<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
(aaaannnd I forgot to hit "send" on that email)<br>
(aaaaannnd somehow the ml was removed, sorry Tim for the double
sending)<br>
<br>
<div class="moz-cite-prefix">On 15/11/2019 20:54, tim taler wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CA+=NtHwXnQYoyjsmc1U4W2dUkE595--07a-UmL5NRHmiXnx0bg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div><br>
Yes, we wanted to avoid (by default) to have everything in
shared-files in git. We used to do that, but early
feedbacks showed that users were very surprised to have
binaries and etc going to git, which resulted in bloated
git repos and performance degradation. <br>
</div>
</blockquote>
<div><br>
</div>
<div>true ... I indeed had those few binaries I had to handle
in a separate non-git directory on the cfengine server ... <br>
<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<blockquote type="cite">
<div dir="ltr">So ... while you on it,<br>
IMO it would be nice it: <br>
a) file changes there, would also be in some way
visible in the GUI (like "notice, somebody copied new
files to folder xyz, you like to confirm?")<br>
</div>
</blockquote>
<br>
Nice idea, but actually with your second idea, it becomes
(almost) unecessary (ok, it is something different, but
one could arg that if a gui+rest api is available for
upload then we can assume than direct changes in the fs
with root access to the server as "admin special action").<br>
</div>
</blockquote>
<div><br>
agreed ;-) <br>
<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<blockquote type="cite">
<div dir="ltr">b) so far I'm very used to the
commandline, but with rudder I see the benefit of some
restiction through a common interface, so you might
want to consider to have a graphical upload of those
files to the shared_folder on the rudder server, that
would ease the change management for that folder,
right?<br>
</div>
</blockquote>
<br>
Excellent idea :) <br>
<br>
And we are working on it for 6.0, with: each technique get
a private "resource" directory which is versionned with it
and files are automatically transfered with the technique
code (typical use case: templates, config files, etc). <br>
<br>
And now that you say it, adding a shared file ui would be
simple. We didn't do it for now because of rights ("authz
== it's complicated"). But we could have it only for
admin. Let me think about it.<br>
</div>
</blockquote>
<div><br>
</div>
<div>I haven't looked into the "role" system of rudder yet,
but my first idea would be:<br>
- either a role allows manipulation of a
rule/directive/technique (any setting that affects the
manged systems) than it can also upload files (the file
properties on the rudder-server/shared_folder are
irrelevant. what matters are the properties when they are
deployed, and that will be controlled through a file
property promise) <br>
- or the role doesn't allow any of those manipulations, than
there is also no need to access the upload functionality<br>
</div>
</div>
</div>
</blockquote>
<br>
Good point. It's a share folder after all. <br>
<br>
<blockquote type="cite"
cite="mid:CA+=NtHwXnQYoyjsmc1U4W2dUkE595--07a-UmL5NRHmiXnx0bg@mail.gmail.com">
<div dir="ltr">
<div class="gmail_quote">
<div>But you might have more complex situations (managing a
subset of nodes or directives/rules/techniques)<br>
</div>
</div>
</div>
</blockquote>
<br>
We are working on restricting node/rules by authz. It's not done for
now ("authz == it's complicated" - yeah, my previous life in
identity & authz management let sequels :)<br>
<br>
<blockquote type="cite"
cite="mid:CA+=NtHwXnQYoyjsmc1U4W2dUkE595--07a-UmL5NRHmiXnx0bg@mail.gmail.com">
<div dir="ltr">
<div class="gmail_quote">
<div>Anyway IF there would be an upload possibility through
the GUI it may require to distinguish between
binary/non-binary content (and according two directories in
the shared_folder) to avoid the git bloat?<br>
<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div> For 7.0, we are going much more deeply in what is a
configuration (rules/directives/etc), and what is
environment/context (nodes/etc), and what is "out of
control of Rudder" (node local env variable, etc). We will
have different verionning for each, with a full graphe
dependency (and possibility to use previous version of
subgraphe, for ex "that rule, but with the previous
version of that directive (and its technique/resources)
because I'm in the middle of a migration). <br>
<blockquote type="cite">
<div dir="ltr"><br>
... just some ideas<br>
</div>
</blockquote>
</div>
</blockquote>
<div>and while I'm on it ;)<br>
<br>
Under directive "System settings/System management" along
with the management of cron jobs etc. there could be a ready
made technique for sysctl settings, or?<br>
</div>
</div>
</div>
</blockquote>
<br>
We try to do it but AFAIK the semantic was not clear at all
(relative to peristance etc). I think Felix or Nicolas could have
more information.<br>
Acutally, I think we reach the state where we have either an
opinaited solution that was not very generic, or a generic solution
that was harder than just editing files in /etc/sysctl.d. But if you
have a need/use case, we would love to hear about it. In that case,
would you mind start a new email thread with a meaningfull title so
that other people can see/contribute to it?<br>
<br>
<blockquote type="cite"
cite="mid:CA+=NtHwXnQYoyjsmc1U4W2dUkE595--07a-UmL5NRHmiXnx0bg@mail.gmail.com">
<div dir="ltr">
<div class="gmail_quote">
<div><br>
looking forward to the upcoming versions :+1:<br>
<br>
</div>
</div>
</div>
</blockquote>
<br>
We too :)<br>
<br>
<br>
<div class="moz-signature">
<table style="color:#666; font-size: 9pt; border-collapse:
collapse; font-weight: bold;" width="450" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr style="border-bottom: 1px solid #ddd;border-top: 1px solid
#ddd;">
<td colspan="2" style="text-align: center; padding: 5px;"> <a
href="http://www.rudder.io/" moz-do-not-send="true"> <img
src="cid:part1.5D7A5D4A.B175B7FC@rudder.io" class="">
</a> </td>
<td colspan="2"> <b>François ARMAND</b><br>
<span style="font-weight:normal;">CTO<br>
<b>T:</b> +33 183 62 99 23 <b>M:</b> +33 663 37 60 55</span><br>
</td>
</tr>
</tbody>
</table>
</div>
<div class="moz-cite-prefix"><br>
</div>
</body>
</html>