mirror of
https://github.com/LCTT/TranslateProject.git
synced 2024-12-26 21:30:55 +08:00
commit
fb646ac1d8
44
sources/news/Let's Encrypt:Entering Public Beta.md
Normal file
44
sources/news/Let's Encrypt:Entering Public Beta.md
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
Let's Encrypt:Entering Public Beta
|
||||||
|
================================================================================
|
||||||
|
We’re happy to announce that Let’s Encrypt has entered Public Beta. Invitations are no longer needed in order to get free
|
||||||
|
certificates from Let’s Encrypt.
|
||||||
|
|
||||||
|
It’s time for the Web to take a big step forward in terms of security and privacy. We want to see HTTPS become the default.
|
||||||
|
Let’s Encrypt was built to enable that by making it as easy as possible to get and manage certificates.
|
||||||
|
|
||||||
|
We’d like to thank everyone who participated in the Limited Beta. Let’s Encrypt issued over 26,000 certificates during the
|
||||||
|
Limited Beta period. This allowed us to gain valuable insight into how our systems perform, and to be confident about moving
|
||||||
|
to Public Beta.
|
||||||
|
|
||||||
|
We’d also like to thank all of our [sponsors][1] for their support. We’re happy to have announced earlier today that
|
||||||
|
[Facebook is our newest Gold sponsor][2]/
|
||||||
|
|
||||||
|
We have more work to do before we’re comfortable dropping the beta label entirely, particularly on the client experience.
|
||||||
|
Automation is a cornerstone of our strategy, and we need to make sure that the client works smoothly and reliably on a
|
||||||
|
wide range of platforms. We’ll be monitoring feedback from users closely, and making improvements as quickly as possible.
|
||||||
|
|
||||||
|
Instructions for getting a certificate with the [Let’s Encrypt client][3] can be found [here][4].
|
||||||
|
|
||||||
|
[Let’s Encrypt Community Support][5] is an invaluable resource for our community, we strongly recommend making use of the
|
||||||
|
site if you have any questions about Let’s Encrypt.
|
||||||
|
|
||||||
|
Let’s Encrypt depends on support from a wide variety of individuals and organizations. Please consider [getting involved][6]
|
||||||
|
, and if your company or organization would like to sponsor Let’s Encrypt please email us at [sponsor@letsencrypt.org][7].
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
via: https://letsencrypt.org/2015/12/03/entering-public-beta.html
|
||||||
|
|
||||||
|
作者:[Josh Aas][a]
|
||||||
|
译者:[译者ID](https://github.com/译者ID)
|
||||||
|
校对:[校对者ID](https://github.com/校对者ID)
|
||||||
|
|
||||||
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||||
|
|
||||||
|
[a]:https://letsencrypt.org/2015/12/03/entering-public-beta.html
|
||||||
|
[1]:https://letsencrypt.org/sponsors/
|
||||||
|
[2]:https://letsencrypt.org/2015/12/03/facebook-sponsorship.html
|
||||||
|
[3]:https://github.com/letsencrypt/letsencrypt
|
||||||
|
[4]:https://letsencrypt.readthedocs.org/en/latest/
|
||||||
|
[5]:https://community.letsencrypt.org/
|
||||||
|
[6]:https://letsencrypt.org/getinvolved/
|
||||||
|
[7]:mailto:sponsor@letsencrypt.org
|
@ -1,3 +1,4 @@
|
|||||||
|
[bazz2222]
|
||||||
Why did you start using Linux?
|
Why did you start using Linux?
|
||||||
================================================================================
|
================================================================================
|
||||||
> In today's open source roundup: What got you started with Linux? Plus: IBM's Linux only Mainframe. And why you should skip Windows 10 and go with Linux
|
> In today's open source roundup: What got you started with Linux? Plus: IBM's Linux only Mainframe. And why you should skip Windows 10 and go with Linux
|
||||||
|
@ -1,429 +0,0 @@
|
|||||||
Installation Guide for Puppet on Ubuntu 15.04
|
|
||||||
================================================================================
|
|
||||||
Hi everyone, today in this article we'll learn how to install puppet to manage your server infrastructure running ubuntu 15.04. Puppet is an open source software configuration management tool which is developed and maintained by Puppet Labs that allows us to automate the provisioning, configuration and management of a server infrastructure. Whether we're managing just a few servers or thousands of physical and virtual machines to orchestration and reporting, puppet automates tasks that system administrators often do manually which frees up time and mental space so sysadmins can work on improving other aspects of your overall setup. It ensures consistency, reliability and stability of the automated jobs processed. It facilitates closer collaboration between sysadmins and developers, enabling more efficient delivery of cleaner, better-designed code. Puppet is available in two solutions configuration management and data center automation. They are **puppet open source and puppet enterprise**. Puppet open source is a flexible, customizable solution available under the Apache 2.0 license, designed to help system administrators automate the many repetitive tasks they regularly perform. Whereas puppet enterprise edition is a proven commercial solution for diverse enterprise IT environments which lets us get all the benefits of open source puppet, plus puppet apps, commercial-only enhancements, supported modules and integrations, and the assurance of a fully supported platform. Puppet uses SSL certificates to authenticate communication between master and agent nodes.
|
|
||||||
|
|
||||||
In this tutorial, we will cover how to install open source puppet in an agent and master setup running ubuntu 15.04 linux distribution. Here, Puppet master is a server from where all the configurations will be controlled and managed and all our remaining servers will be puppet agent nodes, which is configured according to the configuration of puppet master server. Here are some easy steps to install and configure puppet to manage our server infrastructure running Ubuntu 15.04.
|
|
||||||
|
|
||||||
### 1. Setting up Hosts ###
|
|
||||||
|
|
||||||
In this tutorial, we'll use two machines, one as puppet master server and another as puppet node agent both running ubuntu 15.04 "Vivid Vervet" in both the machines. Here is the infrastructure of the server that we're gonna use for this tutorial.
|
|
||||||
|
|
||||||
puppet master server with IP 44.55.88.6 and hostname : puppetmaster
|
|
||||||
puppet node agent with IP 45.55.86.39 and hostname : puppetnode
|
|
||||||
|
|
||||||
Now we'll add the entry of the machines to /etc/hosts on both machines node agent and master server.
|
|
||||||
|
|
||||||
# nano /etc/hosts
|
|
||||||
|
|
||||||
45.55.88.6 puppetmaster.example.com puppetmaster
|
|
||||||
45.55.86.39 puppetnode.example.com puppetnode
|
|
||||||
|
|
||||||
Please note that the Puppet Master server must be reachable on port 8140. So, we'll need to open port 8140 in it.
|
|
||||||
|
|
||||||
### 2. Updating Time with NTP ###
|
|
||||||
|
|
||||||
As puppet nodes needs to maintain accurate system time to avoid problems when it issues agent certificates. Certificates can appear to be expired if there is time difference, the time of the both the master and the node agent must be synced with each other. To sync the time, we'll update the time with NTP. To do so, here's the command below that we need to run on both master and node agent.
