Rsyslog configuration lacks postgresql password on relay-top
On relay-top, the system technique file distributePolicy/1.0/rsyslogConf.st generates /etc/rsyslog.d/rudder.conf without postgresql password.
This is a problem since multiserver setup will fail to transmit reports.
First the file containing the password is not copied from the webapp server. ( /opt/rudder/etc/rudder-passwords.conf )
Then the server-roles/1.0/password-check.cf use the class root_server instead of a class that includes the relay-top role.
#4 Updated by Matthieu CERDA over 3 years ago
- Status changed from New to Discussion
- Assignee set to François ARMAND
- Priority changed from N/A to 2
First issue to address is: how do we distribute the passwords. We would need to build an acl for cf-serverd with the root server + relays ip addresses.
Maybe we need a system variable for this ?
Once it is done, the remaining part will be piece of cake :)
Anyone could suggest an approach here ? fanf of ncharles maybe ?
#5 Updated by Nicolas CHARLES over 3 years ago
Passwords are stored in a specific files, with other password (ldap and webdav)
Since all passwords are stored in a file, it sounds dangerous to share this file on too more machine than necessary
We could use a system variable, but we'd have a nasty issue when changing the passwords: the promises would use old password (from promises), and webapp would be unable to regenerate new promises, as database would be unavailable - wrong password
This sounds like a complex problem, and the solution probably is "user must manage himself its password in distributed installation, with the help of easy to use documentation/scripts that explain what to do"
#6 Updated by François ARMAND over 3 years ago
I agree with you comment Nicolas.
Benoit, could you document what is needed to do to make it works ?
I think the documentation must appear at the end of the package installation, so that the user is notified that he has something left to do. And the same documentation must be added in relay server installation http://www.rudder-project.org/rudder-doc-3.0/rudder-doc.html#relay-servers
Actually, the documentation for relay server is not up-to-date (see #6226)