cdist/docs/dev/logs/2020-10-29.org
2020-10-29 21:22:36 +01:00

1.7 KiB

The scanner, 2020-10-29, Hacking Villa Diesbach

Motivation

  • The purpose of cdist is to ensure systems are in a configured state
  • If systems reboot into a clean (think: netboot) state they are stuck in an unconfigured mode
  • We can either trigger from those machines

    • this is what cdist trigger is for
  • Or we can regulary scan for machines

    • This method does not need any modification to standard OS

How it works

  • cdist scan uses the all nodes multicast group ff02::1
  • It sends a ping packet there in regular intervals
  • This even works in non-IPv6 networks, as all operating systems are IPv6 capable and usually IPv6 enabled by default

    • Link local is always accessible!
  • cdist scan receives an answer from all alive hosts

    • These results are stored in ~/.cdist/scan/${hostip}
    • We record the last_seen date ~/.cdist/scan/${hostip}/last_seen
  • After a host is detected, cdist can try to configure it

    • It saves the result (+/- logging needs to be defined) in ~/.cdist/scan/${hostip}/{config, install}_result
    • If logging is saved: maybe in ~/.cdist/scan/${hostip}/{config, install}_log
    • Final naming TBD

Benefits from the scanning approach

  • We know when a host is alive/dead
  • We can use standard OS w/o trigger customisation

    • Only requirement: we can ssh into it
    • Can make use f.i. of Alpine Linux w/ ssh keys feeding in
  • We can trigger regular reconfiguration

    • If alive && last_config_time > 1d -> reconfigure
  • Data can be exported to f.i. prometheus

    • Record when configured (successfully)
    • Record when seen
  • Enables configurations in stateless environments