rover
_.=
.----.-----.--.--.-----.----. +=====|
| _| _ | | | -__| _| ----======== |-___-|
|__| |_____|\___/|_____|__| ----================ @--|@---@|--@
rover |ˈrōvər| n. a vehicle for driving over rough terrain, especially one driven by remote control over extraterrestrial terrain
What?
rover
is a CLI tool that explores systems and stores what it finds in plain text files which can optionally be archived and uploaded to remote storage.
It is inspired by tools like Apple's sysdiagnose
and my friend Brent's debug-ninja utilities.
rover
gathers important factoids from a system to paint a detailed picture of the current operating environment for engineers and operators curious about such things.
The general types of information rover
gathers include:
- Operating system command output
- Operating system logging
- Application or service specific command output
- Application or service specific logging
All of the stored information can then be packaged up into a zip file named for the host, and shared however you prefer. Currently, rover
directly supports shipping the zip file to an S3 bucket as well.
See the Internals section for a more detailed breakdown of the specific commands that
rover
will attempt to execute on a given platform
Why?
To assist with the process of gathering data for the troubleshooting of systems, and to help make the process efficient, reliable, and repeatable through automation.
How?
A CLI tool written in the Go programming language, rover
is a relatively small (16MB) static binary that is specifically aimed at operation on systems running FreeBSD, Linux, or macOS.
Running
If you have an existing Go environment, you can install and run the rover
command like this:
$ go get github.com/brianshumate/rover
$ rover
Usage: rover [--version] [--help] <command> [<args>]
Available commands are:
archive Archive rover data into zip file
consul Execute Consul related commands and store output
info Output basic system factoids
nomad Execute Nomad related commands and store output
system Execute system commands and store output
upload Uploads rover archive file to S3 bucket
vault Execute Vault related commands and store output
Building
To establish a Go environment for building rover
, consult the Go documentation for the Go tools for your platform (be sure it is one of the previously mentioned supported OS), and go from there!
If you change into the $GOPATH/src/github.com/brianshumate/rover
directory, you can build rover
binaries for different platforms by typing make
.
Binaries are located in the following subdirectories of pkg/
after a successful build:
├── pkg
│ ├── darwin-amd64
│ │ └── rover
│ ├── freebsd-amd64
│ │ └── rover
│ └── linux-amd64
│ └── rover
Development Build
If you'd prefer to make a development build for just your own host architecture and OS, you can use make dev
and the rover
binary will also be located in ./bin
after successful compiliation.
Running a Local Development Build
It's a single binary, rover
with built in help:
$ make dev
...
$ ./bin/rover
Usage: rover [--version] [--help] <command> [<args>]
Available commands are:
archive Archive rover data into zip file
consul Execute Consul related commands and store output
info Output basic system factoids
nomad Execute Nomad related commands and store output
system Execute system commands and store output
upload Uploads rover archive file to S3 bucket
vault Execute Vault related commands and store output
Configuration
Currently all configuration is specified with flags at runtime or set as environment variables.
For detailed help, including available flags, use rover <command> --help
.
Environment variables are documented in their relevant command sections.
Commands
rover
is primarily concerned with gathering useful operational data from an environment. It can also currently pack up that data, and ship it to an S3 bucket.
Here are the current commands and their details.
archive
The rover archive
command is used once you have used other rover
commands to gather data.
It expects a directory in the present working directory with the same name as the system hostname, where rover
has previously stored command outputs which it will compress into a zip archive named in this format:
rover-[hostname]-[date-time].zip
There are two optional flags:
-keep-data
: [false] preserves the directory after successfully archiving into zip file-path
: ["."] directory path for zip file output
Example:
$ rover archive
Data archived in rover-penguin-20190322202232.zip
consul
The rover consul
command uses both OS tools and the consul
binary (if found in PATH) to gather data about and from the perspective of the local Consul agent.
