[rudder-users] Rudder Node-Server communication
Francois Armand
francois.armand at normation.com
Wed Oct 17 08:20:11 UTC 2018
Hello Marko,
You are right that we use syslog. For reference, the network flows are
diplayed here:
https://docs.rudder.io/reference/5.0/architecture_and_dependencies.html#_network_architecture_in_client_server_mode
The inventory (ie the node information about hardware, software, etc) is
sent by HTTPS.
The policy configuration files transport (ie where you will most likelly
have sensitive data) uses a dedicated protocol which uses TLS.
What you see on syslog are the run execution logs which are sent back to
Rudder policy server for compliance computing, and should not contains
sensitive data - but of course, you may want to also hide that
information. In that case, you can configure syslog to be encrypted.
That comes with some requirements though: you will need rsyslog on
nodes, and you will need to use syslog on tcp. But we don't provide that
configuration by default, because syslog is generally subject to
company-wide rules, so we try to just plug on the existing configuration.
As we are aware that the user should not have to even wonder about these
things, we are currently working on a new protocol for agent-server
communication (TSL based). In the end, it will encapsulate all
server-node exchanges, and the first one to be replaced will be syslog,
target in 5.1 (begining of 2019).
Hope it helps, and please ask if you have any other questions or if you
need more information !
On 16/10/2018 20:23, Marko Winkler wrote:
> Hi all,
>
> currently, I've setup a small rudder environment (server in version 5.0
> and agents in version 4.3) for testing purposes using the simple
> installation guide provided by the official documentation.
>
> During the tests, I notice that the node sends the inventory data using
> the syslog protocol. However, a tcpdump on the network interface shows
> that the data is sent in plaintext. Did I miss to setup any further
> security configuration? A review of the documentation didn't help:
> https://docs.rudder.io/history/4.3/_security_considerations.html#_inventory
>
> It's possible to encrypt all data which will passed between the rudder
> components? I am pleased about feedback.
>
> Bests,
> Marko
>
> _______________________________________________
> FAQ: https://faq.rudder-project.org/
> Bug Tracker: https://www.rudder-project.org/redmine/
> _______________________________________________
> rudder-users mailing list
> rudder-users at lists.rudder-project.org
> https://www.rudder-project.org/mailman/listinfo/rudder-users
--
------------------------------------------------------------------------
*François ARMAND*
/Co-founder & CTO/
Normation <http://www.normation.com>
------------------------------------------------------------------------
*87 rue de Turbigo, 75003 Paris, France*
Telephone: +33 (0)1 83 62 99 23
Mobile: +33 (0)6 63 37 60 55
------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.rudder-project.org/pipermail/rudder-users/attachments/20181017/5560aebc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo-square.gif
Type: image/gif
Size: 1036 bytes
Desc: not available
URL: <http://www.rudder-project.org/pipermail/rudder-users/attachments/20181017/5560aebc/attachment.gif>
More information about the rudder-users
mailing list