Architecture #6352
closed
User story #6363: Secure agent/server communication
Create shared-secure for smooth transition to key based authentication
Added by Benoît PECCATTE about 9 years ago.
Updated over 7 years ago.
Category:
Web - Config management
Description
Create a hard-link in /var/rudder/share-secured on promise generation for each promise in /var/rudder/share
This is necessary because cf-serverd cannot have 2 authentication scheme for the same directory
Since cfengine can transfer files based on a symlink, we could instead just create share-secured as a symlink and update using traverse_links in update promises.
- Category changed from 14 to Web - Config management
- Target version changed from 3.1.0~beta1 to 3.1.0~rc1
- Target version changed from 3.1.0~rc1 to 3.1.0
Hard links are not bad in general, but you cannot know if someone might have placed /var/rudder/share on a separate filesystem ;-)
You should never put a subfolder of one of your product into a separate filesystem without an advice from the author :-)
- Target version changed from 3.1.0 to 3.1.1
- Target version changed from 3.1.1 to 3.1.2
- Target version changed from 3.1.2 to 3.2.0~beta1
- Target version changed from 3.2.0~beta1 to 3.2.0~rc1
- Target version changed from 3.2.0~rc1 to 3.2.0~rc2
- Target version changed from 3.2.0~rc2 to 3.2.0
- Target version changed from 3.2.0 to 3.2.1
- Target version changed from 3.2.1 to 3.2.2
- Target version changed from 3.2.2 to 4.0.0~rc2
- Target version changed from 4.0.0~rc2 to 4.1.0~beta1
- Status changed from New to Rejected
This is not needed as we can apply both hostname-based and key-based ACLs on the same directories. Closing.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by