Actions
Architecture #14856
closed
Architecture #14008: Replace syslog by an HTTPS based communication for reporting
Architecture #14818: Generate a certificate for unix agents
Add agent certificate to unix inventories
Status:
Released
Priority:
N/A
Assignee:
Category:
Web - Nodes & inventories
Target version:
Pull Request:
Effort required:
Name check:
Fix check:
Regression:
Description
Unix agent will now send their certificate through inventory like windows agents did.
Instead of a RUDDER/AGENT/CFENGINE_KEY public key file, the inventory will contain a RUDDER/AGENT/AGENT_CERT.
When this inventory is received:- if there is no existing key process the certificate as we did for windows
- if there is an existing key, check that it matches the public key of the certificate
- If yes store the certificate instead of the key
- MANAGED_NODES_NAME, MANAGED_NODES_ID, MANAGED_NODES_KEY for Unix agents as we did before, but the MANAGED_NODES_KEY must be extracted from the certificate and not directly used
- SUB_NODES_NAME, SUB_NODES_ID, SUB_NODES_KEYHASH, SUB_NODES_SERVER as before with the same restriction for SUB_NODES_KEYHASH
- MANAGED_NODES_CERT_PEM: stay like before, must include all certificates (TODO we may have to talk about this again)
Updated by
Updated by Alexis Mousset over 5 years ago
- Status changed from New to Pending release
done in child issue
Updated by Vincent MEMBRÉ about 5 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 6.0.0~beta1 which was released today.
Actions