ksocket Documentation 20181012 Fixpoint, Inc. 2018 10 12
i 1 2 2 3 2.1............................................. 3 2.1.1 Linux............................................ 3 2.1.2 Windows.......................................... 4 2.2.......................................... 5 2.2.1 Linux............................................ 5 2.2.2 Windows.......................................... 6 2.3............................................... 6 2.4........................................... 7 2.4.1 Linux............................................ 7 2.4.2 Windows.......................................... 7 2.5................................................ 7 2.5.1 Linux............................................ 7 2.5.2 Windows.......................................... 7 2.6............................................. 8 2.6.1 (SNMP)................................. 8 2.6.2 Linux (SSH)......................................... 8 2.6.3 Windows (WinRM)..................................... 8 2.7 AWS........................................... 9 2.7.1 AWS....................... 9 2.8 Azure.......................................... 10 2.8.1 Azure....................... 10 3 12 3.1........................................ 12 3.2............................................. 12 3.3.......................................... 13 3.3.1................................... 13 3.3.2................................. 16 3.3.3................................. 17 4 18 4.1............................................... 18 4.2 (FAQ)......................................... 18
5 19 5.1.................................... 19 5.2......................................... 19 5.2.1 Upstart........................................... 19 5.2.2 systemd........................................... 20 5.3......................................... 20 5.3.1 Linux............................................ 20 6 21 23 ii
ksocket Kompira cloud Kompira cloud ksocket Kompira cloud ksocket : apt, yum OS ksocket Kompira cloud Kompira cloud Web UI REST API ksocket Kompira cloud ksocket : 1
2 1 ksocket 1.4.1 ksocket-<release>-linux-64.<build>.sh (Linux) ksocket-<release>-win-64.<build>.exe (Windows) ksoperations-networks 1.5.0 Cent OS 6.9 Minimal (amd64) Cent OS 7 Minimal (amd64) Ubuntu Server 14.04 (amd64) Ubuntu Server 16.04 (amd64) Windows 10 Professional (amd64)
3 2 2.1 ksocket ksocket-<release>-linux-64.<build>.sh ksocket-<release>-win-64.<build>.exe <release> <build> : ksocket Kompira cloud blog ksocket ksocket ksocket : ksocket ksocket 2.1.1 Linux ksocket-<release>-linux-64.<build>.sh % /bin/bash ksocket-<release>-linux-64.<build>.sh :.sh
2.1 Linux ksocket 1. ksocket token - ksocket 2. Host - <space_name>.cloud.kompira.jp 3. Port - 443 Yes Enter Upstart systemd systemd OS 2.1.2 Windows ksocket Windows Npcap API Npcap (0.99-r3 ) WinPcap API-compatible mode ksocket-<release>-win-64.<build>.exe : API ksoperations-networks 1.3.0 WinPcap Win10Pcap Npcap WinPcap Win10Pcap Npcap 4 2
2.2 Npcap (0.99-r3) WinPcap API-compatible mode Fixpoint ksocket service Windows KSOCKET_HOME 2.2 ksocket OS : ksocket ksocket etc/ksocket - var/log/ksocket - 2.2.1 Linux 2.2. 5
