meshmembers

command module

v0.0.0-...-86df0a5 Latest Latest Go to latest Published: Apr 19, 2020 License: BSD-3-Clause Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/magisterquis/meshmembers

Links

Open Source Insights

README ¶

MeshMembers

MeshMembers is a wrapper around meshlist. It keeps track of which nodes are up in a mesh network.

The original concept involved having a pool of redirectors at the ready for situations where tunneling network traffic is a good idea.

Quickstart

The first node in the mesh just needs to listen

$ ./meshmembers
2020/04/18 23:15:46 Listen address: 0.0.0.0
2020/04/18 23:15:46 External address: 192.0.2.24
2020/04/18 23:15:46 Port: 7887
2020/04/18 23:15:46 Starting mesh listeners
2020/04/18 23:15:46 This node: openbsd-amd64-48:13:44:81:38:42-c24uw12mmz87 (192.0.2.24:7887)

Subsequent connect to at least one node already in the network

$ ./meshmembers -peers 198.51.100.3:7887,198.51.100.49:7887
2020/04/18 23:17:24 Listen address: 0.0.0.0
2020/04/18 23:17:24 External address: 203.0.113.248
2020/04/18 23:17:24 Port: 7887
2020/04/18 23:17:24 Starting mesh listeners
2020/04/18 23:17:24 This node: openbsd-amd64-82:c6:91:a3:84:fe-c24uxaeeh5te (203.0.113.248:7887)
2020/04/18 23:17:24 Initial peer list: [meshtest.ga:7887]
2020/04/18 23:17:25 [Join] linux-amd64-9e:18:69:b6:df:74-c24tenesruxe (198.51.100.3:7887)
2020/04/18 23:17:25 [Join] linux-amd64-36:11:0e:72:35:63-c24s3oy2gpqy (198.51.100.49:7887)
2020/04/18 23:17:25 [Join] linux-amd64-22:cb:6a:05:c8:fc-c24ryneo8xic ([2001:db8:400:d1::8c9:2001]:7887)
2020/04/18 23:17:25 [Join] linux-amd64-92:b1:b4:8c:3d:6d-c24tmiwtnb7c (100.64.3.41:7887)
2020/04/18 23:17:25 [Join] linux-amd64-62:7f:3b:ba:41:63-c24tmfrtznfu (100.64.5.132:7887)
2020/04/18 23:15:46 [Join] openbsd-amd64-48:13:44:81:38:42-c24uw12mmz87 (192.0.2.24:7887)
2020/04/18 23:17:25 Connected to 2 initial peers

Building

go get github.com/magisterquis/meshmembers

Initial Peer

At least one other member of the mesh must be know ahead of time to join an existing mesh, and must be specified with -peers. If none are given, MeshMembers will listen for incoming connections.

Secret

There is a secret (-secret) shared amongst every node in the mesh. This provides a weak form of authentication, but should not be relied upon for any real form of security.

Node Name

Each node in the mesh must have a unique name. By default a name similar to openbsd-amd64-de:ad:be:ef:ca:fe-c24tmewonb7c is generated based on the platform, MAC address, and current time. A name may be set with -name.

Addresses

The address on which MeshMembers listens for new connections (-listen) need not be the same as the address advertised for incoming connections (-external). This is helpful when there's inbound natting (e.g. EC2). The same port (-port) is used for both and is used for both TCP and UDP. The port does not have to be the same for all members of the mesh.

Local Clients

Aside from the logging done by MeshMembers to stdout, the list of known nodes can be sent via a Unix socket (-socket). New nodes joining and leaving the network will also be reported via the socket.

If MeshMembers is started with -socket /tmp/.meshmembers.sock:

$ nc -U /tmp/.meshmembers.sock
Current nodes in mesh: 5
linux-amd64-9e:18:69:b6:df:74-c24tenesruxe (198.51.100.3:7887)
linux-amd64-36:11:0e:72:35:63-c24s3oy2gpqy (198.51.100.49:7887)
linux-amd64-22:cb:6a:05:c8:fc-c24ryneo8xic ([2001:db8:400:d1::8c9:2001]:7887)
linux-amd64-92:b1:b4:8c:3d:6d-c24tmiwtnb7c (100.64.3.41:7887)
linux-amd64-62:7f:3b:ba:41:63-c24tmfrtznfu (100.64.5.132:7887)
2020/04/18 23:15:46 [Join] openbsd-amd64-48:13:44:81:38:42-c24uw12mmz87 (192.0.2.24:7887)

This shows a mesh which had 5 nodes when the connection was initially made to the unix socket plus another which joined afterwards.

SSH Tunnels

The below perl one-liner is useful for tunneling through a three of the boxes in the mesh. It assumes an SSH config similar to

ControlMaster no
User hop
StrictHostKeyChecking accept-new
DynamicForward 5555

One-liner:

perl -e '@l=grep{/\(.*\)$/}split/\n/,`nc -Uw1 /tmp/.meshmembers.sock | sort -R`;s/^.*\(|:\d+\)//g for@l;die"Not enough nodes"if$#l<3;$t=pop@l;$#l=2;$c=sprintf"ssh -v -N -F ~/.ssh/mmconfig -J %s %s",join(",",@l),$t;print$c,$/;exec$c'

The tweakable bits are

/tmp/.meshmembers.sock - MeshMembers Unix socket
$#l<3 (specifically, the 3) - The number of hosts to hop through before the final host. The 2 in $#l=2 needs to be changes to one fewer than the number of hops
~/.ssh/mmconfig - SSH config file

On second thought, this would have been better as a script.

Testing

For ease of testing, a skeleton of a cloud-init file is included in this repo as cloud-init.yaml. A MeshMembers binary will need to be built and hosted somewhere and an initial peer started before using it. The config makes a user named hop with an SSH key meant to be used for tunneling SSH.

A script, docreate.sh, which wraps DigitalOcean's doctl is provided to help set up a test mesh in DigitalOcean.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL