User story #2074
closed
Add a screen in administration to import archived configuration rules
Added by François ARMAND almost 13 years ago.
Updated almost 13 years ago.
Category:
Web - Maintenance
Description
We want to be able to import archived CR thanks to a button in administration screen.
Importing CR means (at least):
- read serialized CR (in XML) from /var/rudder/configuration-repository/configuration-rules
- on any error, abort
- if no CR are present, what do we do ? Abort ? Or erase all existing CR ?
- create a new branche in LDAP "new CR"
- move ancient CR to "old CR" branch, move "new CR" to "CR", delete old cr branches - in an LDAP transaction, of course
- if anything does not work, restore old CR
Of course, that is not that simple.
We have to take care of system configuration rules, because:
- if we import configuration rules from an other system, we are (pretty surely) going to completely broke Rudder;
- if we don't import system configuration rules, we may broke a working configuration (that need these configuration rules).
Nonetheless, the default case seems to be that we don't want to export/import system configuration rules:
- they are independent from user modification (at least from the configuration rules screen)
- they may be updated by system actions (accepting a new node, adding authorized network, etc) that should not be reverted without leading to non consistent states
So, I propose to have that use case and other related to import/export (PI, groups) only taking into account non system items, and add a "Save/restore configuration" action in administration screen that will take only care of system variables, but perhaps save them elsewhere.
- Status changed from 8 to 2
- Status changed from 2 to In progress
François ARMAND wrote:
We want to be able to import archived CR thanks to a button in administration screen.
Importing CR means (at least):
- read serialized CR (in XML) from /var/rudder/configuration-repository/configuration-rules
- on any error, abort
- if no CR are present, what do we do ? Abort ? Or erase all existing CR ?
Good question. In the interest of being able to exactly replicate the state of a Rudder instance, I think we should erase all existing CR. (Imagine you have had a massive security audit, and been asked to start over with your config management. You delete all CR and PI, recreate the PI, and then want to sync them to a different site, but you haven't yet created any CRs because they apply to different groups on that site...).
Ideally, in the long term, we could ask the user to choose. But if we're importing PIs at the same time, which is the desired behaviour, the old CRs probably will be of no use anyway!
- % Done changed from 0 to 60
- Estimated time set to 5.00 h
François tells me he has spent 8 hours on this already and has 5 left to go.
- Status changed from In progress to Pending technical review
- % Done changed from 60 to 100
- Status changed from Pending technical review to 10
This large commit looks valid, thank you Francois
- Status changed from 10 to Released
These requests behave as expected. I've expressed a need to improve the ergnonmy of the Administration > Archives screen in #2268
Also available in: Atom
PDF
Updated by 
Updated by Jonathan CLARKE 
Updated by