You make a request. The Meeseek fulfills the request. And then it stops existing
Meeseeks-box is a ChatOps
Construction Kit that allows anyone to build your own automations following the
UNIX principle of using small tools that know how to do 1 thing right.
In the case of the Meeseeks-Box itself, it knows how to talk to Slack, listen
for messages and dispatch jobs to be executed as if it was being executed by a
user in bash.
The idea started when using COG to automate
tasks and finding it complex or hard to build automations that could be simply
scripted in bash.
Simplicity is key to allow anyone to start automating tasks right away. Most
systems engineers are quite comfortable creating bash scripts as tools, these
bash scripts can be used from the chat, lowering the bar to automation and
enabling other people to operate systems remotely.
The drive for simplicity made me write this in Go, so installation is simply
downloading a binary (darwin, linux amd64 and armv6 are provided), exporting
a SLACK_TOKEN environment variable and start running it.
The drive for simplicity made command registration be setting a configuration
file that points at the executable, the permissions model and the arguments
that will be included. This allows using any available command in the running
box (echo, curl, or even docker) turning the Meeseeks-Box into a glue kind of
command, like bash.
The drive for simplicity made me use
BoltDB as an embedded database to not have
any dependency whatsoever to persist data right away from the start.
Some commands are more dangerous than others, so every time a command is
registered it will start with a AllowNone strategy, forcing the administrator
to pick what level of security to use, other options are AllowGroup and
AllowAny.
Some builtin commands (like the audit branch) uses AllowAdmin which requires
this group to be defined with the right users to enable using them.
Regarding execution of commands, these are being launched with the go
os/exec package, setting a
60 seconds timeout by default to prevent commands from blocking forever,
eventually starving the box.
This package internally uses os.StartProcess, which evetually derives in
the system calls fork and exec. This is safer than the classic system
approach as it prevents a final user from injecting commands with colons into
the argument list.
Executed jobs are always recorded, the command, arguments, start and finish
dates are recorded, along with the outputed logs, both on stdout and stderr,
and the final error returned by the execution. These logs are available
throught the jobs and logs commands to list the executed jobs and show
the output, or last and tail if you just want to see the last recorded
job.
Because any command can be used to build automations users are allowed to
build their ChatOps experience with the tools that are better suited for them.
So, you could:
curlconsul or kubectl that will allow you to manage much more complex services.docker command.This is thought as glue, so you can build your own experience, according to your needs.
Sometimes you need your script, or tool, to be executed in a specific
location. Imagine that you have a fleet composed by many hosts, and that you
need to run a command on every of the hosts that are in a specific tier.
Now imagine that you have one Meeseeks-Box talking to Slack, and that you
have one Meeseeks-Box running on each of the hosts of the fleet, each one
with labels that identify where are they, or what their role is.
Now imagine that you can invoke a command to be executed in every host that
matches a label search from slack by issuing @meeseeks command -labels
tier=frontend,type=web args and that this will issue the command execution
local to the host that you need to be running the command.
No more complex and insecure ssh setups.
By adding a secure API other tools (like prometheus alert manager) can also
integrate with the meeseeks box, turning this tool in the genesis of
auto-remediation.
Following the simplicity tenet, installation is as simple as picking the right binary from the releases page, unpack with tar.gz and just launch.
The only requirement is to have a valid slack token which can be obtained creating a bot user in Slack and then passing it in a SLACK_TOKEN environment variable.
Docker images for both amd64 and armv6 are provided. To launch a meeseeks box just create the environment variables file, copy the configuration file and run with
docker run -it --rm \
--env-file %(pwd)/environment \
-v $(pwd)/meeseeks-box.yaml:/meeseeks.yaml \
yakshaving.art/meeseeks-box \
-config /meeseeks.yaml
Because docker images are provided, it’s trivial to run a meeseeks-box inside a kubernetes cluster. The steps are as follow:
echo -n <SLACK_TOKEN> > slack-tokenkubectl create secret generic slack-token --from-file=./slack-tokenkubectl create -f kubernetes/config-map.ymlkubectl create -f kubernetes/deployment.ymlTo run on a raspberripy cluster you only need to change the container image to yakshaving.art/meeseeks-box-armv6
Once the process is running and you got INFO[0000] Listening messages printed out, you could simply invite your bot to any channel, or just open a direct DM conversation with it.
