Mitogen

_images/mitogen.svg

Mitogen is a Python library for writing distributed self-replicating programs.

There is no requirement for installing packages, copying files around, writing shell snippets, upfront configuration, or providing any secondary link to a remote machine aside from an SSH connection. Due to its origins for use in managing potentially damaged infrastructure, the remote machine need not even have free disk space or a writeable filesystem.

It is not intended as a generic RPC framework; the goal is to provide a robust and efficient low-level API on which tools like Salt, Ansible, or Fabric can be built, and while the API is quite friendly and comparable to Fabric, ultimately it is not intended for direct use by consumer software.

The focus is to centralize and perfect the intricate dance required to run Python code safely and efficiently on a remote machine, while avoiding temporary files or large chunks of error-prone shell scripts, and supporting common privilege escalation techniques like sudo, potentially in combination with exotic connection methods such as WMI, telnet, or console-over-IPMI.

Automatic Bootstrap

Mitogen’s main feature is enabling your Python program to bootstrap and communicate with new copies of itself under its control running on remote machines, using only an existing installed Python interpreter and SSH client, something that by default can be found on almost all contemporary machines in the wild. To accomplish bootstrap, Mitogen uses a single 400 byte SSH command line and 8KB of its own source code sent to stdin of the remote SSH connection.

$ python ../preamble_size.py
SSH command size: 783
Bootstrap (mitogen.core) size: 17864 (17.45KiB)

                              Original          Minimized           Compressed     
mitogen.parent            97961 95.7KiB  50425 49.2KiB 51.5%  12731 12.4KiB 13.0%
mitogen.fork               8436  8.2KiB   4130  4.0KiB 49.0%   1648  1.6KiB 19.5%
mitogen.ssh               10892 10.6KiB   6952  6.8KiB 63.8%   2113  2.1KiB 19.4%
mitogen.sudo              12089 11.8KiB   5924  5.8KiB 49.0%   2249  2.2KiB 18.6%
mitogen.select            12325 12.0KiB   2929  2.9KiB 23.8%    964  0.9KiB 7.8%
mitogen.service           41699 40.7KiB  22477 22.0KiB 53.9%   5885  5.7KiB 14.1%
mitogen.fakessh           15577 15.2KiB   7989  7.8KiB 51.3%   2623  2.6KiB 16.8%
mitogen.master            55088 53.8KiB  28572 27.9KiB 51.9%   7480  7.3KiB 13.6%

Once bootstrapped, the remote process is configured with a customizable argv[0], readily visible to system administrators of the remote machine using the UNIX ps command:

20051 ?        Ss     0:00  \_ sshd: dmw [priv]
20053 ?        S      0:00  |   \_ sshd: dmw@notty
20054 ?        Ssl    0:00  |       \_ /usr/bin/python(mitogen:dmw@Eldil.home:22476)
20103 ?        S      0:00  |           \_ tar zxvf myapp.tar.gz

The example context was started by UID dmw on host Eldil.home, process ID 22476.

IO Multiplexer

The bootstrap includes a compact IO multiplexer (like Twisted or asyncio) that allows it to perform work in the background while executing your program’s code. For example, the remote context can be used to connect to a new user on the remote machine using sudo, or as an intermediary for extending the program’s domain of control outward to other machines, enabling your program to manipulate machines behind a firewall, or enable its data plane to cohere to your network topology.

_images/billing.svg
bastion_host = router.ssh(
    hostname='jump-box.mycorp.com'
)

docker_host = router.ssh(
    via=bastion_host,
    hostname='docker-a.prod.mycorp.com'
)

sudo_account = router.sudo(
    via=docker_host,
    username='user_with_magic_ssh_key',
    password='sudo password',
)

internal_box = router.docker(
    via=sudo_account,
    container='billing0',
)

internal_box.call(subprocess.check_call, ['./run-nightly-billing.py'])

The multiplexer also ensures the remote process is terminated if your Python program crashes, communication is lost, or the application code running in the context has hung.

Module Forwarder

Slaves are configured with a custom PEP-302 importer that forwards requests for unknown Python modules back to the host program. When your program asks a context to execute code from an unknown module, all requisite modules are transferred automatically and imported entirely in RAM without need for further configuration.

import myapp.mypkg.mymodule

# myapp/__init__.py, myapp/mypkg/__init__.py, and myapp/mypkg/mymodule.py
# are transferred automatically.
print(context.call(myapp.mymodule.my_function))

As the forwarder reuses the import mechanism, it should integrate cleanly with any tool such as py2exe that correctly implement the protocols in PEP-302, allowing truly single file applications to run across multiple machines without further effort.

Common sources of import latency and bandwidth consumption are mitigated:

  • Modules need only be uploaded once per directly connected context. Subsequent requests for modules from children of that context will be served by the child itself.

  • Imports by threads within a context triggering a load are deduplicated and joined with any identical requests triggered by other threads in the same context and children in the context’s subtree.

  • No roundtrip is required for negative responses due to Python 2’s import statement semantics: children have a list of submodules belonging to a package, and ignore requests for submodules that did not exist on the master.

  • Imports are extracted from each module, compared to those found in memory, and recursively preloaded into children requesting that module, minimizing round-trips to one per package nesting level. For example, django.db.models only requires 3 round-trips to transfer 456KiB, representing 1.7MiB of uncompressed source split across 148 modules.