|
|
||||||
|
|
||||||
# ntpdate pool.ntp.org
|
|
||||||
|
|
||||||
17 Jun 00:17:08 ntpdate[882]: adjust time server 66.175.209.17 offset -0.001938 sec
|
|
||||||
|
|
||||||
Now, we'll update our local repository index and install ntp as follows.
|
|
||||||
|
|
||||||
# apt-get update && sudo apt-get -y install ntp ; service ntp restart
|
|
||||||
|
|
||||||
### 3. Puppet Master Package Installation ###
|
|
||||||
|
|
||||||
There are many ways to install open source puppet. In this tutorial, we'll download and install a debian binary package named as **puppetlabs-release** packaged by the Puppet Labs which will add the source of the **puppetmaster-passenger** package. The puppetmaster-passenger includes the puppet master with apache web server. So, we'll now download the Puppet Labs package.
|
|
||||||
|
|
||||||
# cd /tmp/
|
|
||||||
# wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
|
|
||||||
|
|
||||||
--2015-06-17 00:19:26-- https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
|
|
||||||
Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d
|
|
||||||
Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected.
|
|
||||||
HTTP request sent, awaiting response... 200 OK
|
|
||||||
Length: 7384 (7.2K) [application/x-debian-package]
|
|
||||||
Saving to: ‘puppetlabs-release-trusty.deb’
|
|
||||||
|
|
||||||
puppetlabs-release-tr 100%[===========================>] 7.21K --.-KB/s in 0.06s
|
|
||||||
|
|
||||||
2015-06-17 00:19:26 (130 KB/s) - ‘puppetlabs-release-trusty.deb’ saved [7384/7384]
|
|
||||||
|
|
||||||
After the download has been completed, we'll wanna install the package.
|
|
||||||
|
|
||||||
# dpkg -i puppetlabs-release-trusty.deb
|
|
||||||
|
|
||||||
Selecting previously unselected package puppetlabs-release.
|
|
||||||
(Reading database ... 85899 files and directories currently installed.)
|
|
||||||
Preparing to unpack puppetlabs-release-trusty.deb ...
|
|
||||||
Unpacking puppetlabs-release (1.0-11) ...
|
|
||||||
Setting up puppetlabs-release (1.0-11) ...
|
|
||||||
|
|
||||||
Then, we'll update the local respository index with the server using apt package manager.
|
|
||||||
|
|
||||||
# apt-get update
|
|
||||||
|
|
||||||
Then, we'll install the puppetmaster-passenger package by running the below command.
|
|
||||||
|
|
||||||
# apt-get install puppetmaster-passenger
|
|
||||||
|
|
||||||
**Note**: While installing we may get an error **Warning: Setting templatedir is deprecated. See http://links.puppetlabs.com/env-settings-deprecations (at /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1139:in `issue_deprecation_warning')** but we no need to worry, we'll just simply ignore this as it says that the templatedir is deprecated so, we'll simply disbale that setting in the configuration. :)
|
|
||||||
|
|
||||||
To check whether puppetmaster has been installed successfully in our Master server not not, we'll gonna try to check its version.
|
|
||||||
|
|
||||||
# puppet --version
|
|
||||||
|
|
||||||
3.8.1
|
|
||||||
|
|
||||||
We have successfully installed puppet master package in our puppet master box. As we are using passenger with apache, the puppet master process is controlled by apache server, that means it runs when apache is running.
|
|
||||||
|
|
||||||
Before continuing, we'll need to stop the Puppet master by stopping the apache2 service.
|
|
||||||
|
|
||||||
# systemctl stop apache2
|
|
||||||
|
|
||||||
### 4. Master version lock with Apt ###
|
|
||||||
|
|
||||||
As We have puppet version as 3.8.1, we need to lock the puppet version update as this will mess up the configurations while updating the puppet. So, we'll use apt's locking feature for that. To do so, we'll need to create a new file **/etc/apt/preferences.d/00-puppet.pref** using our favorite text editor.
|
|
||||||
|
|
||||||
# nano /etc/apt/preferences.d/00-puppet.pref
|
|
||||||
|
|
||||||
Then, we'll gonna add the entries in the newly created file as:
|
|
||||||
|
|
||||||
# /etc/apt/preferences.d/00-puppet.pref
|
|
||||||
Package: puppet puppet-common puppetmaster-passenger
|
|
||||||
Pin: version 3.8*
|
|
||||||
Pin-Priority: 501
|
|
||||||
|
|
||||||
Now, it will not update the puppet while running updates in the system.
|
|
||||||
|
|
||||||
### 5. Configuring Puppet Config ###
|
|
||||||
|
|
||||||
Puppet master acts as a certificate authority and must generate its own certificates which is used to sign agent certificate requests. First of all, we'll need to remove any existing SSL certificates that were created during the installation of package. The default location of puppet's SSL certificates is /var/lib/puppet/ssl. So, we'll remove the entire ssl directory using rm command.
|
|
||||||
|
|
||||||
# rm -rf /var/lib/puppet/ssl
|
|
||||||
|
|
||||||
Then, we'll configure the certificate. While creating the puppet master's certificate, we need to include every DNS name at which agent nodes can contact the master at. So, we'll edit the master's puppet.conf using our favorite text editor.
|
|
||||||
|
|
||||||
# nano /etc/puppet/puppet.conf
|
|
||||||
|
|
||||||
The output seems as shown below.
|
|
||||||
|
|
||||||
[main]
|
|
||||||
logdir=/var/log/puppet
|
|
||||||
vardir=/var/lib/puppet
|
|
||||||
ssldir=/var/lib/puppet/ssl
|
|
||||||
rundir=/var/run/puppet
|
|
||||||
factpath=$vardir/lib/facter
|
|
||||||
templatedir=$confdir/templates
|
|
||||||
|
|
||||||
[master]
|
|
||||||
# These are needed when the puppetmaster is run by passenger
|
|
||||||
# and can safely be removed if webrick is used.
|
|
||||||
ssl_client_header = SSL_CLIENT_S_DN
|
|
||||||
ssl_client_verify_header = SSL_CLIENT_VERIFY
|
|
||||||
|
|
||||||
Here, we'll need to comment the templatedir line to disable the setting as it has been already depreciated. After that, we'll add the following line at the end of the file under [main].
|
|
||||||
|
|
||||||
server = puppetmaster
|
|
||||||
environment = production
|
|
||||||
runinterval = 1h
|
|
||||||
strict_variables = true
|
|
||||||
certname = puppetmaster
|
|
||||||
dns_alt_names = puppetmaster, puppetmaster.example.com
|
|
||||||
|
|
||||||
This configuration file has many options which might be useful in order to setup own configuration. A full description of the file is available at Puppet Labs [Main Config File (puppet.conf)][1].
