<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 07/04/2016 15:08, Vincent Membré
wrote:<br>
</div>
<blockquote cite="mid:57065BE9.5010303@normation.com" type="cite">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<div class="moz-cite-prefix">Le 31/03/2016 12:37, Francois Armand
a écrit :<br>
</div>
<blockquote cite="mid:56FCFDE3.2050007@normation.com" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=utf-8">
Hello, <br>
<br>
So, here goes for a summary of <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://www.rudder-project.org/redmine/issues/8022">http://www.rudder-project.org/redmine/issues/8022</a>,
"Node's FQDN-Resolution is sometimes invalid" and related
tickets. <br>
The problem cover up several sub-cases, which need to be
addressed systematically to achieve some result.<br>
They are: <br>
<ul>
<li>1/ the node FQDN is used for identifying a node, and then
manage authentication and authorization to access its
promises. If Rudder server, CFEngine promise server, and the
node don't agree on it, the node can't get its promises.
This is a hard problem because:</li>
<ul>
<li>FQDN is fragile. It needs a perfectly up to date and
shared DNS environment. But "it's always a DNS problem",
what gives an idea. <br>
</li>
<li>FQDN tools are notoriously broken, and don't always
agree about what is the FQDN of a host</li>
<li>even in a perfectly working and up-to-date DNS env,
there may have voluntary decision not to have the same
FQDN from the host and the server, as explained in #8022
ticket. <br>
</li>
</ul>
<li>2/ if the node FQDN is not correct in the first sent
inventory, the node configuration is delayed by one day,
because from the node point of view, the inventory was
correctly sent and so the standard frequency for sending
inventories is applied. <br>
</li>
</ul>
<br>
The long-term solution for 1/ is to use something else that FQDN
to identify the node - we have for example an UUID for that. The
problem here is that it is a hard limitation of the protocol
used by cf-serverd. So to use another identification scheme (and
why not our own authentication/authorization), we need to either
patch cf-serverd or use a different client-server protocol for
promises transfer. Both solutions are open, but are out of
scope.<br>
<br>
Meanwhile, we can address at best 1/ and 2/ <br>
<br>
<b>For 1/, </b>we need to prevent as much as we can to give bad
FQDN and in all case, give the user a possibility to hook what
he knows should be the correct value. <br>
<b>- Prevent more bad FQDN:</b><b><br>
</b>=> update perl version: <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://www.rudder-project.org/redmine/issues/8123">http://www.rudder-project.org/redmine/issues/8123</a><br>
I didn't find anything else on that subject, compared to what we
are doing now. <br>
<br>
<b>- Let the user hook the correct value: </b><b><br>
</b>=> <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://www.rudder-project.org/redmine/issues/8022#note-20">http://www.rudder-project.org/redmine/issues/8022#note-20</a><br>
Here, we still need to specify the path convention for command
and file to look for the correct FDQN. <br>
</blockquote>
I have some remarks/questions here:<br>
<br>
* If I understand correctly the process will be: Inventory is ran
on the Node, then inventory is modified to add data from commands
/ file ? or will this be used when runnig fusionInventory ? <br>
</blockquote>
<br>
The idea is to patch fusion inventory plugin for Rudder to use that
logic. <br>
<br>
<blockquote cite="mid:57065BE9.5010303@normation.com" type="cite"> <br>
* In Which entry will they be stored ? RUDDER/HOSTAME? another one</blockquote>
<br>
Yes, RUDDER/HOSTNAME<br>
<br>
<blockquote cite="mid:57065BE9.5010303@normation.com" type="cite"> <br>
* Do we want to define Hostname only ? Would it not be better if
the solution was much more adaptable and can modify any entry from
the inventory ? <br>
</blockquote>
<br>
It's an other ticket, #4670, linked in #8022. HOSTNAME (FQDN,
really) is different from the general use case (at least adding
information into inventory) because of the special importance of
FQDN in CFengine server/agent identification protocol. So it is kind
of ok to see #8022 as a bug in the existing versions, and #4670 (or
an extension of it) as a new feature going to next versions. <br>
<br>
<blockquote cite="mid:57065BE9.5010303@normation.com" type="cite"> <br>
<br>
About the path, I suggest we should put them under
/var/rudder/inventories :<br>
<br>
<ul>
<li>If we modify only hostname (RUDDER/HOSTNAME):</li>
<ul>
<li>/var/rudder/inventories/hostname-command: Command to
execute the get the correct hostname</li>
<li>/var/rudder/inventories/hostname-file: File containing the
path the file containing the correct hostname</li>
</ul>
</ul>
</blockquote>
<br>
No specific feeling on that... Any idea, other ? <br>
<br>
<blockquote cite="mid:57065BE9.5010303@normation.com" type="cite">
<ul>
<ul>
</ul>
</ul>
<ul>
<li>If we want something more general:</li>
<ul>
<li>/var/rudder/inventories/commands or
/var/rudder/inventories/hooks.d : to put all commands/hooks</li>
<li>/var/rudder/inventories/mapping: a file mapping a Key in
inventory to an action to do, ie:</li>
<ul>
<li>RUDDER/HOSTNAME => get_fqdn.sh # Will run
get_fqdn.sh (from hooks directory!) and put output into
the correct tag<br>
</li>
<li>OPERATINGSYSTEM/OSVERSION => /some/path/to/file #
Will read that file to fill the tag<br>
</li>
