[rudder-dev] Relay API

Benoit Peccatte benoit.peccatte at normation.com
Mon Nov 21 12:30:03 CET 2016


Le 21/11/2016 à 12:06, Nicolas Charles a écrit :
> Le 18/11/2016 à 18:20, Benoit Peccatte a écrit :
>> Le 18/11/2016 à 10:17, Nicolas Charles a écrit :
>>> Hello Benoit,
>>>
>>> Thank you for the details, I simply have one question, inline
>>>
>>> Le 04/11/2016 à 17:38, Benoit Peccatte a écrit :
>>>>
>>>> Hello,
>>>>
>>>> One of Rudder 4.1 new features will be relay APIs. This is the 
>>>> first attempt to describe it.
>>>>
>>>> There are currently 2 API entries we want to add: remote-run and 
>>>> share-files.
>>>> They will both be under /rudder/relay-api itself under 
>>>> https://<server>:<port>/ like the current api is.
>>>> /rudder is the common root for all rudder service
>>>> /relay-api is different from existing api to avoid conflicts with 
>>>> them when it will be installed on the server
>>>>
>>>>
>>>> 1. Remote-run:
>>>>
>>>> The goal is to make a given relay call "rudder remote run" on one 
>>>> of its attached node
>>>> The API will be under /rudder/relay-api/remote-run
>>>> GET remote-run/node/<node-uuid>
>>>> GET remote-run/all
>>>> GET remote-run/nodes
>>>>
>>>> Parameters:
>>>> - output = keep / discard : to keep the output of the remote-run 
>>>> call or discard its content
>>>> - async = yes / no : yes to ignore the return code of the call and 
>>>> return immediately, no to wait until the end of the call and get 
>>>> the return code
>>>> - classes = XXX : list of cfengine classes to set during the remote 
>>>> call
>>>> - nodes = uuid,... : list of uuid to call in the "/nodes" case
>>>>
>>>> Behavior:
>>>> - Loop on all nodes
>>>> - Find its hostname from its uuid in a matching file created by 
>>>> promise generation on the server
>>>> - The call is descending, so we don't care about host that do not 
>>>> exist
>>>> - The call is descending, so we will only accept calls from the 
>>>> policy server
>>>> - Call rudder remote
>>>> - prefix the remote output lines with <uuid>: to make sure the 
>>>> caller can parse output during async call on multiple nodes
>>>> - surround the output with json format lines and include return 
>>>> code, duration and stderr (-> we should escape the output for use 
>>>> within a json string)
>>>>
>>> Will it won't be able to traverse several relays, or am I not 
>>> understanding correctly how it works? most notably, for one node 
>>> only, what is the logic to reach the proper relay and sub-relays for 
>>> the node ?
>>
>> It can since the call knows if the result comes from an API call or 
>> from a command line call. It will not add anything to the result of 
>> an API call.
>> Side note, the json formatting if applied should be applied before 
>> adding the prefix. I personally think that we should not have json at 
>> all here since it will be a nightmare to manage it properly.
>
> Hum, I'm not sure we are talking about the same thing.
> Let's say you have a Root Server, two Relays A and B, and 2 subrelays 
> A1 and A2 under A, and a Node N under A1
>
> How does the API knows, when you call from the Root server and ask to 
> reach N:
> - how to reach effectively N
> - that A should relay the call to A1
> - that A1 should send back the answer to A
> - that A should send back the answer to the Root Server

I may have forgotten an item in my initial post :
- We will create a new file that will be distributed on each relay. It 
will contain a list of hosts below itself of the form.
    -   hostname   -  uuid  -  public key hash  -  relay  -

We already have all this information on the root server.
With this file we now have the information on the relay to :
- accept signature from nodes
- know where a node is (below it or not)
- know how to ping a node if is below
- know which relay to contact if it is not


>
> Thank you !
>
> Nicolas
>


-- 
------------------------------------------------------------------------
*Logo Normation Benoît Peccatte*
/Architecte/
Normation <http://www.normation.com>
------------------------------------------------------------------------
*87, Rue de Turbigo, 75003 Paris, France*
Phone: 	+33 (0)1 85 08 48 96
------------------------------------------------------------------------

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.rudder-project.org/pipermail/rudder-dev/attachments/20161121/24801c49/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo-square3.gif
Type: image/gif
Size: 1036 bytes
Desc: not available
URL: <http://www.rudder-project.org/pipermail/rudder-dev/attachments/20161121/24801c49/attachment.gif>


More information about the rudder-dev mailing list