|
|
||||||
|
|
||||||
After editing the file, we'll wanna save that and exit.
|
|
||||||
|
|
||||||
Now, we'll gonna generate a new CA certificates by running the following command.
|
|
||||||
|
|
||||||
# puppet master --verbose --no-daemonize
|
|
||||||
|
|
||||||
Info: Creating a new SSL key for ca
|
|
||||||
Info: Creating a new SSL certificate request for ca
|
|
||||||
Info: Certificate Request fingerprint (SHA256): F6:2F:69:89:BA:A5:5E:FF:7F:94:15:6B:A7:C4:20:CE:23:C7:E3:C9:63:53:E0:F2:76:D7:2E:E0:BF:BD:A6:78
|
|
||||||
...
|
|
||||||
Notice: puppetmaster has a waiting certificate request
|
|
||||||
Notice: Signed certificate request for puppetmaster
|
|
||||||
Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/ca/requests/puppetmaster.pem'
|
|
||||||
Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/certificate_requests/puppetmaster.pem'
|
|
||||||
Notice: Starting Puppet master version 3.8.1
|
|
||||||
^CNotice: Caught INT; storing stop
|
|
||||||
Notice: Processing stop
|
|
||||||
|
|
||||||
Now, the certificate is being generated. Once we see **Notice: Starting Puppet master version 3.8.1**, the certificate setup is complete. Then we'll press CTRL-C to return to the shell.
|
|
||||||
|
|
||||||
If we wanna look at the cert information of the certificate that was just created, we can get the list by running in the following command.
|
|
||||||
|
|
||||||
# puppet cert list -all
|
|
||||||
|
|
||||||
+ "puppetmaster" (SHA256) 33:28:97:86:A1:C3:2F:73:10:D1:FB:42:DA:D5:42:69:71:84:F0:E2:8A:01:B9:58:38:90:E4:7D:B7:25:23:EC (alt names: "DNS:puppetmaster", "DNS:puppetmaster.example.com")
|
|
||||||
|
|
||||||
### 6. Creating a Puppet Manifest ###
|
|
||||||
|
|
||||||
The default location of the main manifest is /etc/puppet/manifests/site.pp. The main manifest file contains the definition of configuration that is used to execute in the puppet node agent. Now, we'll create the manifest file by running the following command.
|
|
||||||
|
|
||||||
# nano /etc/puppet/manifests/site.pp
|
|
||||||
|
|
||||||
Then, we'll add the following lines of configuration in the file that we just opened.
|
|
||||||
|
|
||||||
# execute 'apt-get update'
|
|
||||||
exec { 'apt-update': # exec resource named 'apt-update'
|
|
||||||
command => '/usr/bin/apt-get update' # command this resource will run
|
|
||||||
}
|
|
||||||
|
|
||||||
# install apache2 package
|
|
||||||
package { 'apache2':
|
|
||||||
require => Exec['apt-update'], # require 'apt-update' before installing
|
|
||||||
ensure => installed,
|
|
||||||
}
|
|
||||||
|
|
||||||
# ensure apache2 service is running
|
|
||||||
service { 'apache2':
|
|
||||||
ensure => running,
|
|
||||||
}
|
|
||||||
|
|
||||||
The above lines of configuration are responsible for the deployment of the installation of apache web server across the node agent.
|
|
||||||
|
|
||||||
### 7. Starting Master Service ###
|
|
||||||
|
|
||||||
We are now ready to start the puppet master. We can start it by running the apache2 service.
|
|
||||||
|
|
||||||
# systemctl start apache2
|
|
||||||
|
|
||||||
Here, our puppet master is running, but it isn't managing any agent nodes yet. Now, we'll gonna add the puppet node agents to the master.
|
|
||||||
|
|
||||||
**Note**: If you get an error **Job for apache2.service failed. See "systemctl status apache2.service" and "journalctl -xe" for details.** then it must be that there is some problem with the apache server. So, we can see the log what exactly has happened by running **apachectl start** under root or sudo mode. Here, while performing this tutorial, we got a misconfiguration of the certificates under **/etc/apache2/sites-enabled/puppetmaster.conf** file. We replaced **SSLCertificateFile /var/lib/puppet/ssl/certs/server.pem with SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster.pem** and commented **SSLCertificateKeyFile** line. Then we'll need to rerun the above command to run apache server.
|
|
||||||
|
|
||||||
### 8. Puppet Agent Package Installation ###
|
|
||||||
|
|
||||||
Now, as we have our puppet master ready and it needs an agent to manage, we'll need to install puppet agent into the nodes. We'll need to install puppet agent in every nodes in our infrastructure we want puppet master to manage. We'll need to make sure that we have added our node agents in the DNS. Now, we'll gonna install the latest puppet agent in our agent node ie. puppetnode.example.com .
|
|
||||||
|
|
||||||
We'll run the following command to download the Puppet Labs package in our puppet agent nodes.
|
|
||||||
|
|
||||||
# cd /tmp/
|
|
||||||
# wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb\
|
|
||||||
|
|
||||||
--2015-06-17 00:54:42-- https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
|
|
||||||
Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d
|
|
||||||
Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected.
|
|
||||||
HTTP request sent, awaiting response... 200 OK
|
|
||||||
Length: 7384 (7.2K) [application/x-debian-package]
|
|
||||||
Saving to: ‘puppetlabs-release-trusty.deb’
|
|
||||||
|
|
||||||
puppetlabs-release-tr 100%[===========================>] 7.21K --.-KB/s in 0.04s
|
|
||||||
|
|
||||||
2015-06-17 00:54:42 (162 KB/s) - ‘puppetlabs-release-trusty.deb’ saved [7384/7384]
|
|
||||||
|
|
||||||
Then, as we're running ubuntu 15.04, we'll use debian package manager to install it.
|
|
||||||
|
|
||||||
# dpkg -i puppetlabs-release-trusty.deb
|
|
||||||
|
|
||||||
Now, we'll gonna update the repository index using apt-get.
|
|
||||||
|
|
||||||
# apt-get update
|
|
||||||
|
|
||||||
Finally, we'll gonna install the puppet agent directly from the remote repository.
|
|
||||||
|
|
||||||
# apt-get install puppet
|
|
||||||
|
|
||||||
Puppet agent is always disabled by default, so we'll need to enable it. To do so we'll need to edit /etc/default/puppet file using a text editor.
|
|
||||||
|
|
||||||
# nano /etc/default/puppet
|
|
||||||
|
|
||||||
Then, we'll need to change value of **START** to "yes" as shown below.
|
|
||||||
|
|
||||||
START=yes
|
|
||||||
|
|
||||||
Then, we'll need to save and exit the file.
