feat: Add commands for network monitoring and sysdiagnose collection

docs/ec2-macos-utils.md

@@ -18,5 +18,8 @@ help text and usages that accompany them.
 
 ### SEE ALSO
 
+* [ec2-macos-utils check](ec2-macos-utils_check.md)	 - run various system checks
+* [ec2-macos-utils debug](ec2-macos-utils_debug.md)	 - debug utilities for EC2 macOS instances
 * [ec2-macos-utils grow](ec2-macos-utils_grow.md)	 - resize container to max size
+* [ec2-macos-utils watchdog](ec2-macos-utils_watchdog.md)	 - monitor system health
 

docs/ec2-macos-utils_check.md

@@ -0,0 +1,25 @@
+## ec2-macos-utils check
+
+run various system checks
+
+### Synopsis
+
+run diagnostics and checks on various system components
+
+### Options
+
+```
+  -h, --help   help for check
+```
+
+### Options inherited from parent commands
+
+```
+  -v, --verbose   Enable verbose logging output
+```
+
+### SEE ALSO
+
+* [ec2-macos-utils](ec2-macos-utils.md)	 - utilities for EC2 macOS instances
+* [ec2-macos-utils check imds](ec2-macos-utils_check_imds.md)	 - check IMDS connectivity
+

docs/ec2-macos-utils_check_imds.md

@@ -0,0 +1,28 @@
+## ec2-macos-utils check imds
+
+check IMDS connectivity
+
+### Synopsis
+
+verifies connectivity to the EC2 Instance Metadata Service
+
+```
+ec2-macos-utils check imds [flags]
+```
+
+### Options
+
+```
+  -h, --help   help for imds
+```
+
+### Options inherited from parent commands
+
+```
+  -v, --verbose   Enable verbose logging output
+```
+
+### SEE ALSO
+
+* [ec2-macos-utils check](ec2-macos-utils_check.md)	 - run various system checks
+

docs/ec2-macos-utils_debug.md

@@ -0,0 +1,25 @@
+## ec2-macos-utils debug
+
+debug utilities for EC2 macOS instances
+
+### Synopsis
+
+utilities and tools for debugging EC2 macOS instances
+
+### Options
+
+```
+  -h, --help   help for debug
+```
+
+### Options inherited from parent commands
+
+```
+  -v, --verbose   Enable verbose logging output
+```
+
+### SEE ALSO
+
+* [ec2-macos-utils](ec2-macos-utils.md)	 - utilities for EC2 macOS instances
+* [ec2-macos-utils debug create-sysdiagnose](ec2-macos-utils_debug_create-sysdiagnose.md)	 - create sysdiagnose archive
+

docs/ec2-macos-utils_debug_create-sysdiagnose.md

@@ -0,0 +1,34 @@
+## ec2-macos-utils debug create-sysdiagnose
+
+create sysdiagnose archive
+
+### Synopsis
+
+creates a sysdiagnose archive including logs, system stats,
+and other debug data. The resulting archive will be saved in the specified
+output directory.
+
+This command requires root privileges. Run with sudo if not running as root.
+
+```
+ec2-macos-utils debug create-sysdiagnose [flags]
+```
+
+### Options
+
+```
+  -h, --help                help for create-sysdiagnose
+      --output-dir string   directory where the sysdiagnose archive will be saved (default "/tmp")
+      --timeout duration    set the timeout for creation (e.g. 10m, 30m, 1.5h) (default 15m0s)
+```
+
+### Options inherited from parent commands
+
+```
+  -v, --verbose   Enable verbose logging output
+```
+
+### SEE ALSO
+
+* [ec2-macos-utils debug](ec2-macos-utils_debug.md)	 - debug utilities for EC2 macOS instances
+

docs/ec2-macos-utils_watchdog.md

@@ -0,0 +1,26 @@
+## ec2-macos-utils watchdog
+
+monitor system health
+
+### Synopsis
+
+monitor system health and collect diagnostic data.
+Contains subcommands for monitoring various aspects of system health.
+
+### Options
+
+```
+  -h, --help   help for watchdog
+```
+
+### Options inherited from parent commands
+
+```
+  -v, --verbose   Enable verbose logging output
+```
+
+### SEE ALSO
+
+* [ec2-macos-utils](ec2-macos-utils.md)	 - utilities for EC2 macOS instances
+* [ec2-macos-utils watchdog network-health-monitor](ec2-macos-utils_watchdog_network-health-monitor.md)	 - monitor network health
+

