[rudder-dev] Relay API
Benoit Peccatte
benoit.peccatte at normation.com
Mon Nov 21 12:30:03 CET 2016
Le 21/11/2016 à 12:06, Nicolas Charles a écrit :
> Le 18/11/2016 à 18:20, Benoit Peccatte a écrit :
>> Le 18/11/2016 à 10:17, Nicolas Charles a écrit :
>>> Hello Benoit,
>>>
>>> Thank you for the details, I simply have one question, inline
>>>
>>> Le 04/11/2016 à 17:38, Benoit Peccatte a écrit :
>>>>
>>>> Hello,
>>>>
>>>> One of Rudder 4.1 new features will be relay APIs. This is the
>>>> first attempt to describe it.
>>>>
>>>> There are currently 2 API entries we want to add: remote-run and
>>>> share-files.
>>>> They will both be under /rudder/relay-api itself under
>>>> https://<server>:<port>/ like the current api is.
>>>> /rudder is the common root for all rudder service
>>>> /relay-api is different from existing api to avoid conflicts with
>>>> them when it will be installed on the server
>>>>
>>>>
>>>> 1. Remote-run:
>>>>
>>>> The goal is to make a given relay call "rudder remote run" on one
>>>> of its attached node
>>>> The API will be under /rudder/relay-api/remote-run
>>>> GET remote-run/node/<node-uuid>
>>>> GET remote-run/all
>>>> GET remote-run/nodes
>>>>
>>>> Parameters:
>>>> - output = keep / discard : to keep the output of the remote-run
>>>> call or discard its content
>>>> - async = yes / no : yes to ignore the return code of the call and
>>>> return immediately, no to wait until the end of the call and get
>>>> the return code
>>>> - classes = XXX : list of cfengine classes to set during the remote
>>>> call
>>>> - nodes = uuid,... : list of uuid to call in the "/nodes" case
>>>>
>>>> Behavior:
>>>> - Loop on all nodes
>>>> - Find its hostname from its uuid in a matching file created by
>>>> promise generation on the server
>>>> - The call is descending, so we don't care about host that do not
>>>> exist
>>>> - The call is descending, so we will only accept calls from the
>>>> policy server
>>>> - Call rudder remote
>>>> - prefix the remote output lines with <uuid>: to make sure the
>>>> caller can parse output during async call on multiple nodes
>>>> - surround the output with json format lines and include return
>>>> code, duration and stderr (-> we should escape the output for use
>>>> within a json string)
>>>>
>>> Will it won't be able to traverse several relays, or am I not
>>> understanding correctly how it works? most notably, for one node
>>> only, what is the logic to reach the proper relay and sub-relays for
>>> the node ?
>>
>> It can since the call knows if the result comes from an API call or
>> from a command line call. It will not add anything to the result of
>> an API call.
>> Side note, the json formatting if applied should be applied before
>> adding the prefix. I personally think that we should not have json at
>> all here since it will be a nightmare to manage it properly.
>
> Hum, I'm not sure we are talking about the same thing.
> Let's say you have a Root Server, two Relays A and B, and 2 subrelays
> A1 and A2 under A, and a Node N under A1
>
> How does the API knows, when you call from the Root server and ask to
> reach N:
> - how to reach effectively N
> - that A should relay the call to A1
> - that A1 should send back the answer to A
> - that A should send back the answer to the Root Server
I may have forgotten an item in my initial post :
- We will create a new file that will be distributed on each relay. It
will contain a list of hosts below itself of the form.
- hostname - uuid - public key hash - relay -
We already have all this information on the root server.
With this file we now have the information on the relay to :
- accept signature from nodes
- know where a node is (below it or not)
- know how to ping a node if is below
- know which relay to contact if it is not
>
> Thank you !
>
> Nicolas
>
--
------------------------------------------------------------------------
*Logo Normation Benoît Peccatte*
/Architecte/
Normation <http://www.normation.com>
------------------------------------------------------------------------
*87, Rue de Turbigo, 75003 Paris, France*
Phone: +33 (0)1 85 08 48 96
------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.rudder-project.org/pipermail/rudder-dev/attachments/20161121/24801c49/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo-square3.gif
Type: image/gif
Size: 1036 bytes
Desc: not available
URL: <http://www.rudder-project.org/pipermail/rudder-dev/attachments/20161121/24801c49/attachment.gif>
More information about the rudder-dev
mailing list