# /opt/fixpoint/ksocket % rm -rf /opt/fixpoint/ksocket # upstart % unlink /etc/init/ksocket.conf # systemd CentOS/RedHat) % unlink /usr/lib/systemd/system/ksocket.service # systemd Ubuntu) % unlink /lib/systemd/system/ksocket.service # systemd FreeDesktop) % unlink /usr/local/lib/systemd/system/ksocket.service 2.2.2 Windows ksocket Fixpoint ksocket service Windows KSOCKET_HOME > > > > 2.3 Kompira cloud > ksocket ksocket ksocket Kompira cloud 2.3 ksocket 6 2
(FAQ) 2.4 ksocket 2.4.1 Linux % /opt/fixpoint/ksocket/bin/ksocket version ksocket: 1.4.0 ksoperations-networks: 1.4.0 2.4.2 Windows ksocket (PowerShell) PowerShell > ksocket version ksocket: 1.4.0 ksoperations-networks: 1.4.0 2.5 2.5.1 Linux # Upstart (RHEL 6.x, CentOS 6.x, Ubuntu 14.04 LTS) % restart ksocket # systemd (RHEL 7.x, CentOS 7.x, Ubuntu 16.04 LTS) % systemctl ksocket restart 2.5.2 Windows Fixpoint ksocket service 2.4. 7
2.6 2.6.1 (SNMP) ksocket IP SNMP SNMP SNMP 2.6.2 Linux (SSH) ksocket IP SSH Linux SSH OS OS RPM/deb SSH 2.6.3 Windows (WinRM) ksocket IP WinRM Windows WinRM OS OS WMI Windows Windows WinRM Windows PowerShell ( ) # WinRM > winrm qc # Basic Basic 8 2
> winrm set winrm/config/service/auth '@{Basic="true"}' > winrm set winrm/config/service '@{AllowUnencrypted="true"}' # # # > winrm configsddl default # WMI # # [ ]>[ ]>[ ] # - Root\CIMV2 [ ] # # - Root\StandardCimv2 [ ] # > wmimgmt.msc WinRM 2.7 AWS AWS EC2 Kompira cloud VPC ksocket EC2 ksocket EC2 : ksocket VPC : EC2 ksocket SSH/WinRM : EC2 Public IP 2.7.1 AWS AWS EC2 ksocket AWS REST API ksocket AWS ReadOnlyAccess 1 2.7. AWS 9
IAM IAM ksocket AWS REST API IAM IAM ksocket AWS REST API Boto3 Credentials *1 ksocket default default awscli awscli aws configure Default output format ksocket 2.8 Azure Azure Virtual Machine (VM) Kompira cloud Virtual Network (VNET) ksocket VM ksocket VM : ksocket VNET : VM ksocket SSH/WinRM : VM Public IP 2.8.1 Azure Azure VM ksocket Azure REST API ksocket Azure Reader *1 Boto3 Docs - Credentials 10 2
1 Managed Service Identity Managed Service Identity ksocket Azure Azure VM *2 Linux VM Windows VM : Service Principal Service Principal Service Principal ksocket Azure Azure Service Principal Service Principal * 2 VM $KSOCKET_HOME/etc/ksocket/azure.yml YAML 1.1 # Service Principal ID clientid: 'Application ID' # Service Principal secret: 'xxxxxxxxxxxxxx' # Service Principal Azure AD ID tenant: 'Directory ID' *2 https://docs.microsoft.com/ja-jp/azure/role-based-access-control/role-assignments-portal#grant-access 2.8. Azure 11
12 3 ksocket YAML 1.1 YAML : ksocket UTF-8 3.1 $KSOCKET_HOME/etc/ksocket/ksocket.yml $KSOCKET_HOME/etc/ksocket/credentials ksocket YAML $KSOCKET_HOME ksocket 3.2 ksocket $KSOCKET_HOME/etc/ksocket/ksocket.yml # # '-' logfile: ${KSOCKET_HOME}/var/log/ksocket/ksocket.yml # # - NOTSET # - DEBUG # - INFO
# - WARN # - WARNING # - ERROR # - CRITICAL #loglevel: 'WARNING' # # https://docs.python.jp/3/library/logging.html#logrecord-attributes # #logformat: "%(asctime)s %(levelname)s %(name)s:%(funcname)s:%(lineno)d %(message)s" # connect connect: # ksocket token: 'xxxxxxxxxx' # host: '<space_name>.cloud.kompira.jp' # port: 443 # directories: # credentials: $KSOCKET_HOME/etc/ksocket/credentials $KSOCKET_HOME/etc/ksocket/ksocket.yml.skeleton : ksocket.yml ksocket 3.3 $KSOCKET_HOME/etc/ksocket/credentials IP 3.3.1 SSH SSH (Secure Shell) $KSOCKET_HOME/etc/ksocket/credentials/ssh 3.3. 