Question #6467
closedUser story #6589: Improve Rudder security in 3.1: Inventory signature and security, SELinux compliance
User story #2882: Rudder should be SELinux compliant
What are the webdav directories used for ?
Description
We have different webdav directories:
- /var/rudder/inventories/incoming mapped to http://rudder/inventories
- /var/rudder/inventories/accepted-nodes-updates mapped to http://rudder/inventory-updates
It seems from the sendInventoryToCmdb bundle that both are checked to send to the ldap endpoint.
From the sendInventory bundle, it seems that only the second one is used by the fusion agent.
Side question, why is there a motd file in /var/rudder/inventories/accepted-nodes-updates ?
Updated by Matthieu CERDA over 9 years ago
- Category set to System techniques
- Status changed from New to Discussion
- Assignee changed from Matthieu CERDA to Benoît PECCATTE
- Priority changed from N/A to 5 (lowest)
- /var/rudder/inventories/incoming: This directory is intended to accept node inventories sent from "unknown yet" machines (e.g. initial promises), with a default DAV user/password
- /var/rudder/inventories/accepted-nodes-updates: This directory accepts inventories from registered nodes (that have the Rudder installation DAV password in their promises)
The idea was to have an unsecured endpoint (for nodes not accepted yet), and a secured one for registered nodes. For now, no differenciation is made between the two, but in the future we would have liked to have a sort of different trust between the two...
At this moment though, those are considered equally.
The motd file is used by the rudder server itself, as a way to "probe" if the webdav setup is correct in the server-roles Techniques:- "Is the WebDAV endpoint using the correct password? meaning: Can I send something (my own motd) to this endpoint using the configured password ?"
- If no, update the htpasswd file with the correct password