If you are talking in a public channel you will need to start any message with the bot handle for it to pay attention to you, if you are talking in DM you don’t need to say the name.
Go ahead and try issuing help -all to get a list of commands supported, or version to see what version have you installed.
Simply add those commands to the yaml configuration file, like this:
---
commands:
echo:
command: "echo"
auth_strategy: any
timeout: 5
help:
summary: "command that prints back the arguments passed"
args:
- "any argument that is passed will be echoed back"
Add as many commands as you need, with the only caveat tha they each command needs to have a different name.
To invoke this command you will need to restart the process (still no hot configuration reloaded supported) and then write @bot-name echo argument1 argument2 in a channel where the bot has already been invited.
When invoking this command, the execution will be translated into calling the echo binary, passing through the arguments the user wrote in slack.
As stated before, the command has to be an executable, it has to be inside the path and can only be a single word.
A command can be configured the following way:
command: the command to executeargs: list of arguments to always prepend to the commandtimeout: how long we allow the command to run until we cancel it, inauth_strategy: defines the authorization strategyany: everyone will be allowed to run this commandnone: no user will be allowed to run this command (default value,group: use allowed_groups to control who has access to this commandallowed_groups: list of groups allowed to run this commandchannel_strategy: defines the channel authorization strategyany: the command can be invoked from any channelim_only: the command can only be invoked in an direct message conversationchannel: use allowed_channels to define which channels are allowed to invoke the commandallowed_channels: list of channels allowed to run this command, any if the list is empty.no_handshake: when true, the bot will not issue a handshake message when the command is accepted.help: help structure to be printed when using the builtin help commandtemplates: adds the capacity to change how the replies from this commandRunning a command with docker, for example, would look like this
groups:
docker: ["pablo"]
commands:
run-command:
command: docker
args:
- "run"
- "--rm"
- "container-image:latest"
auth_strategy: group
allowed_groups: ["docker"]
channel_strategy: "channel"
allowed_channels:
- "general"
no_handshake: true
help:
summary: "Run the container-image docker image passing arguments in"
args:
- "docker image to run"
- "arguments to pass to docker..."
This will launch a container image every time the command in invoked.
Environment variables defined when launching the process will percolate to
the executed shell processes. This is so because of the fork/exec model and
because it is how Unix works.
This can be particularly useful to define secrets and other process
configurations following the 12 factor app model.
A caveat is that no environment variable will be expanded when calling a
command, so if a command is defined such that an argument is an environment
variable it will simply not work. If you need to use environment variables to
call a specific executable somehow consider wrapping it with a bash command
where the expansion will happen.
Aliases are a convenient way to create shortcuts for complex commands. Instead of typing all the flags, which can be prone to typos, one can simply add an alias for the whole command and that can be as short as a single letter.
Aliases are set per-user. This means you can’t see other users’ aliases nor there are global shared aliases. Two users can set the same alias without collisions.
The set of commands that control aliases are:
alias <alias> <full command>Sets an alias for a command, including flags.
Sample:
omame [11:27]
@marvin alias ps audit -status runningmarvin APP [11:27]
@omame Mr Meeseeks
alias created successfullyomame [11:27]
@marvin psmarvin APP [11:27]
@omame All done!
44 - 3 days ago - wait by omame in DM - >Running
unalias <alias>Remove an alias.
Sample:
omame [11:28]
@marvin unalias psmarvin APP [11:28]
@omame All done!
- pablo-failed -audit -status failed -user pablo
- ps -audit -status running
There are no admin commands for aliases.
Following the security tenet, the Meeseeks box provides a set of builtin
commands that allow any user to control the commands that were executed in
the past.
These auditory commands can be split into 2 main groups, one that allows the
invoking user to check jobs launched by himself, and another that allows an
administrator to check commands that were called by all users, or one in
particular.
The set of commands that control a job are:
jobsThis command will print the last 5 jobs that were invoked by the calling user.