</ul>
</ul>
</ul>
I hope I'm not going too far from the original idea ...<br>
</blockquote>
<br>
Let's had that in #4670 :)<br>
<br>
Thanks, <br>
<br>
<blockquote cite="mid:57065BE9.5010303@normation.com" type="cite"> <br>
<br>
<blockquote cite="mid:56FCFDE3.2050007@normation.com" type="cite">
<br>
<b>For 2/, </b>we need to prevent the sending of inventory that
will be rejected by the server for sure. <b><br>
</b>=> <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://www.rudder-project.org/redmine/issues/8127">http://www.rudder-project.org/redmine/issues/8127</a><br>
<br>
Hope it helps sum up the whole solution. <br>
<br>
Cheers, <br>
<br>
<div class="moz-signature">-- <br>
<meta content="text/html; charset=utf-8"
http-equiv="Content-Type">
<style type="text/css"><!--
a.redlink:link { color: #1782E6; text-decoration: none; }
a.redlink:visited { color: #1782E6; text-decoration: none; }
.sig { font-family: 'Century Gothic', CenturyGothic, AppleGothic, sans-serif; font-size: small; }
.sigsmall { font-family: 'Century Gothic', CenturyGothic, AppleGothic, sans-serif; font-size: x-small; }
--></style>
<table border="0" width="380" cellpadding="0" cellspacing="2">
<tbody>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><b><img alt=""
src="cid:part5.06000803.04080803@normation.com"
align="left" height="50" hspace="10" width="50"> <span
class="sig">François ARMAND</span></b><br>
<span class="sig"><i>Co-founder & CTO</i></span><br>
<span class="sig"><a moz-do-not-send="true"
class="redlink" href="http://www.normation.com">Normation</a></span>
</td>
</tr>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><span class="sigsmall"><b>87 rue de
Turbigo, 75003 Paris, France</b></span></td>
</tr>
<tr>
<td><span class="sigsmall">Telephone:</span></td>
<td><span class="sigsmall">+33 (0)1 83 62 99 23</span></td>
</tr>
<tr>
<td><span class="sigsmall">Mobile:</span></td>
<td><span class="sigsmall">+33 (0)6 63 37 60 55</span></td>
</tr>
<tr>
<td colspan="2">
<hr></td>
</tr>
</tbody>
</table>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
rudder-dev mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:rudder-dev@lists.rudder-project.org">rudder-dev@lists.rudder-project.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.rudder-project.org/mailman/listinfo/rudder-dev">http://www.rudder-project.org/mailman/listinfo/rudder-dev</a>
</pre>
</blockquote>
<br>
<br>
<div class="moz-signature">-- <br>
<meta content="text/html; charset=utf-8"
http-equiv="Content-Type">
<style type="text/css">
<!--
a.redlink:link { color: #1782E6; }
a.redlink:visited { color: #1782E6; }
.sig { font-family: 'Century Gothic', CenturyGothic, AppleGothic, sans-serif; font-size: small; }
.sigsmall { font-family: 'Century Gothic', CenturyGothic, AppleGothic, sans-serif; font-size: x-small; }
-->
</style>
<table border="0" width="380" cellpadding="0" cellspacing="2">
<tbody>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><b><img alt="Logo Normation"
src="cid:part9.05010408.09070704@normation.com"
align="left" height="50" hspace="10" width="50"> <span
class="sig">Vincent Membré</span></b><br>
<span class="sig"><i>Developer / Release manager</i></span><br>
<span class="sig"><a moz-do-not-send="true"
class="redlink" href="http://www.normation.com">Normation</a></span>
</td>
</tr>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><span class="sigsmall"><b>87, Rue de
Turbigo, 75003 Paris, France</b></span></td>
</tr>
<tr>
<td><span class="sigsmall">Phone:</span></td>
<td><span class="sigsmall">+33 (0)1 84 16 06 00</span></td>
</tr>
<tr>
<td><span class="sigsmall">Mobile:</span></td>
<td><span class="sigsmall">+33 (0)6 10 14 76 78</span></td>
</tr>
<tr>
<td colspan="2">
<hr> </td>
</tr>
</tbody>
</table>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
rudder-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:rudder-dev@lists.rudder-project.org">rudder-dev@lists.rudder-project.org</a>
<a class="moz-txt-link-freetext" href="http://www.rudder-project.org/mailman/listinfo/rudder-dev">http://www.rudder-project.org/mailman/listinfo/rudder-dev</a>
</pre>
</blockquote>
<br>
<br>
<div class="moz-signature">-- <br>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<style type="text/css"><!--
a.redlink:link { color: #1782E6; text-decoration: none; }
a.redlink:visited { color: #1782E6; text-decoration: none; }
.sig { font-family: 'Century Gothic', CenturyGothic, AppleGothic, sans-serif; font-size: small; }
.sigsmall { font-family: 'Century Gothic', CenturyGothic, AppleGothic, sans-serif; font-size: x-small; }
--></style>
<table border="0" width="380" cellpadding="0" cellspacing="2">
<tbody>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><b><img alt=""
src="cid:part11.07020005.05080008@normation.com"
align="left" height="50" hspace="10" width="50"> <span
class="sig">François ARMAND</span></b><br>
<span class="sig"><i>Co-founder & CTO</i></span><br>
<span class="sig"><a class="redlink"
href="http://www.normation.com">Normation</a></span> </td>
</tr>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><span class="sigsmall"><b>87 rue de Turbigo,
75003 Paris, France</b></span></td>
</tr>
<tr>
<td><span class="sigsmall">Telephone:</span></td>
<td><span class="sigsmall">+33 (0)1 83 62 99 23</span></td>
</tr>
<tr>
<td><span class="sigsmall">Mobile:</span></td>
<td><span class="sigsmall">+33 (0)6 63 37 60 55</span></td>
</tr>
<tr>
<td colspan="2">
<hr></td>
</tr>
</tbody>
</table>
</div>
</body>
</html>