": "peer","hosts": [192.168.159.3,192.168.159.4,192.168.159.5,127.0.0.1,localhost,localhost.localdomain], "key": {"algo": "ecdsa","size": 256},"names": [{"C": "CN","L": "ChengDu","O": "JSQ","OU": "devops","ST": "SiChuan"}]
}
EOF

利用CA证书和私钥生成ETCD的对等证书和私钥

  cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=peer peer-csr.json | cfssljson -bare peerls peer*>> peer.csr  peer-csr.json  peer-key.pem  peer.pem

证书验证

以peer为例,简述证书正确性验证

使用cfssl-certinfo工具验证证书

[root@master ssl]# cfssl-certinfo -cert peer.pem
{"subject": {"common_name": "etcd","country": "CN","organization": "JSQ","organizational_unit": "k8s","locality": "ChengDu","province": "SiChuan","names": ["CN","SiChuan","ChengDu","JSQ","k8s","etcd"]},"issuer": {"common_name": "CA","country": "CN","locality": "ChengDu","province": "SiChuan","names": ["CN","SiChuan","ChengDu","CA"]},"serial_number": "141913582593314658055513454690348515362961414838","sans": ["localhost","localhost.localdomain","192.168.159.3","192.168.159.4","192.168.159.5","127.0.0.1"],"not_before": "2019-08-08T02:46:00Z","not_after": "2020-08-07T02:46:00Z","sigalg": "ECDSAWithSHA256","authority_key_id": "9A:C4:D5:3C:8E:3D:EE:52:AD:73:B9:E5:C8:EC:2:B2:F9:6F:49:6E","subject_key_id": "FD:37:AA:5:1E:3E:B3:A1:C0:D9:4B:FE:6:6C:84:2B:4D:B4:A3:85","pem": "-----BEGIN CERTIFICATE-----\nMIICYzCCAgigAwIBAgIUGNugCJvFlxNG/sWpRcyMtDxc2rYwCgYIKoZIzj0EAwIw\nPjELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB1NpQ2h1YW4xEDAOBgNVBAcTB0NoZW5n\nRHUxCzAJBgNVBAMTAkNBMB4XDTE5MDgwODAyNDYwMFoXDTIwMDgwNzAyNDYwMFow\nXDELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB1NpQ2h1YW4xEDAOBgNVBAcTB0NoZW5n\nRHUxDDAKBgNVBAoTA0pTUTEMMAoGA1UECxMDazhzMQ0wCwYDVQQDEwRldGNkMFkw\nEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmNW9REC/yBTRsznrDNG/o3WA5Q8wuX5X\nl4ub6fnvshopjThy/FGVxxp461/wyZ80nlAzHm3rK9vBsy73QnHch6OBxTCBwjAO\nBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG\nA1UdEwEB/wQCMAAwHQYDVR0OBBYEFP03qgUePrOhwNlL/gZshCtNtKOFMB8GA1Ud\nIwQYMBaAFJrE1TyOPe5SrXO55cjsArL5b0luMEMGA1UdEQQ8MDqCCWxvY2FsaG9z\ndIIVbG9jYWxob3N0LmxvY2FsZG9tYWluhwTAqJ8DhwTAqJ8EhwTAqJ8FhwR/AAAB\nMAoGCCqGSM49BAMCA0kAMEYCIQCf2xTp36KKm8nFlIiT1yaTn6AMvX6k1exEDF6w\nNPJk4wIhAP7rKyOEgHvxWQVmqQyvZOndTMV1jItox5//MucSFG/x\n-----END CERTIFICATE-----\n"
}
  • 字段说明
issuer, 与CA证书申请文件内容相同;
subject,与peer证书申请文件内容相同;
pem, 证书内容,与`cat peer.pem`查看结果相同;
sans,与peer证书申请文件的hosts列表相同。