|
|
||||||
|
|
||||||
### 9. Agent Version Lock with Apt ###
|
|
||||||
|
|
||||||
As We have puppet version as 3.8.1, we need to lock the puppet version update as this will mess up the configurations while updating the puppet. So, we'll use apt's locking feature for that. To do so, we'll need to create a file /etc/apt/preferences.d/00-puppet.pref using our favorite text editor.
|
|
||||||
|
|
||||||
# nano /etc/apt/preferences.d/00-puppet.pref
|
|
||||||
|
|
||||||
Then, we'll gonna add the entries in the newly created file as:
|
|
||||||
|
|
||||||
# /etc/apt/preferences.d/00-puppet.pref
|
|
||||||
Package: puppet puppet-common
|
|
||||||
Pin: version 3.8*
|
|
||||||
Pin-Priority: 501
|
|
||||||
|
|
||||||
Now, it will not update the Puppet while running updates in the system.
|
|
||||||
|
|
||||||
### 10. Configuring Puppet Node Agent ###
|
|
||||||
|
|
||||||
Next, We must make a few configuration changes before running the agent. To do so, we'll need to edit the agent's puppet.conf
|
|
||||||
|
|
||||||
# nano /etc/puppet/puppet.conf
|
|
||||||
|
|
||||||
It will look exactly like the Puppet master's initial configuration file.
|
|
||||||
|
|
||||||
This time also we'll comment the **templatedir** line. Then we'll gonna delete the [master] section, and all of the lines below it.
|
|
||||||
|
|
||||||
Assuming that the puppet master is reachable at "puppet-master", the agent should be able to connect to the master. If not we'll need to use its fully qualified domain name ie. puppetmaster.example.com .
|
|
||||||
|
|
||||||
[agent]
|
|
||||||
server = puppetmaster.example.com
|
|
||||||
certname = puppetnode.example.com
|
|
||||||
|
|
||||||
After adding this, it will look alike this.
|
|
||||||
|
|
||||||
[main]
|
|
||||||
logdir=/var/log/puppet
|
|
||||||
vardir=/var/lib/puppet
|
|
||||||
ssldir=/var/lib/puppet/ssl
|
|
||||||
rundir=/var/run/puppet
|
|
||||||
factpath=$vardir/lib/facter
|
|
||||||
#templatedir=$confdir/templates
|
|
||||||
|
|
||||||
[agent]
|
|
||||||
server = puppetmaster.example.com
|
|
||||||
certname = puppetnode.example.com
|
|
||||||
|
|
||||||
After done with that, we'll gonna save and exit it.
|
|
||||||
|
|
||||||
Next, we'll wanna start our latest puppet agent in our Ubuntu 15.04 nodes. To start our puppet agent, we'll need to run the following command.
|
|
||||||
|
|
||||||
# systemctl start puppet
|
|
||||||
|
|
||||||
If everything went as expected and configured properly, we should not see any output displayed by running the above command. When we run an agent for the first time, it generates an SSL certificate and sends a request to the puppet master then if the master signs the agent's certificate, it will be able to communicate with the agent node.
|
|
||||||
|
|
||||||
**Note**: If you are adding your first node, it is recommended that you attempt to sign the certificate on the puppet master before adding your other agents. Once you have verified that everything works properly, then you can go back and add the remaining agent nodes further.
|
|
||||||
|
|
||||||
### 11. Signing certificate Requests on Master ###
|
|
||||||
|
|
||||||
While puppet agent runs for the first time, it generates an SSL certificate and sends a request for signing to the master server. Before the master will be able to communicate and control the agent node, it must sign that specific agent node's certificate.
|
|
||||||
|
|
||||||
To get the list of the certificate requests, we'll run the following command in the puppet master server.
|
|
||||||
|
|
||||||
# puppet cert list
|
|
||||||
|
|
||||||
"puppetnode.example.com" (SHA256) 31:A1:7E:23:6B:CD:7B:7D:83:98:33:8B:21:01:A6:C4:01:D5:53:3D:A0:0E:77:9A:77:AE:8F:05:4A:9A:50:B2
|
|
||||||
|
|
||||||
As we just setup our first agent node, we will see one request. It will look something like the following, with the agent node's Domain name as the hostname.
|
|
||||||
|
|
||||||
Note that there is no + in front of it which indicates that it has not been signed yet.
|
|
||||||
|
|
||||||
Now, we'll go for signing a certification request. In order to sign a certification request, we should simply run **puppet cert sign** with the **hostname** as shown below.
|
|
||||||
|
|
||||||
# puppet cert sign puppetnode.example.com
|
|
||||||
|
|
||||||
Notice: Signed certificate request for puppetnode.example.com
|
|
||||||
Notice: Removing file Puppet::SSL::CertificateRequest puppetnode.example.com at '/var/lib/puppet/ssl/ca/requests/puppetnode.example.com.pem'
|
|
||||||
|
|
||||||
The Puppet master can now communicate and control the node that the signed certificate belongs to.
|
|
||||||
|
|
||||||
If we want to sign all of the current requests, we can use the -all option as shown below.
|
|
||||||
|
|
||||||
# puppet cert sign --all
|
|
||||||
|
|
||||||
### Removing a Puppet Certificate ###
|
|
||||||
|
|
||||||
If we wanna remove a host from it or wanna rebuild a host then add it back to it. In this case, we will want to revoke the host's certificate from the puppet master. To do this, we will want to use the clean action as follows.
|
|
||||||
|
|
||||||
# puppet cert clean hostname
|
|
||||||
|
|
||||||
Notice: Revoked certificate with serial 5
|
|
||||||
Notice: Removing file Puppet::SSL::Certificate puppetnode.example.com at '/var/lib/puppet/ssl/ca/signed/puppetnode.example.com.pem'
|
|
||||||
Notice: Removing file Puppet::SSL::Certificate puppetnode.example.com at '/var/lib/puppet/ssl/certs/puppetnode.example.com.pem'
|
|
||||||
|
|
||||||
If we want to view all of the requests signed and unsigned, run the following command:
|
|
||||||
|
|
||||||
# puppet cert list --all
|
|
||||||
|
|
||||||
+ "puppetmaster" (SHA256) 33:28:97:86:A1:C3:2F:73:10:D1:FB:42:DA:D5:42:69:71:84:F0:E2:8A:01:B9:58:38:90:E4:7D:B7:25:23:EC (alt names: "DNS:puppetmaster", "DNS:puppetmaster.example.com")
|
|
||||||
|
|
||||||
### 12. Deploying a Puppet Manifest ###
|
|
||||||
|
|
||||||
After we configure and complete the puppet manifest, we'll wanna deploy the manifest to the agent nodes server. To apply and load the main manifest we can simply run the following command in the agent node.
