Documentation
¶
Index ¶
- Constants
- Variables
- func TestMaintenance(check *Daemon, t testingstub.T)
- type Daemon
- func (daemon *Daemon) BlockUnusedLogin(out *bytes.Buffer)
- func (daemon *Daemon) CleanUpFiles(out *bytes.Buffer)
- func (daemon *Daemon) CorrectStartupTime(out *bytes.Buffer)
- func (daemon *Daemon) DefragmentAllDisks(out *bytes.Buffer)
- func (daemon *Daemon) EnhanceFileSecurity(out *bytes.Buffer)
- func (daemon *Daemon) Execute(ctx context.Context) (string, bool)
- func (daemon *Daemon) Initialise() error
- func (daemon *Daemon) InstallSoftware(out *bytes.Buffer)
- func (daemon *Daemon) MaintainServices(out *bytes.Buffer)
- func (daemon *Daemon) MaintainSwapFile(out *bytes.Buffer)
- func (daemon *Daemon) MaintainWindowsIntegrity(out *bytes.Buffer)
- func (daemon *Daemon) MaintainsIptables(out *bytes.Buffer)
- func (daemon *Daemon) RunMaintenanceScripts(out *bytes.Buffer)
- func (daemon *Daemon) StartAndBlock() error
- func (daemon *Daemon) Stop()
- func (daemon *Daemon) SynchroniseSystemClock(out *bytes.Buffer)
- func (daemon *Daemon) SystemMaintenance() string
- func (daemon *Daemon) TrimAllSSDs(out *bytes.Buffer)
- type ProcessExplorerMetrics
Constants ¶
const ( // TCPPortCheckTimeoutSec is the timeout used in knocking ports. TCPPortCheckTimeoutSec = 10 /* MinimumIntervalSec is the lowest acceptable value of system maintenance interval. It must be greater than the maximum possible duration of all maintenance tasks together. Be extra careful that Windows system integrity maintenance can take couple of hours. */ MinimumIntervalSec = 24 * 3600 // InitialDelaySec is the number of seconds to wait for the first maintenance run. InitialDelaySec = 180 )
const ( // PrometheusProcessIDLabel is the name of data label given to process explorer metrics registered with prometheus. // The label data shall be the PID of this program. PrometheusProcessIDLabel = "pid" // PrometheusMetricsRefreshInterval is the interval at which process runtime // and activity metrics shall be refreshed by calling Refresh(). PrometheusMetricsRefreshInterval = 10 * time.Second )
const (
SwapFilePath = "/laitos-swap-file"
)
Variables ¶
var ReportFilePath = path.Join(os.TempDir(), "laitos-latest-maintenance-report.txt")
ReportFilePath is the absolute file path to the text report from latest maintenance run.
Functions ¶
func TestMaintenance ¶
func TestMaintenance(check *Daemon, t testingstub.T)
Run unit tests on the maintenance daemon. See TestMaintenance_Execute for daemon setup.
Types ¶
type Daemon ¶
type Daemon struct {
/*
CheckTCPPorts are hosts and TCP port numbers to knock during the routine maintenance. If the port is not open on
the host, the check is considered a failure.
*/
CheckTCPPorts map[string][]int `json:"CheckTCPPorts"`
/*
BlockSystemLoginExcept is a list of Unix user names. If the array is not empty, system maintenance routine will
disable login access to all local users except the names among the array in an effort to harden system security.
*/
BlockSystemLoginExcept []string `json:"BlockSystemLoginExcept"`
// DisableStopServices is an array of system services to be stopped, disabled, and prevented from starting again.
DisableStopServices []string `json:"DisableStopServices"`
// EnableStartServices is an array of system services to be enabled and restarted.
EnableStartServices []string `json:"EnableStartServices"`
// InstallPackages is an array of software packages to be installed and upgraded.
InstallPackages []string `json:"InstallPackages"`
// BlockPortsExcept is an array of TCP and UDP ports to be blocked via iptables. Must be used in conjunction with ThrottleIncomingPackets.
BlockPortsExcept []int `json:"BlockPortsExcept"`
// ThrottleIncomingConnections throttles incoming connections and other network packets to this number/second via iptables.
ThrottleIncomingPackets int `json:"ThrottleIncomingPackets"`
// TuneLinux enables Linux kernel tuning routine as a maintenance step
TuneLinux bool `json:"TuneLinux"`
// EnhanceFileSecurity enables hardening of home directory security (ownership and permission).
DoEnhanceFileSecurity bool `json:"DoEnhanceFileSecurity"`
// ScriptForWindows is a PowerShell Script to be run on Windows at the end of maintenance procedure.
ScriptForWindows string `json:"ScriptForWindows"`
// ScriptForUnix is a shell script to be run on Unix/Linux at the end of maintenance procedure.
ScriptForUnix string `json:"ScriptForUnix"`
// SwapFileSizeMB is the size of swap file to be created and activated for a Linux host.
// If the value is 0 then no swap file will be created.
// If the value is -1 then all active swap files and swap partitions will be disabled.
