[rudder-users] Use DNS name of root server instead IP address

Nicolas Charles nicolas.charles at normation.com
Thu Feb 27 15:15:03 CET 2014


Hello Fernando,

You can use the Rudder Root Server host name for the client 
configuration only if it is possible to resolve its hostname to its IP 
address (it is part of the trust model used in the client server 
communication), otherwise the client might refuse to speak to the server.
It is not mandatory that the resolution is made via DNS requests, it can 
be simply defined in the /etc/hosts file on the agent.

Please note also that in Rudder 2.9 we relaxed a bit this constraint on 
the trust model, via a configuration parameter on the Web Interface (in 
the Administration tab, you can untick the checkbox for "Use reverse DNS 
lookups on nodes to reinforce authentication to policy server")

Does it help ?

Regards,
Nicolas

On 27/02/2014 11:02, Fernando Sancho Glez-Calero wrote:
> Hi all
>
> I have a doubt reading rudder documentation.
>
> In "Rudder agent configuration" says you have to use IP address of 
> Rudder Root Server and it makes the following advice.
>
> /"We advise you to use the //IP address//of the Rudder Root Server. 
> The DNS name of this server can also be accepted if you have a 
> complete DNS infrastructure matching the IP of the Nodes with their 
> hostnames."/
>
> I don't understand why a Node has to resolve every node name. If i 
> have a DNS infrastructure that can resolve Rudder Root Server and Node 
> name itself (or even i have added a line in /etc/hosts), why i have to 
> use Rudder Root Server IP address. This can drive to a situation where 
> i can't change Root Server IP Address without modifying every rudder 
> agent installation.
>
> Regards
>
>
> _______________________________________________
> rudder-users mailing list
> rudder-users at lists.rudder-project.org
> http://www.rudder-project.org/mailman/listinfo/rudder-users


-- 
Nicolas CHARLES

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.rudder-project.org/pipermail/rudder-users/attachments/20140227/fee29ef4/attachment.html>


More information about the rudder-users mailing list