Rudder

OK, so the management of server roles is an über mess. I'm trying to sum-up everything going on the technical details, and I will link some example of existing bugs.

• the list of possible roles is never defined. You could say it is extensible/dynamic based on file defined somewhare, but on that case, half of code is not think for that ;
• names are complettly inconsistants, both on the use of prefixes (rudder, rudder.server-roles, role-rudder...), use of -/_, and role names themselves!
• most of the time, the roles lifecycle is bound to policy generation, but not always, creating unconsistancies.

We have has sources of server roles:

• /opt/rudder/etc/rudder-web.properties
• /opt/rudder/etc/server-roles.d/
• inventories (and roles are actually missing in JSON from API call)
• the webapp / generation process (base on some non documented behaviour, for example for root_server and policy_sever)

OK, so righ now, with all that ducplication, you can imagine the worst. And you are right!

• names in rudder-web.properties are not the same than names in /opt/rudder/etc/server-roles.d/
• in defaults install, names in /opt/rudder/etc/server-roles.d/ are not very clear: web and webapp, jetty...
• a relay don't have a /opt/rudder/etc/server-roles.d/[relay-top or relay-anything]
• names in rudder-web.properties, server-roles.d/ and rudder-server-roles.confuses "-", but cfengine classes use "_"

We have server roles generated in the following files:

/var/rudder/cfengine-community/inputs/rudder-server-roles.conf

• comes from system variable RUDDER_SERVER_ROLES (policy generation time)
• seems to be linked to what is rudder-web.properties and inventory, but only a sublist of them (only rudder-ldap, rudder-inventory-endpoint, rudder-db, rudder-web)

/var/rudder/cfengine-community/inputs/promises.cf

• comes from system variable NODEROLE (policy generation time)
• linked to a predefined list of roles (same as rudder-web.properties), plus policy_server & root_server.

/var/rudder/cfengine-community/inputs/common/1.0/site.cf

• predefined list, different from previous, value read at each runs of cf-agent and use files in server-roles.d/
• so basically, out of sync and not from the same origin than others (if you add a file in server-roles.d/, site.cf will update its value at the next run, but other information will stay the same until the next inventory+regeneration of policies..)

We should:

• use the same names everywhere (the ones from site.st ?)
• use the same /- everywhere (, to be compatible with cfengine ? Or at least "-" for file names, "_" everywhere else)
• use the same lifecycle everywhere (from the webapp, so that a given moment, all generated promises for the different part are consistant ?)