Project

General

Profile

Bug #5723

Rsyslog configuration lacks postgresql password on relay-top

Added by Benoît PECCATTE about 4 years ago. Updated 21 days ago.

Status:
New
Priority:
2
Assignee:
-
Category:
Documentation
Target version:
Pull Request:
Severity:
Major - prevents use of part of Rudder | no simple workaround
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
0

Description

On relay-top, the system technique file distributePolicy/1.0/rsyslogConf.st generates /etc/rsyslog.d/rudder.conf without postgresql password.
This is a problem since multiserver setup will fail to transmit reports.

First the file containing the password is not copied from the webapp server. ( /opt/rudder/etc/rudder-passwords.conf )
Then the server-roles/1.0/password-check.cf use the class root_server instead of a class that includes the relay-top role.


Related issues

Related to Rudder - Bug #6226: Document migration from manually installed relaysReleased2015-02-04

History

#1 Updated by Jonathan CLARKE about 4 years ago

  • Target version changed from 3.0.0~beta1 to 3.0.0~beta2

#2 Updated by François ARMAND almost 4 years ago

  • Target version changed from 3.0.0~beta2 to 3.0.0~rc1

#3 Updated by Vincent MEMBRÉ almost 4 years ago

  • Target version changed from 3.0.0~rc1 to 3.0.0

#4 Updated by Matthieu CERDA almost 4 years ago

  • Status changed from New to Discussion
  • Assignee set to François ARMAND
  • Priority changed from N/A to 2

First issue to address is: how do we distribute the passwords. We would need to build an acl for cf-serverd with the root server + relays ip addresses.

Maybe we need a system variable for this ?

Once it is done, the remaining part will be piece of cake :)

Anyone could suggest an approach here ? fanf of ncharles maybe ?

#5 Updated by Nicolas CHARLES almost 4 years ago

Passwords are stored in a specific files, with other password (ldap and webdav)
Since all passwords are stored in a file, it sounds dangerous to share this file on too more machine than necessary

We could use a system variable, but we'd have a nasty issue when changing the passwords: the promises would use old password (from promises), and webapp would be unable to regenerate new promises, as database would be unavailable - wrong password

This sounds like a complex problem, and the solution probably is "user must manage himself its password in distributed installation, with the help of easy to use documentation/scripts that explain what to do"

#6 Updated by François ARMAND almost 4 years ago

I agree with you comment Nicolas.

Benoit, could you document what is needed to do to make it works ?

I think the documentation must appear at the end of the package installation, so that the user is notified that he has something left to do. And the same documentation must be added in relay server installation http://www.rudder-project.org/rudder-doc-3.0/rudder-doc.html#relay-servers

Actually, the documentation for relay server is not up-to-date (see #6226)

#7 Updated by François ARMAND almost 4 years ago

  • Project changed from Techniques to Rudder
  • Category changed from Techniques to Documentation

#8 Updated by François ARMAND almost 4 years ago

  • Target version changed from 3.0.0 to 3.1.0~beta1

So, to be more precise, that ticket will be studied in 3.1, and for 3.0 we are going to address #6226.

#9 Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 3.1.0~beta1 to 3.1.0~rc1

#10 Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 3.1.0~rc1 to 3.1.0

#11 Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 3.1.0 to 3.1.1

#12 Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 3.1.1 to 3.1.2

#13 Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 3.1.2 to 3.1.3

#14 Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 3.1.3 to 3.1.4

#15 Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 3.1.4 to 3.1.5

#16 Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 3.1.5 to 3.1.6

#17 Updated by Vincent MEMBRÉ almost 3 years ago

  • Target version changed from 3.1.6 to 3.1.7

#18 Updated by Vincent MEMBRÉ almost 3 years ago

  • Target version changed from 3.1.7 to 3.1.8

#19 Updated by Vincent MEMBRÉ almost 3 years ago

  • Target version changed from 3.1.8 to 3.1.9

#20 Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 3.1.9 to 3.1.10

#21 Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 3.1.10 to 3.1.11

#22 Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 3.1.11 to 3.1.12

#23 Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 3.1.12 to 3.1.13

#24 Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 3.1.13 to 3.1.14

#25 Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 3.1.14 to 3.1.15

#26 Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 3.1.15 to 3.1.16

#27 Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 3.1.16 to 3.1.17

#28 Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 3.1.17 to 3.1.18

#29 Updated by Vincent MEMBRÉ almost 2 years ago

  • Target version changed from 3.1.18 to 3.1.19

#30 Updated by François ARMAND over 1 year ago

  • Severity set to Major - prevents use of part of Rudder | no simple workaround
  • User visibility set to Infrequent - complex configurations | third party integrations
  • Priority set to 0

#31 Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 3.1.19 to 3.1.20

#32 Updated by Jonathan CLARKE over 1 year ago

  • Status changed from Discussion to New

#33 Updated by Jonathan CLARKE over 1 year ago

  • Assignee deleted (François ARMAND)

#34 Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 3.1.20 to 3.1.21

#35 Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 3.1.21 to 3.1.22

#36 Updated by Benoît PECCATTE over 1 year ago

  • User visibility changed from Infrequent - complex configurations | third party integrations to Operational - other Techniques | Technique editor | Rudder settings
  • Priority changed from 0 to 30

#37 Updated by Benoît PECCATTE over 1 year ago

  • Priority changed from 30 to 43

#38 Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 3.1.22 to 3.1.23

#39 Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 3.1.23 to 3.1.24

#40 Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 3.1.24 to 3.1.25

#41 Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 3.1.25 to 387
  • Priority changed from 43 to 44

#42 Updated by Vincent MEMBRÉ 12 months ago

  • Target version changed from 387 to 4.1.10

#43 Updated by Vincent MEMBRÉ 10 months ago

  • Target version changed from 4.1.10 to 4.1.11

#44 Updated by Vincent MEMBRÉ 8 months ago

  • Target version changed from 4.1.11 to 4.1.12
  • Priority changed from 44 to 45

#45 Updated by Vincent MEMBRÉ 7 months ago

  • Target version changed from 4.1.12 to 4.1.13
  • Priority changed from 45 to 46

#46 Updated by Vincent MEMBRÉ 5 months ago

  • Target version changed from 4.1.13 to 4.1.14

#47 Updated by Benoît PECCATTE 4 months ago

  • Target version changed from 4.1.14 to 4.1.15

#48 Updated by Vincent MEMBRÉ about 2 months ago

  • Target version changed from 4.1.15 to 4.1.16
  • Priority changed from 46 to 47

#49 Updated by Vincent MEMBRÉ about 1 month ago

  • Target version changed from 4.1.16 to 4.1.17
  • Priority changed from 47 to 48

#50 Updated by Vincent MEMBRÉ 21 days ago

  • Target version changed from 4.1.17 to 4.1.18
  • Priority changed from 48 to 0

Also available in: Atom PDF