Actions
Bug #8159
closed
Do not backup modified promise files and encrypt ncf/local transfer
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:
Description
The update/propagate techniques use 6 different bodies with inconsistent parameters, we should improve this.
| what | from | to | body | move_obstructions | action: immediate | encrypt | compare | preserve perms | verify | purge | trustkey | copy_backup |
| update | ||||||||||||
ncf/{common,local} |
root | root | copy_digest_without_perms |
x | x | digest | x | false | ||||
ncf/{common,local} |
policy_server | node | remote_unsecured_without_perms |
x | x | digest | x | x | x | true | ||
rudder_promises_generated |
policy_server | node | remote |
x | x | x | digest | x | x | x | true | |
inputs |
policy_server | node | remote |
x | x | x | digest | x | x | x | true | |
tools |
policy_server | node | remote_unsecured |
x | x | mtime | x | x | x | x | true | |
rudder_tools_updated |
policy_server | node | remote_unsecured |
x | x | mtime | x | x | x | x | true | |
| propagate promises | ||||||||||||
tools |
root | root | copy |
mtime | x | false | ||||||
ncf.conf |
root | root | copy_digest |
digest | x | timestamp | ||||||
tools |
root | relay | remote_unsecured |
mtime | x | x | x | x | true | |||
ncf/{common,local} |
root | relay | remote |
x | digest | x | x | x | true | |||
shared_files |
root | relay | remote |
x | digest | x | x | x | true | |||
masterfiles |
root | relay | remote |
x | digest | x | x | x | true | |||
| techniques | ||||||||||||
file_copy_from_* |
* | node | ncf_{remote,local}_cp_method |
configurable | true | |||||||
copyGitFile* |
policy_server | node | rudder_copy_from |
x | configurable | x | configurable | timestamp | ||||
Updated by Alexis Mousset over 8 years ago
- Related to Bug #8158: When a relay propagate promises, it seems he's doing backup of previous promises in the modified_files folder added
Updated by Alexis Mousset over 8 years ago
- Related to User story #7986: Make copying the tools encrypted again added
Updated by Alexis Mousset over 8 years ago
- Description updated (diff)
- Category set to System techniques
Updated by Nicolas CHARLES over 8 years ago
I don't really know how to comment on this in a readable way, but:
In update
rudder_promises_generated, rudder_tools_updated don't need either copy_backup nor encrypt (no secret there, no real value there)
ncf/{common,local} should need encrypt (secret there) but no copy_backup (the backup need to be only on the rudder server)
inputs need encrypt, but no copy_backup
In propagate promises
ncf.conf doesn't need encrypt nor copy_backup
ncf/{common,local} should need encrypt (secret there) but no copy_backup (the backup need to be only on the rudder server)
shared_files need encrypt, but no copy_backup
masterfiles need encrypt, but no copy_backup
in tehcniques
file_copy_from_* should need copy_backup timestamp
Updated by Alexis Mousset over 8 years ago
- Related to Bug #8160: Remote file copies in ncf should be encrypted added
Updated by Alexis Mousset over 8 years ago
ncf/local copy is encrypted since 3.1 (#6349).
Updated by Alexis Mousset over 8 years ago
- Related to Architecture #6349: Change promises to use encrypted communication added
Updated by Alexis Mousset over 8 years ago
- Assignee set to Alexis Mousset
- Target version set to 2.11.20
Updated by Alexis Mousset over 8 years ago
- Tracker changed from User story to Bug
- Subject changed from Clean up copy_from bodies to Fix copy_from bodies for Rudder files
- Reproduced set to No
Updated by Alexis Mousset over 8 years ago
- Status changed from New to In progress
Updated by Alexis Mousset over 8 years ago
The PR gives:
| what | from | to | body | move_obstructions | action: immediate | encrypt | compare | preserve perms | verify | purge | trustkey | copy_backup |
| update | ||||||||||||
ncf/{common,local} |
root | root | copy_digest_without_perms |
x | x | digest | x | false | ||||
ncf/common |
policy_server | node | remote_unsecured_without_perms |
x | x | digest | x | x | x | false | ||
ncf/local |
policy_server | node | remote |
x | x | x | digest | x | x | x | false | |
rudder_promises_generated |
policy_server | node | remote_unsecured_without_perms |
x | x | -x- | digest | x | x | x | false | |
inputs |
policy_server | node | remote |
x | x | x | digest | x | x | x | false | |
tools |
policy_server | node | remote_unsecured |
x | x | mtime | x | x | x | x | false | |
rudder_tools_updated |
policy_server | node | remote_unsecured_without_perms |
x | x | digest | -x- | x | x | x | false | |
| propagate promises | ||||||||||||
tools |
root | root | copy |
mtime | x | false | ||||||
ncf.conf |
root | root | copy_digest_without_perms |
digest | -x- | x | false | |||||
tools |
root | relay | remote_unsecured |
mtime | x | x | x | x | false | |||
ncf/common |
root | relay | remote_unsecured_without_perms |
-x- | digest | x | x | x | false | |||
ncf/local |
root | relay | remote |
x | digest | x | x | x | false | |||
shared_files |
root | relay | remote |
x | digest | x | x | x | false | |||
masterfiles |
root | relay | remote |
x | digest | x | x | x | false | |||
| techniques | ||||||||||||
file_copy_from_* |
* | node | ncf_{remote,local}_cp_method |
x | configurable | timestamp | ||||||
copyGitFile* |
policy_server | node | rudder_copy_from |
x | configurable | x | configurable | timestamp | ||||
Updated by Alexis Mousset over 8 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to Nicolas CHARLES
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/906
Updated by Alexis Mousset over 8 years ago
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
Applied in changeset rudder-techniques|206089c2f39a642bc14ac27c5366510c9b2bad4c.
Updated by Alexis Mousset over 8 years ago
- Subject changed from Fix copy_from bodies for Rudder files to Do not backup modified promise files and encrypt ncf/local transfer
Updated by Vincent MEMBRÉ over 8 years ago
- Status changed from Pending release to Released
Updated by Alexis Mousset over 8 years ago
- Related to User story #8607: Document security level of Rudder content added
Actions