Project

General

Profile

Actions

User story #3668

closed

Allow to pre-accept nodes

Added by François ARMAND over 11 years ago. Updated almost 8 years ago.

Status:
Rejected
Priority:
2
Assignee:
-
Category:
Web - Nodes & inventories
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:

Description

In a lot of scenario, we want to be able to pre-accept a node so that no manual action is required when its first inventory is received.

For example, when creating a VM in some cloud, we would like to be able to declare in Rudder at the same moment "I do know that the following node is going to come".


Related issues 2 (0 open2 closed)

Related to Rudder - User story #4248: Proposal: Auto Accept listResolvedActions
Related to Rudder - Bug #12115: Error "CFEngine-MD5 digest of CFEngine public key for node 'server.rudder.local'" on fresh installResolvedActions
Actions #1

Updated by François ARMAND over 11 years ago

A workaround is to use the following script to pre-accept a node.
Its parameter are as follow:

- 1: "add" or "delete" (add to pre-accept, delete to remove the node, in the case of a vm that was deleted)
- 2: the node id. It must be unique, contains 1-50 characters among azAZ09-
- 3: the LDAP server ip and port, in the form "IP:PORT"
- 4: the authentication password

For example:

$ ./pre-accept-node.sh add webserver-$(uuidgen) 192.168.42.10 secret

The script need to have the "ldapmodify" installed (apt-get install ldap-utils on Debian).

Moreover, you will need to be able to contact the LDAP server used by Rudder, but it only listen on its localhost interface by default. So you will have to either make the LDAP server listen on all interface (in /etc/default/slapd, change IP=127.0.0.1 into IP=* and then /etc/init.d/slapd restart) or redirect the 389 port via ssh, for example with the command: ssh -L1389:localhost:389 )

action=$1
node_id=$2
server_uri=$3
authpw=$4
authdn="cn=manager, cn=rudder-configuration" 

if [ -e $2 ]; then
  echo "You must specify the node ID as parameter 2" 
  exit 1
fi

if [ -e $3 ]; then
  echo "You must specify the LDAP server ip:port as parameter 3" 
  exit 1
fi

if [ -e $4 ]; then
  echo "You must specify the LDAP authentication password as parameter 4" 
  exit 1
fi

ldif_add=" 
dn: nodeId=${node_id},ou=Nodes,cn=rudder-configuration
changeType: add
objectClass: rudderNode
objectClass: top
cn: ${node_id}
nodeId: ${node_id}
isSystem: FALSE
isBroken: FALSE

dn: nodeId=${node_id},ou=Nodes,ou=Accepted Inventories,ou=Inventories,cn=rudder-configuration
changeType: add
objectClass: top
objectClass: unixNode
objectClass: linuxNode
osName: Not known yet
osVersion: Not known yet
osKernelVersion: Not know yet
cn: ${node_id}
localAdministratorAccountName: root
nodeHostname: ${node_id}.false.hostname.to.be.updated
ipHostNumber: 192.168.100.12
nodeId: ${node_id}
PolicyServerId: root
agentName: Community

dn: nodeGroupId=hasPolicyServer-root,groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration
changeType: modify
add: nodeId
nodeId: ${node_id}

" 

ldif_delete=" 
dn: nodeId=${node_id},ou=Nodes,cn=rudder-configuration
changeType: delete

dn: nodeId=${node_id},ou=Nodes,ou=Accepted Inventories,ou=Inventories,cn=rudder-configuration
changeType: delete

dn: nodeGroupId=hasPolicyServer-root,groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration
changeType: modify
delete: nodeId
nodeId: ${node_id}

dn: nodeId=${node_id},ou=Nodes Configuration,ou=Rudder,cn=rudder-configuration
changeType: delete

" 

case $1 in

    add)
       ldapmodify -xc -H ldap://${server_uri} -D "${authdn}" -w "${authpw}" << EOF 
${ldif_add}
EOF
    ;;
    delete)
       ldapmodify -xc -H ldap://${server_uri} -D "${authdn}" -w "${authpw}" << EOF 
${ldif_delete}
EOF
    ;;
    *)
      echo "You must specify the action ('add' or 'delete') to perform as first parameter" 
    ;; 
esac

Actions #2

Updated by Benoît PECCATTE about 10 years ago

A first step can be the "test server" use case.

The administration setting would contain an "accept any new node" checkbox. When checked, any inventory sent would be accepted without further check.

Actions #4

Updated by Benoît PECCATTE almost 8 years ago

  • Status changed from New to Rejected

Duplicates #7876

Actions #5

Updated by François ARMAND almost 7 years ago

  • Related to Bug #12115: Error "CFEngine-MD5 digest of CFEngine public key for node 'server.rudder.local'" on fresh install added
Actions

Also available in: Atom PDF