User story #11121
closedRemote safety switch
Description
Hi,
we had this in the sideline of the red button ticket.
I propose a extension of the standard policy
- Be callable using cf-runagent / relay api
- disables the execution of all non-agent policies
Upon closer look, ALL agent policies except those that only concern Rudder:
- trigger an inventory run and upload
- trigger a policy update
- cf-served running and callable (but not able to run anything but these two and the "disable all non agent policies")
Optionally one could set red button and disable-agent, and not be able to undo that.
Non-Agent policies in this context means anything that is not related to the things mentioned here.
The current system techniques do a lot more - i.e. touch syslog, ntp and install xen packages if needed.
That would NOT be ok.
As I see it, a toggle switch like this would cover ALL use cases, enable to safely shut down the agent for maintenance or to "freeze" a datacenter, and whatnot.
It would allow to do ALL tasks that concern the rudder agent maintenance.
So far, there's a few options but each has its limitations that just waste agent run cycles / drive up risks.
As might be obvious, it could be desirable to unify this and the multiple agent flags that exist, each are subset of the update.
There an option to have an agent activity level ranging from
0 (red-button)
1 (disable-agent)
2 (update-inventory only???)
3 (update-inventory-cf-execd, allowed to raise to higher levels)
4 (enabled system policies)
5 (enabled all user policies)
6 (...????...)
fill in in your mind whatever I have been missing but I hope the general idea makes it through.
Files
Updated by Benoît PECCATTE almost 7 years ago
- Target version set to Ideas (not version specific)
Updated by François ARMAND 10 months ago
- File clipboard-202402011855-ahwnu.png clipboard-202402011855-ahwnu.png added
- Status changed from New to Resolved
- Regression set to No
We now have node state that seems to be what was asked here (disable node, only update, etc). Perhpas not all case are addressed, but will take specific addition in dedicated tickets.