yelp / nerve-tools Goto Github PK

View Code? Open in Web Editor NEW

3.0 27.0 12.0 528 KB

Tools for configuring SmartStack's Nerve based on local sources

License: Apache License 2.0

Makefile 2.54% Python 94.10% Shell 1.11% Dockerfile 2.24%

nerve-tools's Introduction

nerve-tools

Tools for working with nerve. This repo builds as a dh_virtualenv package, and provides three entry points:

configure_nerve

Determines the list of services running on the local box (scheduled by Paasta or manually configured), writes out a nerve config, and restarts nerve.

updown_service

De-register a service. Tells hacheck to fail healthchecks for a service, and waits until the deregistration has propagated to the local synapse.

clean_nerve

Clean up orphaned ZK nodes left by nerve.

Configuration

This package uses environment_tools to reason about location hierarchies; you must have a location_types.json and location_mapping.json describing your environments.

You will also need zookeeper topology files, at /nail/etc/zookeeper_discovery/infrastructure/{superregion}.yaml. This must parse as a list of servers; each server is represented as a list of [hostname, port].

For example:

---
 - ["hostname1", 2181]
 - ["hostname2", 2181]
 - ["hostname3", 2181]

See the Paasta documentation for per-service info.

nerve-tools's People

Contributors

Stargazers

Watchers

Forkers

hashbrowncipher dev-alex-alex2006hw kleopatra999 pilgrim2go bplotnick mcarlson-zero fboxwala analogue guieco

nerve-tools's Issues

Upgrade requests to version 2.20.0 or later (CVE-2018-18074)

GitHub flagged the following security vulnerability affecting this repository.

https://nvd.nist.gov/vuln/detail/CVE-2018-18074

CVE-2018-18074
moderate severity
Vulnerable versions: <= 2.19.1
Patched version: 2.20.0
The Requests package through 2.19.1 before 2018-09-14 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Build packages publicly

Similar to Yelp/paasta#318, let's build packages for nerve-tools and publish them to bintray.

add bionic support

Roll this into paasta?

This repo is very paasta-related and paasta-dependent -- it builds a dh-virtualenv that installs its own copy of paasta_tools.

Maybe we should just move configure_nerve into paasta? Paasta is already somewhat aware of "classic SOA".

Improve the new developer experience

My muscle memory for getting things to work without thinking too hard isn't working with nerve_tools.

spatel@dev57-uswest1adevc:~/git/analogue/nerve-tools (master) $ make
make: 'bintray.json' is up to date.
spatel@dev57-uswest1adevc:~/git/analogue/nerve-tools (master) $ make test
make: *** No rule to make target 'test'.  Stop.
spatel@dev57-uswest1adevc:~/git/analogue/nerve-tools (master) $ make acceptance
make: *** No rule to make target 'acceptnace'.  Stop.
spatel@dev57-uswest1adevc:~/git/analogue/nerve-tools (master) $ make itest
make: *** No rule to make target 'itest'.  Stop.
spatel@dev57-uswest1adevc:~/git/analogue/nerve-tools (master) $ make help

Can we get a DEVELOPER.md that provides some hints?

Improve testing tooling

It is difficult to write integration tests against nerve-tools and specifically the configure_nerve executable. nerve-tools uses paasta-tools in order to determine which services are running on the host. paasta-tools has several other dependencies, one being marathon which it communicates to over HTTP.

We have written a fake configure_nerve for use as a fixture in acceptance tests. As nerve has grows in complexity, this fake also grows and lots of logic is duplicated.

It would be great if nerve-tools provided testing tools to allow injecting the desired services from which the nerve-config is written, for use in consumers' testing environment.

Remove clean_nerve script

From #64:

The original ticket (SRV-1418) doesn't seem to be relevant anymore and this script isn't being run in production. Let's clean this up.