使用 openssl x509命令验证证书

[root@master ssl]# openssl x509 -text  -in peer.pem
Certificate:Data:Version: 3 (0x2)Serial Number:18:db:a0:08:9b:c5:97:13:46:fe:c5:a9:45:cc:8c:b4:3c:5c:da:b6Signature Algorithm: ecdsa-with-SHA256Issuer: C=CN, ST=SiChuan, L=ChengDu, CN=CAValidityNot Before: Aug  8 02:46:00 2019 GMTNot After : Aug  7 02:46:00 2020 GMTSubject: C=CN, ST=SiChuan, L=ChengDu, O=JSQ, OU=k8s, CN=etcdSubject Public Key Info:Public Key Algorithm: id-ecPublicKeyPublic-Key: (256 bit)pub: 04:98:d5:bd:44:40:bf:c8:14:d1:b3:39:eb:0c:d1:bf:a3:75:80:e5:0f:30:b9:7e:57:97:8b:9b:e9:f9:ef:b2:1a:29:8d:38:72:fc:51:95:c7:1a:78:eb:5f:f0:c9:9f:34:9e:50:33:1e:6d:eb:2b:db:c1:b3:2e:f7:42:71:dc:87ASN1 OID: prime256v1NIST CURVE: P-256X509v3 extensions:X509v3 Key Usage: criticalDigital Signature, Key EnciphermentX509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client AuthenticationX509v3 Basic Constraints: criticalCA:FALSEX509v3 Subject Key Identifier: FD:37:AA:05:1E:3E:B3:A1:C0:D9:4B:FE:06:6C:84:2B:4D:B4:A3:85X509v3 Authority Key Identifier: keyid:9A:C4:D5:3C:8E:3D:EE:52:AD:73:B9:E5:C8:EC:02:B2:F9:6F:49:6EX509v3 Subject Alternative Name: DNS:localhost, DNS:localhost.localdomain, IP Address:192.168.159.3, IP Address:192.168.159.4, IP Address:192.168.159.5, IP Address:127.0.0.1Signature Algorithm: ecdsa-with-SHA25630:46:02:21:00:9f:db:14:e9:df:a2:8a:9b:c9:c5:94:88:93:d7:26:93:9f:a0:0c:bd:7e:a4:d5:ec:44:0c:5e:b0:34:f2:64:e3:02:21:00:fe:eb:2b:23:84:80:7b:f1:59:05:66:a9:0c:af:64:e9:dd:4c:c5:75:8c:8b:68:c7:9f:ff:32:e7:12:14:6f:f1
-----BEGIN CERTIFICATE-----
MIICYzCCAgigAwIBAgIUGNugCJvFlxNG/sWpRcyMtDxc2rYwCgYIKoZIzj0EAwIw
PjELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB1NpQ2h1YW4xEDAOBgNVBAcTB0NoZW5n
RHUxCzAJBgNVBAMTAkNBMB4XDTE5MDgwODAyNDYwMFoXDTIwMDgwNzAyNDYwMFow
XDELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB1NpQ2h1YW4xEDAOBgNVBAcTB0NoZW5n
RHUxDDAKBgNVBAoTA0pTUTEMMAoGA1UECxMDazhzMQ0wCwYDVQQDEwRldGNkMFkw
EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmNW9REC/yBTRsznrDNG/o3WA5Q8wuX5X
l4ub6fnvshopjThy/FGVxxp461/wyZ80nlAzHm3rK9vBsy73QnHch6OBxTCBwjAO
BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
A1UdEwEB/wQCMAAwHQYDVR0OBBYEFP03qgUePrOhwNlL/gZshCtNtKOFMB8GA1Ud
IwQYMBaAFJrE1TyOPe5SrXO55cjsArL5b0luMEMGA1UdEQQ8MDqCCWxvY2FsaG9z
dIIVbG9jYWxob3N0LmxvY2FsZG9tYWluhwTAqJ8DhwTAqJ8EhwTAqJ8FhwR/AAAB
MAoGCCqGSM49BAMCA0kAMEYCIQCf2xTp36KKm8nFlIiT1yaTn6AMvX6k1exEDF6w
NPJk4wIhAP7rKyOEgHvxWQVmqQyvZOndTMV1jItox5//MucSFG/x
-----END CERTIFICATE-----
  • 字段说明
Issuer, 与CA证书申请文件内容相同;
Subject,与peer证书申请文件内容相同;
DNS,与peer证书申请文件的hosts列表相同;
X509v3 extensions, 证书用途等信息,根据`--profile`指定策略相同
最后部分, 证书内容,与`cat peer.pem`查看结果相同;

至此ETCD安全集群的相关TLS证书制作完毕;
下一篇将介绍生产环境中如何将普通集群升级为使用TLS证书加密的安全集群。

【运维】K8S集群部署系列之ETCD集群搭建(二)相关推荐

  1. 【运维】K8S集群部署系列之ETCD集群搭建(四)

    ETCD集群扩容和缩容 本文将介绍生产环境下如何对ETCD集群进行扩容和缩容. 文章目录 ETCD集群扩容和缩容 新节点环境准备(node3) 下载安装包并初始化环境 网络准备 生成`node3`对等 ...

  2. Linux运维企业架构项目实战系列

    Linux运维企业架构项目实战系列 目录 一.全网备份 (一)部署Rsync守护进程 1)服务端(backup) 2)客户端(web01/02/03 nfs01) (二)编写脚本文件 1)客户端脚本编 ...