The following unauthenticated commands are used:
consul version
The following commands requiring a token with sufficient capabilities are used:
consul info
consul members
consul operator raft list-peers
consul catalog_datacenters
consul catalog services
If the CONSUL_HTTP_TOKEN
environment variable is set to the value of a token with sufficient privileges, that token value will be used for the authenticated requests.
In addition to these commands, rover consul
checks and records some details from the process table on Linux hosts:
/proc/$(pidof consul)/limits
/proc/$(pidof consul)/status
/proc/$(pidof consul)/fd
Finally, the rover consul
command attempts to read and store Consul related entries from the system logs using the following sources:
/var/log/syslog
/var/log/messages
systemctl status consul
- journald
Example:
$ rover consul
Executed Consul related commands and stored output
info
The info
command presents an overview of some basic details rover
has learned about the system it is executed on. The output will resemble the following example:
$ rover info
Basic factoids about this system:
OS: linux
Architecture: amd64
Date/Time: Fri Mar 22 20:19:43 2019
Active running versions:
Consul version: v1.4.3
Vault version: v1.1.0
nomad
The rover nomad
command uses both OS tools and the nomad
binary (if found in PATH) to gather data about and from the perspective of the local Nomad agent.
The following commands are used:
nomad version
nomad status
nomad operator raft list-peers
In addition to these commands, rover nomad
checks and records some details from the process table on Linux hosts:
/proc/$(pidof nomad)/limits
/proc/$(pidof nomad)/status
/proc/$(pidof nomad)/fd
Finally, the rover nomad
command attempts to read and store Nomad related entries from the system logs using the following sources:
/var/log/syslog
/var/log/messages
systemctl status nomad
- journald
Example:
$ rover nomad
Executed Nomad related commands and stored output
system
The rover system
command does a bit of work to determine something about the system it's been executed on, then proceeds to execute several commands (as described in the Internals section) and saves the output of the commands to simple text files.
The commands used for this are documented in detail within the System Commands section.
Example:
$ rover system
Executed system related commands and stored output
upload
The rover upload
command is used to upload an archive to an AWS S3 bucket.
The command has one required flag, -file=
for specifying the file to upload; you must also set the following environment variables to use rover upload
:
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_BUCKET
AWS_REGION
Optionally, specify a bucket prefix with:
AWS_PREFIX
Example:
$ rover system && rover archive
Executed system commands and stored output
Data archived in rover-penguin-20190322202232.zip
$ rover upload -file=rover-penguin-20190322202232.zip
Success! Uploaded rover-penguin-20190322202232.zip
vault
The rover vault
command uses both OS tools and the vault
binary (if found in PATH) to gather data about and from the perspective of the local Vault server.
The following unauthenticated commands are used:
vault version
vault status
The following commands requiring a token with sufficient capabilities are used:
vault audit list
vault auth list
vault secrets list
If the VAULT_TOKEN
environment variable is set to the value of a token with sufficient privileges, that token value will be used for the authenticated requests.
In addition to these commands, rover vault
checks and records some details from the process table on Linux hosts:
/proc/$(pidof vault)/limits
/proc/$(pidof vault)/status
/proc/$(pidof vault)/fd
Finally, the rover vault
command attempts to read and store Vault related entries from the system logs using the following sources:
/var/log/syslog
/var/log/messages
systemctl status vault
- journald
Example:
$ rover vault
Executed Vault related commands and stored output
Command Combinations
You can chain commands together to build a zip file with your desired contents like this:
$ rover consul && \
rover vault && \
rover system && \
rover archive
Executed Consul related commands and stored output
Executed Vault related commands and stored output
Executed system related commands and stored output
Data archived in rover-penguin-20190322202232.zip
Investigation into simplified meta commands and easy one-liners is also on the roadmap.
Internals
You don't need to know all of this to use rover
, but it is documented here for ease of reference by those who'd like more detail without reading the source code.