docs/ec2-macos-utils_watchdog_network-health-monitor.md

@@ -0,0 +1,35 @@
+## ec2-macos-utils watchdog network-health-monitor
+
+monitor network health
+
+### Synopsis
+
+monitor network health with periodic checks.
+A sysdiagnose will be collected on first failure, after which the monitor will exit.
+
+This command requires root privileges. Run with sudo if not running as root.
+
+```
+ec2-macos-utils watchdog network-health-monitor [flags]
+```
+
+### Options
+
+```
+  -h, --help                           help for network-health-monitor
+      --interval duration              interval between network checks (default 5m0s)
+      --output-base-dir string         base directory for sysdiagnose output (default "/private/var/db/ec2-macos-utils/sysdiagnose")
+      --startup-delay duration         delay before starting checks (default 5m0s)
+      --sysdiagnose-timeout duration   timeout for sysdiagnose collection (default 15m0s)
+```
+
+### Options inherited from parent commands
+
+```
+  -v, --verbose   Enable verbose logging output
+```
+
+### SEE ALSO
+
+* [ec2-macos-utils watchdog](ec2-macos-utils_watchdog.md)	 - monitor system health
+

go.mod

@@ -6,6 +6,7 @@ toolchain go1.23.3
 
 require (
 	github.com/Masterminds/semver v1.5.0
+	github.com/docker/go-units v0.5.0
 	github.com/dustin/go-humanize v1.0.1
 	github.com/golang/mock v1.6.0
 	github.com/sirupsen/logrus v1.9.3

go.sum

@@ -5,6 +5,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6N
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
+github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=

internal/cmd/check_imds.go

@@ -0,0 +1,80 @@
+package cmd
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"time"
+
+	"github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+const (
+	imdsTokenURL = "http://169.254.169.254/latest/api/token"
+)
+
+func checkCommand() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "check",
+		Short: "run various system checks",
+		Long:  "run diagnostics and checks on various system components",
+	}
+
+	cmd.AddCommand(
+		checkImdsCommand(),
+	)
+
+	return cmd
+}
+
+func checkImdsCommand() *cobra.Command {
+	return &cobra.Command{
+		Use:          "imds",
+		Short:        "check IMDS connectivity",
+		Long:         "verifies connectivity to the EC2 Instance Metadata Service",
+		SilenceUsage: true,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runCheckIMDS(cmd.Context())
+		},
+	}
+}
+
+func runCheckIMDS(ctx context.Context) error {
+	const dialerTimeout = 5 * time.Second // timeout for the dialed network connection to start
+	const imdsTokenLifetime = "941"       // arbitrary short-lived token lifetime
+
+	logrus.Info("Starting IMDS connectivity check")
+
+	client := &http.Client{Timeout: dialerTimeout}
+
+	req, err := http.NewRequestWithContext(ctx, "PUT", imdsTokenURL, nil)
+	if err != nil {
+		logrus.WithError(err).Error("Failed to create request")
+		return fmt.Errorf("failed to create request: %w", err)
+	}
+
+	req.Header.Add("X-aws-ec2-metadata-token-ttl-seconds", imdsTokenLifetime)
+
+	resp, err := client.Do(req)
+	if err != nil {
+		logrus.WithError(err).Error("Failed to connect to IMDS")
+		return fmt.Errorf("failed to connect to IMDS: %w", err)
+	}
+	defer func() { _ = resp.Body.Close() }()
+
+	_, err = io.ReadAll(resp.Body)
+	if err != nil {
+		logrus.WithError(err).Error("Failed to read IMDS response")
+		return fmt.Errorf("failed to read IMDS response: %w", err)
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		logrus.WithField("statusCode", resp.StatusCode).Error("IMDS returned non-200 status code")
+		return fmt.Errorf("IMDS returned non-200 status code: %d", resp.StatusCode)
+	}
+
+	logrus.Info("IMDS connectivity check passed")
+	return nil
+}