|
|
||||||
|
|
||||||
# puppet agent --test
|
|
||||||
|
|
||||||
Info: Retrieving pluginfacts
|
|
||||||
Info: Retrieving plugin
|
|
||||||
Info: Caching catalog for puppetnode.example.com
|
|
||||||
Info: Applying configuration version '1434563858'
|
|
||||||
Notice: /Stage[main]/Main/Exec[apt-update]/returns: executed successfully
|
|
||||||
Notice: Finished catalog run in 10.53 seconds
|
|
||||||
|
|
||||||
This will show us all the processes how the main manifest will affect a single server immediately.
|
|
||||||
|
|
||||||
If we wanna run a puppet manifest that is not related to the main manifest, we can simply use puppet apply followed by the manifest file path. It only applies the manifest to the node that we run the apply from.
|
|
||||||
|
|
||||||
# puppet apply /etc/puppet/manifest/test.pp
|
|
||||||
|
|
||||||
### 13. Configuring Manifest for a Specific Node ###
|
|
||||||
|
|
||||||
If we wanna deploy a manifest only to a specific node then we'll need to configure the manifest as follows.
|
|
||||||
|
|
||||||
We'll need to edit the manifest on the master server using a text editor.
|
|
||||||
|
|
||||||
# nano /etc/puppet/manifest/site.pp
|
|
||||||
|
|
||||||
Now, we'll gonna add the following lines there.
|
|
||||||
|
|
||||||
node 'puppetnode', 'puppetnode1' {
|
|
||||||
# execute 'apt-get update'
|
|
||||||
exec { 'apt-update': # exec resource named 'apt-update'
|
|
||||||
command => '/usr/bin/apt-get update' # command this resource will run
|
|
||||||
}
|
|
||||||
|
|
||||||
# install apache2 package
|
|
||||||
package { 'apache2':
|
|
||||||
require => Exec['apt-update'], # require 'apt-update' before installing
|
|
||||||
ensure => installed,
|
|
||||||
}
|
|
||||||
|
|
||||||
# ensure apache2 service is running
|
|
||||||
service { 'apache2':
|
|
||||||
ensure => running,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
Here, the above configuration will install and deploy the apache web server only to the two specified nodes having shortname puppetnode and puppetnode1. We can add more nodes that we need to get deployed with the manifest specifically.
|
|
||||||
|
|
||||||
### 14. Configuring Manifest with a Module ###
|
|
||||||
|
|
||||||
Modules are useful for grouping tasks together, they are many available in the Puppet community which anyone can contribute further.
|
|
||||||
|
|
||||||
On the puppet master, we'll gonna install the **puppetlabs-apache** module using the puppet module command.
|
|
||||||
|
|
||||||
# puppet module install puppetlabs-apache
|
|
||||||
|
|
||||||
**Warning**: Please do not use this module on an existing apache setup else it will purge your apache configurations that are not managed by puppet.
|
|
||||||
|
|
||||||
Now we'll gonna edit the main manifest ie **site.pp** using a text editor.
|
|
||||||
|
|
||||||
# nano /etc/puppet/manifest/site.pp
|
|
||||||
|
|
||||||
Now add the following lines to install apache under puppetnode.
|
|
||||||
|
|
||||||
node 'puppet-node' {
|
|
||||||
class { 'apache': } # use apache module
|
|
||||||
apache::vhost { 'example.com': # define vhost resource
|
|
||||||
port => '80',
|
|
||||||
docroot => '/var/www/html'
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
Then we'll wanna save and exit it. Then, we'll wanna rerun the manifest to deploy the configuration to the agents for our infrastructure.
|
|
||||||
|
|
||||||
### Conclusion ###
|
|
||||||
|
|
||||||
Finally we have successfully installed puppet to manage our Server Infrastructure running Ubuntu 15.04 "Vivid Vervet" linux operating system. We learned how puppet works, configure a manifest configuration, communicate with nodes and deploy the manifest on the agent nodes with secure SSL certification. Controlling, managing and configuring repeated task in several N number of nodes is very easy with puppet open source software configuration management tool. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you ! Enjoy :-)
|
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
|
||||||
|
|
||||||
via: http://linoxide.com/linux-how-to/install-puppet-ubuntu-15-04/
|
|
||||||
|
|
||||||
作者:[Arun Pyasi][a]
|
|
||||||
译者:[译者ID](https://github.com/译者ID)
|
|
||||||
校对:[校对者ID](https://github.com/校对者ID)
|
|
||||||
|
|
||||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
|
|
||||||
|
|
||||||
[a]:http://linoxide.com/author/arunp/
|
|
||||||
[1]:https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html
|
|
@ -1,3 +1,4 @@
|
|||||||
|
translated by iov-wang
|
||||||
How to Install OsTicket Ticketing System in Fedora 22 / Centos 7
|
How to Install OsTicket Ticketing System in Fedora 22 / Centos 7
|
||||||
================================================================================
|
================================================================================
|
||||||
In this article, we'll learn how to setup help desk ticketing system with osTicket in our machine or server running Fedora 22 or CentOS 7 as operating system. osTicket is a free and open source popular customer support ticketing system developed and maintained by [Enhancesoft][1] and its contributors. osTicket is the best solution for help and support ticketing system and management for better communication and support assistance with clients and customers. It has the ability to easily integrate with inquiries created via email, phone and web based forms into a beautiful multi-user web interface. osTicket makes us easy to manage, organize and log all our support requests and responses in one single place. It is a simple, lightweight, reliable, open source, web-based and easy to setup and use help desk ticketing system.
|
In this article, we'll learn how to setup help desk ticketing system with osTicket in our machine or server running Fedora 22 or CentOS 7 as operating system. osTicket is a free and open source popular customer support ticketing system developed and maintained by [Enhancesoft][1] and its contributors. osTicket is the best solution for help and support ticketing system and management for better communication and support assistance with clients and customers. It has the ability to easily integrate with inquiries created via email, phone and web based forms into a beautiful multi-user web interface. osTicket makes us easy to manage, organize and log all our support requests and responses in one single place. It is a simple, lightweight, reliable, open source, web-based and easy to setup and use help desk ticketing system.
|
||||||
@ -176,4 +177,4 @@ via: http://linoxide.com/linux-how-to/install-osticket-fedora-22-centos-7/
|
|||||||
[a]:http://linoxide.com/author/arunp/
|
[a]:http://linoxide.com/author/arunp/
|
||||||
[1]:http://www.enhancesoft.com/
|
[1]:http://www.enhancesoft.com/
|
||||||
[2]:http://osticket.com/download
|
[2]:http://osticket.com/download
|
||||||
[3]:https://github.com/osTicket/osTicket-1.8/releases
|
[3]:https://github.com/osTicket/osTicket-1.8/releases
|
||||||
|
@ -1,139 +0,0 @@
|
|||||||
wyangsun translating
|
|
||||||
How to use Mutt email client with encrypted passwords
|
|
||||||
================================================================================
|
|
||||||
Mutt is an open-source email client written for Linux/UNIX terminal environment. Together with [Alpine][1], Mutt has the most devoted followers among Linux command-line enthusiasts, and for good reasons. Think of anything you expect from an email client, and Mutt has it: multi-protocol support (e.g., POP3, IMAP and SMTP), S/MIME and PGP/GPG integration, threaded conversation, color coding, customizable macros/keybindings, and so on. Besides, terminal-based Mutt is a lightweight alternative for accessing emails compared to bulky web browser-based (e.g., Gmail, Ymail) or GUI-based email clients (e.g., Thunderbird, MS Outlook).
