Project

General

Profile

User story #8352

Updated by Janos Mattyasovszky over 8 years ago

Consider following usecase: 
 You want to distribute the private ssh-hostkeys for each node. If you have a large enough environment, that is changing on a very big rate (daily installs/decoms), maintaining a per-node file-edit policy is not very likely 

 What you actually want to have is one policy, that takes one file from a node-only folder, that is populated on the root server and then distributed towards the node (over the relays), so that only the node has access to it (not like the general shared-folder, which can be fetched basically by every node). 

 My idea would be that there could be a */var/rudder/configuration-repository/private-files/<UUID>* folder, where each node can have its private folder, and that would also be replicated to a well defined target folder on the referenced node, so you could write techniques that use that folder. 

 Example: 

 +On the RootServer:+ 
 <pre> 
 # cp \ 
   ~/nodes_ssh_key.pem \ 
   /var/rudder/configuration-repository/private-files/89e67574-fe20-4325-83a2-1530b20c8aab/ssh_host_ecdsa_key /var/rudder/configuration-repository/shared-files/89e67574-fe20-4325-83a2-1530b20c8aab/ssh_host_ecdsa_key 
 </pre> 

 +On the Node '89e67574-fe20-4325-83a2-1530b20c8aab':+ 
 <pre> 
 technique copies /var/rudder/private-files/ssh_host_ecdsa_key => /etc/ssh/ssh_host_ecdsa_key 
 </pre>

Back