Management framework: allow agents to communicate with cluster nodes

This provides Broker-level plumbing that allows agents to reach out to their managed Zeek nodes and collect responses. As a first event, it establishes Management::Node::API::notify_agent_hello, to notify the agent when the cluster node is ready to communicate. Also a bit of comment rewording to replace use of "data cluster" with simply "cluster", to avoid ambiguity with data nodes in SumStats, and expansion of test-all-policy.zeek and related/dependent tests, since we're introducing new scripts.
2025-10-16 13:38:19 +00:00 · 2022-03-23 16:27:28 -07:00 · 2022-03-23 16:27:28 -07:00 · 337c7267e0
commit 337c7267e0
parent d29160e9de
11 changed files with 100 additions and 15 deletions
--- a/scripts/policy/frameworks/management/node/load.zeek
+++ b/scripts/policy/frameworks/management/node/load.zeek
@ -0,0 +1 @@
+@load ./main
--- a/scripts/policy/frameworks/management/node/api.zeek
+++ b/scripts/policy/frameworks/management/node/api.zeek
@ -0,0 +1,21 @@
+##! The Management event API of cluster nodes. The API consists of request/
+##! response event pairs, like elsewhere in the Management, Supervisor, and
+##! Control frameworks.
+
+@load policy/frameworks/management/types
+
+module Management::Node::API;
+
+export {
+	# Notification events, node -> agent
+
+	## The cluster nodes send this event upon peering as a "check-in" to
+	## the agent, to indicate the node is now available to communicate
+	## with. It is an agent-level equivalent of :zeek:see:`Broker::peer_added`,
+	## and similar to :zeek:see:`Management::Agent::API::notify_agent_hello`
+	## for agents.
+	##
+	## node: the name of the node, as given in :zeek:see:`Cluster::node`.
+	##
+	global notify_node_hello: event(node: string);
+}
--- a/scripts/policy/frameworks/management/node/config.zeek
+++ b/scripts/policy/frameworks/management/node/config.zeek
@ -0,0 +1,9 @@
+##! Configuration settings for nodes controlled by the Management framework.
+
+module Management::Node;
+
+export {
+	## The nodes' Broker topic. Cluster nodes automatically subscribe
+	## to it, to receive request events from the Management framework.
+	const node_topic = "zeek/management/node" &redef;
+}
--- a/scripts/policy/frameworks/management/node/main.zeek
+++ b/scripts/policy/frameworks/management/node/main.zeek
@ -0,0 +1,39 @@
+##! This module provides Management framework functionality that needs to be
+##! present in every cluster node to allow Management agents to interact with
+##! the cluster nodes they manage.
+
+@load policy/frameworks/management/agent/config
+@load policy/frameworks/management/log
+
+@load ./config
+
+module Management::Node;
+
+# Tag our logs correctly
+redef Management::Log::role = Management::NODE;
+
+event Broker::peer_added(peer: Broker::EndpointInfo, msg: string)
+	{
+	local epi = Management::Agent::endpoint_info();
+
+	# If this is the agent peering, notify it that we're ready
+	if ( peer$network$address == epi$network$address &&
+	     peer$network$bound_port == epi$network$bound_port )
+		event Management::Node::API::notify_node_hello(Cluster::node);
+	}
+
+event zeek_init()
+	{
+	local epi = Management::Agent::endpoint_info();
+
+	Broker::peer(epi$network$address, epi$network$bound_port, Management::connect_retry);
+	Broker::subscribe(node_topic);
+
+	# Events automatically sent to the Management agent.
+	local events: vector of any = [
+	    Management::Node::API::notify_node_hello
+	    ];
+
+	for ( i in events )
+		Broker::auto_publish(node_topic, events[i]);
+	}