cdist/docs/dev/logs/2020-10-29.org

• The scanner, 2020-10-29, Hacking Villa Diesbach
  • Motivation
  • How it works
  • Benefits from the scanning approach
  • Sample output v2020-10-29
  • Better usage -> saving the env
  • Implement actual configuration step
  • Define how to map link local address to something useful
  • define ignorehosts?

The scanner, 2020-10-29, Hacking Villa Diesbach

Motivation

• The purpose of cdist is to ensure systems are in a configured state
• If systems reboot into a clean (think: netboot) state they are stuck in an unconfigured mode

• We can either trigger from those machines

  • this is what cdist trigger is for

• Or we can regulary scan for machines

  • This method does not need any modification to standard OS

How it works

• cdist scan uses the all nodes multicast group ff02::1
• It sends a ping packet there in regular intervals

• This even works in non-IPv6 networks, as all operating systems are IPv6 capable and usually IPv6 enabled by default

  • Link local is always accessible!

• cdist scan receives an answer from all alive hosts

  • These results are stored in ~/.cdist/scan/${hostip}
  • We record the last_seen date ~/.cdist/scan/${hostip}/last_seen

• After a host is detected, cdist can try to configure it

  • It saves the result (+/- logging needs to be defined) in ~/.cdist/scan/${hostip}/{config, install}_result
  • If logging is saved: maybe in ~/.cdist/scan/${hostip}/{config, install}_log
  • Final naming TBD

Benefits from the scanning approach

• We know when a host is alive/dead

• We can use standard OS w/o trigger customisation

  • Only requirement: we can ssh into it
  • Can make use f.i. of Alpine Linux w/ ssh keys feeding in

• We can trigger regular reconfiguration

  • If alive && last_config_time > 1d -> reconfigure

• Data can be exported to f.i. prometheus

  • Record when configured (successfully)
  • Record when seen
• Enables configurations in stateless environments

Sample output v2020-10-29

23:14] bridge:~% sudo cdist scan -b -I wlan0 -vv VERBOSE: cdist: version 6.8.0-36-g91d99bf0 VERBOSE: scan: Host fe80::21d:72ff:fe86:46b is alive VERBOSE: scan: Host fe80::ce2d:e0ff:fed4:2611 is alive VERBOSE: scan: Host fe80::21b:fcff:feee:f4c1 is alive VERBOSE: scan: Host fe80::e2ff:f7ff:fe00:20e6 is alive VERBOSE: scan: Host fe80::20d:b9ff:fe49:ac11 is alive VERBOSE: scan: Host fe80::9e93:4eff:fe6c:c1f4 is alive VERBOSE: scan: Host fe80::ce32:e5ff:fe79:7ea7 is alive VERBOSE: scan: Host fe80::219:d2ff:feb2:2e12 is alive VERBOSE: scan: Host fe80::d66d:6dff:fe33:e00 is alive VERBOSE: scan: Host fe80::21b:fcff:feee:f446 is alive VERBOSE: scan: Host fe80::21b:fcff:feee:f4b1 is alive VERBOSE: scan: Host fe80::20d:b9ff:fe4c:547d is alive VERBOSE: scan: Host fe80::bad8:12ff:fe65:313d is alive VERBOSE: scan: Host fe80::42b0:34ff:fe6f:f6f0 is alive VERBOSE: scan: Host fe80::ba69:f4ff:fec5:6041 is alive VERBOSE: scan: Host fe80::f29f:c2ff:fe7c:275e is alive VERBOSE: scan: Host fe80::ba69:f4ff:fec5:8db7 is alive VERBOSE: scan: Host fe80::42b0:34ff:fe6f:f863 is alive VERBOSE: scan: Host fe80::21b:fcff:feee:f4bc is alive

Better usage -> saving the env

sudo -E cdist scan -b -I wlan0 -vv

TODO Implement actual configuration step

• Also serves as a nice PoC
• Might need to escape literal IPv6 addresses for scp

TODO Define how to map link local address to something useful

• via reverse DNS?
• via link local in manifest?

TODO define ignorehosts?