Project

General

Profile

Actions

User story #8352

open

Create a per-node private-folder for file distribution to each node

Added by Janos Mattyasovszky over 8 years ago. Updated almost 7 years ago.

Status:
New
Priority:
N/A
Assignee:
-
Category:
System integration
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:

Description

Consider following usecase:
You want to distribute the private ssh-hostkeys for each node. If you have a large enough environment, that is changing on a very big rate (daily installs/decoms), maintaining a per-node file-edit policy is not very likely

What you actually want to have is one policy, that takes one file from a node-only folder, that is populated on the root server and then distributed towards the node (over the relays), so that only the node has access to it (not like the general shared-folder, which can be fetched basically by every node).

My idea would be that there could be a /var/rudder/configuration-repository/private-files/<UUID> folder, where each node can have its private folder, and that would also be replicated to a well defined target folder on the referenced node, so you could write techniques that use that folder.

Example:

On the RootServer:

# cp \
  ~/nodes_ssh_key.pem \
  /var/rudder/configuration-repository/private-files/89e67574-fe20-4325-83a2-1530b20c8aab/ssh_host_ecdsa_key

On the Node '89e67574-fe20-4325-83a2-1530b20c8aab':

technique copies /var/rudder/private-files/ssh_host_ecdsa_key => /etc/ssh/ssh_host_ecdsa_key


Related issues 1 (0 open1 closed)

Related to Rudder - User story #8353: Implement notifications for different server-side actions and events (hooks)ReleasedJonathan CLARKE2016-12-22Actions
Actions

Also available in: Atom PDF