Project

General

Profile

Actions

Architecture #14856

closed

Architecture #14008: Replace syslog by an HTTPS based communication for reporting

Architecture #14818: Generate a certificate for unix agents

Add agent certificate to unix inventories

Added by Benoît PECCATTE over 5 years ago. Updated about 5 years ago.

Status:
Released
Priority:
N/A
Category:
Web - Nodes & inventories
Target version:
Effort required:
Name check:
Fix check:
Regression:

Description

Unix agent will now send their certificate through inventory like windows agents did.

Instead of a RUDDER/AGENT/CFENGINE_KEY public key file, the inventory will contain a RUDDER/AGENT/AGENT_CERT.

When this inventory is received:
  • if there is no existing key process the certificate as we did for windows
  • if there is an existing key, check that it matches the public key of the certificate
    • If yes store the certificate instead of the key
With those the server must be able to generate:
  • MANAGED_NODES_NAME, MANAGED_NODES_ID, MANAGED_NODES_KEY for Unix agents as we did before, but the MANAGED_NODES_KEY must be extracted from the certificate and not directly used
  • SUB_NODES_NAME, SUB_NODES_ID, SUB_NODES_KEYHASH, SUB_NODES_SERVER as before with the same restriction for SUB_NODES_KEYHASH
  • MANAGED_NODES_CERT_PEM: stay like before, must include all certificates (TODO we may have to talk about this again)

Subtasks 1 (0 open1 closed)

Architecture #14857: Add certificate to inventory in fusionReleasedAlexis MoussetActions
Actions

Also available in: Atom PDF