|
|
||||||
|
|
||||||
When you want to use Mutt to access or send emails via corporate SMTP/IMAP servers or replace web mail services, one concern you may have is how to protect your email credentials (e.g., SMTP/IMAP passwords) stored in a plain-text Mutt configuration file (~/.muttrc).
|
|
||||||
|
|
||||||
For those who are security-conscious, there is actually an easy way to **encrypt Mutt configuration** to prevent such risk. In this tutorial, I describe how you can encrypt sensitive Mutt configuration such as SMTP/IMAP passwords using GnuPG (GPG), an open-source implementation of OpenPGP.
|
|
||||||
|
|
||||||
### Step One (Optional): Create GPG Key ###
|
|
||||||
|
|
||||||
Since we are going to use GPG to encrypt Mutt configuration, the first step is to create a GPG key (public/private keypair) if you don't have one. If you do, skip this step.
|
|
||||||
|
|
||||||
To create a new GPG key, type the following.
|
|
||||||
|
|
||||||
$ gpg --gen-key
|
|
||||||
|
|
||||||
Choose the key type (RSA), keysize (2048 bits), and expiration date (0: no expiration). When prompted for a user ID, type your name (Dan Nanni) and email address (myemail@email.com) to be associated with the private/public keypair. Finally, type a passphrase to protect your private key.
|
|
||||||
|
|
||||||
![](https://c2.staticflickr.com/6/5726/22808727824_7735f11157_c.jpg)
|
|
||||||
|
|
||||||
Generating a GPG key requires a lot of random bytes for entropy, so make sure to perform some random actions on your system (e.g., type on a keyboard, move a mouse or read/write a disk) during key generation. Depending on keysize, it may take a few minutes or more to generate a GPG key.
|
|
||||||
|
|
||||||
![](https://c1.staticflickr.com/1/644/23328597612_6ac5a29944_c.jpg)
|
|
||||||
|
|
||||||
### Step Two: Encrypt Sensitive Mutt Configuration ###
|
|
||||||
|
|
||||||
Next, create a new text file in ~/.mutt directory, and put in the file any sensitive Mutt configuration you want to hide. In this example, I specify SMTP/IMAP passwords.
|
|
||||||
|
|
||||||
$ mkdir ~/.mutt
|
|
||||||
$ vi ~/.mutt/password
|
|
||||||
|
|
||||||
----------
|
|
||||||
|
|
||||||
set smtp_pass="XXXXXXX"
|
|
||||||
set imap_pass="XXXXXXX"
|
|
||||||
|
|
||||||
Now encrypt this file with gpg using your public key as follows.
|
|
||||||
|
|
||||||
$ gpg -r myemail@email.com -e ~/.mutt/password
|
|
||||||
|
|
||||||
This will create ~/.mutt/password.gpg, which is a GPG-encrypted version of the original file.
|
|
||||||
|
|
||||||
Go ahead and remove ~/.mutt/password, leaving only the GPG-encrypted version.
|
|
||||||
|
|
||||||
### Step Three: Create Full Mutt Configuration ###
|
|
||||||
|
|
||||||
Now that you have encrypted sensitive Mutt configuration in a separate file, you can specify the rest of your Mutt configuration in ~/.muttrc. Then add the following line at the end of ~/.muttrc.
|
|
||||||
|
|
||||||
source "gpg -d ~/.mutt/password.gpg |"
|
|
||||||
|
|
||||||
This line will decrypt ~/.mutt/password.gpg when you launch Mutt, and apply the decrypted content to your Mutt configuration.
|
|
||||||
|
|
||||||
The following shows an example of full Mutt configuration which allows you to access Gmail with Mutt, without revealing your SMTP/IMAP passwords. Replace yourgmailaccount with your Gmail ID.
|
|
||||||
|
|
||||||
set from = "yourgmailaccount@gmail.com"
|
|
||||||
set realname = "Your Name"
|
|
||||||
set smtp_url = "smtp://yourgmailaccount@smtp.gmail.com:587/"
|
|
||||||
set imap_user = "yourgmailaccount@gmail.com"
|
|
||||||
set folder = "imaps://imap.gmail.com:993"
|
|
||||||
set spoolfile = "+INBOX"
|
|
||||||
set postponed = "+[Google Mail]/Drafts"
|
|
||||||
set trash = "+[Google Mail]/Trash"
|
|
||||||
set header_cache =~/.mutt/cache/headers
|
|
||||||
set message_cachedir =~/.mutt/cache/bodies
|
|
||||||
set certificate_file =~/.mutt/certificates
|
|
||||||
set move = no
|
|
||||||
set imap_keepalive = 900
|
|
||||||
|
|
||||||
# encrypted IMAP/SMTP passwords
|
|
||||||
source "gpg -d ~/.mutt/password.gpg |"
|
|
||||||
|
|
||||||
### Step Four (Optional): Configure GPG-agent ###
|
|
||||||
|
|
||||||
At this point, you will be able to use Mutt with encrypted IMAP/SMTP passwords. However, every time you launch Mutt, you will first be prompted to enter a GPG passphrase in order to decrypt IMAP/SMTP passwords using your private key.
|
|
||||||
|
|
||||||
![](https://c2.staticflickr.com/6/5667/23437064775_20c874940f_c.jpg)
|
|
||||||
|
|
||||||
If you want to avoid such GPG passphrase prompts, you can set up gpg-agent. Running as a daemon, gpg-agent securely caches your GPG passphrase, so that gpg automatically obtains your GPG passphrase from gpg-agent without you typing it manually. If you are using Linux desktop, you can use desktop-specific ways to configure something equivalent to gpg-agent, for example, gnome-keyring-daemon for GNOME desktop.
|
|
||||||
|
|
||||||
You can install gpg-agent on Debian-based systems with:
|
|
||||||
|
|
||||||
$ sudo apt-get install gpg-agent
|
|
||||||
|
|
||||||
gpg-agent comes pre-installed on Red Hat based systems.
|
|
||||||
|
|
||||||
Now add the following to your .bashrc file.