System Commands
By default, rover
executes operating commands and stores both standard output and standard error into a plain text file. If the command is missing or requires additional privileges to execute, this will be captured in both the stored output and the rover log.
You can archive the files into a zip file with rover archive
. Currently, this creates a zip file named with a timestamp and the system's hostname if it can be determined, resulting in a filename like this: rover-waves-20170826135317.zip
.
Here is an example tree of an uncompressed zip file which was run to store Consul, system, and Vault information on macOS:
└── waves
├── consul
│ ├── consul_info.txt
│ ├── consul_members.txt
│ ├── consul_operator_raft_list_peers.txt
│ ├── consul_syslog.txt
│ └── consul_version.txt
├── log
│ └── rover.log
├── system
│ ├── date.txt
│ ├── df.txt
│ ├── df_i.txt
│ ├── dmesg.txt
│ ├── hostname.txt
│ ├── ifconfig.txt
│ ├── last.txt
│ ├── mount.txt
│ ├── netstat_an.txt
│ ├── netstat_i.txt
│ ├── netstat_rn.txt
│ ├── pfctl_nat.txt
│ ├── pfctl_rules.txt
│ ├── ps.txt
│ ├── top.txt
│ ├── uname.txt
│ └── w.txt
└── vault
├── vault_audit_list.txt
├── vault_mounts.txt
├── vault_status.txt
├── vault_syslog.txt
└── vault_version.txt
The output from each command is stored in plain text files named for the command used to produce the output. rover
also logs its own operations and stores that output in log/rover.log
.
The next section presents a comprehensive listing of each command that is executed for a given operating system.
This is the bulk of what rover
does:
Common Commands
The following system commands are run on all supported systems:
date
df
df -i
df -h
dmesg
hostname
last
mount
netstat -i
netstat -an
netstat -rn
netstat -s
pfctl -s rules
pfctl -s nat
sysctl -a
uname -a
w
Common File Contents
cat /etc/fstab
cat /etc/hosts
cat /etc/resolv.conf
Darwin Commands
The following system commands are run when Darwin is the detected system:
ifconfig -a
ps aux
top -l 1
Darwin File Contents
/etc/fstab
/etc/hosts
/etc/resolv.conf
FreeBSD Commands
The following system commands are run when FreeBSD is the detected system:
ifconfig -a
iostat -dIw 1 -c 5
pkg info
ps aux
sysctl -a
top -n -b
vmstat 1 10
FreeBSD File Contents
/etc/fstab
/etc/hosts
/etc/resolv.conf
/var/log/messages
/etc/rc.conf
Linux Commands
The following system commands are run when Linux is the detected system:
find /proc/net/bonding/ -type f -print -exec cat {} ;
ls -l /dev/disk/by-id
dmesg
dpkg -l
free -m
ifconfig -a
iostat -mx 1 5
ip addr
lsb_release
ps -aux
rpm -qa
find /sys/class/net/ -type l -print -exec cat {}/statistics/rx_crc_errors ;
find /sys/block/ -type l -print -exec cat {}/queue/scheduler ;
sestatus -v
swapctl -s
swapon -s
top -n 1 -b
vmstat 1 10
Information from distributions which use systemd:
journalctl --dmesg --no-pager
journalctl --system", "--no-pager
systemctl --all --no-pager
systemctl list-unit-files --no-pager
Linux File Contents
/etc/fstab
/etc/hosts
/etc/resolv.conf
/var/log/daemon
/var/log/debug
/etc/security/limits.conf
/var/log/kern.log
/var/log/messages
/var/log/syslog
/var/log/system.log
Consul Commands
consul version
consul info
consul members
consul operator raft list-peers
Nomad Commands
nomad version
nomad status
nomad operator raft list-peers
Vault Commands
vault version
vault audit-list
vault auth -methods
vault status
Who
@brianshumate
Brian ShumateContributors
The fine people named in CONTRIBUTORS.md get credit for their help on rover
as well. Thanks everyone!