[rudder-dev] Having correct FQDN in (first) inventory
Vincent Membré
vincent.membre at normation.com
Thu Apr 7 15:08:57 CEST 2016
Le 31/03/2016 12:37, Francois Armand a écrit :
> Hello,
>
> So, here goes for a summary of
> http://www.rudder-project.org/redmine/issues/8022, "Node's
> FQDN-Resolution is sometimes invalid" and related tickets.
> The problem cover up several sub-cases, which need to be addressed
> systematically to achieve some result.
> They are:
>
> * 1/ the node FQDN is used for identifying a node, and then manage
> authentication and authorization to access its promises. If Rudder
> server, CFEngine promise server, and the node don't agree on it,
> the node can't get its promises. This is a hard problem because:
> o FQDN is fragile. It needs a perfectly up to date and shared
> DNS environment. But "it's always a DNS problem", what gives
> an idea.
> o FQDN tools are notoriously broken, and don't always agree
> about what is the FQDN of a host
> o even in a perfectly working and up-to-date DNS env, there may
> have voluntary decision not to have the same FQDN from the
> host and the server, as explained in #8022 ticket.
> * 2/ if the node FQDN is not correct in the first sent inventory,
> the node configuration is delayed by one day, because from the
> node point of view, the inventory was correctly sent and so the
> standard frequency for sending inventories is applied.
>
>
> The long-term solution for 1/ is to use something else that FQDN to
> identify the node - we have for example an UUID for that. The problem
> here is that it is a hard limitation of the protocol used by
> cf-serverd. So to use another identification scheme (and why not our
> own authentication/authorization), we need to either patch cf-serverd
> or use a different client-server protocol for promises transfer. Both
> solutions are open, but are out of scope.
>
> Meanwhile, we can address at best 1/ and 2/
>
> *For 1/, *we need to prevent as much as we can to give bad FQDN and in
> all case, give the user a possibility to hook what he knows should be
> the correct value.
> *- Prevent more bad FQDN:**
> *=> update perl version: http://www.rudder-project.org/redmine/issues/8123
> I didn't find anything else on that subject, compared to what we are
> doing now.
>
> *- Let the user hook the correct value: **
> *=> http://www.rudder-project.org/redmine/issues/8022#note-20
> Here, we still need to specify the path convention for command and
> file to look for the correct FDQN.
I have some remarks/questions here:
* If I understand correctly the process will be: Inventory is ran on the
Node, then inventory is modified to add data from commands / file ? or
will this be used when runnig fusionInventory ?
* In Which entry will they be stored ? RUDDER/HOSTAME? another one?
* Do we want to define Hostname only ? Would it not be better if the
solution was much more adaptable and can modify any entry from the
inventory ?
About the path, I suggest we should put them under /var/rudder/inventories :
* If we modify only hostname (RUDDER/HOSTNAME):
o /var/rudder/inventories/hostname-command: Command to execute the
get the correct hostname
o /var/rudder/inventories/hostname-file: File containing the path
the file containing the correct hostname
* If we want something more general:
o /var/rudder/inventories/commands or
/var/rudder/inventories/hooks.d : to put all commands/hooks
o /var/rudder/inventories/mapping: a file mapping a Key in
inventory to an action to do, ie:
+ RUDDER/HOSTNAME => get_fqdn.sh # Will run get_fqdn.sh (from
hooks directory!) and put output into the correct tag
+ OPERATINGSYSTEM/OSVERSION => /some/path/to/file # Will read
that file to fill the tag
I hope I'm not going too far from the original idea ...
>
> *For 2/, *we need to prevent the sending of inventory that will be
> rejected by the server for sure. *
> *=> http://www.rudder-project.org/redmine/issues/8127
>
> Hope it helps sum up the whole solution.
>
> Cheers,
>
> --
> ------------------------------------------------------------------------
> *François ARMAND*
> /Co-founder & CTO/
> Normation <http://www.normation.com>
> ------------------------------------------------------------------------
> *87 rue de Turbigo, 75003 Paris, France*
> Telephone: +33 (0)1 83 62 99 23
> Mobile: +33 (0)6 63 37 60 55
> ------------------------------------------------------------------------
>
>
>
> _______________________________________________
> rudder-dev mailing list
> rudder-dev at lists.rudder-project.org
> http://www.rudder-project.org/mailman/listinfo/rudder-dev
--
------------------------------------------------------------------------
*Logo Normation Vincent Membré*
/Developer / Release manager/
Normation <http://www.normation.com>
------------------------------------------------------------------------
*87, Rue de Turbigo, 75003 Paris, France*
Phone: +33 (0)1 84 16 06 00
Mobile: +33 (0)6 10 14 76 78
------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.rudder-project.org/pipermail/rudder-dev/attachments/20160407/aedaab86/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1036 bytes
Desc: not available
URL: <http://www.rudder-project.org/pipermail/rudder-dev/attachments/20160407/aedaab86/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo-square2.png
Type: image/png
Size: 23693 bytes
Desc: not available
URL: <http://www.rudder-project.org/pipermail/rudder-dev/attachments/20160407/aedaab86/attachment-0001.png>
More information about the rudder-dev
mailing list