Func on OpenSolaris

Func or Fedora Unified Network Contrtoller is a Fedora project that introduces a new framework to easily and securely control one or more machines remotely using either a programmatic or cli interface: https://fedorahosted.org/func/

Func is a lightweight but IMHO well-designed framework written entirely in Python. From my initial experience it is extremely powerful and it’s modular nature allows for easy extensibility for a wide variety of tasks. You can not only execute commands remotely but can develop custom modules to return information from the remote machine in a structured way. Check out the website for all the interesting details.

Being written in pure Python Func is also inherently portable. The few Linux-isms reside in the startup init scripts. Having found a sudden interest in the project I decided to make Func work on OpenSolaris and happy to note that I have an initial version that works and provides a few basic extension modules for ZFS, SMF and process info. You can download and install the packages in the below order:

http://www.belenix.org/binfiles/python25-pyopenssl.pkg
http://www.belenix.org/binfiles/certmaster.pkg
http://www.belenix.org/binfiles/func.pkg

You also need to have the SUNWPython25 package. There is a little bit of initial setting up to be done as described in /usr/share/doc/func/README.opensolaris. This initial port, provides SMF manifests and startup scripts for func agent and certmaster, usage of a func daemon user and RBAC profile, a basic set of opensolaris modules (http://www.belenix.org/binfiles/func-opensolaris-modules-0.1.tar.gz)  and a proof of concept integration with Solaris RBAC Authorization framework. I have written a simple Python interface to libsecdb that exposes the chkauthattr function in Python. While Func itself has an ACL mechanism that allows the client to controls access to modules by the master it should be worthwhile to integrate that mechanism with the RBAC authorization framework on OpenSolaris. This will allow network-wide Func user privilege setting.

The Func packages will be available in the BeleniX repo. In the meanwhile I have submitted the initial port into Sourcejuicer for the /contrib repo. Going forward there are lots of things to be done including possibly having OpenSymbolic to run on BeleniX. One of the things that are at present not easily done on Func is streaming monitoring information from client to server, for eg. streaming the ouptut of a running DTrace script. Since Func communications are encrypted it is possible, as a simple mechanism, to distribute one-time/short-lived symmetric keys and set up a second TCP connection for streaming data. This can also be done for remotely effecting a ZFS send/receive between two clients (or minions in Func parlance).

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s