Project

General

Profile

Actions
Copy link

User story #9351

closed

User story #1808: Add an Audit mode to Rudder: only check properties, no modification on nodes

User story #7219: Add dry-run support to system techniques

Create a dedicated abort report when enforce is used in place of audit

Added by François ARMAND about 8 years ago. Updated almost 7 years ago.

Status:
Released
Priority:
1 (highest)
Assignee:
Benoît PECCATTE
Category:
Agent
Target version:
4.0.0~rc1
Pull Request:
https://github.com/Normation/rudder-t...
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:

Description

We must take into account the case where for an unknown reason (read: bug), the agent start to do "enforce" action where it should do "audit" one.

In that case, the agent must abort the remaining of the run (fails early and prevent further potential unwanted modification).

In that case, a report message must be produce and then special cased in the compliance calcul to explain to the user the problem.

So, we need to choose the message type.

I mainly see two possibilities:

- an error message (type = reulst_error) for a new component on common, with a dedicated message
- a log_info message, like startRun / endRun

In fact, what we would want to have is a "run_info" type (or "meta", or "protocol", or "control" which would be user in place of "log_info" for meta reporting about the run itself, and not the policies. So in that regard, "log_info" seem better than error.
Or perhaps we could have log_info, but on a dedicated component like "runinfo" ?

For information, this is start run / end run ex

rudder=> select * from ruddersysevents where executiontimestamp = '2016-10-13 10:35:59+02' and keyvalue in ('StartRun', 'EndRun');
    id    |         executiondate         | nodeid | directiveid |        ruleid        | serial | component | keyvalue |   executiontimestamp   | eventtype | policy |                   msg
----------+-------------------------------+--------+-------------+----------------------+--------+-----------+----------+------------------------+-----------+--------+-----------------------------------------
 25278594 | 2016-10-13 10:36:52.457596+02 | root   | common-root | hasPolicyServer-root |    254 | common    | EndRun   | 2016-10-13 10:35:59+02 | log_info  | common | End execution with config [747884874]
 25278478 | 2016-10-13 10:36:03.659206+02 | root   | common-root | hasPolicyServer-root |    254 | common    | StartRun | 2016-10-13 10:35:59+02 | log_info  | common | Start execution with config [747884874]
(2 lignes)

Files

capture.png (5.86 KB) capture.png Nicolas CHARLES, 2016-10-17 12:55

Subtasks 1 (0 open1 closed)

User story #9353: Adapt compliance computing to process abort messageReleasedNicolas CHARLES2016-10-13Actions

Related issues 2 (0 open2 closed)

Related to Rudder - Bug #9332: If we are in audit mode, and agent does not support audit, the web interface shows "No answer" for this nodeRejectedFrançois ARMAND2016-10-12Actions
Related to Rudder - Bug #9521: If we are in non-compliance only report mode, we don't get the wrong mode error message, and node in is "no answer" in the interfaceRejectedActions
Actions
Copy link

Also available in: Atom PDF