Project

General

Profile

Actions
Copy link

Bug #8159

closed

Do not backup modified promise files and encrypt ncf/local transfer

Bug #8159: Do not backup modified promise files and encrypt ncf/local transfer

Added by Alexis Mousset about 10 years ago. Updated about 10 years ago.

Status:
Released
Priority:
N/A
Assignee:
Nicolas CHARLES
Category:
System techniques
Target version:
2.11.20
Pull Request:
https://github.com/Normation/rudder-t...
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

The update/propagate techniques use 6 different bodies with inconsistent parameters, we should improve this.

what from to body move_obstructions action: immediate encrypt compare preserve perms verify purge trustkey copy_backup
update
ncf/{common,local} root root copy_digest_without_perms x x digest x false
ncf/{common,local} policy_server node remote_unsecured_without_perms x x digest x x x true
rudder_promises_generated policy_server node remote x x x digest x x x true
inputs policy_server node remote x x x digest x x x true
tools policy_server node remote_unsecured x x mtime x x x x true
rudder_tools_updated policy_server node remote_unsecured x x mtime x x x x true
propagate promises
tools root root copy mtime x false
ncf.conf root root copy_digest digest x timestamp
tools root relay remote_unsecured mtime x x x x true
ncf/{common,local} root relay remote x digest x x x true
shared_files root relay remote x digest x x x true
masterfiles root relay remote x digest x x x true
techniques
file_copy_from_* * node ncf_{remote,local}_cp_method configurable true
copyGitFile* policy_server node rudder_copy_from x configurable x configurable timestamp

Related issues 5 (0 open5 closed)

Related to Rudder - Bug #8158: When a relay propagate promises, it seems he's doing backup of previous promises in the modified_files folderRejectedAlexis MoussetActions
Related to Rudder - User story #7986: Make copying the tools encrypted againRejectedBenoît PECCATTEActions
Related to Rudder - Bug #8160: Remote file copies in ncf should be encryptedReleasedNicolas CHARLESActions
Related to Rudder - Architecture #6349: Change promises to use encrypted communicationReleasedNicolas CHARLESActions
Related to Rudder - User story #8607: Document security level of Rudder contentReleasedFrançois ARMANDActions

Updated by Alexis Mousset about 10 years ago Actions
Copy link
 #1

  • Related to Bug #8158: When a relay propagate promises, it seems he's doing backup of previous promises in the modified_files folder added

Updated by Alexis Mousset about 10 years ago Actions
Copy link
 #2

Updated by Alexis Mousset about 10 years ago Actions
Copy link
 #3

  • Description updated (diff)
  • Category set to System techniques

Updated by Alexis Mousset about 10 years ago Actions
Copy link
 #4

  • Description updated (diff)

Updated by Nicolas CHARLES about 10 years ago Actions
Copy link
 #5

I don't really know how to comment on this in a readable way, but:
In update
rudder_promises_generated, rudder_tools_updated don't need either copy_backup nor encrypt (no secret there, no real value there)
ncf/{common,local} should need encrypt (secret there) but no copy_backup (the backup need to be only on the rudder server)
inputs need encrypt, but no copy_backup

In propagate promises
ncf.conf doesn't need encrypt nor copy_backup
ncf/{common,local} should need encrypt (secret there) but no copy_backup (the backup need to be only on the rudder server)
shared_files need encrypt, but no copy_backup
masterfiles need encrypt, but no copy_backup

in tehcniques
file_copy_from_* should need copy_backup timestamp

Updated by Alexis Mousset about 10 years ago Actions
Copy link
 #6

  • Related to Bug #8160: Remote file copies in ncf should be encrypted added

Updated by Alexis Mousset about 10 years ago Actions
Copy link
 #7

ncf/local copy is encrypted since 3.1 (#6349).

Updated by Alexis Mousset about 10 years ago Actions
Copy link
 #8

Updated by Alexis Mousset about 10 years ago Actions
Copy link
 #9

  • Assignee set to Alexis Mousset
  • Target version set to 2.11.20

Updated by Alexis Mousset about 10 years ago Actions
Copy link
 #10

  • Tracker changed from User story to Bug
  • Subject changed from Clean up copy_from bodies to Fix copy_from bodies for Rudder files
  • Reproduced set to No

Updated by Alexis Mousset about 10 years ago Actions
Copy link
 #11

  • Status changed from New to In progress

Updated by Alexis Mousset about 10 years ago Actions
Copy link
 #12

The PR gives:

what from to body move_obstructions action: immediate encrypt compare preserve perms verify purge trustkey copy_backup
update
ncf/{common,local} root root copy_digest_without_perms x x digest x false
ncf/common policy_server node remote_unsecured_without_perms x x digest x x x false
ncf/local policy_server node remote x x x digest x x x false
rudder_promises_generated policy_server node remote_unsecured_without_perms x x -x- digest x x x false
inputs policy_server node remote x x x digest x x x false
tools policy_server node remote_unsecured x x mtime x x x x false
rudder_tools_updated policy_server node remote_unsecured_without_perms x x digest -x- x x x false
propagate promises
tools root root copy mtime x false
ncf.conf root root copy_digest_without_perms digest -x- x false
tools root relay remote_unsecured mtime x x x x false
ncf/common root relay remote_unsecured_without_perms -x- digest x x x false
ncf/local root relay remote x digest x x x false
shared_files root relay remote x digest x x x false
masterfiles root relay remote x digest x x x false
techniques
file_copy_from_* * node ncf_{remote,local}_cp_method x configurable timestamp
copyGitFile* policy_server node rudder_copy_from x configurable x configurable timestamp

Updated by Alexis Mousset about 10 years ago Actions
Copy link
 #13

  • Description updated (diff)

Updated by Alexis Mousset about 10 years ago Actions
Copy link
 #14

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis Mousset to Nicolas CHARLES
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/906

Updated by Nicolas CHARLES about 10 years ago Actions
Copy link
 #15

This is super clear.

Updated by Alexis Mousset about 10 years ago Actions
Copy link
 #16

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100

Updated by Alexis Mousset about 10 years ago Actions
Copy link
 #17

  • Subject changed from Fix copy_from bodies for Rudder files to Do not backup modified promise files and encrypt ncf/local transfer

Updated by Vincent MEMBRÉ about 10 years ago Actions
Copy link
 #18

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.11.20, 3.0.15, 3.1.9 and 3.2.2 which were released today.

Updated by Alexis Mousset almost 10 years ago Actions
Copy link
 #19

Actions
Copy link

Also available in: PDF Atom