Project

General

Profile

User story #11631

Implement disable-flag for policy server policy copy for nodes

Added by Janos Mattyasovszky 11 months ago. Updated about 2 months ago.

Status:
Released
Priority:
N/A
Category:
System techniques
Target version:
Target version (plugin):
Suggestion strength:
User visibility:
Infrequent - complex configurations | third party integrations
Effort required:

Description

If someone implements a customized rsync-based copy for propagating the node-policy between policy server (root->relays), the following part would require a flag-file to disable this by the agent run like in #11257:

diff --git a/techniques/system/distributePolicy/1.0/propagatePromises.st b/techniques/system/distributePolicy/1.0/propagatePromises.st
index 83df92c..13edc62 100644
--- a/techniques/system/distributePolicy/1.0/propagatePromises.st
+++ b/techniques/system/distributePolicy/1.0/propagatePromises.st
@@ -45,6 +45,9 @@ bundle agent propagatePromises
     root_server::
       "rudder_tools_updated_exists" expression => fileexists("${g.rudder_tools_updated_origin}");

+    !root_server::
+      "disable_promises" expression => fileexists("/opt/rudder/etc/no_propagate_promises");
+
     any::
       "pass3" expression => "pass2";
       "pass2" expression => "pass1";
@@ -76,7 +79,7 @@ bundle agent propagatePromises
         comment      => "Enforce the ncf configuration file",
         classes      => classes_generic("configure_ncf_config");

-    (policy_server|role_rudder_relay_promises_only).!root_server::
+    (policy_server|role_rudder_relay_promises_only).!(root_server|disable_promises)::

       "${client_data}"  #that's a loop on each files in client_inputs
         copy_from    => remote("${server_info.cfserved}","${server_data}"),
@@ -84,6 +87,8 @@ bundle agent propagatePromises
         comment => "Fetching the promises to propagate",
         classes => if_else("promises_propagated", "could_not_propagate_promise");

+    (policy_server|role_rudder_relay_promises_only).!root_server::
+
       "${g.rudder_var}/shared-files/" 
         copy_from    => remote("${server_info.cfserved}","${g.rudder_var}/shared-files/${g.uuid}/shared-files"),
         depth_search => recurse_visible("inf"),
@@ -170,8 +175,12 @@ bundle agent propagatePromises
     # Success if files are updated or not changed (kept or repaired).
     # root server have only tools to be updated and others have tools,
     # promises, masterfiles folder to be updated.
-    pass3.(((root_server.propagate_tools_ok)|(!root_server.propagate_tools_ok.(promises_propagated|empty_promises_to_propagate).(shared_files_propagated|sharedfiles_not_existent).masterfiles_propagated.ncf_local_promises_propagated.ncf_common_promises_propagated.nodeslist_copied)).!(propagate_tools_error|promises_to_propagate_not_copied|sharedfiles_not_copied|could_not_propagate_masterfiles|could_not_propagate_ncf_local_promise|could_not_propagate_ncf_common_promise|could_not_copy_nodeslist))::
+    pass3.(((root_server.propagate_tools_ok)|(!root_server.propagate_tools_ok.(promises_propagated|empty_promises_to_propagate|disable_promises).(shared_files_propagated|sharedfiles_not_existent).masterfiles_propagated.ncf_local_promises_propagated.ncf_common_promises_propagated.nodeslist_copied)).!(propagate_tools_error|promises_to_propagate_not_copied|sharedfiles_not_copied|could_not_propagate_masterfiles|could_not_propagate_ncf_local_promise|could_not_propagate_ncf_common_promise|could_not_copy_nodeslist))::
       "any" usebundle => rudder_common_report("DistributePolicy", "result_success", "&TRACKINGKEY&", "Propagate promises", "None", "All files have been propagated");
+
+    pass3.disable_promises::
+      "any" usebundle => rudder_common_report("DistributePolicy", "log_info", "&TRACKINGKEY&", "Propagate promises", "None", "Node promises propagation disabled by flag file");
+
     pass3.promises_to_propagate_not_copied::
       "any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Propagate promises", "None", "Cannot propagate policy");

Subtasks

User story #12106: Implement general parameters for policy server policy copy for nodesReleasedNicolas CHARLES
User story #12129: Adapt style of Relay synchronization method to match 4.2 styleReleasedVincent MEMBRÉ
Bug #12148: On Settings page, in branch 4.2, current value for Synchronization method from Relay servers is not selectedReleasedVincent MEMBRÉ
Bug #12150: Cannot save relay synch method form twiceReleasedFrançois ARMAND

Related issues

Related to Rudder - Bug #12142: Missing report for "Synchronize file" on a relay when shared-files folder is emptyNew

Associated revisions

Revision db1ad675 (diff)
Added by Benoît PECCATTE 7 months ago

Fixes #11631: Implement disable-flag for policy server policy copy for nodes

History

#1 Updated by Janos Mattyasovszky 11 months ago

  • Description updated (diff)

#2 Updated by Florian Heigl 10 months ago

We just had a short discussion about this.
I'd recommend a setting instead of a switch, so that multiple transfer modes are supported.
As above there'd just be "default" or "nothing we know about", I'd like to be able to see it's "rsync".

Not really something we need in the UI though, since it's an uncommon case.

#3 Updated by Janos Mattyasovszky 8 months ago

Hi

I am OK with a multi-state option, that defaults to "use cfengine" as long there is a state that "do nothing and report that I am not syncing it".

J

#4 Updated by Benoît PECCATTE 8 months ago

  • Target version set to Ideas (not version specific)

#5 Updated by François ARMAND 7 months ago

  • Target version changed from Ideas (not version specific) to 4.1.10

#6 Updated by Benoît PECCATTE 7 months ago

  • Status changed from New to In progress
  • Assignee set to Benoît PECCATTE

#7 Updated by Benoît PECCATTE 7 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Benoît PECCATTE to Alexis MOUSSET
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/1248

#8 Updated by Alexis MOUSSET 7 months ago

  • Status changed from Pending technical review to In progress

I'm taking over this issue!

#9 Updated by Nicolas CHARLES 7 months ago

  • Assignee changed from Alexis MOUSSET to Nicolas CHARLES

I'm taking over this issue!

#10 Updated by Nicolas CHARLES 7 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Alexis MOUSSET
  • Pull Request changed from https://github.com/Normation/rudder-techniques/pull/1248 to https://github.com/Normation/rudder-techniques/pull/1256

#11 Updated by Benoît PECCATTE 7 months ago

  • Status changed from Pending technical review to Pending release

#12 Updated by Vincent MEMBRÉ 7 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.1.10 and 4.2.4 which were released today.

#13 Updated by François ARMAND about 2 months ago

  • Related to Bug #12142: Missing report for "Synchronize file" on a relay when shared-files folder is empty added

Also available in: Atom PDF