13
# IP # 10.10.0.0/16 10.20.0.1, 10.20.0.3 includes: - 10.10.0.0/16-10.20.0.1-10.20.0.3 # IP # includes includes # excludes excludes: - 10.10.1.0/24-10.20.0.1 # account: username: john password: Passw0rd # clientkeys: - filename:../../client_keys/id_john passphrase: helloworld - filename:../../client_keys/id_rsa.common passphrase: common # 22 port: 10022 # timeout: 5.0 # IP sshtunnels: - 10.10.0.1-10.10.0.2 account.clientkeys[n].filename, knownhosts WinRM WINRM (Windows Remote Management) $KSOCKET_HOME/etc/ksocket/credentials/winrm # IP # 10.10.0.0/16 10.20.0.1, 10.20.0.3 includes: - 10.10.0.0/16-10.20.0.1 14 3
- 10.20.0.3 # IP # includes includes # excludes excludes: - 10.10.1.0/24-10.20.0.1 # account: # # # 'MYDOMAIN\\USER01' (NTLM ) # 'user01@mydomain' (UPN ) # username: john # password: Passw0rd # # basic: ( ) # ntlm: NT LAN Manager (NTLM) # credssp: Credential Security Support Provider (CredSSP) authmethod: ntlm # # auto: ( ) # always: # never: authmessageencryption: never # authmethod: credssp # true TLSv1.2 # Windows Server 2008 authcredsspdisabletlsv1.2: true # 5985 port: 15985 # timeout: 5.0 # IP sshtunnels: - 10.10.0.1-10.10.0.2 3.3. 15
SNMP SNMP (Simple Network Management Protocol) $KSOCKET_HOME/etc/ksocket/credentials/snmp # IP # 10.10.0.0/16 10.20.0.1, 10.20.0.3 includes: - 10.10.0.0/16-10.20.0.1-10.20.0.3 # IP # includes includes # excludes excludes: - 10.10.1.0/24-10.20.0.1 authdata: # community: public # 161 port: 161 # timeout: 5.0 # retries: 0 # ( ) retryinterval: 1.0 3.3.2 IP 1. $KSOCKET_HOME/etc/ksocket/credentials/< > 2. _ 3. a 4. 16 3
a.yml b includes IP c excludes IP d INFO WARNING 3.3.3 +- $KSOCKET_HOME/etc/ksocket/credentials/ssh +- 00_common.yml +- 01_specific/ +- 00_common.yml +- 02_final.yml +- _special.yml +- 02_final.yml +- 99-example.yml.skeleton +- _projecta/ +- 00_common.yml +- 02_final.yml +- _special.yml +- _projectb/ +- 00_common.yml +- 02_final.yml +- _special.yml 1. 00_common.yml 2. 01_specific/00_common.yml 3. 01_specific/02_final.yml 4. 02_final.yml 3.3. 17
18 4 4.1 ksocket ksocket ksocket loglevel: 'DEBUG' (ksocket.log) support@kompira.jp 4.2 (FAQ) Q&A ksocket Kompira cloud ksocket Kompira cloud TCP 443 ksocket TCP 443 Kompira cloud ksocket ksocket ksocket ksocket Kompira cloud ksocket ksocket ksocket ksocket IP IP SNMP SNMP
19 5 5.1 OS Windows Linux 5.1 $KSOCKET_HOME C:\ProgramData\Fixpoint\ksocket /opt/fixpoint/ksocket 5.2 --service no 5.2.1 Upstart RHEL 6.x CentOS 6.x Ubuntu 14.04 LTS Upstart ksocket % ln -snf /opt/fixpoint/ksocket/etc/init/ksocket.conf /etc/init/ksocket.conf # Upstart % initctl reload-configuration # ksocket % start ksocket # ksocket % status ksocket
5.2.2 systemd RHEL 7.x CentOS 7.x Ubuntu 16.04 LTS systemd ksocket OS OS CentOS/RedHat Ubuntu /usr/lib/systemd/system/ /lib/systemd/system/ /usr/local/lib/systemd/system/ % ln -snf /opt/fixpoint/ksocket/usr/lib/systemd/system/ksocket.service /usr/lib/ systemd/system/ksocket.service # systemd % systemctl daemon-reload # ksocket % systemctl enable ksocket # ksocket % systemctl start ksocket # ksocket % systemctl status ksocket 5.3 5.3.1 Linux Linux --skip-install -h,--help --version -y,--yes --prefix PATH --token TOKEN --host HOST --port PORT --service no --service upstart --service systemd ksocket yes/no yes /opt/fixpoint/ksocket PATH ksocket token TOKEN Host HOST Port PORT Upstart systemd 20 5
21 6 ksocket ksocket Kompira cloud ksocket Kompira cloud ksocket
23 ksocket, 21, 21, 21