<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Le 21/11/2016 à 12:06, Nicolas Charles
a écrit :<br>
</div>
<blockquote
cite="mid:74471985-0275-fc40-88c0-6163e6d98ddd@normation.com"
type="cite">Le 18/11/2016 à 18:20, Benoit Peccatte a écrit :
<br>
<blockquote type="cite">Le 18/11/2016 à 10:17, Nicolas Charles a
écrit :
<br>
<blockquote type="cite">Hello Benoit,
<br>
<br>
Thank you for the details, I simply have one question, inline
<br>
<br>
Le 04/11/2016 à 17:38, Benoit Peccatte a écrit :
<br>
<blockquote type="cite">
<br>
Hello,
<br>
<br>
One of Rudder 4.1 new features will be relay APIs. This is
the first attempt to describe it.
<br>
<br>
There are currently 2 API entries we want to add: remote-run
and share-files.
<br>
They will both be under /rudder/relay-api itself under
<a class="moz-txt-link-freetext" href="https://">https://</a><server>:<port>/ like the current api
is.
<br>
/rudder is the common root for all rudder service
<br>
/relay-api is different from existing api to avoid conflicts
with them when it will be installed on the server
<br>
<br>
<br>
1. Remote-run:
<br>
<br>
The goal is to make a given relay call "rudder remote run"
on one of its attached node
<br>
The API will be under /rudder/relay-api/remote-run
<br>
GET remote-run/node/<node-uuid>
<br>
GET remote-run/all
<br>
GET remote-run/nodes
<br>
<br>
Parameters:
<br>
- output = keep / discard : to keep the output of the
remote-run call or discard its content
<br>
- async = yes / no : yes to ignore the return code of the
call and return immediately, no to wait until the end of the
call and get the return code
<br>
- classes = XXX : list of cfengine classes to set during the
remote call
<br>
- nodes = uuid,... : list of uuid to call in the "/nodes"
case
<br>
<br>
Behavior:
<br>
- Loop on all nodes
<br>
- Find its hostname from its uuid in a matching file created
by promise generation on the server
<br>
- The call is descending, so we don't care about host that
do not exist
<br>
- The call is descending, so we will only accept calls from
the policy server
<br>
- Call rudder remote
<br>
- prefix the remote output lines with <uuid>: to make
sure the caller can parse output during async call on
multiple nodes
<br>
- surround the output with json format lines and include
return code, duration and stderr (-> we should escape the
output for use within a json string)
<br>
<br>
</blockquote>
Will it won't be able to traverse several relays, or am I not
understanding correctly how it works? most notably, for one
node only, what is the logic to reach the proper relay and
sub-relays for the node ?
<br>
</blockquote>
<br>
It can since the call knows if the result comes from an API call
or from a command line call. It will not add anything to the
result of an API call.
<br>
Side note, the json formatting if applied should be applied
before adding the prefix. I personally think that we should not
have json at all here since it will be a nightmare to manage it
properly.
<br>
</blockquote>
<br>
Hum, I'm not sure we are talking about the same thing.
<br>
Let's say you have a Root Server, two Relays A and B, and 2
subrelays A1 and A2 under A, and a Node N under A1
<br>
<br>
How does the API knows, when you call from the Root server and ask
to reach N:
<br>
- how to reach effectively N
<br>
- that A should relay the call to A1
<br>
- that A1 should send back the answer to A
<br>
- that A should send back the answer to the Root Server
<br>
</blockquote>
<br>
I may have forgotten an item in my initial post :<br>
- We will create a new file that will be distributed on each relay.
It will contain a list of hosts below itself of the form.<br>
- hostname - uuid - public key hash - relay -<br>
<br>
We already have all this information on the root server.<br>
With this file we now have the information on the relay to :<br>
- accept signature from nodes<br>
- know where a node is (below it or not)<br>
- know how to ping a node if is below<br>
- know which relay to contact if it is not<br>
<br>
<br>
<blockquote
cite="mid:74471985-0275-fc40-88c0-6163e6d98ddd@normation.com"
type="cite">
<br>
Thank you !
<br>
<br>
Nicolas
<br>
<br>
</blockquote>
<br>
<p><br>
</p>
<div class="moz-signature">-- <br>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<style type="text/css">
<!--
a.redlink:link { color: #1782E6; }
a.redlink:visited { color: #1782E6; }
.sig { font-family: 'Century Gothic', CenturyGothic, AppleGothic, sans-serif; font-size: small; }
.sigsmall { font-family: 'Century Gothic', CenturyGothic, AppleGothic, sans-serif; font-size: x-small; }
-->
</style>
<table border="0" cellpadding="0" cellspacing="2" width="380">
<tbody>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><b><img alt="Logo Normation"
src="cid:part1.3A930356.CAE0AF28@normation.com"
align="left" height="50" hspace="10" width="50"> <span
class="sig">Benoît Peccatte</span></b><br>
<span class="sig"><i>Architecte</i></span><br>
<span class="sig"><a class="redlink"
href="http://www.normation.com">Normation</a></span> </td>
</tr>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><span class="sigsmall"><b>87, Rue de
Turbigo, 75003 Paris, France</b></span></td>
</tr>
<tr>
<td><span class="sigsmall">Phone:</span></td>
<td><span class="sigsmall">+33 (0)1 85 08 48 96</span></td>
</tr>
<tr>
<td colspan="2">
<hr> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>