Con el protocolo de inauguración comenzó oficialmente el Carnaval Autlán 2024
We first took a look at torero in "standalone" or local mode. In this mode, torero helps you execute scripts from your repository as "services". This includes automatically building the required environment so all those steps to clone or update both your repository and a virtual environment are done automatically for you and each "execution" or run of your script gets the latest repository and an on-demand virtual environment for that "run".
Certainly a time saver, but more importantly a way to share your scripts with much less friction, particularly if some of your team is not too familiar with python, virtual environments, and/or git repositories.
Lets take a look at in client/server mode.
The first step will be to create and tailor the torero.conf
file on each "node". This is an INI-style configuration file with sections and key=value pairs.
In local mode this is not needed if all the defaults work for you. Local mode is the default mode but in client/server mode you need to tell each node its "role" via the conf file.
My lab has two nodes. the torero server and the torero client. Both are Ubuntu 22.04 based virtual machines. I deliberately chose to try all of this on Windows based systems because, in my experience, thats usually where the wheels come off the wagon when trying to share code.
Where can I find the torero.conf file?
It does not look like one is created during the standard installation (that I could find) but by default it will look for one in the working_dir which is ~ (your home directory)/.torero.d
.
claudia@awx:~$ cd ~
claudia@awx:~$ pwd
/home/claudia
claudia@awx:~$ cd .torero.d/
claudia@awx:~/.torero.d$ pwd
/home/claudia/.torero.d
claudia@awx:~/.torero.d$ ls
known_hosts torero.conf torero.db torero.log venv
claudia@awx:~/.torero.d$
Tip:
If the above does not make sense to you, please check out David Bombal's Linux for Network Engineers.
The compantion repository has examples of the torero.conf
file I used for each virtual machine.
I started with the "default" file used in local mode which you can get by running the command ./torero version --show-config
and stripping off the "header" part. Your file should start with [application]
.
Changes to both server and client conf files
For both client and server, I enabled (set to true
) the "auto accept" end user licensing agreement option and I disabled (set to false
) TLS. If you move to production, then TLS should be enabled. I also used a public repository. You may not have this luxury but the documentation covers
[application]
auto_accept_eula = true
[client] and [server]
use_tls = false
For the client I set "mode" to client and for the server I set "mode" to 'server'. Doesn't get much simpler than that!
Changes to the SERVER torero.conf file
In the server configuration, in addition to setting the mode to server, I changed the listen_address to listen on all interfaces using 0.0.0.0
. I also changed the default logging directory to avoid any file permission problems initially but the downside to this is that now your team mates can't see the log file unless you give them read access. In a production environment the default directory is a good spot for the log files.
Why do we care about the log file?
That is going to give you a timestamped record of who has logged in and what they have done. That's a pretty powerful capability.
[application]
auto_accept_eula = true
mode = 'server'
[server]
listen_address = '0.0.0.0'
use_tls = false
[log]
server_dir = '/home/claudia/torero/log/torero'
Changes to the CLIENT torero.conf file
The client configuraiton was the most confusing for me after I set the mode to 'client'. I kept changing the [server] section to point to the server without success. If finally worked when I changed the 'host' value to point to my server in the [client] section. I guess that makes sense..???
While more confusing (for me anyway), the client configuraiton requires fewer changes for the simple lab I used.
[application]
auto_accept_eula = 'false'
mode = 'client'
[client]
host = '10.1.10.28'
use_tls = 'false'
If you just run the torero command without any arguments you will get all available options and the Applicaiton mode which should say client!
Companion Repository
https://github.com/cldeluna/client_discovery_simple
I have a client and server, now what?
-
Start the server and get the temp password that is generated
-
Go to your client and login to the server and change the temp password
This is pretty well documented in the torero Server Mode section.
Once you have your new admin password and are logged in via your client, create a personal user account. You really don't want everyone logging in as admin!
From here on out it's practically identical to working in local mode, however everything you do is being logged to the server.
Lets use the torero Quickstart cheatsheet.
# Register the repository
./torero create repository example-scripts-repo --description "Simple repository for quick start" --url https://github.com/torerodev/example-scripts.git --reference main
# Confirm the repository is registered
./torero get repositories
# Check the desciprtion
./torero describe repository example-scripts-repo
# Create a service that executes the hello-torero.py script in the repo
./torero create python-script hello-torero --repository example-scripts-repo --filename hello-torero.py --description "Quick Start Example"
# Run the service
./torero run python-script hello-torero
To see how the companion repository can be registered, please review the previous post.
For example, if I want to see which repositories are registered:
Client
Server
Running the hello-torero service
Client
Server
Conclusion
As in local mode, we have to remember that this is version 1.
The fact lets me automate sharing my repository AND building the necessary environment much more easily is pretty impressive. Now add some basic authentication and logging as to who is doing what with my automation and the wheels start to turn.
The documentation for client/server mode needs to be beefed up and I envision a more robust server side interface. You can see from the logs that there is clearly an API but the use of gRPC, which makes alot of sense in one way, makes a more human readable API less available in version 1.
Now that I know a bit more about I can see where it could really help with simplifying sharing of code and providing some centralization for authentication and usage reporting. I don't have a specific use case for it today with its current feature set but I can see how powerful something like this could be.
Server conf file
claudia@awx:~$ cat ~/.torero.d/torero.conf
[application]
# auto_accept_eula = false
auto_accept_eula = true
mode = 'server'
working_dir = '~/.torero.d'
[client]
api_key = ''
certificate_file = ''
host = '0.0.0.0'
port = 50051
private_key_file = ''
use_tls = false
[features]
ansible_enabled = true
hostkeys_enabled = true
opentofu_enabled = true
python_enabled = true
[log]
console_json = false
file_enabled = true
file_json = false
level = 'DEBUG'
# server_dir = '/var/log/torero'
server_dir = '/home/claudia/torero/log/torero'
timestamp_timezone = 'utc'
[secrets]
encrypt_key_file = ''
[server]
api_key_expiration = 1440
certificate_file = '/etc/torero/torero.crt'
#listen_address = '127.0.0.1'
listen_address = '0.0.0.0'
port = 50051
private_key_file = '/etc/torero/torero.key'
#use_tls = true
use_tls = false
[store]
backend = 'local'
[terminal]
no_color = false
timestamp_timezone = 'utc'
claudia@awx:~$
Client conf file
claudia@Claudias-Mac-mini-m1 torero % ./torero version --show-config
version: 1.0.0
commit: 717bf9a
executable: /Users/claudia/torero
mode: client
loaded config:
===============================
[application]
auto_accept_eula = 'false'
mode = 'client'
working_dir = '~/.torero.d'
[client]
api_key = ''
certificate_file = ''
host = '10.1.10.28'
port = '50051'
private_key_file = ''
use_tls = 'false'
[features]
ansible_enabled = 'true'
hostkeys_enabled = 'true'
opentofu_enabled = 'true'
python_enabled = 'true'
[log]
console_json = 'false'
file_enabled = 'true'
file_json = 'false'
level = 'DEBUG'
server_dir = '/var/log/torero'
timestamp_timezone = 'utc'
[secrets]
encrypt_key_file = ''
[server]
api_key_expiration = '1440'
certificate_file = '/etc/torero/torero.crt'
listen_address = ''
port = '50051'
private_key_file = '/etc/torero/torero.key'
use_tls = 'false'
[store]
backend = 'local'
[terminal]
no_color = 'false'
timestamp_timezone = 'utc'
claudia@Claudias-Mac-mini-m1 torero %