Rudder

A workaround is to use the following script to pre-accept a node.
Its parameter are as follow:

- 1: "add" or "delete" (add to pre-accept, delete to remove the node, in the case of a vm that was deleted)
- 2: the node id. It must be unique, contains 1-50 characters among azAZ09-
- 3: the LDAP server ip and port, in the form "IP:PORT"
- 4: the authentication password

For example:

$ ./pre-accept-node.sh add webserver-$(uuidgen) 192.168.42.10 secret

The script need to have the "ldapmodify" installed (apt-get install ldap-utils on Debian).

Moreover, you will need to be able to contact the LDAP server used by Rudder, but it only listen on its localhost interface by default. So you will have to either make the LDAP server listen on all interface (in /etc/default/slapd, change IP=127.0.0.1 into IP=* and then /etc/init.d/slapd restart) or redirect the 389 port via ssh, for example with the command: ssh -L1389:localhost:389 root@rudder.server )

action=$1
node_id=$2
server_uri=$3
authpw=$4
authdn="cn=manager, cn=rudder-configuration" 

if [ -e $2 ]; then
  echo "You must specify the node ID as parameter 2" 
  exit 1
fi

if [ -e $3 ]; then
  echo "You must specify the LDAP server ip:port as parameter 3" 
  exit 1
fi

if [ -e $4 ]; then
  echo "You must specify the LDAP authentication password as parameter 4" 
  exit 1
fi

ldif_add=" 
dn: nodeId=${node_id},ou=Nodes,cn=rudder-configuration
changeType: add
objectClass: rudderNode
objectClass: top
cn: ${node_id}
nodeId: ${node_id}
isSystem: FALSE
isBroken: FALSE

dn: nodeId=${node_id},ou=Nodes,ou=Accepted Inventories,ou=Inventories,cn=rudder-configuration
changeType: add
objectClass: top
objectClass: unixNode
objectClass: linuxNode
osName: Not known yet
osVersion: Not known yet
osKernelVersion: Not know yet
cn: ${node_id}
localAdministratorAccountName: root
nodeHostname: ${node_id}.false.hostname.to.be.updated
ipHostNumber: 192.168.100.12
nodeId: ${node_id}
PolicyServerId: root
agentName: Community

dn: nodeGroupId=hasPolicyServer-root,groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration
changeType: modify
add: nodeId
nodeId: ${node_id}

" 

ldif_delete=" 
dn: nodeId=${node_id},ou=Nodes,cn=rudder-configuration
changeType: delete

dn: nodeId=${node_id},ou=Nodes,ou=Accepted Inventories,ou=Inventories,cn=rudder-configuration
changeType: delete

dn: nodeGroupId=hasPolicyServer-root,groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration
changeType: modify
delete: nodeId
nodeId: ${node_id}

dn: nodeId=${node_id},ou=Nodes Configuration,ou=Rudder,cn=rudder-configuration
changeType: delete

" 

case $1 in

    add)
       ldapmodify -xc -H ldap://${server_uri} -D "${authdn}" -w "${authpw}" << EOF 
${ldif_add}
EOF
    ;;
    delete)
       ldapmodify -xc -H ldap://${server_uri} -D "${authdn}" -w "${authpw}" << EOF 
${ldif_delete}
EOF
    ;;
    *)
      echo "You must specify the action ('add' or 'delete') to perform as first parameter" 
    ;; 
esac

A first step can be the "test server" use case.

The administration setting would contain an "accept any new node" checkbox. When checked, any inventory sent would be accepted without further check.