|
|
||||||
|
|
||||||
envfile="$HOME/.gnupg/gpg-agent.env"
|
|
||||||
if [[ -e "$envfile" ]] && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then
|
|
||||||
eval "$(cat "$envfile")"
|
|
||||||
else
|
|
||||||
eval "$(gpg-agent --daemon --allow-preset-passphrase --write-env-file "$envfile")"
|
|
||||||
fi
|
|
||||||
export GPG_AGENT_INFO
|
|
||||||
|
|
||||||
Reload .bashrc, or simply log out and log back in.
|
|
||||||
|
|
||||||
$ source ~/.bashrc
|
|
||||||
|
|
||||||
Now confirm that GPG_AGENT_INFO environment variable is set properly.
|
|
||||||
|
|
||||||
$ echo $GPG_AGENT_INFO
|
|
||||||
|
|
||||||
----------
|
|
||||||
|
|
||||||
/tmp/gpg-0SKJw8/S.gpg-agent:942:1
|
|
||||||
|
|
||||||
Also, when you type gpg-agent command, you should see the following message.
|
|
||||||
|
|
||||||
$ gpg-agent
|
|
||||||
|
|
||||||
----------
|
|
||||||
|
|
||||||
gpg-agent: gpg-agent running and available
|
|
||||||
|
|
||||||
Once gpg-agent is up and running, it will cache your GPG passphrase the first time you type it at the passphrase prompt. Subsequently when you launch Mutt multiple times, you won't be prompted for a GPG passphrase (as long as gpg-agent is up and the cache entry does not expire).
|
|
||||||
|
|
||||||
![](https://c1.staticflickr.com/1/664/22809928093_3be57698ce_c.jpg)
|
|
||||||
|
|
||||||
### Conclusion ###
|
|
||||||
|
|
||||||
In this tutorial, I presented a way to encrypt sensitive Mutt configuration such as SMTP/IMAP passwords using GnuPG. Note that if you want to use GnuPG within Mutt to encrypt or sign your email message, you can refer to the [official guide][2] on using GPG with Mutt.
|
|
||||||
|
|
||||||
If you know of any security tips for using Mutt, feel free to share it.
|
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
|
||||||
|
|
||||||
via: http://xmodulo.com/mutt-email-client-encrypted-passwords.html
|
|
||||||
|
|
||||||
作者:[Dan Nanni][a]
|
|
||||||
译者:[译者ID](https://github.com/译者ID)
|
|
||||||
校对:[校对者ID](https://github.com/校对者ID)
|
|
||||||
|
|
||||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
|
||||||
|
|
||||||
[a]:http://xmodulo.com/author/nanni
|
|
||||||
[1]:http://xmodulo.com/gmail-command-line-linux-alpine.html
|
|
||||||
[2]:http://dev.mutt.org/trac/wiki/MuttGuide/UseGPG
|
|
@ -1,3 +1,5 @@
|
|||||||
|
Vic020
|
||||||
|
|
||||||
How to use the Linux ftp command to up- and download files on the shell
|
How to use the Linux ftp command to up- and download files on the shell
|
||||||
================================================================================
|
================================================================================
|
||||||
In this tutorial, I will explain how to use the Linux ftp command on the shell. I will show you how to connect to an FTP server, up- and download files and create directories. While there are many nice desktops FTP clients available, the FTP command is still useful when you work remotely on a server over an SSH session and e.g. want to fetch a backup file from your FTP storage.
|
In this tutorial, I will explain how to use the Linux ftp command on the shell. I will show you how to connect to an FTP server, up- and download files and create directories. While there are many nice desktops FTP clients available, the FTP command is still useful when you work remotely on a server over an SSH session and e.g. want to fetch a backup file from your FTP storage.
|
||||||
@ -143,4 +145,4 @@ via: https://www.howtoforge.com/tutorial/how-to-use-ftp-on-the-linux-shell/
|
|||||||
译者:[译者ID](https://github.com/译者ID)
|
译者:[译者ID](https://github.com/译者ID)
|
||||||
校对:[校对者ID](https://github.com/校对者ID)
|
校对:[校对者ID](https://github.com/校对者ID)
|
||||||
|
|
||||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||||
|
@ -0,0 +1,138 @@
|
|||||||
|
如何使用加密过密码的Mutt邮件客户端
|
||||||
|
================================================================================
|
||||||
|
Mutt是一个开源的Linux/UNIX终端环境下的邮件客户端。连同[Alpine][1],Mutt有充分的理由在Linux命令行热衷者中有最忠诚的追随者。想一下你对邮件客户端的期待的事情,Mutt拥有:多协议支持(e.g., POP3, IMAP and SMTP),S/MIME和PGP/GPG集成,线程会话,颜色编码,可定制宏/快捷键,等等。另外,基于命令行的Mutt相比笨重的web浏览器(如:Gmail,Ymail)或可视化邮件客户端(如:Thunderbird,MS Outlook)是一个轻量访问电子邮件的选择。
|
||||||
|
|
||||||
|
当你想使用Mutt通过公司的SMTP/IMAP服务器访问或发送邮件,或取代网页邮件服务,可能所关心的一个问题是如何保护您的邮件凭据(如:SMTP/IMAP密码)存储在一个纯文本Mutt配置文件(~/.muttrc)。
|
||||||
|
|
||||||
|
对于一些人安全的担忧,确实有一个容易的方法来**加密Mutt配置文件***,防止这种风险。在这个教程中,我描述了如何加密Mutt敏感配置,比如SMTP/IMAP密码使用GnuPG(GPG),一个开源的OpenPGP实现。
|
||||||
|
|
||||||
|
### 第一步 (可选):创建GPG密钥 ###
|
||||||
|
|
||||||
|
因为我们将要使用GPG加密Mutt配置文件,如果你没有,第一步就是创建一个GPG密钥(公有/私有 密钥对)。如果有,忽略这步。
