[Zeek-Dev] Zeek Supervisor Command-Line Client

[Robin Sommer]

On Thu, Jun 18, 2020 at 13:00 -0700, Jon Siwek wrote:

> > For (1), the above applies: we'll rely on standard sysadmin processes
> > for updating. That means you'd use "zeekcl" to shutdown the cluster
> > processes, then run "yum update" (or whatever), then use "zeekcl"
> > again to start things up again.

> I have a slightly different take: isn't it more common to expect
> "start" and "stop" operations here to be done by the service-manager
> rather than Zeek client?

I believe we're pretty close to saying the same thing. I'm making a
distinction between the supervisor Zeek process (which the service
manager starts & stops), and the cluster's node processes (manager,
workers, etc). The supervisor manages the latter and will by default
shut them down when it gets the "stop" from its service-manager. But I
think we also want their state controllable from the client as well,
so that one can have an orderly shutdown of a multi-system cluster
without loss of data (e.g., one probably wants to shutdown workers
first to collect remaining log data). This what I meant above by
"shutdown the cluster processes": "zeek-client stop" would tell the
supervisors to shutdown their node processes (or rather: "zeek-client
stop workers", or maybe "zeek-client" would now the order in which to
stop nodes or systems). And I imagine one would do that before
starting to a cluster-wide upgrade to the next Zeek version.

That said, your note on Slack sounds right: let's figure out the
single-system operation first and get that usable. I'm pretty
confident that we will then be able to build the multi-system model on
top of that without too much trouble, and it'll we easier to collect
requirements for administration/management of multi-system setups once
we got some experience with single-system setups.

Robin


-- 
Robin Sommer * Corelight, Inc. * robin at corelight.com * www.corelight.com