Project

General

Profile

Actions
Copy link

Architecture #6352

closed

User story #6363: Secure agent/server communication

Create shared-secure for smooth transition to key based authentication

Added by Benoît PECCATTE about 9 years ago. Updated over 7 years ago.

Status:
Rejected
Priority:
N/A
Assignee:
-
Category:
Web - Config management
Target version:
4.1.0~beta1
Pull Request:
Effort required:
Name check:
Fix check:
Regression:

Description

Create a hard-link in /var/rudder/share-secured on promise generation for each promise in /var/rudder/share
This is necessary because cf-serverd cannot have 2 authentication scheme for the same directory

Actions
Copy link
 #1

Updated by Benoît PECCATTE about 9 years ago

Since cfengine can transfer files based on a symlink, we could instead just create share-secured as a symlink and update using traverse_links in update promises.

Actions
Copy link
 #2

Updated by Benoît PECCATTE about 9 years ago

  • Parent task set to #6363
Actions
Copy link
 #3

Updated by Benoît PECCATTE about 9 years ago

  • Category changed from 14 to Web - Config management
Actions
Copy link
 #4

Updated by Vincent MEMBRÉ almost 9 years ago

  • Target version changed from 3.1.0~beta1 to 3.1.0~rc1
Actions
Copy link
 #5

Updated by Vincent MEMBRÉ almost 9 years ago

  • Target version changed from 3.1.0~rc1 to 3.1.0
Actions
Copy link
 #6

Updated by Janos Mattyasovszky almost 9 years ago

Hard links are not bad in general, but you cannot know if someone might have placed /var/rudder/share on a separate filesystem ;-)

Actions
Copy link
 #7

Updated by Benoît PECCATTE almost 9 years ago

You should never put a subfolder of one of your product into a separate filesystem without an advice from the author :-)

Actions
Copy link
 #8

Updated by Vincent MEMBRÉ almost 9 years ago

  • Target version changed from 3.1.0 to 3.1.1
Actions
Copy link
 #9

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 3.1.1 to 3.1.2
Actions
Copy link
 #10

Updated by Jonathan CLARKE over 8 years ago

  • Target version changed from 3.1.2 to 3.2.0~beta1
Actions
Copy link
 #11

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 3.2.0~beta1 to 3.2.0~rc1
Actions
Copy link
 #12

Updated by Benoît PECCATTE over 8 years ago

  • Target version changed from 3.2.0~rc1 to 3.2.0~rc2
Actions
Copy link
 #13

Updated by Benoît PECCATTE over 8 years ago

  • Target version changed from 3.2.0~rc2 to 3.2.0
Actions
Copy link
 #14

Updated by Vincent MEMBRÉ over 8 years ago

  • Target version changed from 3.2.0 to 3.2.1
Actions
Copy link
 #15

Updated by Vincent MEMBRÉ about 8 years ago

  • Target version changed from 3.2.1 to 3.2.2
Actions
Copy link
 #16

Updated by Alexis Mousset about 8 years ago

  • Target version changed from 3.2.2 to 4.0.0~rc2
Actions
Copy link
 #17

Updated by François ARMAND over 7 years ago

  • Target version changed from 4.0.0~rc2 to 4.1.0~beta1
Actions
Copy link
 #18

Updated by Alexis Mousset over 7 years ago

  • Status changed from New to Rejected

This is not needed as we can apply both hostname-based and key-based ACLs on the same directories. Closing.

Actions
Copy link

Also available in: Atom PDF