|
||||||
|
|
||||||
|
创建一个新GPG密钥,输入下面的。
|
||||||
|
|
||||||
|
$ gpg --gen-key
|
||||||
|
|
||||||
|
选择密钥类型(RSA),密钥长度(2048 bits),和过期时间(0,不过期)。当出现用户ID提示时,输入你的名字(Dan Nanni) 和邮箱地址(myemail@email.com)关联到私有/公有密钥对。最后,输入一个密码来保护你的私钥。
|
||||||
|
|
||||||
|
![](https://c2.staticflickr.com/6/5726/22808727824_7735f11157_c.jpg)
|
||||||
|
|
||||||
|
生成一个GPG密钥需要大量的随机字节熵,所以在生成密钥期间确保在你的系统上执行一些随机行为(如:打键盘,移动鼠标或者读写磁盘)。根据密钥长度决定生成GPG密钥要花几分钟或更多时间。
|
||||||
|
|
||||||
|
![](https://c1.staticflickr.com/1/644/23328597612_6ac5a29944_c.jpg)
|
||||||
|
|
||||||
|
### 第二部:加密Mutt敏感配置 ###
|
||||||
|
|
||||||
|
下一步,在~/.mutt目录创建一个新的文本文件,然后把一些你想隐藏的Mutt敏感配置放进去。这个例子里,我指定了SMTP/IMAP密码。
|
||||||
|
|
||||||
|
$ mkdir ~/.mutt
|
||||||
|
$ vi ~/.mutt/password
|
||||||
|
|
||||||
|
----------
|
||||||
|
|
||||||
|
set smtp_pass="XXXXXXX"
|
||||||
|
set imap_pass="XXXXXXX"
|
||||||
|
|
||||||
|
现在gpg用你的公钥加密这个文件如下。
|
||||||
|
|
||||||
|
$ gpg -r myemail@email.com -e ~/.mutt/password
|
||||||
|
|
||||||
|
这将创建~/.mutt/password.gpg,这个是一个GPG加密原始版本文件。
|
||||||
|
|
||||||
|
继续删除~/.mutt/password,只保留GPG加密版本。
|
||||||
|
|
||||||
|
### 第三部:创建完整Mutt配置文件 ###
|
||||||
|
|
||||||
|
由于你已经在一个单独的文件加密了Mutt敏感配置,你可以在~/.muttrc指定其余的Mutt配置。然后增加下面这行在~/.muttrc末尾。
|
||||||
|
|
||||||
|
source "gpg -d ~/.mutt/password.gpg |"
|
||||||
|
|
||||||
|
当你使用Mutt,这行将解密~/.mutt/password.gpg,然后将解密内容应用到你的Mutt配置。
|
||||||
|
|
||||||
|
下面展示一个完整Mutt配置例子,这允许你用Mutt访问Gmail,没有暴露你的SMTP/IMAP密码。取代你用Gmail ID登陆你的账户。
|
||||||
|
|
||||||
|
set from = "yourgmailaccount@gmail.com"
|
||||||
|
set realname = "Your Name"
|
||||||
|
set smtp_url = "smtp://yourgmailaccount@smtp.gmail.com:587/"
|
||||||
|
set imap_user = "yourgmailaccount@gmail.com"
|
||||||
|
set folder = "imaps://imap.gmail.com:993"
|
||||||
|
set spoolfile = "+INBOX"
|
||||||
|
set postponed = "+[Google Mail]/Drafts"
|
||||||
|
set trash = "+[Google Mail]/Trash"
|
||||||
|
set header_cache =~/.mutt/cache/headers
|
||||||
|
set message_cachedir =~/.mutt/cache/bodies
|
||||||
|
set certificate_file =~/.mutt/certificates
|
||||||
|
set move = no
|
||||||
|
set imap_keepalive = 900
|
||||||
|
|
||||||
|
# encrypted IMAP/SMTP passwords
|
||||||
|
source "gpg -d ~/.mutt/password.gpg |"
|
||||||
|
|
||||||
|
### 第四部(可选):配置GPG代理 ###
|
||||||
|
|
||||||
|
这时候,你将可以使用加密了IMAP/SMTP密码的Mutt。无论如何,每次你运行Mutt,你都要先被提示输入一个GPG密码来使用你的私钥解密IMAP/SMTP密码。
|
||||||
|
|
||||||
|
![](https://c2.staticflickr.com/6/5667/23437064775_20c874940f_c.jpg)
|
||||||
|
|
||||||
|
如果你想避免这样的GPG密码提示,你可以部署gpg代理。运行一个后台程序,gpg代理安全的缓存你的GPG密码,无需手工干预gpg自动从gpg代理获得你的GPG密码。如果你正在使用Linux桌面,你可以使用桌面特定方式来配置一些东西等价于gpg代理,例如,GNOME桌面的gnome-keyring-daemon。
|
||||||
|
|
||||||
|
你可以在基于Debian系统安装gpg代理:
|
||||||
|
|
||||||
|
$ sudo apt-get install gpg-agent
|
||||||
|
|
||||||
|
gpg代理是基于Red Hat系统预装的。
|
||||||
|
|
||||||
|
现在增加下面这些道你的.bashrc文件。
|
||||||
|
|
||||||
|
envfile="$HOME/.gnupg/gpg-agent.env"
|
||||||
|
if [[ -e "$envfile" ]] && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then
|
||||||
|
eval "$(cat "$envfile")"
|
||||||
|
else
|
||||||
|
eval "$(gpg-agent --daemon --allow-preset-passphrase --write-env-file "$envfile")"
|
||||||
|
fi
|
||||||
|
export GPG_AGENT_INFO
|
||||||
|
|
||||||
|
重载.bashrc,或单纯的登出然后登陆回来。
|
||||||
|
|
||||||
|
$ source ~/.bashrc
|
||||||
|
|
||||||
|
现在确认GPG_AGENT_INFO环境变量已经设置妥当。
|
||||||
|
|
||||||
|
$ echo $GPG_AGENT_INFO
|
||||||
|
|
||||||
|
----------
|
||||||
|
|
||||||
|
/tmp/gpg-0SKJw8/S.gpg-agent:942:1
|
||||||
|
|
||||||
|
并且,当你输入gpg-agent命令时,你应该看到下面的信息。
|
||||||
|
|
||||||
|
$ gpg-agent
|
||||||
|
|
||||||
|
----------
|
||||||
|
|
||||||
|
gpg-agent: gpg-agent running and available
|
||||||
|
|
||||||
|
一旦gpg-agent启动运行,它将会在第一次提示你输入密码时缓存你的GPG密码。随后你运行Mutt多次,你将不会被提示要GPG密码(gpg-agent一直开着,缓存就不会过期)。
|
||||||
|
|
||||||
|
![](https://c1.staticflickr.com/1/664/22809928093_3be57698ce_c.jpg)
|
||||||
|
|
||||||
|
### 结论 ###
|
||||||
|
|
||||||
|
在这个指导里,我提出一个方法加密Mutt敏感配置如SMTP/IMAP密码使用GnuPG。注意,如果你想在Mutt上使用GnuPG或者登陆你的邮件信息,你可以参考[官方指南][2]在使用GPG与Mutt结合。
|
||||||
|
|
||||||
|
如果你知道任何使用Mutt的安全技巧,随时分享他。
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
via: http://xmodulo.com/mutt-email-client-encrypted-passwords.html
|
||||||
|
|
||||||
|
作者:[Dan Nanni][a]
|
||||||
|
译者:[wyangsun](https://github.com/wyangsun)
|
||||||
|
校对:[校对者ID](https://github.com/校对者ID)
|
||||||
|
|
||||||
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||||
|
|
||||||
|
[a]:http://xmodulo.com/author/nanni
|
||||||
|
[1]:http://xmodulo.com/gmail-command-line-linux-alpine.html
|
||||||
|
[2]:http://dev.mutt.org/trac/wiki/MuttGuide/UseGPG
|
Loading…
Reference in New Issue
Block a user