Skip to content

Instantly share code, notes, and snippets.

@surjikal

surjikal/gentoo-minicron.md

Last active August 29, 2015 14:06
Show Gist options
  • Save surjikal/df6235e8386c8e2b75a9 to your computer and use it in GitHub Desktop.
Save surjikal/df6235e8386c8e2b75a9 to your computer and use it in GitHub Desktop.
Download ZIP
gentoo-minicron.md
Raw
gentoo-minicron.md

Repo URL:
https://github.com/jamesrwhite/minicron

Info

The idea here is that one server holds the "hub", aka the Minicron server. The other servers are simply clients. We use ssh tunneling from clients to communicate with the server. The server should be able to ssh into the client machines, in order to modify the client's crontab. We add public keys with a prefix that only allow root ssh access from a single IP (the server's IP).

Prerequisites

  1. SSH server configuration

    cat > /etc/ssh/sshd_config
Port 4242
Protocol 2
PermitRootLogin without-password
PasswordAuthentication no

    rc-service sshd restart

  2. Linode static networking
    https://www.linode.com/docs/networking/linux-static-ip-configuration

Client

The clients must be able to connect to the server. One way to do this is via ssh tunnels. Acquire the 42.minicron private key. Create a /root/.ssh/config file:

Host 42-core-tunnel
   HostName 192.168.132.240
   User root
   Port 4242
   IdentityFile ~/.ssh/42.minicron.key
   LocalForward 9000 127.0.0.1:9000

To start the tunnel, run this:

ssh -f -N 42-core-tunnel

Server

Generate an ssh keypair for the root user:

ssh-keygen -b 4096

Installation

emerge --sync
emerge -av ruby

gem install minicron

Install minicron.toml config file. See example below.

cat > /etc/minicron.toml

On server only

database
emerge -av mysql
gem install mysql2
Minicron DB
mysql 
minicron db setup

Start server:

minicron server start

Installing public keys on client machines

Since we're allowing the server to perform operations as root on a client machine, we want to be somewhat secure. When creating a host in minicron, take the public key and append it to that host's /root/.ssh/authorized_keys. However, add the prefix from="<server ip>" <public key>.

Raw
minicron.toml
# Global options
verbose = false
trace = false # Useful for debugging
# Client options
[client]
scheme = "http" # [http, https]
host = "0.0.0.0"
port = 9000
path = "/"
connect_timeout = 5
inactivity_timeout = 5
# Server options
[server]
host = "0.0.0.0"
port = 9000
path = "/"
debug = false # When true the server will not run as a daemon
# Database options
[database]
type = "mysql" # [mysql, sqlite]
# CLI options
[cli]
mode = "line" # [line, char] - line by line output or char by char
dry_run = false # When true the command is run but not sent to the server
# Alerting options
[alerts]
[alerts.email]
enabled = true
from = "[email protected]"
to = "[email protected]"
[alerts.email.smtp]
address = "smtp.gmail.com"
port = 587
domain = "42technologies.com"
user_name = "[email protected]"
password = "<password>"
authentication = "plain"
enable_starttls_auto = true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment