Speedrun helps you control your compute fleet with minimal effort.
Example, stop nginx across 3k machines:
speedrun service stop nginx --target "Labels.role == 'nginx'"
Features:
Download the precompiled binaries from here: Releases
On a server:
sudo ./portal --insecure
On your machine:
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/serviceaccount.json
speedrun run whoami --insecure
Speedrun is the client. Speedrun is the CLI tool you run on your computer to send commands to your VMs.
Portal is the agent running on each server you want to send commands to. It will receive commands sent from Speedrun and respond with the outcome details accordingly.
There is no server component in Speedrun’s architecture. Service discovery is performed against native facilities of each supported provider such as GCP, AWS or Consul. This eliminates the need to deploy,maintain and operate a server and all problems that would come with it as a consequence, such as: scalability, failure tolerance, redundancy, agent lifecycle management etc.
sequenceDiagram
Speedrun ->> GCP API: Get list of VMs
GCP API ->> Speedrun: Return list of VMs
Speedrun ->> Speedrun: Filter list of VMs
Speedrun ->> Portals: Send command
Communication between Speedrun and Portals is performed via dRPC, a lightweight, drop-in replacement for gRPC. All dRPC interactions travel on top of TLS1.3 and can be mutually authenticated (mTLS).
Speedrun supports a flexible yet simple expression language to filter Service Discovery results (--target
), it’s based on antonmedv/expr. Full language definition can be found here.
Plugins will allow you to add custom commands without altering the source code. This is not implemented yet.
Stop Nginx on VMs that have a label role
with value nginx
and a label named project
with value someproject
speedrun service stop nginx --target "Labels.role == 'nginx' and Labels.project == 'someproject'"
Run arbitrary shell command on the target machines. Ignore Portal’s certificate and connect via private IP address.
speedrun run "ls -la" --target "Labels.env != 'prod'" --insecure --use-private-ip
Use a different config file
speedrun run whoami -c /path/to/config.toml
Config samples are located under conf.
Find a sample unit here
In the scripts folder you can find scripts that will help you generate:
Run them:
scripts/generate_fake_ca.sh
scripts/generate_portal_cert.sh
scripts/generate_speedrun_cert.sh
This will generate the required key/cert pairs:
ca.crt
ca.key
portal.crt
portal.key
speedrun.crt
speedrun.key
Set the path in the [tls]
config block:
Portal:
[tls]
ca = "ca.crt"
cert = "portal.crt"
insecure = false
key = "portal.key"
Speedrun:
[tls]
ca = "ca.crt"
cert = "speedrun.crt"
insecure = false
key = "speedrun.key"
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
This project is in a very early stage so expect a lot of breaking changes in the nearest future
Join the Speedrun Slack and ask questions 😃