User story #5641
openMake the agent policies update a state machine with integrity check
Description
For now, we update policies on the node side in a fairly simple way (basically: if policies on the server are more recent than the one on the node, copy them, and then use them).
We need a clear and defined state machine to make that update more robust and resilient.
The basic machine (to be clearly specs) is:
- 1/ we have a current state of policies used by the agent.
- 2/ [policies copy on the node] the agent get new policies from the server in a dedicated, jailed directories
- 3/ [integrity checks] the agent runs a series of check to the new policies. Among the check, we can thing to, at least:
- some integrity check: are the files OK? (think to signed content, cheksum, etc)
- some age check: are the new files more recent than the one I have ?
- some parsing check: cf-promises
- why not, some user defined check
- 4/ if all the checks passed, then the old policies are back-up and replaced by the new one
- 5/ a new run of the agent is done with the new set of policies.
The most important part is the logic in step 3,4,5. It allows to be more confident that the new policies are correct and will run OK.
Note that step 2 allows to have the policies copied by other means than cf-agent, decoupling the way policies arrived on the server to the actual fact of starting to use them, and this is a good thing (tm).
That allows to optimize step 2 independently of the agent logic, even replace the current transport layer completly.
It also allows to implement special command for that part, like for example: DO TAKE the promise on the server now with checksums, whatever your optimization logic is.
Policies can also be corrupted on the agent side (neutrino rain or something). That's why we should check at some points if cf-promise still works. And if not, promises should be downloaded again.
Updated by Matthieu CERDA about 10 years ago
- Target version changed from 140 to 3.0.0~beta1
Updated by Benoît PECCATTE about 10 years ago
- Description updated (diff)
Policies can also be corrupted on the agent side (neutrino rain or something). That's why we should check at some points if cf-promise still works. And if not, promises should be downloaded again.
Updated by Jonathan CLARKE about 10 years ago
- Target version changed from 3.0.0~beta1 to 3.0.0~beta2
Updated by Jonathan CLARKE about 10 years ago
- Target version changed from 3.0.0~beta2 to 3.1.0~beta1
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 3.1.0~beta1 to 3.1.0~rc1
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 3.1.0~rc1 to 3.1.0
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 3.1.0 to 3.1.1
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 3.1.1 to 3.1.2
Updated by Jonathan CLARKE over 9 years ago
- Target version changed from 3.1.2 to 3.2.0~beta1
Updated by Vincent MEMBRÉ about 9 years ago
- Target version changed from 3.2.0~beta1 to 3.2.0~rc1
Updated by Benoît PECCATTE about 9 years ago
- Target version changed from 3.2.0~rc1 to 3.2.0~rc2
Updated by Benoît PECCATTE almost 9 years ago
- Target version changed from 3.2.0~rc2 to 3.2.0
Updated by Vincent MEMBRÉ almost 9 years ago
- Target version changed from 3.2.0 to 3.2.1
Updated by Vincent MEMBRÉ almost 9 years ago
- Target version changed from 3.2.1 to 3.2.2
Updated by Alexis Mousset almost 9 years ago
- Target version changed from 3.2.2 to 4.0.0~rc2
Updated by Benoît PECCATTE about 8 years ago
- Related to User story #751: Test the typed variables in Directives on a test node added
Updated by François ARMAND about 8 years ago
- Target version changed from 4.0.0~rc2 to 4.1.0~beta1
Updated by François ARMAND about 8 years ago
- Related to User story #6847: Separate updating of failsafe.cf and update.cf added
Updated by François ARMAND about 8 years ago
- Related to Bug #9704: As for Rudder 3.2.9, promises calculation is still too slow added
Updated by Vincent MEMBRÉ almost 8 years ago
- Target version changed from 4.1.0~beta1 to 4.1.0~beta2
Updated by Vincent MEMBRÉ almost 8 years ago
- Target version changed from 4.1.0~beta2 to 4.1.0~beta3
Updated by Vincent MEMBRÉ almost 8 years ago
- Target version changed from 4.1.0~beta3 to 4.1.0~rc1
Updated by François ARMAND almost 8 years ago
- Target version changed from 4.1.0~rc1 to 4.2.0~beta1
Updated by François ARMAND almost 8 years ago
- Related to Architecture #7831: Simplify usage and copy of ncf directories added
Updated by Alexis Mousset over 7 years ago
- Target version changed from 4.2.0~beta1 to 4.2.0~beta2
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 4.2.0~beta2 to 4.2.0~beta3
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 4.2.0~beta3 to 4.2.0~rc1
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 4.2.0~rc1 to 4.2.0~rc2
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 4.2.0~rc2 to 4.2.0
Updated by Vincent MEMBRÉ about 7 years ago
- Target version changed from 4.2.0 to 4.2.1
Updated by Vincent MEMBRÉ about 7 years ago
- Target version changed from 4.2.1 to 4.2.2
Updated by Vincent MEMBRÉ about 7 years ago
- Target version changed from 4.2.2 to 4.2.3
Updated by Vincent MEMBRÉ about 7 years ago
- Target version changed from 4.2.3 to 4.2.4
Updated by Benoît PECCATTE almost 7 years ago
- Target version changed from 4.2.4 to Ideas (not version specific)