  3. 服务器硬件和算力,硬件科普Filecoin运维交付之业务部署

    随着Filecoin存储体量的不断增加,"运维"的重要性在这个行业里也愈发凸显.如何将每个环节的各种因素变得可控:一方面需要对硬件环境进行预检措施,以高效应对突发事件:另一方面也需 ...

  4. 什么是腾讯蓝鲸运维体系?附部署指南

    腾讯蓝鲸智云是一个高效的运维基础服务自动化体系,拥有支撑数百款腾讯业务的经验沉淀,是一个相对成熟稳定的运维系统. 简而言之,基于蓝鲸这套体系,你可以很方便地管控多个主机.执行作业.监控其运行状态. 此 ...

  5. 自动化运维工具SaltStack详细部署

    2019独角兽企业重金招聘Python工程师标准>>> 自动化运维工具SaltStack详细部署 2014-12-28 17:30:34 标签:saltstack 原创作品,允许转载 ...

  6. 自动化运维工具Ansible详细部署 - 人生理想在于坚持不懈 - 51CTO技术博客

    自动化运维工具Ansible详细部署 - 人生理想在于坚持不懈 - 51CTO技术博客 自动化运维工具Ansible详细部署 - 人生理想在于坚持不懈 - 51CTO技术博客 自动化运维工具Ansib ...

  7. zookeeper单机及集群部署,附安装包下载(二)

    zookeeper单机及集群部署,附安装包下载(二) 问题背景 zookeeper分布式技术基本概念(一) zookeeper单机及集群部署,附安装包下载(二) zookeeper客户端命令(三) 安 ...

  8. Ansible自动化运维工具介绍与部署

    ansible自动化运维工具介绍与部署 文章目录 一.什么是自动化运维? 二.常用的自动化运维工具 2.1 Ansible 2.2 SaltStack 2.3 Puppet 2.4 三种自动化工具特点 ...

  9. 老杨说运维 | 2021GOPS全球运维大会 上海站擎创CEO杨辰演讲精选(二)

    最近由于上海疫情,很多国际大会都无法举办. 上周小编整理了去年年底在上海举办的2021 GOPS全球运维大会的实录(一),https://eoitek.blog.csdn.net/article/de ...

最新文章

  1. 深入剖析机器学习中的统计思想
  2. python 模拟浏览器下载文件-Python 模拟浏览器 获取SVN 文件
  3. mysql数据库优化课程---6、mysql结构化查询语言有哪些
  4. 互联网IP路由的逐跳全局最优化原则-Dijkstra算法证明
  5. oracle 查询创建的全文索引,CSS_oracle全文搜索创建与使用示例,说明:使用全文索引需要使用 - phpStudy...
  6. python字典是什么数据_python---基本数据类型 dict(字典)
  7. ios 数组中的字典排序_题解 | 26.删除排序数组中的重复项
  8. 介绍全新的 JSX 转换
  9. POJ3253 Fence Repair【哈夫曼树+优先队列】
  10. Hybrid 开发:JsBridge - Web 和客户端的桥
  11. JavaScrupt就这么回事(转)
  12. u深度linux下载,u深度u盘启动盘制作工具下载
  13. 淘宝开放平台订单接口
  14. Visual Studio Code 基本插件
  15. 如何高效设计游戏——关于战斗力计算方式的总结
  16. 人脸识别技术在十大领域的创新应用
  17. 火星探测器纷纷上天,人类离移民火星还远吗?
  18. pandas 错误提醒:FutureWarning: elementwise comparison failed;
  19. 树莓派4b连接单端口无线校园网及基本配置
  20. 饿久了,大脑会进入“省电模式”!感官被削弱,还看不清东西丨爱丁堡大学...

热门文章

  1. win10禁止dpi缩放在哪_Windows 10,如何禁用应用程序缩放?
  2. #第26篇分享:一个文本分类的数据挖掘(python语言:sklearn 朴素贝叶斯NB)(2)
  3. 集体合同一经双方当事人签字就可以生效吗?
  4. 被迫学习自动化的心酸苦累
  5. 开源代码应用之Eclipse篇
  6. 谷歌新大楼正式开放:“龙鳞”顶棚、100%电动、最大地热桩系统······
  7. Web 攻防之业务安全:密码找回安全案例总结.
  8. NXP i.MX 8M Mini 核心板规格参数,四核ARM Cortex-A53 + ARM Cortex-M4
  9. PTA 7-205 板凳鏊子三十三
  10. 14个上级与下属进行绩效面谈时的主题(二)