It supports the -limit argument to extend or shorten how many jobs are shown.
Sample:
pablo [2:13 PM]
@marvin jobs
marvin APP [2:13 PM]
@pablo Spend a few thousand million years in a job and eventually you get
promoted, I have my own bucket now. Finally, I am somebody.
58 - 18 hours ago - docker-ps by pablo in DM - Successful
57 - 18 hours ago - docker-images by pablo in DM - Successful
56 - 18 hours ago - docker-pull by pablo in DM - Failed
55 - 18 hours ago - df by pablo in DM - Failed
jobThis command will print the details of a job. It requires the user to send a job id.
Sample:
pablo [2:16 PM]
@marvin job 58
marvin APP [2:16 PM]
@pablo I know. Wretched, isn’t it?
* ID 58
* Status Successful
* Command docker-ps
* Where IM
* When 18 hours ago
This command will also print other information like the arguments that were
passed in, in the case they are available.
logsGiven a job id, this command will print the recorded output of the job.
It important to realize that any command executed will be recorded, for good,
and this output can always be extracted. This is particularly useful because
it can turn the Meeseeks into a production log.
The way this command looks like is exactly the same as when a command
finishes execution.
lastLast is equivalent to run job with the last job id available for the user.
This command can be useful to see the status of the last invoked job.
tailTail is equivalent to run logs with the last job id available for the user.
Because jobs stream the logs to the meeseeks storage this can be particularly
useful to monitor the current state of a job, even before it finishes.
In future releases tail will be improved to only return N lines of the logs
instead of it all, and there will also be a head command to do the exact
opposite.
Admin commands are equivalent to the user commands, with the caveat that they
don’t filter by the calling user but return jobs or logs from any user.
Becase he amount of data extracted this way can be a bit daunting, by default
all the listing commands will only return 5 lines unless -limit X is passed.
This command also allows to filter by a particular user with -user X.
auditAdmin command that behaves like jobs but returns the unfiltered list of users.
Use -limit and -user to filter away.
auditjobRequires a job ID, behaves the same way as jobs but without the limitation
of filtering the job by the calling user.
auditlogsRequires a job ID, behaves the same way as logs but without the limitation
of filtering the job by the calling user.
A side effect of how Slack behaves when searching for channels led to avoiding
leaking private conversations.
This happens when a direct conversation in between more than one person and
the meeseeks takes place, the meeseeks will record the job, and it will
record the channel id.
But when an admin requests the job list through the audit command, the job
will try to extract the channel description to show it to the admin. In some
cases this will not be possible. Particularly when the admin user does not
have access to the channel because it’s not invited to it. When this happens
the query will return an error and this error will be handled by presenting
the channel as unknown-channel.
If the user has access, then the channel will be presented in the form of
#@invitee1,invetee2,etc, this channel will be a link that can be clicked
*and can take him to the conversation.
This started as a way of handling the error, but for the sake of privacy it
is left this way because it makes sense.
This means that an admin is able to see the command details, or the logs, but
it will not be able to see who was in the private channel.
Once jobs are running the user has total control over them. This means that at
any time a job can be queried for status, get the logs as they are being
streamed, and of course, they can be cancelled.
Job cancellation internally works the same way a timeout is handled. This means
that the job will get a kill signal, and as a result it will error out, leaving
the final state of the job as failed.
Still, any log that was streamed up to that point will be recorded, meaning
that the user can evaluate how far the command reached.
cancel <job id> cancels a job owned by the calling user that is currently running
kill <job id> cancels a job owned by any user. This commands requires the calling user to be in the admin group.
Both commands behave the same way, with the only caveat of permissions and
scope.
pablo [12:13 PM]
cancel 4marvin APP [12:13 PM]
@pablo Ok
Issued command cancellation to job 4
This will issue a command cancellation to job 4, independently, job 4 should have failed.
Meeseeks support commands to be invoked using a http API endpoint.
This can be particularly useful when wired to an alerting system as this can be
the seed to auto-remediation.
