Skip to content

droundy/goadmin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits

ago

ago

 
 

apt

apt

 
 

crypt

crypt

 
 

deps

deps

 
 

file

file

 
 

gomakefile

gomakefile

 
 

goupdate

goupdate

 
 

hosts

hosts

 
 

passwd

passwd

 
 

secretrun

secretrun

 
 

test

test

 
 

.gitignore

.gitignore

 
 

.test

.test

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

TODO.md

TODO.md

 
 

Repository files navigation

goadmin

Goadmin is a suite of tools intended to (eventually, if I don't get tired of it first) serve as an alternative to puppet, but without the cross-platform capabilities.

What?

The basic idea is that you write a program in go that you would like to have periodically run on your system. Goadmin will provide libraries to help you write this program.

The tricky part is how to easily distribute this program to all the machines that you administer. The approach that goadmin takes is to modify your admin program to embed a key into it, along with code to fetch and decrypt (using said key) an updated binary. So you just need to put /path/to/myadmin --update, and your program will be run periodically, and updated when a change is made.

How?

Your admin program consists of one or more files that define variables that are initialized using deps.Run, which determine what needs to be done. You compile it with

goupdate --source=URL_WHERE_YOU_PUT_ENCRYPTED_BINARIES your-admin-code.go otherfile.go

This will compile your code, and generate a key (called your-admin-code.key), as well as a plain-text and encrypted binary. Use scp to put the binary on the computer (or computers) to be adminned. Then when you make a change, you just need to recompile (using the same command line as above) to generate a new binary encrypted with the same key. Put it at the URL specified, and when you run

./your-admin-code --update

the program will grab the new version, replace itself, and exec it.

Goadmin uses symmetric encryption to ensure that only authorized clients can read the admin program, and an RSA signature to ensure that only the server can provide a valid admin program. Goadmin also adds a serial number to each executable, so they will only update with a later version, to get around replay attacks (e.g. where someone provides an old, possibly buggy version of an admin executable).

Why?

Puppet is nice, but it is simultaneously too powerful and too weak for my uses. It's got all sorts of cross-platform features that I have no use for, and as a result, it doesn't work particularly well on Debian (and Debian-derived) systems. Also, puppet is an amazing resource hog.

About

Sysadmin helper tool for go programmers

Resources

Readme
Activity

Stars

13 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages