Project

General

Profile

Actions

User story #5641

open

Make the agent policies update a state machine with integrity check

Added by François ARMAND over 6 years ago. Updated about 3 years ago.

Status:
New
Priority:
2
Assignee:
-
Category:
System techniques
Suggestion strength:
User visibility:
Effort required:

Description

For now, we update policies on the node side in a fairly simple way (basically: if policies on the server are more recent than the one on the node, copy them, and then use them).

We need a clear and defined state machine to make that update more robust and resilient.

The basic machine (to be clearly specs) is:

- 1/ we have a current state of policies used by the agent.

- 2/ [policies copy on the node] the agent get new policies from the server in a dedicated, jailed directories

- 3/ [integrity checks] the agent runs a series of check to the new policies. Among the check, we can thing to, at least:
- some integrity check: are the files OK? (think to signed content, cheksum, etc)
- some age check: are the new files more recent than the one I have ?
- some parsing check: cf-promises
- why not, some user defined check

- 4/ if all the checks passed, then the old policies are back-up and replaced by the new one
- 5/ a new run of the agent is done with the new set of policies.

The most important part is the logic in step 3,4,5. It allows to be more confident that the new policies are correct and will run OK.

Note that step 2 allows to have the policies copied by other means than cf-agent, decoupling the way policies arrived on the server to the actual fact of starting to use them, and this is a good thing (tm).

That allows to optimize step 2 independently of the agent logic, even replace the current transport layer completly.
It also allows to implement special command for that part, like for example: DO TAKE the promise on the server now with checksums, whatever your optimization logic is.

Policies can also be corrupted on the agent side (neutrino rain or something). That's why we should check at some points if cf-promise still works. And if not, promises should be downloaded again.


Related issues

Related to Rudder - Architecture #4427: cf-promises check on ALL generated promises leads to huge generation time NewNicolas CHARLESActions
Related to Rudder - Bug #5650: promises can become invalid if copies fail rendering the agent unusableReleasedBenoît PECCATTE2014-10-15Actions
Related to Rudder - User story #751: Test the typed variables in Directives on a test nodeRejectedNicolas CHARLES2011-02-01Actions
Related to Rudder - User story #6847: Separate updating of failsafe.cf and update.cfNewActions
Related to Rudder - Bug #9704: As for Rudder 3.2.9, promises calculation is still too slowRejectedActions
Related to Rudder - Architecture #7831: Simplify usage and copy of ncf directoriesNewActions
Actions #1

Updated by Matthieu CERDA over 6 years ago

  • Target version changed from 140 to 3.0.0~beta1
Actions #2

Updated by Benoît PECCATTE over 6 years ago

  • Description updated (diff)

Policies can also be corrupted on the agent side (neutrino rain or something). That's why we should check at some points if cf-promise still works. And if not, promises should be downloaded again.

Actions #3

Updated by Jonathan CLARKE over 6 years ago

  • Target version changed from 3.0.0~beta1 to 3.0.0~beta2
Actions #4

Updated by Jonathan CLARKE over 6 years ago

  • Target version changed from 3.0.0~beta2 to 3.1.0~beta1
Actions #5

Updated by Benoît PECCATTE about 6 years ago

  • Status changed from 8 to New
Actions #6

Updated by Vincent MEMBRÉ almost 6 years ago

  • Target version changed from 3.1.0~beta1 to 3.1.0~rc1
Actions #7

Updated by Vincent MEMBRÉ almost 6 years ago

  • Target version changed from 3.1.0~rc1 to 3.1.0
Actions #8

Updated by Vincent MEMBRÉ almost 6 years ago

  • Target version changed from 3.1.0 to 3.1.1
Actions #9

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 3.1.1 to 3.1.2
Actions #10

Updated by Jonathan CLARKE over 5 years ago

  • Target version changed from 3.1.2 to 3.2.0~beta1
Actions #11

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 3.2.0~beta1 to 3.2.0~rc1
Actions #12

Updated by Benoît PECCATTE over 5 years ago

  • Target version changed from 3.2.0~rc1 to 3.2.0~rc2
Actions #13

Updated by Benoît PECCATTE over 5 years ago

  • Target version changed from 3.2.0~rc2 to 3.2.0
Actions #14

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 3.2.0 to 3.2.1
Actions #15

Updated by Vincent MEMBRÉ about 5 years ago

  • Target version changed from 3.2.1 to 3.2.2
Actions #16

Updated by Alexis MOUSSET about 5 years ago

  • Target version changed from 3.2.2 to 4.0.0~rc2
Actions #17

Updated by Benoît PECCATTE over 4 years ago

  • Related to User story #751: Test the typed variables in Directives on a test node added
Actions #18

Updated by François ARMAND over 4 years ago

  • Target version changed from 4.0.0~rc2 to 4.1.0~beta1
Actions #19

Updated by François ARMAND over 4 years ago

  • Related to User story #6847: Separate updating of failsafe.cf and update.cf added
Actions #20

Updated by François ARMAND over 4 years ago

  • Related to Bug #9704: As for Rudder 3.2.9, promises calculation is still too slow added
Actions #21

Updated by Vincent MEMBRÉ over 4 years ago

  • Target version changed from 4.1.0~beta1 to 4.1.0~beta2
Actions #22

Updated by Vincent MEMBRÉ about 4 years ago

  • Target version changed from 4.1.0~beta2 to 4.1.0~beta3
Actions #23

Updated by Vincent MEMBRÉ about 4 years ago

  • Target version changed from 4.1.0~beta3 to 4.1.0~rc1
Actions #24

Updated by François ARMAND about 4 years ago

  • Target version changed from 4.1.0~rc1 to 4.2.0~beta1
Actions #25

Updated by François ARMAND about 4 years ago

Actions #26

Updated by Alexis MOUSSET almost 4 years ago

  • Target version changed from 4.2.0~beta1 to 4.2.0~beta2
Actions #27

Updated by Vincent MEMBRÉ almost 4 years ago

  • Target version changed from 4.2.0~beta2 to 4.2.0~beta3
Actions #28

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 4.2.0~beta3 to 4.2.0~rc1
Actions #29

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 4.2.0~rc1 to 4.2.0~rc2
Actions #30

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 4.2.0~rc2 to 4.2.0
Actions #31

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 4.2.0 to 4.2.1
Actions #32

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 4.2.1 to 4.2.2
Actions #33

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 4.2.2 to 4.2.3
Actions #34

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 4.2.3 to 4.2.4
Actions #35

Updated by Benoît PECCATTE about 3 years ago

  • Target version changed from 4.2.4 to Ideas (not version specific)
Actions

Also available in: Atom PDF