Tokens can only be managed in a direct message conversation, because otherwise
they would be leaking to any user who has access the used channel. Any attempt
to invoke any token command in an open channel will be rejected by the
meesseeks.
token-new @user #channel command [args...]This invokation will then return a UUID which is the API token. This UUID will
be linked to the command with the proposed arguments. The command will be
executed as the @user in the #channel. The command can be also an
alias.
Permissions-wise, the command access level will be evaluated when it is being
invoked. This means that an admin can create a token for a user who does not
have access to the requested command, or the user can lose access to the command
afterwards. In both cases, the token can be used but the command will simply be
rejected at execution time, resulting in an error in the registered #channel.
To use a token, you should invoke the HTTP API endpoint with a HTTP
POST method. For example, using curl:
curl -X POST -H "TOKEN: <UUID>" localhost:9696/message
By default meeseeks-box HTTP API listens on 0.0.0.0:9696.
Additionally, it is possible to add more arguments to the invocation by adding
them as an HTTP form, like this:
curl -F 'message=arg1+arg2' -X POST -H "TOKEN: <UUID>" localhost:9696/message
This will result in the command being called appending the message value to
the tail of the command execution text.
tokensThis will return a list of the existing tokens with the following format:
- UUID @user at #channel command args…
token-revoke <UUID>This will destroy the token and it will not be available anymore.
There are multiple formatting options to customize your meeseeks experience.
They all start in the format section.
Templates are used to render replies from the meeseeks, templating is done
using go text/template language.
The default templates can be a bit noisy depending on how the meeseeks are
used.
messages:
handshake: "{{ AnyValue handshake . }}"
failure: |
"{{ .user }} {{ AnyValue failure . }} :disappointed: {{ .error }}
{{ with $out := .output }}\n```\n{{ $out }}```{{ end }}"
success: |
"{{ .user }} {{ AnyValue success . }}
{{ with $out := .output }}\n```\n{{ $out }}```{{ end }}"
unknowncommand: |
"{{ .user }} {{ AnyValue unknowncommand . }} {{ .command }}"
unauthorized: |
"{{ .user }} {{ AnyValue unauthorized . }} {{ .command }}"
To lowed the amount of noise generated by the default mode it’s possible to
set a simpler set of templates, like this:
format:
templates:
handshake: "{{ .command }} accepted"
success: "{{ .command }} succeeded {{ with $out := .output }}\n```\n{{ $out }}```{{ end }}"
failure: "{{ .command }} failed: {{ .error }} {{ with $out := .output }}\n```\n{{ $out }}```{{ end }}"
unknowncommand: "{{ .command }} is not a valid command"
unauthorized: "{{ .command }} is not allowed to the requester"
The messages used to reply in a conversation used in the default templates
can be changed. To do so add a messages section in the configuration file.
format:
messages:
handshake:
- "Message that will be shown when the bot accepts a job"
failure:
- "Message that will be shown when the job fails"
success:
- "Message that will be shown when the job succeeds"
unknowncommand:
- "Message that will be shown when the requested
command is not registered"
unauthorized:
- "Message that will be shown when the user
requesting a command is not authorized to run it"
There can be more than 1 message on each section, they will be picked randomly
when replying.
The slack client supports sending messages with 2 styles:
attachment (default) - The message is sent as antext - The message is sent in plain text, without any decorations. URLs andThis can be changed for each message type by adding a formatting section to the
configuration file. Note that handshake can also be disabled entirely.
format:
reply_styles:
handshake: disabled
failure: attachment
success: text
unknowncommand: attachment
unauthorized: attachment
By default messages in attachment mode will show colors for errors, success and
info. These can be changed by adding a format section to the configuration file.
format:
colors:
info: "#FFFFFF"
success: "#CCCCCC"
error: "#000000"
There are a couple of functions that are added when rendering templates, these are useful to handle arrays, texts and some values.
AnyValue will pick a random value from a string slice.HumanizeTime will print a time in human readable format, ex. «6 hours ago»HumanizeSize will print a size in human readable format, ex. «100Mb»HumanizeNumber will print a float in a human readable format, removing long trails of decimals.Join joins a string slice into a single string using a joining char.Here
you can see a couple of configuration examples for different templates and
messages.