mizaru

Chaos Monkey for docker containers.

 __  __ _
|  \/  (_)______ _ _ __ _   _
| |\/| | |_  / _` | '__| | | |
| |  | | |/ / (_| | |  | |_| |
|_|  |_|_/___\__,_|_|   \__,_|)'

Mizaru is a little helper to generate IPTable DROP rules to test resilience against netsplits and other network problems.

Idea inspired (or shamelessly stolen from) Aphyr`s Jepsen.

Usage

sudo ./mizaru [options] mode [--timeout=seconds] [--block]

• mode - See the modelist below. Defaults to netsplit
• timeout - A timeout in seconds before reverting the applied rules
• block - Blocks until a signal is received. Reverts rules and quits.

NOTE: you must invoke this with sudo as we are calling the iptables tool.

Modes

• fast - everything is allowed - all custom iptable rules will be deleted
• netsplit - The docker containers are split into a majority and minority group which cannot communicate with each other
• bridge - Same as netsplit, but one container can talk to both sides
• single-bridge - Same as bridge, but only one container on each side can talk to each other
• ring - Each container can talk to two other containers so that they form a ring

Future Ideas

• Add a http-server mode so it can be more easily triggered by load testing tools like gatling.io
• Add modes for trafficshaping, e.g. package loss or latency
• Add mode for pausing containers to simulate GC lags
• Support blacklisting of CIDRs

Add your own ideas as issues here.