[hobbit] Agentless clients
scott at PacketPushers.com
Thu Jan 5 19:46:36 CET 2006
On Thu, 5 Jan 2006, Charles Jones wrote:
> I disagree. The distributed system scales much better, as the remote
> servers are sending in their results in parallel.
I think we could architect the agentless solution to run in parallel, or
some sort of asynch scheduler/threads.
> Lets say you have 1000 hosts. Lets then just for fun pretend that it
> will only take 1 second to log into the remote hosts, run several tests,
> and receive the result (it would actually take a bit longer than that).
> 1000 seconds (hosts) / 60 (minutes) = 16.666 minutes to poll those hosts!
1 sec is *very* optitmisic ;) So your point is very clear that a generic
serial "for host in x y z" would not scale at all.
> either, I have tried something similar on far fewer hosts, and even
> using -c blowfish option the server CPU still hit 100% from all the
I've found the -c blowfish only helps when you are pushing a lot of data
around (ufsdump 0fc - | ssh -c blowfish).
> commands that the hobbit user executes, thus giving them the ability to
> communicate with the hobbit server, injecting something to break the
> parsing engine, buffer overflows, etc). I will stop talking about that
> now as I am getting off subject :)
If that's the easiest way to get into your network, you get a gold star ;)
> I agree that having similar functionality to bb-fetch could be useful
> for a *few* remote/DMZ hosts, but it certainly doesn't scale well. Once
> you reach a number of hosts whose polling time exceeds the hobbit
> refresh interval you are done. I know it would be "nice" if we didn't
> have to upgrade remote clients and maintain them, but your solution
> involves ssh keys, so just use those same keys and a script to roll out
> the updates :)
True, and I am not sold on the agentless clients idea either, but we've
got such a great framework to try it on.
The first design decision in my mind would be if in agentless we mean
1) install/run/uninstall the hobbit client every 5m, i know this sounds
horribly inefficient but I am attracted to the simplicity of agent and
agentless machines being the 'same'. or just automagically install the
client if the trust exists . . . . .
2) only running the exact OS commands necessary and capturing the output.
This would require some new code on the server. But if done right, it
could perhaps replace existing clients.
abstract the collection from the delivery . . . .
More information about the Xymon