SSH chaos
SSH chaos injects chaos on the target host using SSH connections by passing custom chaos logic through a ConfigMap. These scripts are executed using SSH credentials, which are securely referenced in the ConfigMap. This enables direct fault injection on the target host. This experiment offers customisation for the chaos injection logic, providing flexibility and control over chaos experiments.
Use cases
SSH chaos can be used with custom chaos logic and transferred to a target VM (to execute network chaos experiments, power off, and so on).
- This serves as a framework that can be customised to perform other chaos experiments, such as network stress, HTTP, DNS, restart services, and so on.
- This framework can be used to roll back to the original state of an abort event.
Executing the SSH chaos experiment
Before executing the SSH chaos experiment, ensure that you follow the steps in the prerequisites section. This generates two experiment YAML files, namely ssh-chaos-with-key.yaml
and ssh-chaos-with-pass.yaml
. You can use one of them based on the authentication method you choose.
-
Use
ssh-chaos-with-key.yaml
for private key authentication. This file references secrets in its YAML view. ThePASSWORD
environment variable should be empty. -
Use
ssh-chaos-with-pass.yaml
for password authentication. This file fetches thePASSWORD
environment variable from the secret.
If you use the default names for ConfigMap and secrets, you won't need to modify the experiment. If you use different names, update the respective environment variables with their names. For example, if your script file is test.sh
instead of script.sh
, update the CHAOS SCRIPT PATH
environment variable with the correct value.
Mandatory tunables
Variables | Description | Notes |
---|---|---|
HOST | Name of the target host under chaos. | Provide the name of the target host, for example, https://google.com . |
USERNAME | Username of the target VM. | For example, "username". |
PASSWORD | Password used for authentication. Either PASSWORD or PRIVATE KEY is used. | For example: "abcd". |
PRIVATE KEY | Key used for file-based authentication. Either PASSWORD or PRIVATE KEY is used. | For example: key-file.pem |
CHAOS SCRIPT PATH | Path to the chaos script. | For more information, go to chaos script path. |
ABORT SCRIPT PATH | Path to the abort script. | For more information, go to abort script path. |
CHAOS_PARAMETER | Parameter for the chaos script. | For more information, go to chaos parameter. |
ABORT_PARAMETER | Parameter for the abort script. | For more information, go to abort parameter. |
INDICATOR_TYPES | Comma-separated indicator types for customisation of parameter indicators. | For more information, go to indicator types. |
HCE recommends using the format env:{$ENV_NAME}
to pass confidential parameters. In this method, the environment variable is retrieved from a secure source (such as a secret). This ensures that the sensitive information remains uncompromised.
Chaos script path
Path to the chaos script (the chaos script is used to create the ConfigMap). Tune it by using the CHAOS_SCRIPT_PATH
environment variable.
The following YAML snippet illustrates the environment variable:
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
name: load-nginx
spec:
engineState: "active"
chaosServiceAccount: litmus-admin
experiments:
- name: ssh-chaos
spec:
components:
env:
- name: CHAOS_SCRIPT_PATH
value: /tmp/chaos-script/chaos-script.sh
Abort script path
Path to the abort script (the abort script is used to create the ConfigMap). Tune it by using the ABORT_SCRIPT_PATH
environment variable.
The following YAML snippet illustrates the environment variable:
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
name: load-nginx
spec:
engineState: "active"
chaosServiceAccount: litmus-admin
experiments:
- name: ssh-chaos
spec:
components:
env:
- name: ABORT_SCRIPT_PATH
value: /tmp/abort-script/abort-script.sh
Chaos parameter
Parameter for the chaos script. Tune it by using the CHAOS_PARAMETER
environment variable.
The following YAML snippet illustrates the environment variable:
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
name: load-nginx
spec:
engineState: "active"
chaosServiceAccount: litmus-admin
experiments:
- name: ssh-chaos
spec:
components:
env:
- name: CHAOS_PARAMETER
value: "{\"paramaters\":[{\"placeholder\":\"destination_ip\",
\"data_type\":\"string\",\"value\":\"HOST_IP\"},
{\"placeholder\":\"port\",\"data_type\":\"int\",
\"value\":\"3258\"}]}"
Abort parameter
Parameter for the abort script. Tune it by using the ABORT_PARAMETER
environment variable.
The following YAML snippet illustrates the environment variable:
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
name: load-nginx
spec:
engineState: "active"
chaosServiceAccount: litmus-admin
experiments:
- name: ssh-chaos
spec:
components:
env:
- name: ABORT_PARAMETER
value: "{\"paramaters\":[{\"placeholder\":\"destination_ip\",
\"data_type\":\"string\",\"value\":\"HOST_IP\"},
{\"placeholder\":\"port\",\"data_type\":\"int\",
\"value\":\"3258\"}]}"
Input parameters can be specified in different formats.
- Raw value format:
raw:{value}
. Example:
- name: CHAOS_PARAMETER
value: "raw:{value}"
- Environment variable format:
env:{$ENV1}
. Example:
- name: CHAOS_PARAMETER
value: "env:{$ENV1}"
- Combination format:
raw:{value},env:{$ENV1}
. Example:
- name: CHAOS_PARAMETER
value: "raw:{value},env:{$ENV1}"
Indicator types
Comma-separated indicator types that allow for the customisation of parameter indicators. This customisation enhances the flexibility of parameter specification. Tune it by using the INDICATOR_TYPES
environment variable.
Customisable indicators include:
raw:
- String parameterenv:
- Environment variable parameter$
- Variable
Following are examples of default and customised formats:
- The default format is
raw:{HCE,CSV},env:{$OPERATION},raw:{para3}
. - The customised format is
string:{HCE,CSV},environment:{&OPERATION},raw:{para3}
.
To implement a customised format, set the INDICATOR_TYPES
to string,environment,&
. This setting allows modifying the indicators for raw
, environment
, and $
values, thereby providing a tailored approach to parameter passing.
Customising ConfigMap and Secret names
SSH chaos is equipped to support custom names for ConfigMap and secrets by making a minor modification to the corresponding YAML file.
Suppose you wish to name the ConfigMap names as chaos-cm
and abort-cm
instead of the default chaos-script
and abort-script
, update the section below in the experiment builder:
configMaps:
- name: chaos-script
mountPath: /tmp/chaos-script
- name: abort-script
mountPath: /tmp/abort-script
to:
configMaps:
- name: chaos-cm
mountPath: /tmp/chaos-script
- name: abort-cm
mountPath: /tmp/abort-script
After you make the above changes, Save the updated file and Run the updated experiment.
Customizing environment variables
If you wish to use the default ConfigMap and secret names but the script has a different name, you can update the environment variables (ENV) to align with the correct script by updating the script name in the chaos-script path or abort-script path.