User story #3668
closed
Allow to pre-accept nodes
Description
In a lot of scenario, we want to be able to pre-accept a node so that no manual action is required when its first inventory is received.
For example, when creating a VM in some cloud, we would like to be able to declare in Rudder at the same moment "I do know that the following node is going to come".
Updated by François ARMAND over 11 years ago
A workaround is to use the following script to pre-accept a node.
Its parameter are as follow:
- 1: "add" or "delete" (add to pre-accept, delete to remove the node, in the case of a vm that was deleted)
- 2: the node id. It must be unique, contains 1-50 characters among azAZ09-
- 3: the LDAP server ip and port, in the form "IP:PORT"
- 4: the authentication password
For example:
$ ./pre-accept-node.sh add webserver-$(uuidgen) 192.168.42.10 secretThe script need to have the "ldapmodify" installed (apt-get install ldap-utils on Debian).
Moreover, you will need to be able to contact the LDAP server used by Rudder, but it only listen on its localhost interface by default. So you will have to either make the LDAP server listen on all interface (in /etc/default/slapd, change IP=127.0.0.1 into IP=* and then /etc/init.d/slapd restart) or redirect the 389 port via ssh, for example with the command: ssh -L1389:localhost:389 root@rudder.server )
action=$1
node_id=$2
server_uri=$3
authpw=$4
authdn="cn=manager, cn=rudder-configuration"
if [ -e $2 ]; then
echo "You must specify the node ID as parameter 2"
exit 1
fi
if [ -e $3 ]; then
echo "You must specify the LDAP server ip:port as parameter 3"
exit 1
fi
if [ -e $4 ]; then
echo "You must specify the LDAP authentication password as parameter 4"
exit 1
fi
ldif_add="
dn: nodeId=${node_id},ou=Nodes,cn=rudder-configuration
changeType: add
objectClass: rudderNode
objectClass: top
cn: ${node_id}
nodeId: ${node_id}
isSystem: FALSE
isBroken: FALSE
dn: nodeId=${node_id},ou=Nodes,ou=Accepted Inventories,ou=Inventories,cn=rudder-configuration
changeType: add
objectClass: top
objectClass: unixNode
objectClass: linuxNode
osName: Not known yet
osVersion: Not known yet
osKernelVersion: Not know yet
cn: ${node_id}
localAdministratorAccountName: root
nodeHostname: ${node_id}.false.hostname.to.be.updated
ipHostNumber: 192.168.100.12
nodeId: ${node_id}
PolicyServerId: root
agentName: Community
dn: nodeGroupId=hasPolicyServer-root,groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration
changeType: modify
add: nodeId
nodeId: ${node_id}
"
ldif_delete="
dn: nodeId=${node_id},ou=Nodes,cn=rudder-configuration
changeType: delete
dn: nodeId=${node_id},ou=Nodes,ou=Accepted Inventories,ou=Inventories,cn=rudder-configuration
changeType: delete
dn: nodeGroupId=hasPolicyServer-root,groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration
changeType: modify
delete: nodeId
nodeId: ${node_id}
dn: nodeId=${node_id},ou=Nodes Configuration,ou=Rudder,cn=rudder-configuration
changeType: delete
"
case $1 in
add)
ldapmodify -xc -H ldap://${server_uri} -D "${authdn}" -w "${authpw}" << EOF
${ldif_add}
EOF
;;
delete)
ldapmodify -xc -H ldap://${server_uri} -D "${authdn}" -w "${authpw}" << EOF
${ldif_delete}
EOF
;;
*)
echo "You must specify the action ('add' or 'delete') to perform as first parameter"
;;
esac
Updated by Benoît PECCATTE about 10 years ago
A first step can be the "test server" use case.
The administration setting would contain an "accept any new node" checkbox. When checked, any inventory sent would be accepted without further check.
Updated by François ARMAND almost 7 years ago
- Related to Bug #12115: Error "CFEngine-MD5 digest of CFEngine public key for node 'server.rudder.local'" on fresh install added