Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Management framework: add websocket support to controller

Browse source 
The controller now listens on an additional port, defaulting to 2149, for Broker
connections via websockets. Configuration works as for the existing traditional
Broker port (2150), via ZEEK_CONTROLLER_WEBSOCKET_ADDR and
ZEEK_CONTROLLER_WEBSOCKET_PORT environment variables, as well as corresponding
redef'able constants.

To disable the websockets feature, leave ZEEK_CONTROLLER_WEBSOCKET_PORT unset
and redefine Management::Controller::default_port_websocket to 0/unknown.
This commit is contained in:
Christian Kreibich 2022-09-06 11:53:23 -07:00
parent aa00a5cf20
commit 147283c8f5
2 changed files with 89 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

81
scripts/policy/frameworks/management/controller/config.zeek
View file

@ -24,21 +24,43 @@ export {
## but for the stderr stream. ## but for the stderr stream.
const stderr_file = "stderr" &redef; const stderr_file = "stderr" &redef;
## The network address the controller listens on. By default this uses ## The network address the controller listens on for Broker clients. By
## the value of the ZEEK_CONTROLLER_ADDR environment variable, but you ## default this uses the ZEEK_CONTROLLER_ADDR environment variable, but
## may also redef to a specific value. When empty, the implementation ## you may also redef to a specific value. When empty, the
## falls back to :zeek:see:`Management::default_address`. ## implementation falls back to :zeek:see:`Management::default_address`.
const listen_address = getenv("ZEEK_CONTROLLER_ADDR") &redef; const listen_address = getenv("ZEEK_CONTROLLER_ADDR") &redef;
## The network port the controller listens on. Counterpart to ## The network port the controller listens on for Broker clients.
## :zeek:see:`Management::Controller::listen_address`, defaulting to the ## Defaults to the ZEEK_CONTROLLER_PORT environment variable.
## ZEEK_CONTROLLER_PORT environment variable. ## When that is not set, the implementation falls back to
## :zeek:see:`Management::Controller::default_port`.
const listen_port = getenv("ZEEK_CONTROLLER_PORT") &redef; const listen_port = getenv("ZEEK_CONTROLLER_PORT") &redef;
## The fallback listen port if :zeek:see:`Management::Controller::listen_port` ## The fallback listen port if :zeek:see:`Management::Controller::listen_port`
## remains empty. ## remains empty. When set to 0/unknown, the controller won't listen
## for Broker connections. Don't do this if your management agents
## connect to the controller (instead of the default other way around),
## as they require Broker connectivity.
const default_port = 2150/tcp &redef; const default_port = 2150/tcp &redef;
## The network address the controller listens on for websocket
## clients. By default this uses the ZEEK_CONTROLLER_WEBSOCKET_ADDR
## environment variable, but you may also redef to a specific
## value. When empty, the implementation falls back to
## :zeek:see:`Management::default_address`.
const listen_address_websocket = getenv("ZEEK_CONTROLLER_WEBSOCKET_ADDR") &redef;
## The network port the controller listens on for websocket clients.
## Defaults to the ZEEK_CONTROLLER_WEBSOCKET_PORT environment
## variable. When that is not set, the implementation falls back to
## :zeek:see:`Management::Controller::default_port_websocket`.
const listen_port_websocket = getenv("ZEEK_CONTROLLER_WEBSOCKET_PORT") &redef;
## The fallback listen port if :zeek:see:`Management::Controller::listen_port_websocket`
## remains empty. When set to 0/unknown, the controller won't listen
## for websocket clients.
const default_port_websocket = 2149/tcp &redef;
## Whether the controller should auto-assign listening ports to cluster ## Whether the controller should auto-assign listening ports to cluster
## nodes that need them and don't have them explicitly specified in ## nodes that need them and don't have them explicitly specified in
## cluster configurations. ## cluster configurations.
@ -66,11 +88,21 @@ export {
## Returns the effective name of the controller. ## Returns the effective name of the controller.
global get_name: function(): string; global get_name: function(): string;
## Returns a :zeek:see:`Broker::NetworkInfo` record describing the controller. ## Returns a :zeek:see:`Broker::NetworkInfo` record describing the
## controller's Broker connectivity.
global network_info: function(): Broker::NetworkInfo; global network_info: function(): Broker::NetworkInfo;
## Returns a :zeek:see:`Broker::EndpointInfo` record describing the controller. ## Returns a :zeek:see:`Broker::NetworkInfo` record describing the
## controller's websocket connectivity.
global network_info_websocket: function(): Broker::NetworkInfo;
## Returns a :zeek:see:`Broker::EndpointInfo` record describing the
## controller's Broker connectivity.
global endpoint_info: function(): Broker::EndpointInfo; global endpoint_info: function(): Broker::EndpointInfo;
## Returns a :zeek:see:`Broker::EndpointInfo` record describing the
## controller's websocket connectivity.
global endpoint_info_websocket: function(): Broker::EndpointInfo;
} }
function get_name(): string function get_name(): string
@ -100,6 +132,25 @@ function network_info(): Broker::NetworkInfo
return ni; return ni;
} }
function network_info_websocket(): Broker::NetworkInfo
{
local ni: Broker::NetworkInfo;
if ( Management::Controller::listen_address_websocket != "" )
ni$address = Management::Controller::listen_address_websocket;
else if ( Management::default_address != "" )
ni$address = Management::default_address;
else
ni$address = "0.0.0.0";
if ( Management::Controller::listen_port_websocket != "" )
ni$bound_port = to_port(Management::Controller::listen_port_websocket);
else
ni$bound_port = Management::Controller::default_port_websocket;
return ni;
}
function endpoint_info(): Broker::EndpointInfo function endpoint_info(): Broker::EndpointInfo
{ {
local epi: Broker::EndpointInfo; local epi: Broker::EndpointInfo;
@ -109,3 +160,13 @@ function endpoint_info(): Broker::EndpointInfo
return epi; return epi;
} }
function endpoint_info_websocket(): Broker::EndpointInfo
{
local epi: Broker::EndpointInfo;
epi$id = Management::Controller::get_name();
epi$network = network_info_websocket();
return epi;
}