SwapFileSizeMB int `json:"SwapFileSizeMB"`
// SetTimeZone changes system time zone to the specified value (such as "UTC" or "Europe/Dublin").
SetTimeZone string `json:"SetTimeZone"`
// RegisterPrometheusMetrics determines whether the maintenance daemon will provide program performance metrics to prometheus at regular interval.
RegisterPrometheusMetrics bool `json:"RegisterPrometheusMetrics"`
/*
IntervalSec determines the rate of execution of maintenance routine. This is not a sleep duration. The constant
rate of execution is maintained by taking away routine's elapsed time from actual interval between runs.
*/
IntervalSec int `json:"IntervalSec"`
MailClient inet.MailClient `json:"MailClient"` // Send notification mails via this mailer
Recipients []string `json:"Recipients"` // Address of recipients of notification mails
ToolboxSelfTest *toolbox.FeatureSet `json:"-"` // FeaturesToTest are toolbox features to be tested during health check.
MailCommandRunnerSelfTest *mailcmd.CommandRunner `json:"-"` // MailCmdRunnerToTest is mail command runner to be tested during health check.
HttpHandlersSelfTest httpd.HandlerCollection `json:"-"` // HTTPHandlersToCheck are the URL handlers of an HTTP daemon to be tested during health check.
// UploadReportToS3Bucket is the name of S3 bucket into which the maintenance daemon shall upload its summary reports.
UploadReportToS3Bucket string `json:"UploadReportToS3Bucket"`
// contains filtered or unexported fields
}
Daemon is a system maintenance daemon that periodically triggers health check and software updates. Maintenance routine comprises port checks, API key checks, and a lot more. Software updates ensures that system packages are up to date and dependencies of this program are installed and up to date. The result of each run is is sent to designated email addresses, along with latest environment information such as latest logs and warnings.
func (*Daemon) BlockUnusedLogin ¶
BlockUnusedLogin will block/disable system login from users not listed in the exception list.
func (*Daemon) CleanUpFiles ¶
CleanUpFiles gets rid of unused temporary files on both Unix-like and Windows OSes.
func (*Daemon) CorrectStartupTime ¶
CorrectStartTime corrects program start time in case system clock is skewed. The program startup time is used to detect outdated commands (such as in telegram bot), in rare case if system clock was severely skewed, causing program startup time to be in the future, the detection mechanisms will misbehave.
func (*Daemon) DefragmentAllDisks ¶
DefragmentAllDisks defragments all disks on Windows. This routine does nothing on Linux.
func (*Daemon) EnhanceFileSecurity ¶
EnhanceFileSecurity hardens ownership and permission of common locations in file system.
func (*Daemon) Initialise ¶
func (*Daemon) InstallSoftware ¶
InstallSoftware uses system package manager to upgrade system software, and then install a laitos soft dependencies along with additional software packages according to user configuration.
func (*Daemon) MaintainServices ¶
MaintainServices manipulate service state according to configuration.
func (*Daemon) MaintainSwapFile ¶
MaintainSwapFile creates and activates a swap file for Linux system, or turns swap off depending on configuration input.
func (*Daemon) MaintainWindowsIntegrity ¶
MaintainWindowsIntegrity uses DISM and SFC utilities to maintain Windows system integrity and runs Windows Update.
func (*Daemon) MaintainsIptables ¶
MaintainsIptables blocks ports that are not listed in allowed port and throttle incoming traffic.
func (*Daemon) RunMaintenanceScripts ¶
RunMaintenanceScripts runs the shell script specifically defined for the host OS type in daemon configuration.
func (*Daemon) StartAndBlock ¶
You may call this function only after having called Initialise()! Start health check loop and block caller until Stop function is called.
func (*Daemon) SynchroniseSystemClock ¶
SynchroniseSystemClock uses three different tools to immediately synchronise system clock via NTP servers.
func (*Daemon) SystemMaintenance ¶
SystemMaintenance is a long routine that conducts comprehensive general system maintenance tasks.
func (*Daemon) TrimAllSSDs ¶
TrimSSDDisk executes SSD TRIM operation on C:\ drive (Windows) or all drives
type ProcessExplorerMetrics ¶
type ProcessExplorerMetrics struct {
// contains filtered or unexported fields
}
ProcessExplorerMetrics are the collection of program performance metrics registered with prometheus The measurements are taken from process status and statistics exposed by procfs (a Linux OS feature).
func NewProcessExplorerMetrics ¶
func NewProcessExplorerMetrics() *ProcessExplorerMetrics
NewProcessExplorerMetrics creates a new ProcessExplorerMetrics with all of its metrics collectors initialised.
func (*ProcessExplorerMetrics) Refresh ¶
func (metrics *ProcessExplorerMetrics) Refresh() error
Refresh reads the latest program performance measurements and gives them to prometheus metrics.
func (*ProcessExplorerMetrics) RegisterGlobally ¶
func (metrics *ProcessExplorerMetrics) RegisterGlobally() error
RegisterGlobally registers all program performance metrics with the global & default prometheus instance.
Source Files