Project

General

Profile

Actions

Architecture #6352

closed

User story #6363: Secure agent/server communication

Create shared-secure for smooth transition to key based authentication

Added by Benoît PECCATTE almost 10 years ago. Updated about 8 years ago.

Status:
Rejected
Priority:
N/A
Assignee:
-
Category:
Web - Config management
Target version:
Effort required:
Name check:
Fix check:
Regression:

Description

Create a hard-link in /var/rudder/share-secured on promise generation for each promise in /var/rudder/share
This is necessary because cf-serverd cannot have 2 authentication scheme for the same directory

Actions #1

Updated by Benoît PECCATTE almost 10 years ago

Since cfengine can transfer files based on a symlink, we could instead just create share-secured as a symlink and update using traverse_links in update promises.

Actions #2

Updated by Benoît PECCATTE almost 10 years ago

  • Parent task set to #6363
Actions #3

Updated by Benoît PECCATTE almost 10 years ago

  • Category changed from 14 to Web - Config management
Actions #4

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 3.1.0~beta1 to 3.1.0~rc1
Actions #5

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 3.1.0~rc1 to 3.1.0
Actions #6

Updated by Janos Mattyasovszky over 9 years ago

Hard links are not bad in general, but you cannot know if someone might have placed /var/rudder/share on a separate filesystem ;-)

Actions #7

Updated by Benoît PECCATTE over 9 years ago

You should never put a subfolder of one of your product into a separate filesystem without an advice from the author :-)

Actions #8

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 3.1.0 to 3.1.1
Actions #9

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 3.1.1 to 3.1.2
Actions #10

Updated by Jonathan CLARKE over 9 years ago

  • Target version changed from 3.1.2 to 3.2.0~beta1
Actions #11

Updated by Vincent MEMBRÉ about 9 years ago

  • Target version changed from 3.2.0~beta1 to 3.2.0~rc1
Actions #12

Updated by Benoît PECCATTE about 9 years ago

  • Target version changed from 3.2.0~rc1 to 3.2.0~rc2
Actions #13

Updated by Benoît PECCATTE almost 9 years ago

  • Target version changed from 3.2.0~rc2 to 3.2.0
Actions #14

Updated by Vincent MEMBRÉ almost 9 years ago

  • Target version changed from 3.2.0 to 3.2.1
Actions #15

Updated by Vincent MEMBRÉ almost 9 years ago

  • Target version changed from 3.2.1 to 3.2.2
Actions #16

Updated by Alexis Mousset almost 9 years ago

  • Target version changed from 3.2.2 to 4.0.0~rc2
Actions #17

Updated by François ARMAND about 8 years ago

  • Target version changed from 4.0.0~rc2 to 4.1.0~beta1
Actions #18

Updated by Alexis Mousset about 8 years ago

  • Status changed from New to Rejected

This is not needed as we can apply both hostname-based and key-based ACLs on the same directories. Closing.

Actions

Also available in: Atom PDF