Project

General

Profile

Actions

User story #11121

closed

Remote safety switch

Added by Florian Heigl over 7 years ago. Updated 11 months ago.

Status:
Resolved
Priority:
N/A
Assignee:
-
Category:
Agent
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:
No

Description

Hi,

we had this in the sideline of the red button ticket.

I propose a extension of the standard policy

  • Be callable using cf-runagent / relay api
  • disables the execution of all non-agent policies

Upon closer look, ALL agent policies except those that only concern Rudder:

  • trigger an inventory run and upload
  • trigger a policy update
  • cf-served running and callable (but not able to run anything but these two and the "disable all non agent policies")

Optionally one could set red button and disable-agent, and not be able to undo that.
Non-Agent policies in this context means anything that is not related to the things mentioned here.
The current system techniques do a lot more - i.e. touch syslog, ntp and install xen packages if needed.
That would NOT be ok.

As I see it, a toggle switch like this would cover ALL use cases, enable to safely shut down the agent for maintenance or to "freeze" a datacenter, and whatnot.
It would allow to do ALL tasks that concern the rudder agent maintenance.
So far, there's a few options but each has its limitations that just waste agent run cycles / drive up risks.

As might be obvious, it could be desirable to unify this and the multiple agent flags that exist, each are subset of the update.
There an option to have an agent activity level ranging from
0 (red-button)
1 (disable-agent)
2 (update-inventory only???)
3 (update-inventory-cf-execd, allowed to raise to higher levels)
4 (enabled system policies)
5 (enabled all user policies)
6 (...????...)

fill in in your mind whatever I have been missing but I hope the general idea makes it through.


Files

clipboard-202402011855-ahwnu.png (102 KB) clipboard-202402011855-ahwnu.png François ARMAND, 2024-02-01 18:55
Actions #1

Updated by Benoît PECCATTE almost 7 years ago

  • Target version set to Ideas (not version specific)
Actions #2

Updated by François ARMAND 11 months ago

We now have node state that seems to be what was asked here (disable node, only update, etc). Perhpas not all case are addressed, but will take specific addition in dedicated tickets.

Actions

Also available in: Atom PDF