Architecture #4444
closedallowusers is duplicated in cf-served.cf
Description
Hi,
Looks like the allowusers is duplicated in cf-served.cf / "body server control" section :
allowusers => { "root", "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" , "root" };
The number of allowed users is equal to the number of nodes.
Best Regards,
Updated by Matthieu CERDA almost 11 years ago
- Category set to Web - Nodes & inventories
- Status changed from New to 8
- Assignee set to François ARMAND
- Priority changed from N/A to 2
- Target version set to 2.9.3
It is an autogenerated part of the Techniques as part of the common Technique. Assigning to FAR as I think he is the most able to know how to solve this :)
Updated by François ARMAND almost 11 years ago
- Assignee changed from François ARMAND to Nicolas CHARLES
I believe it's the awaited behaviour. Nicolas, is this OK ? And still OK for thousand of nodes ?
Updated by Nicolas CHARLES almost 11 years ago
- Assignee changed from Nicolas CHARLES to François ARMAND
Unfortunately, this is not what we need nor want (cf http://www.rudder-project.org/redmine/issues/1121 ), but appart from perf issue with thousands of nodes,it doesn't break.
This variable is a standard variable, and we have no way to remove duplicates in standrs variable (without hacks), nor with stringtemplate.
The easiest fix would be to convert ADMIN to a system variable, but it's more of a hack than anything else
Francois, what do you think of this ?
Updated by Christophe Nowicki almost 11 years ago
François ARMAND wrote:
I believe it's the awaited behaviour. Nicolas, is this OK ? And still OK for thousand of nodes ?
Tens of thousands ;-)
Updated by François ARMAND almost 11 years ago
Well, my opinion is that we just CAN'T have a thousand time the same thing, that is just bad.
So, I would like to know in which user case (i.e: in standard Technique, not system one) we have that kind of use case ? I can't see none of them, but perhaps I missing some (it seems that most of the time, the user don't want to have duplicated section in multivalued field, and that, actually, we don't support that use case in the UI (duplicates are removed)).
So, if it is only a system use case, I'm for using system variable, perhaps even with ad hoc processing. And even, I'm not against having a different processing of system Technique & Directive that user one. I'm pretty sure we are doing hardcore things in system directives, and that supporting these things has a BIG impact on performance and complexity for the general case (I'm looking at you, rule-dependant variables).
Updated by Nicolas CHARLES almost 11 years ago
- Tracker changed from Bug to User story
- Target version changed from 2.9.3 to 2.10.0~beta1
This change is pretty impacting, so targeting to 2.10
Updated by François ARMAND almost 11 years ago
- Status changed from 8 to Discussion
- Assignee changed from François ARMAND to Nicolas CHARLES
Could you explain what is the hight level design of the modification to prevent having lots of user ?
Before, the logic was easy: for each node, we had the corresponding user. Now, what's going to happen ? How it is implemented ?
Thanks,
Updated by Nicolas CHARLES almost 11 years ago
- Assignee changed from Nicolas CHARLES to François ARMAND
Sure, the change is very simple.
We have a system variable, that is populated the same way as previously (for each node, get the user). But then, we remove duplicate by transforming the list into a Set
This change requiered to use a system variable, as we don't have implementations for deduplicating system var
Is it ok for you ?
Updated by François ARMAND almost 11 years ago
OK. So in fact there wasn't any mapping between nodes and user, just a set of allowed user ?
Thanks,
Updated by François ARMAND almost 11 years ago
- Assignee changed from François ARMAND to Nicolas CHARLES
Updated by Jonathan CLARKE almost 11 years ago
- Status changed from Discussion to 10
Updated by Jonathan CLARKE almost 11 years ago
- Tracker changed from User story to Architecture
- Status changed from 10 to Discussion
Updated by Nicolas CHARLES almost 11 years ago
We used to extract the list of user by fetching the list of nodes that have this server as policy server, and getting their admin user.
The mecanisms is still the same, except we add a "distinct" on the list of users
Updated by Nicolas CHARLES almost 11 years ago
Ok, I understood the question now :)
This list is used to define which users can connect to the policy server.
cf-serverd only check, at connection, if the user connecting is present in the list. There is no order expected (simply be there or not be there), and duplicating is pointless (it doesn't make it MORE there)
there are not specifically linked with files access ACL
Updated by Jonathan CLARKE almost 11 years ago
- Status changed from Discussion to 12
Updated by Anonymous almost 11 years ago
- Status changed from 12 to Pending release
- % Done changed from 67 to 100
Applied in changeset 2be799a7328609dd586bfe8c3409c157aa3e7ef9.
Updated by Vincent MEMBRÉ almost 11 years ago
- Category changed from Web - Nodes & inventories to 14
Updated by Vincent MEMBRÉ almost 11 years ago
- Category changed from 14 to System techniques
Updated by Vincent MEMBRÉ almost 11 years ago
- Category changed from System techniques to Performance and scalability
Updated by Vincent MEMBRÉ over 10 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 2.10.0~beta1, which was released today.
Check out:
The release announcement: http://www.rudder-project.org/pipermail/rudder-announce/2014-March/000084.html
The full ChangeLog: http://www.rudder-project.org/foswiki/bin/view/System/Documentation:ChangeLog210
Download information: https://www.rudder-project.org/site/get-rudder/downloads/