Question #6467
closed
User story #6589: Improve Rudder security in 3.1: Inventory signature and security, SELinux compliance
User story #2882: Rudder should be SELinux compliant
What are the webdav directories used for ?
Added by Benoît PECCATTE over 9 years ago.
Updated over 9 years ago.
Category:
System techniques
Description
We have different webdav directories:
- /var/rudder/inventories/incoming mapped to http://rudder/inventories
- /var/rudder/inventories/accepted-nodes-updates mapped to http://rudder/inventory-updates
It seems from the sendInventoryToCmdb bundle that both are checked to send to the ldap endpoint.
From the sendInventory bundle, it seems that only the second one is used by the fusion agent.
Side question, why is there a motd file in /var/rudder/inventories/accepted-nodes-updates ?
- Category set to System techniques
- Status changed from New to Discussion
- Assignee changed from Matthieu CERDA to Benoît PECCATTE
- Priority changed from N/A to 5 (lowest)
So:
- /var/rudder/inventories/incoming: This directory is intended to accept node inventories sent from "unknown yet" machines (e.g. initial promises), with a default DAV user/password
- /var/rudder/inventories/accepted-nodes-updates: This directory accepts inventories from registered nodes (that have the Rudder installation DAV password in their promises)
The idea was to have an unsecured endpoint (for nodes not accepted yet), and a secured one for registered nodes. For now, no differenciation is made between the two, but in the future we would have liked to have a sort of different trust between the two...
At this moment though, those are considered equally.
The motd file is used by the rudder server itself, as a way to "probe" if the webdav setup is correct in the server-roles Techniques:
- "Is the WebDAV endpoint using the correct password? meaning: Can I send something (my own motd) to this endpoint using the configured password ?"
- If no, update the htpasswd file with the correct password
- Status changed from Discussion to Resolved
Also available in: Atom
PDF
Updated by Matthieu CERDA 
Updated by