func – or what happened to me last week
October 1, 2007
Wednesday 9/19 is a day that will live in history. Okay maybe not ‘history’ but it’s still pretty cool. I had a meeting with gregdek, mpdehaan and alikins at sandwhich/3cups. We talked about the projects that we all think is worthwhile but not quite sure how to get it started. We’ve named that project func. We also gave ourselves a deadline of 2 weeks to get as much of it done as possible. We beat that by a 5days for the first release.
What is func? The problem sysadmins have dealt with is this:
– I want to control 50 machines for some operations
– Doing these operations over ssh is dodgy b/c of the whole shell-interface issues
– Doing it over ssh is dodgy b/c there’s no audit trail of what you ran, how it responded and what the results were
So what we did was to put together a 2-way-auth’d ssl’d xml-rpc server. It uses the certificate-mechanism that puppet and rhn use but it doesn’t overly-integrate that into any other piece like puppet and rhn do.
Here’s how it works: You have an overlord and minions. Minions are the hosts you want to control. The overlord is the system that does the controlling
1. The minions start funcd and they send out a certificate signing request to a daemon running on the overlord.
2. the admin signs the request or the daemon autosigns it (depending on how it is configured)
3. the minion gets the certificate back and begins listening for incoming connections
4. the overlord sends messages with the ‘func’ command. These commands are carried out and results communicated back.
The commands you can run are limited mostly by what’s available as a module on the minion. Right now we have a fair number of modules w/more to come but it’s a good start.
I hope to see that we start using func for a lot of inter-machine communication. For things like: nagios alerts/events, statistics-gathering, new file deployment, etc, etc, etc
Anyone with thoughts should join the list or join irc: #func on freenode.