Bug #8159
closed
Do not backup modified promise files and encrypt ncf/local transfer
Added by Alexis Mousset over 8 years ago.
Updated over 8 years ago.
Category:
System techniques
Description
The update/propagate techniques use 6 different bodies with inconsistent parameters, we should improve this.
| what |
from |
to |
body |
move_obstructions |
action: immediate |
encrypt |
compare |
preserve perms |
verify |
purge |
trustkey |
copy_backup |
| update |
ncf/{common,local} |
root |
root |
copy_digest_without_perms |
x |
x |
|
digest |
|
|
x |
|
false |
ncf/{common,local} |
policy_server |
node |
remote_unsecured_without_perms |
x |
x |
|
digest |
|
x |
x |
x |
true |
rudder_promises_generated |
policy_server |
node |
remote |
x |
x |
x |
digest |
|
x |
x |
x |
true |
inputs |
policy_server |
node |
remote |
x |
x |
x |
digest |
|
x |
x |
x |
true |
tools |
policy_server |
node |
remote_unsecured |
x |
x |
|
mtime |
x |
x |
x |
x |
true |
rudder_tools_updated |
policy_server |
node |
remote_unsecured |
x |
x |
|
mtime |
x |
x |
x |
x |
true |
| propagate promises |
tools |
root |
root |
copy |
|
|
|
mtime |
x |
|
|
|
false |
ncf.conf |
root |
root |
copy_digest |
|
|
|
digest |
x |
|
|
|
timestamp |
tools |
root |
relay |
remote_unsecured |
|
|
|
mtime |
x |
x |
x |
x |
true |
ncf/{common,local} |
root |
relay |
remote |
|
|
x |
digest |
|
x |
x |
x |
true |
shared_files |
root |
relay |
remote |
|
|
x |
digest |
|
x |
x |
x |
true |
masterfiles |
root |
relay |
remote |
|
|
x |
digest |
|
x |
x |
x |
true |
| techniques |
file_copy_from_* |
* |
node |
ncf_{remote,local}_cp_method |
|
|
|
configurable |
|
|
|
|
true |
copyGitFile* |
policy_server |
node |
rudder_copy_from |
|
|
x |
configurable |
|
x |
configurable |
|
timestamp |
- Related to Bug #8158: When a relay propagate promises, it seems he's doing backup of previous promises in the modified_files folder added
- Description updated (diff)
- Category set to System techniques
- Description updated (diff)
I don't really know how to comment on this in a readable way, but:
In update
rudder_promises_generated, rudder_tools_updated don't need either copy_backup nor encrypt (no secret there, no real value there)
ncf/{common,local} should need encrypt (secret there) but no copy_backup (the backup need to be only on the rudder server)
inputs need encrypt, but no copy_backup
In propagate promises
ncf.conf doesn't need encrypt nor copy_backup
ncf/{common,local} should need encrypt (secret there) but no copy_backup (the backup need to be only on the rudder server)
shared_files need encrypt, but no copy_backup
masterfiles need encrypt, but no copy_backup
in tehcniques
file_copy_from_* should need copy_backup timestamp
- Related to Bug #8160: Remote file copies in ncf should be encrypted added
ncf/local copy is encrypted since 3.1 (#6349).
- Assignee set to Alexis Mousset
- Target version set to 2.11.20
- Tracker changed from User story to Bug
- Subject changed from Clean up copy_from bodies to Fix copy_from bodies for Rudder files
- Reproduced set to No
- Status changed from New to In progress
The PR gives:
| what |
from |
to |
body |
move_obstructions |
action: immediate |
encrypt |
compare |
preserve perms |
verify |
purge |
trustkey |
copy_backup |
| update |
ncf/{common,local} |
root |
root |
copy_digest_without_perms |
x |
x |
|
digest |
|
|
x |
|
false |
ncf/common |
policy_server |
node |
remote_unsecured_without_perms |
x |
x |
|
digest |
|
x |
x |
x |
false |
ncf/local |
policy_server |
node |
remote |
x |
x |
x |
digest |
|
x |
x |
x |
false |
rudder_promises_generated |
policy_server |
node |
remote_unsecured_without_perms |
x |
x |
-x- |
digest |
|
x |
x |
x |
false |
inputs |
policy_server |
node |
remote |
x |
x |
x |
digest |
|
x |
x |
x |
false |
tools |
policy_server |
node |
remote_unsecured |
x |
x |
|
mtime |
x |
x |
x |
x |
false |
rudder_tools_updated |
policy_server |
node |
remote_unsecured_without_perms |
x |
x |
|
digest |
-x- |
x |
x |
x |
false |
| propagate promises |
tools |
root |
root |
copy |
|
|
|
mtime |
x |
|
|
|
false |
ncf.conf |
root |
root |
copy_digest_without_perms |
|
|
|
digest |
-x- |
|
x |
|
false |
tools |
root |
relay |
remote_unsecured |
|
|
|
mtime |
x |
x |
x |
x |
false |
ncf/common |
root |
relay |
remote_unsecured_without_perms |
|
|
-x- |
digest |
|
x |
x |
x |
false |
ncf/local |
root |
relay |
remote |
|
|
x |
digest |
|
x |
x |
x |
false |
shared_files |
root |
relay |
remote |
|
|
x |
digest |
|
x |
x |
x |
false |
masterfiles |
root |
relay |
remote |
|
|
x |
digest |
|
x |
x |
x |
false |
| techniques |
file_copy_from_* |
* |
node |
ncf_{remote,local}_cp_method |
|
|
x |
configurable |
|
|
|
|
timestamp |
copyGitFile* |
policy_server |
node |
rudder_copy_from |
|
|
x |
configurable |
|
x |
configurable |
|
timestamp |
- Description updated (diff)
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to Nicolas CHARLES
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/906
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
- Subject changed from Fix copy_from bodies for Rudder files to Do not backup modified promise files and encrypt ncf/local transfer
- Status changed from Pending release to Released
This bug has been fixed in Rudder 2.11.20, 3.0.15, 3.1.9 and 3.2.2 which were released today.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by