Message Routing

_images/route.svg

Slaves may communicate autonomously without direct interaction with the master, allowing a wide variety of complex data and control flows to be expressed using the links between the processes.

Logging Forwarder

The bootstrap configures the remote process’s Python logging package to forward all logs back to the local process, enabling management of program logs in one location.

18:15:29 D mitogen.ctx.k3: mitogen: Importer.find_module('mitogen.zlib')
18:15:29 D mitogen.ctx.k3: mitogen: _dispatch_calls((1002L, False, 'posix', None, 'system', ('ls -l /proc/self/fd',), {}))

Stdio Forwarder

To ease porting of crusty old infrastructure scripts to Python, the bootstrap redirects stdio for itself and any child processes back into the logging framework. This allows use of functions as basic as os.system(‘hostname; uptime’) without further need to capture or manage output.

18:17:28 D mitogen.ctx.k3: mitogen: _dispatch_calls((1002L, False, 'posix', None, 'system', ('hostname; uptime',), {}))
18:17:56 I mitogen.ctx.k3: stdout: k3
18:17:56 I mitogen.ctx.k3: stdout: 17:37:10 up 562 days,  2:25,  5 users,  load average: 1.24, 1.13, 1.14

Detached Subtrees

_images/detached-subtree.svg

Contexts may detach from and outlive the running program, while maintaining communication with descendents in their subtree. This enables persistent background tasks that reuse Mitogen features.

@mitogen.core.takes_econtext
def become_monitoring_master(children, econtext):
    kill_old_process('/var/run/mydaemon.pid')
    write_pid_file('/var/run/mydaemon.pid')
    econtext.detach()

    while True:
        for child in children:
            if child.call(get_cpu_load) > 0.9:
                alert_operator('Child is too busy! ' + str(child))
        time.sleep(1)

dc1.call_async(become_monitoring_master, children)

Blocking Code Friendly

Within each process, a private thread runs the I/O multiplexer, leaving the main thread and any additional application threads free to perform useful work.

While Mitogen is internally asynchronous, it hides this asynchrony from consumer code. This is since writing asynchronous code is mostly a foreign concept to the target application of managing infrastructure. It should be possible to rewrite a shell script in Python without significant restructuring, or mind-bending feats of comprehension to understand control flow.

Before:

#!/bin/bash
# Install our application.

tar zxvf app.tar.gz

After:

def install_app():
    """
    Install our application.
    """
    subprocess.check_call(['tar', 'zxvf', 'app.tar.gz'])

context.call(install_app)

Or even:

context.call(subprocess.check_call, ['tar', 'zxvf', 'app.tar.gz'])

Exceptions raised by function calls are propagated back to the parent program, and timeouts can be configured to ensure failed calls do not block progress of the parent.

Scatter/Gather Calls

Functions may be invoked asynchronously, with results returned as they become available.

def usage(path):
    return sum((os.path.getsize(os.path.join(dirpath, name))
                for dirpath, dirnames, filenames in os.walk(path)
                for name in dirnames + filenames), 0)

total = 0
for msg in Select(c.call_async(usage, '/tmp') for c in contexts):
    usage = msg.unpickle()
    print('Context %s /tmp usage: %d' % (recv.context, usage))
    total += usage

print('Total /tmp usage across all contexts: %d' % (total,))

Single File Programs

Programs that are self-contained within a single Python script are supported. External contexts are configured such that any attempt to execute a function from the main Python script will correctly cause that script to be imported as usual into the slave process.

#!/usr/bin/env python
"""
Install our application on a remote machine.

Usage:
    install_app.py <hostname>

Where:
    <hostname>  Hostname to install to.
"""
import subprocess
import sys

import mitogen


def install_app():
    subprocess.check_call(['tar', 'zxvf', 'my_app.tar.gz'])


@mitogen.main()
def main(router):
    if len(sys.argv) != 2:
        print(__doc__)
        sys.exit(1)

    context = router.ssh(hostname=sys.argv[1])
    context.call(install_app)

Event-driven IO

Code running in a remote context can be connected to a Channel. Channels are used to send data asynchronously back to the parent, without further need for the parent to poll for changes. This is useful for monitoring systems managing a large fleet of machines, or to alert the parent of unexpected state changes.

def tail_log_file(channel, path='/var/log/messages'):
    """
    Forward new lines in a log file to the parent.
    """
    size = os.path.getsize(path)

    while channel.open():
        new_size = os.path.getsize(path)
        if new_size == size:
            time.sleep(1)
            continue
        elif new_size < size:
            size = 0

        fp = open(path, 'r')
        fp.seek(size)
        channel.send(fp.read(new_size - size))
        fp.close()
        size = new_size

Compatibility

Mitogen is compatible with Python 2.4 released November 2004, making it suitable for managing a fleet of potentially ancient corporate hardware, such as Red Hat Enterprise Linux 5, released in 2007.

Every combination of Python 3.x/2.x parent and child should be possible, however at present only Python 2.4, 2.6, 2.7 and 3.6 are tested automatically.

Zero Dependencies

Mitogen is implemented entirely using the standard library functionality and interfaces that were available in Python 2.4.