Werify is a Go stdlib-only PoC attempt at distributed host checks.
With a correctly configured Go installation:
go get -u github.com/disq/werify/cmd/werifyctl
go get -u github.com/disq/werify/cmd/werifyd
This will install werifyctl and werifyd in your $GOPATH/bin directory.
git clone https://github.com/disq/werify
cd werify
make
This will build werifyctl and werifyd.
werifydis the server, listening onTCP/30035.- Each
werifydstores a list of servers (like itself) in memory. werifyctlis used to talk to one of the servers, usually the local one.- In the course of the
werifyctlrun, the destination server becomes a coordinator node. Server list is edited usingwerifyctl. - One or more operations can be ran on the server list of the coordinator node.
werifyctlis a dummy RPC client. - Separate
werifydinstances can have separate lists of servers -- but none other than the coordinator node needs to have the list. - The coordinator node will hand out work (to run and/or forward to servers) in the same env tag, collect results, and pass them to the calling
werifyctl.
- If the coordinator node is one of the destination hosts, it should also be added to the server list (
./werifyctl add 127.0.0.1) - Each host is automatically identified by its first-referred
ip[:port]pair. Adding a single host to multiple coordinators using different referral schemes (internal vs. external ip, forwarded port, etc.) is not supported.
Persistent server list is not implemented directly. But after launching werifyd, werifyctl can be used to populate the list using a commands-file:
cat examples/init.werifyd | ./werifyctl -
werifyd is the server, and werifyctl is the client. Work is always done on the server.
Usage of ./werifyd:
-env string
Env tag (default "dev")
-port int
Listen on port (default 30035)
-w int
Number of workers per operation (default runtime.NumCPU)
envis the environment tag. It should match exactly on allwerifyd/werifyctlinstances and it is enforced on every RPC call.- Number of workers (
-w) applies to every worker-pool related event. The daemon utilizes multiple worker pools.
Usage: ./werifyctl [OPTION]... [COMMAND [PARAMS...]]
Available options:
-connect string
Connect to werifyd (default "localhost:30035")
-env string
Env tag (default "dev")
-timeout duration
Connect timeout (default 10s)
Available commands:
add Adds a host to werifyd
del Removes a host from werifyd
list Lists hosts in werifyd
listactive Lists active hosts in werifyd
listinactive Lists inactive hosts in werifyd
operation Runs operations from file on werifyd
get Get status of operation with handle
refresh Start health check on all hosts
Commands can also be specified from stdin using "-".
connectparameter can be set with the environment variableWERIFY_CONNECT.envparameter can be set with the environment variableWERIFY_ENV.
Host checks/operation file is a JSON file. The first-level object keys are user specified. There isn't any imposed limit on the number of checks.
{
"check_name": {
"type": "type of check",
"path": "value for the path parameter for check_name",
"check": "value for the check parameter for check_name"
},
"name_for_another_check": {
"type": "type of check",
"path": "value for the path parameter for name_for_another_check",
"check": "value for the check parameter for name_for_another_check"
},
...
}
In the response, each check will be referred to by its key name and the Host's first-referred identifier. (See Caveats)
A sample ops.json file is provided in the examples directory.
Checks if the file or directory exists on the host system.
Parameters:
type: Should be set tofile_existspath: Full path to the file to check
A type of line-by-line grep.
Parameters:
type: Should be set tofile_containspath: Full path to the file to checkcheck: Text/contents to check
Checks if the given process is running on the host system. Linux (/proc filesystem) only.
Parameters:
type: Should be set toprocess_runningpath: Full path to the process to check, ie./bin/bashcheck: Basename of the process to check, ie.bash
At least one of path or check should be supplied.
Launch your daemon: (or multiple daemons on multiple hosts)
./werifyd
Choose one of the hosts (well...) as the coordinator node. This node will have a list of all the other nodes. For the sake of brevity, let's choose the local one.
Add each ip address, like so:
./werifyctl -connect 127.0.0.1 add 10.42.0.3
./werifyctl -connect 127.0.0.1 add 10.42.0.4
./werifyctl -connect 127.0.0.1 add 127.0.0.1 # Let the coordinator node run the checks as the others
You can also pipe the commands through stdin:
cat examples/init.werifyd | ./werifyctl -
You can now check the list, using the werifyctl list command:
Active hosts (3)
10.42.0.3:30035
10.42.0.4:30035
127.0.0.1:30035
Inactive hosts (0)
End of list
To run a host check operation, prepare an operations file. Then use the werifyctl operation command:
./werifyctl operation examples/ops.json
The output will be:
Operation submitted. To check progress, run: ./werifyctl get asv1
(asv1 is a unique handle for the submitted operation)
You can then check the progress using werifyctl get:
./werifyctl get asv1
Host:10.42.0.3:30035 Operation:check_virus_file_exists Success:false
Host:10.42.0.3:30035 Operation:check_etc_hosts_has_4488 Success:false
Host:10.42.0.4:30035 Operation:check_virus_file_exists Success:false
Host:10.42.0.4:30035 Operation:check_etc_hosts_has_4488 Success:false
Host:127.0.0.1:30035 Operation:check_virus_file_exists Success:false
Host:127.0.0.1:30035 Operation:check_etc_hosts_has_4488 Success:false
Operation ended, took 3.445244ms