[rudder-dev] Relay API

Benoit Peccatte benoit.peccatte at normation.com
Fri Nov 4 17:38:14 CET 2016 

Hello,

One of Rudder 4.1 new features will be relay APIs. This is the first 
attempt to describe it.

There are currently 2 API entries we want to add: remote-run and 
share-files.
They will both be under /rudder/relay-api itself under 
https://<server>:<port>/ like the current api is.
/rudder is the common root for all rudder service
/relay-api is different from existing api to avoid conflicts with them 
when it will be installed on the server


1. Remote-run:

The goal is to make a given relay call "rudder remote run" on one of its 
attached node
The API will be under /rudder/relay-api/remote-run
GET remote-run/node/<node-uuid>
GET remote-run/all
GET remote-run/nodes

Parameters:
- output = keep / discard : to keep the output of the remote-run call or 
discard its content
- async = yes / no : yes to ignore the return code of the call and 
return immediately, no to wait until the end of the call and get the 
return code
- classes = XXX : list of cfengine classes to set during the remote call
- nodes = uuid,... : list of uuid to call in the "/nodes" case

Behavior:
- Loop on all nodes
- Find its hostname from its uuid in a matching file created by promise 
generation on the server
- The call is descending, so we don't care about host that do not exist
- The call is descending, so we will only accept calls from the policy 
server
- Call rudder remote
- prefix the remote output lines with <uuid>: to make sure the caller 
can parse output during async call on multiple nodes
- surround the output with json format lines and include return code, 
duration and stderr (-> we should escape the output for use within a 
json string)


2. Share Files

The goal is to share files between an agent and another one via their 
policy server.
The API will be under /rudder/relay-api/shared-files
POST shared-files/node/<target_uuid>/<file_id> (share a file content 
with the target uuid using a given file id)
HEAD shared-files/node/<target_uuid>/<file_id>  (ask if a file with the 
given file id is already shared with the given target id)

Parameters:
- source-uuid: the uuid of the node sharing a file with the target uuid
- signature: the file's signature in case of a POST, to authenticate the 
source node
- hash: the file's hash in case of a HEAD to know is the version already 
present matches

POST Behavior:
- if the target is known by the local relay
  -> validate the signature
  -> store the file in 
/var/rudder/shared-files-nodes/[..<relay-uuid>..]/<target_uuid>/<source_uuid>/<file_id>
  -> store the metadata (including, date, hash and signature) in <the 
same path>.medata
- if the target in not known and we are not the root server
  -> store the file in a temporary directory
  -> try to send the file to the relay server
  -> do nt remove the file and try again as long as there is a fatal 
error (code >= 500, network error)
- if the target in not known and we are the root server
  -> ignore the file and return 404

HEAD behavior:
- If the file exists in /var/rudder/shared-files-nodes... with the same 
hash, return 200
- If it doesn't, return 404

3. Using this API from ncf
We will create 2 new generic methods in ncf:
- sharedfile_to_node(target_uuid, file_id, file_path, ttl)   where ttl 
is infinite by default
- sharedfile_from_node(source_uuid, file_id, file_path)

The first one will call HEAD on the shared-files API and if is gets a 
404, call POST to send the content.

The second one will just download the file using regular cfengine protocol.



That's all folks !
Any comment ?
-- 
------------------------------------------------------------------------
*Logo Normation Benoît Peccatte*
/Architecte/
Normation <http://www.normation.com>
------------------------------------------------------------------------
*87, Rue de Turbigo, 75003 Paris, France*
Phone: 	+33 (0)1 85 08 48 96
------------------------------------------------------------------------

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.rudder-project.org/pipermail/rudder-dev/attachments/20161104/acda3128/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo-square3.gif
Type: image/gif
Size: 1036 bytes
Desc: not available
URL: <http://www.rudder-project.org/pipermail/rudder-dev/attachments/20161104/acda3128/attachment.gif>

More information about the rudder-dev mailing list