Architecture #6352
closedUser story #6363: Secure agent/server communication
Create shared-secure for smooth transition to key based authentication
Description
Create a hard-link in /var/rudder/share-secured on promise generation for each promise in /var/rudder/share
This is necessary because cf-serverd cannot have 2 authentication scheme for the same directory
Updated by Benoît PECCATTE almost 10 years ago
Since cfengine can transfer files based on a symlink, we could instead just create share-secured as a symlink and update using traverse_links in update promises.
Updated by Benoît PECCATTE almost 10 years ago
- Category changed from 14 to Web - Config management
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 3.1.0~beta1 to 3.1.0~rc1
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 3.1.0~rc1 to 3.1.0
Updated by Janos Mattyasovszky over 9 years ago
Hard links are not bad in general, but you cannot know if someone might have placed /var/rudder/share on a separate filesystem ;-)
Updated by Benoît PECCATTE over 9 years ago
You should never put a subfolder of one of your product into a separate filesystem without an advice from the author :-)
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 3.1.0 to 3.1.1
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 3.1.1 to 3.1.2
Updated by Jonathan CLARKE over 9 years ago
- Target version changed from 3.1.2 to 3.2.0~beta1
Updated by Vincent MEMBRÉ about 9 years ago
- Target version changed from 3.2.0~beta1 to 3.2.0~rc1
Updated by Benoît PECCATTE about 9 years ago
- Target version changed from 3.2.0~rc1 to 3.2.0~rc2
Updated by Benoît PECCATTE almost 9 years ago
- Target version changed from 3.2.0~rc2 to 3.2.0
Updated by Vincent MEMBRÉ almost 9 years ago
- Target version changed from 3.2.0 to 3.2.1
Updated by Vincent MEMBRÉ almost 9 years ago
- Target version changed from 3.2.1 to 3.2.2
Updated by Alexis Mousset almost 9 years ago
- Target version changed from 3.2.2 to 4.0.0~rc2
Updated by François ARMAND about 8 years ago
- Target version changed from 4.0.0~rc2 to 4.1.0~beta1
Updated by Alexis Mousset about 8 years ago
- Status changed from New to Rejected
This is not needed as we can apply both hostname-based and key-based ACLs on the same directories. Closing.