Re: [Zeek-Dev] Zeek Supervisor Command-Line Client
On Tue, Jun 30, 2020 at 6:35 AM Seth Hall wrote: > I'm really starting to think that the business logic for > correctly starting and stopping a cluster should be fully implemented in > the supervisor script. The zeekc tool could then just be a dumb tool > that says to start and stop and doesn't end up causing us to spread our > logic around to other tooling. Maybe the important observation is that the logic can be performed anywhere that has access to the Zeek-Supervisor process. * The Supervisor process itself would be able to perform the logic via direct BIF access. * External processes, like zeekc, have access to a Zeek-event interface to indirectly access those same BIFs, so they can also execute equivalent logic (either via multiple events, or a single "convenience" event that implements a sequence of BIF calls on remote) When we bring multi-hosting into the mix, it's still a similar situation, just with beefed up logic for orchestrating node-type-specific steps across many peers: anyone with access to the Zeek-event interface could implement this logic. You could pick zeekc to orchestrate, or you could pick a single Zeek-Supervisor process to orchestrate between other Supervisors, or you could pick a regular Zeek process, or you could write a Python script just using Broker Python bindings, etc. So where we put the logic at this point may not be important. If we can find a single-best-place for the logic to live, that's great, but if there's utility for others to have their own independent-yet-equivalent logic, I don't see a problem with that. - Jon ___ Zeek-Dev mailing list Zeek-Dev@zeek.org http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek-dev
Re: [Zeek-Dev] Zeek Supervisor Command-Line Client
On Tue, Jun 30, 2020 at 09:35 -0400, I wrote: > I think that the script we ship with zeek that effectively implements the > supervisor behavior should understand the business logic of shutting down a > cluster in the correct order. How would that then work across multiple systems? Robin -- Robin Sommer * Corelight, Inc. * ro...@corelight.com * www.corelight.com ___ Zeek-Dev mailing list Zeek-Dev@zeek.org http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek-dev
Re: [Zeek-Dev] Zeek Supervisor Command-Line Client
Sorry for chiming in late on this... On 19 Jun 2020, at 14:46, Jon Siwek wrote: > Ack, got it and agree that the distinction is likely helpful: the > supervisor node implements the low-level "dirty work" of stopping > processes and can ensure shutdown of its entire process tree if it > really has to, but the client can carry out shutdown logic with a > higher-level of insight into directing a shutdown process (possibly > across many hosts) in orderly fashion. I think that the script we ship with zeek that effectively implements the supervisor behavior should understand the business logic of shutting down a cluster in the correct order. One way to think about it is that the supervisor script will presumably understand the business logic for starting a cluster in the right order so consequently it would seem that it should understand how to shut down the cluster as well. We talked about it recently and now that I've had some more time to think about it I'm really starting to think that the business logic for correctly starting and stopping a cluster should be fully implemented in the supervisor script. The zeekc tool could then just be a dumb tool that says to start and stop and doesn't end up causing us to spread our logic around to other tooling. .Seth -- Seth Hall * Corelight, Inc * www.corelight.com ___ Zeek-Dev mailing list Zeek-Dev@zeek.org http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek-dev
[Zeek-Dev] Zeek Supervisor: designing client and log archival behavior
Looking for feedback on the design/plan for these two Zeek Supervisor components: * https://github.com/zeek/zeek/wiki/Zeek-Supervisor-Client * https://github.com/zeek/zeek/wiki/Zeek-Supervisor-Log-Handling - Jon ___ Zeek-Dev mailing list Zeek-Dev@zeek.org http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek-dev
