2020-10-29 21:22:36 +01:00
|
|
|
* The scanner, 2020-10-29, Hacking Villa Diesbach
|
|
|
|
|
** Motivation
|
|
|
|
|
- The purpose of cdist is to ensure systems are in a configured state
|
|
|
|
|
- If systems reboot into a clean (think: netboot) state they are
|
|
|
|
|
stuck in an unconfigured mode
|
|
|
|
|
- We can either trigger *from* those machines
|
|
|
|
|
- this is what cdist trigger is for
|
|
|
|
|
- Or we can regulary *scan* for machines
|
|
|
|
|
- This method does not need any modification to standard OS
|
|
|
|
|
** How it works
|
|
|
|
|
- cdist scan uses the all nodes multicast group ff02::1
|
|
|
|
|
- It sends a ping packet there in regular intervals
|
|
|
|
|
- This even works in non-IPv6 networks, as all operating systems
|
|
|
|
|
are IPv6 capable and usually IPv6 enabled by default
|
|
|
|
|
- Link local is always accessible!
|
|
|
|
|
- cdist scan receives an answer from all alive hosts
|
|
|
|
|
- These results are stored in ~/.cdist/scan/${hostip}
|
|
|
|
|
- We record the last_seen date ~/.cdist/scan/${hostip}/last_seen
|
|
|
|
|
- After a host is detected, cdist *can* try to configure it
|
|
|
|
|
- It saves the result (+/- logging needs to be defined) in
|
|
|
|
|
~/.cdist/scan/${hostip}/{config, install}_result
|
|
|
|
|
- If logging is saved: maybe in ~/.cdist/scan/${hostip}/{config, install}_log
|
|
|
|
|
- Final naming TBD
|
|
|
|
|
** Benefits from the scanning approach
|
|
|
|
|
- We know when a host is alive/dead
|
|
|
|
|
- We can use standard OS w/o trigger customisation
|
|
|
|
|
- Only requirement: we can ssh into it
|
|
|
|
|
- Can make use f.i. of Alpine Linux w/ ssh keys feeding in
|
|
|
|
|
- We can trigger regular reconfiguration
|
|
|
|
|
- If alive && last_config_time > 1d -> reconfigure
|
|
|
|
|
- Data can be exported to f.i. prometheus
|
|
|
|
|
- Record when configured (successfully)
|
|
|
|
|
- Record when seen
|
|
|
|
|
- Enables configurations in stateless environments
|
2020-10-29 23:16:08 +01:00
|
|
|
** Sample output v2020-10-29
|
|
|
|
|
23:14] bridge:~% sudo cdist scan -b -I wlan0 -vv
|
|
|
|
|
VERBOSE: cdist: version 6.8.0-36-g91d99bf0
|
|
|
|
|
VERBOSE: scan: Host fe80::21d:72ff:fe86:46b is alive
|
|
|
|
|
VERBOSE: scan: Host fe80::ce2d:e0ff:fed4:2611 is alive
|
|
|
|
|
VERBOSE: scan: Host fe80::21b:fcff:feee:f4c1 is alive
|
|
|
|
|
VERBOSE: scan: Host fe80::e2ff:f7ff:fe00:20e6 is alive
|
|
|
|
|
VERBOSE: scan: Host fe80::20d:b9ff:fe49:ac11 is alive
|
|
|
|
|
VERBOSE: scan: Host fe80::9e93:4eff:fe6c:c1f4 is alive
|
|
|
|
|
VERBOSE: scan: Host fe80::ce32:e5ff:fe79:7ea7 is alive
|
|
|
|
|
VERBOSE: scan: Host fe80::219:d2ff:feb2:2e12 is alive
|
|
|
|
|
VERBOSE: scan: Host fe80::d66d:6dff:fe33:e00 is alive
|
|
|
|
|
VERBOSE: scan: Host fe80::21b:fcff:feee:f446 is alive
|
|
|
|
|
VERBOSE: scan: Host fe80::21b:fcff:feee:f4b1 is alive
|
|
|
|
|
VERBOSE: scan: Host fe80::20d:b9ff:fe4c:547d is alive
|
|
|
|
|
VERBOSE: scan: Host fe80::bad8:12ff:fe65:313d is alive
|
|
|
|
|
VERBOSE: scan: Host fe80::42b0:34ff:fe6f:f6f0 is alive
|
|
|
|
|
VERBOSE: scan: Host fe80::ba69:f4ff:fec5:6041 is alive
|
|
|
|
|
VERBOSE: scan: Host fe80::f29f:c2ff:fe7c:275e is alive
|
|
|
|
|
VERBOSE: scan: Host fe80::ba69:f4ff:fec5:8db7 is alive
|
|
|
|
|
VERBOSE: scan: Host fe80::42b0:34ff:fe6f:f863 is alive
|
|
|
|
|
VERBOSE: scan: Host fe80::21b:fcff:feee:f4bc is alive
|
2020-12-11 19:37:53 +01:00
|
|
|
** Better usage -> saving the env
|
|
|
|
|
sudo -E cdist scan -b -I wlan0 -vv
|
|
|
|
|
** TODO Implement actual configuration step
|
|
|
|
|
- Also serves as a nice PoC
|
|
|
|
|
- Might need to escape literal IPv6 addresses for scp
|
|
|
|
|
** TODO Define how to map link local address to something useful
|
|
|
|
|
- via reverse DNS?
|
|
|
|
|
- via link local in manifest?
|
|
|
|
|
** TODO define ignorehosts?
|
