Actions
Architecture #19492
closedArchitecture #18784: Reuse agent certificates for HTTPS communication
Add policy server certificate information to policies
Status:
Released
Priority:
N/A
Assignee:
Category:
Web - Config management
Target version:
Fix check:
To do
Regression:
Description
We need:
- The root and parent policy server's certificate in .pem format, in the
inputs/certs
folder:root.pem
policy-server.pem
(which can be a symbolic link to root.pem if it's not a different relay)
- A hash of the policy server public key in
rudder.json
on all nodes, namedPOLICY_SERVER_KEY_HASH
. This format is the one used in HPKP :
# base64(sha256(x509pubkey.der)) openssl x509 -in my-certificate.pem -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
It should looks like sha256//YhKJKSzoTt2b5FP18fvpHo7fJYqQCjAa3HWY3tvRMwE=
- change the format for
SUB_NODES_KEYHASH
fromnodeInfo.sha256KeyHash
to that one (ie: we need to add the base64 encoding, and change thesha256:
toshat256//
)
This hash should also be displayed in the node details.
(note to dev: check that the base64 algo is really the one used by openssl)
Updated by François ARMAND over 3 years ago
- Status changed from New to In progress
- Assignee set to François ARMAND
Updated by François ARMAND over 3 years ago
Also, change the object name CFengineKey
to NodeKeyHashes
which is more akin to what we do now.
Change return type to IOResult
, as we do in 2021.
Updated by François ARMAND over 3 years ago
- Related to Architecture #19527: Rename POLICY_SERVER_KEY and POLICY_SERVER_KEY_HASH added
Updated by François ARMAND over 3 years ago
I'm creating an other ticket for the addition of the two certificate file during generation
Updated by François ARMAND over 3 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder/pull/3713
Updated by François ARMAND over 3 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|020e365504eeb11a17e067efd130ab940eec77b8.
Updated by Vincent MEMBRÉ over 3 years ago
This bug has been fixed in Rudder 7.0.0~beta1 which was released today.
Updated by Vincent MEMBRÉ over 3 years ago
- Related to Architecture #19524: Homogeneize nodeslist.json with rudder.json added
Updated by Vincent MEMBRÉ over 3 years ago
- Status changed from Pending release to Released
Actions