20
scripts/policy/frameworks/management/controller/main.zeek
View file

@ -1504,14 +1504,30 @@ event zeek_init()
# via configurations uploaded by a client, with connections established # via configurations uploaded by a client, with connections established
# upon deployment. # upon deployment.
local broker_info = "no Broker port";
local websocket_info = "no Websocket port";
local cni = Management::Controller::network_info(); local cni = Management::Controller::network_info();
Broker::listen(cat(cni$address), cni$bound_port); if ( cni$bound_port != 0/unknown )
{
Broker::listen(cat(cni$address), cni$bound_port);
broker_info = fmt("Broker port %s:%s", cni$address, cni$bound_port);
}
cni = Management::Controller::network_info_websocket();
if ( cni$bound_port != 0/unknown )
{
Broker::listen_websocket(cat(cni$address), cni$bound_port);
websocket_info = fmt("websocket port %s:%s", cni$address, cni$bound_port);
}
Broker::subscribe(Management::Agent::topic_prefix); Broker::subscribe(Management::Agent::topic_prefix);
Broker::subscribe(Management::Controller::topic); Broker::subscribe(Management::Controller::topic);
Management::Log::info(fmt("controller is live, Broker ID %s", Broker::node_id())); Management::Log::info(fmt("controller is live, Broker ID %s, %s, %s",
Broker::node_id(), broker_info, websocket_info));
# If we have a persisted deployed configuration, we need to make sure # If we have a persisted deployed configuration, we need to make sure
# it's actually running. The agents involved might be gone, running a # it's actually running. The agents involved might be gone, running a