Actions
User story #11631
closed
Implement disable-flag for policy server policy copy for nodes
Pull Request:
UX impact:
Suggestion strength:
User visibility:
Infrequent - complex configurations | third party integrations
Effort required:
Name check:
Fix check:
Regression:
Description
If someone implements a customized rsync-based copy for propagating the node-policy between policy server (root->relays), the following part would require a flag-file to disable this by the agent run like in #11257:
diff --git a/techniques/system/distributePolicy/1.0/propagatePromises.st b/techniques/system/distributePolicy/1.0/propagatePromises.st
index 83df92c..13edc62 100644
--- a/techniques/system/distributePolicy/1.0/propagatePromises.st
+++ b/techniques/system/distributePolicy/1.0/propagatePromises.st
@@ -45,6 +45,9 @@ bundle agent propagatePromises
root_server::
"rudder_tools_updated_exists" expression => fileexists("${g.rudder_tools_updated_origin}");
+ !root_server::
+ "disable_promises" expression => fileexists("/opt/rudder/etc/no_propagate_promises");
+
any::
"pass3" expression => "pass2";
"pass2" expression => "pass1";
@@ -76,7 +79,7 @@ bundle agent propagatePromises
comment => "Enforce the ncf configuration file",
classes => classes_generic("configure_ncf_config");
- (policy_server|role_rudder_relay_promises_only).!root_server::
+ (policy_server|role_rudder_relay_promises_only).!(root_server|disable_promises)::
"${client_data}" #that's a loop on each files in client_inputs
copy_from => remote("${server_info.cfserved}","${server_data}"),
@@ -84,6 +87,8 @@ bundle agent propagatePromises
comment => "Fetching the promises to propagate",
classes => if_else("promises_propagated", "could_not_propagate_promise");
+ (policy_server|role_rudder_relay_promises_only).!root_server::
+
"${g.rudder_var}/shared-files/"
copy_from => remote("${server_info.cfserved}","${g.rudder_var}/shared-files/${g.uuid}/shared-files"),
depth_search => recurse_visible("inf"),
@@ -170,8 +175,12 @@ bundle agent propagatePromises
# Success if files are updated or not changed (kept or repaired).
# root server have only tools to be updated and others have tools,
# promises, masterfiles folder to be updated.
- pass3.(((root_server.propagate_tools_ok)|(!root_server.propagate_tools_ok.(promises_propagated|empty_promises_to_propagate).(shared_files_propagated|sharedfiles_not_existent).masterfiles_propagated.ncf_local_promises_propagated.ncf_common_promises_propagated.nodeslist_copied)).!(propagate_tools_error|promises_to_propagate_not_copied|sharedfiles_not_copied|could_not_propagate_masterfiles|could_not_propagate_ncf_local_promise|could_not_propagate_ncf_common_promise|could_not_copy_nodeslist))::
+ pass3.(((root_server.propagate_tools_ok)|(!root_server.propagate_tools_ok.(promises_propagated|empty_promises_to_propagate|disable_promises).(shared_files_propagated|sharedfiles_not_existent).masterfiles_propagated.ncf_local_promises_propagated.ncf_common_promises_propagated.nodeslist_copied)).!(propagate_tools_error|promises_to_propagate_not_copied|sharedfiles_not_copied|could_not_propagate_masterfiles|could_not_propagate_ncf_local_promise|could_not_propagate_ncf_common_promise|could_not_copy_nodeslist))::
"any" usebundle => rudder_common_report("DistributePolicy", "result_success", "&TRACKINGKEY&", "Propagate promises", "None", "All files have been propagated");
+
+ pass3.disable_promises::
+ "any" usebundle => rudder_common_report("DistributePolicy", "log_info", "&TRACKINGKEY&", "Propagate promises", "None", "Node promises propagation disabled by flag file");
+
pass3.promises_to_propagate_not_copied::
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Propagate promises", "None", "Cannot propagate policy");
Updated by Florian Heigl over 6 years ago
We just had a short discussion about this.
I'd recommend a setting instead of a switch, so that multiple transfer modes are supported.
As above there'd just be "default" or "nothing we know about", I'd like to be able to see it's "rsync".
Not really something we need in the UI though, since it's an uncommon case.
Updated by Janos Mattyasovszky about 6 years ago
Hi
I am OK with a multi-state option, that defaults to "use cfengine" as long there is a state that "do nothing and report that I am not syncing it".
J
Updated by Benoît PECCATTE about 6 years ago
- Target version set to Ideas (not version specific)
Updated by François ARMAND about 6 years ago
- Target version changed from Ideas (not version specific) to 4.1.10
Updated by Benoît PECCATTE about 6 years ago
- Status changed from New to In progress
- Assignee set to Benoît PECCATTE
Updated by Benoît PECCATTE about 6 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Benoît PECCATTE to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/1248
Updated by Alexis Mousset about 6 years ago
- Status changed from Pending technical review to In progress
I'm taking over this issue!
Updated by Nicolas CHARLES about 6 years ago
- Assignee changed from Alexis Mousset to Nicolas CHARLES
I'm taking over this issue!
Updated by Nicolas CHARLES about 6 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Nicolas CHARLES to Alexis Mousset
- Pull Request changed from https://github.com/Normation/rudder-techniques/pull/1248 to https://github.com/Normation/rudder-techniques/pull/1256
Updated by Benoît PECCATTE about 6 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder-techniques|db1ad675233ee053df747956c996aaa8eb1f9348.
Updated by Vincent MEMBRÉ about 6 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 4.1.10 and 4.2.4 which were released today.
- 4.1.10: Announce Changelog
- 4.2.4: Announce Changelog
- Download: https://www.rudder-project.org/site/get-rudder/downloads/
Updated by François ARMAND over 5 years ago
- Related to Bug #12142: Missing report for "Synchronize file" on a relay when shared-files folder is empty added
Actions