Actions
User story #11631
closed
Implement disable-flag for policy server policy copy for nodes
Pull Request:
UX impact:
Suggestion strength:
User visibility:
Infrequent - complex configurations | third party integrations
Effort required:
Name check:
Fix check:
Regression:
Description
If someone implements a customized rsync-based copy for propagating the node-policy between policy server (root->relays), the following part would require a flag-file to disable this by the agent run like in #11257:
diff --git a/techniques/system/distributePolicy/1.0/propagatePromises.st b/techniques/system/distributePolicy/1.0/propagatePromises.st
index 83df92c..13edc62 100644
--- a/techniques/system/distributePolicy/1.0/propagatePromises.st
+++ b/techniques/system/distributePolicy/1.0/propagatePromises.st
@@ -45,6 +45,9 @@ bundle agent propagatePromises
root_server::
"rudder_tools_updated_exists" expression => fileexists("${g.rudder_tools_updated_origin}");
+ !root_server::
+ "disable_promises" expression => fileexists("/opt/rudder/etc/no_propagate_promises");
+
any::
"pass3" expression => "pass2";
"pass2" expression => "pass1";
@@ -76,7 +79,7 @@ bundle agent propagatePromises
comment => "Enforce the ncf configuration file",
classes => classes_generic("configure_ncf_config");
- (policy_server|role_rudder_relay_promises_only).!root_server::
+ (policy_server|role_rudder_relay_promises_only).!(root_server|disable_promises)::
"${client_data}" #that's a loop on each files in client_inputs
copy_from => remote("${server_info.cfserved}","${server_data}"),
@@ -84,6 +87,8 @@ bundle agent propagatePromises
comment => "Fetching the promises to propagate",
classes => if_else("promises_propagated", "could_not_propagate_promise");
+ (policy_server|role_rudder_relay_promises_only).!root_server::
+
"${g.rudder_var}/shared-files/"
copy_from => remote("${server_info.cfserved}","${g.rudder_var}/shared-files/${g.uuid}/shared-files"),
depth_search => recurse_visible("inf"),
@@ -170,8 +175,12 @@ bundle agent propagatePromises
# Success if files are updated or not changed (kept or repaired).
# root server have only tools to be updated and others have tools,
# promises, masterfiles folder to be updated.
- pass3.(((root_server.propagate_tools_ok)|(!root_server.propagate_tools_ok.(promises_propagated|empty_promises_to_propagate).(shared_files_propagated|sharedfiles_not_existent).masterfiles_propagated.ncf_local_promises_propagated.ncf_common_promises_propagated.nodeslist_copied)).!(propagate_tools_error|promises_to_propagate_not_copied|sharedfiles_not_copied|could_not_propagate_masterfiles|could_not_propagate_ncf_local_promise|could_not_propagate_ncf_common_promise|could_not_copy_nodeslist))::
+ pass3.(((root_server.propagate_tools_ok)|(!root_server.propagate_tools_ok.(promises_propagated|empty_promises_to_propagate|disable_promises).(shared_files_propagated|sharedfiles_not_existent).masterfiles_propagated.ncf_local_promises_propagated.ncf_common_promises_propagated.nodeslist_copied)).!(propagate_tools_error|promises_to_propagate_not_copied|sharedfiles_not_copied|could_not_propagate_masterfiles|could_not_propagate_ncf_local_promise|could_not_propagate_ncf_common_promise|could_not_copy_nodeslist))::
"any" usebundle => rudder_common_report("DistributePolicy", "result_success", "&TRACKINGKEY&", "Propagate promises", "None", "All files have been propagated");
+
+ pass3.disable_promises::
+ "any" usebundle => rudder_common_report("DistributePolicy", "log_info", "&TRACKINGKEY&", "Propagate promises", "None", "Node promises propagation disabled by flag file");
+
pass3.promises_to_propagate_not_copied::
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Propagate promises", "None", "Cannot propagate policy");
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by
Actions