-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #11631: Implement disable-flag for policy server policy copy for nodes #1248
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -37,6 +37,8 @@ bundle agent propagatePromises | |
rudder_tools_updated_exists:: | ||
"tools_timestamp" string => readfile("${g.rudder_tools_updated_origin}", 2048); | ||
|
||
|
||
|
||
classes: | ||
# Ensure the validity of the timestamp file for tools | ||
rudder_tools_updated_exists:: | ||
|
@@ -45,6 +47,17 @@ bundle agent propagatePromises | |
root_server:: | ||
"rudder_tools_updated_exists" expression => fileexists("${g.rudder_tools_updated_origin}"); | ||
|
||
!root_server:: | ||
"sync_method_disable" expression => strcmp("&RELAY_SYNC_METHOD&", "disable"); | ||
"sync_method_rsync" expression => strcmp("&RELAY_SYNC_METHOD&", "rsync"); | ||
"sync_promises" expression => strcmp("&RELAY_SYNC_PROMISES&", "true"); | ||
"sync_sharedfiles" expression => strcmp("&RELAY_SYNC_SHAREDFILES&", "true"); | ||
|
||
"disable_classic_promises" expression => "sync_promises.(sync_method_rsync|sync_method_disable)"; | ||
"disable_classic_sharedfiles" expression => "sync_sharedfiles.(sync_method_rsync|sync_method_disable)"; | ||
"rsync_promises" expression => "sync_promises.sync_method_rsync"; | ||
"rsync_sharedfiles" expression => "sync_sharedfiles.sync_method_rsync"; | ||
|
||
any:: | ||
"pass3" expression => "pass2"; | ||
"pass2" expression => "pass1"; | ||
|
@@ -76,14 +89,16 @@ bundle agent propagatePromises | |
comment => "Enforce the ncf configuration file", | ||
classes => classes_generic("configure_ncf_config"); | ||
|
||
(policy_server|role_rudder_relay_promises_only).!root_server:: | ||
(policy_server|role_rudder_relay_promises_only).!root_server.!disable_classic_promises:: | ||
|
||
"${client_data}" #that's a loop on each files in client_inputs | ||
copy_from => remote("${server_info.cfserved}","${server_data}"), | ||
depth_search => recurse_visible("inf"), | ||
comment => "Fetching the promises to propagate", | ||
classes => if_else("promises_propagated", "could_not_propagate_promise"); | ||
|
||
(policy_server|role_rudder_relay_promises_only).!root_server.!disable_classic_sharedfiles:: | ||
|
||
"${g.rudder_var}/shared-files/" | ||
copy_from => remote("${server_info.cfserved}","${g.rudder_var}/shared-files/${g.uuid}/shared-files"), | ||
depth_search => recurse_visible("inf"), | ||
|
@@ -160,6 +175,15 @@ bundle agent propagatePromises | |
comment => "Copying list of nodes under this policy server", | ||
classes => if_else("nodeslist_copied", "could_not_copy_nodeslist"); | ||
|
||
|
||
commands: | ||
policy_server.!root_server.rsync_promises:: | ||
"/usr/bin/rsync --archive --checksum --compress --sparse --delete ${server_info.cfserved}:${server_data}/ ${client_data}" | ||
classes => if_else("promises_propagated", "could_not_propagate_promise"); | ||
policy_server.!root_server.rsync_sharedfiles:: | ||
"/usr/bin/rsync --archive --checksum --compress --sparse --delete ${server_info.cfserved}:&SHARED_FILES_FOLDER&/ &SHARED_FILES_FOLDER&/" | ||
classes => if_else("files_propagated", "could_not_propagate_files"); | ||
|
||
methods: | ||
root_server:: | ||
"any" usebundle => rudder_common_reports_generic("DistributePolicy", "configure_ncf_config", "&TRACKINGKEY&", "Configure ncf", "None", "Configure configuration library"); | ||
|
@@ -170,14 +194,18 @@ bundle agent propagatePromises | |
# Success if files are updated or not changed (kept or repaired). | ||
# root server have only tools to be updated and others have tools, | ||
# promises, masterfiles folder to be updated. | ||
pass3.(((root_server.propagate_tools_ok)|(!root_server.propagate_tools_ok.(promises_propagated|empty_promises_to_propagate).(shared_files_propagated|sharedfiles_not_existent).masterfiles_propagated.ncf_local_promises_propagated.ncf_common_promises_propagated.nodeslist_copied)).!(propagate_tools_error|promises_to_propagate_not_copied|sharedfiles_not_copied|could_not_propagate_masterfiles|could_not_propagate_ncf_local_promise|could_not_propagate_ncf_common_promise|could_not_copy_nodeslist)):: | ||
pass3.(((root_server.propagate_tools_ok)|(!root_server.propagate_tools_ok.(promises_propagated|empty_promises_to_propagate|disable_classic_promises).(shared_files_propagated|sharedfiles_not_existent|disable_classic_sharedfiles).masterfiles_propagated.ncf_local_promises_propagated.ncf_common_promises_propagated.nodeslist_copied)).!(propagate_tools_error|promises_to_propagate_not_copied|sharedfiles_not_copied|could_not_propagate_masterfiles|could_not_propagate_ncf_local_promise|could_not_propagate_ncf_common_promise|could_not_copy_nodeslist)):: | ||
"any" usebundle => rudder_common_report("DistributePolicy", "result_success", "&TRACKINGKEY&", "Propagate promises", "None", "All files have been propagated"); | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. we should report result_na if we disabled synchronisation, or if it's rsync and no folder is selected There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We disable only small parts of propagation, and there is only one message for everything, so we cannot send na. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. we disable policies & shared files, leaving only tools and ncf - i guess it's more important to advertise that we are not synchronizing the relevant part There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. why not have 2 or 3 components ? One for policies, one for shared files, and one for eveything else ? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. that would be better, can we do that in 4.1 ? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Of course we can ! |
||
pass3.promises_to_propagate_not_copied:: | ||
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Propagate promises", "None", "Cannot propagate policy"); | ||
|
||
pass3.sharedfiles_not_copied:: | ||
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Propagate promises", "None", "Cannot propagate shared files"); | ||
|
||
pass3.could_not_propagate_promise:: | ||
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Propagate promises", "None", "Cannot propagate promises"); | ||
|
||
pass3.could_not_propagate_files:: | ||
"any" usebundle => rudder_common_report("DistributePolicy", "result_error", "&TRACKINGKEY&", "Propagate promises", "None", "Cannot propagate shared files"); | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why sync_promises here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We disable classic synchronization of promises when other synchronization method of the promises directory is asked for.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i'm not sure I understand - it should be disabled if sync_method_disable or sync_method_rsync; whatever the rest is
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes but if RELAY_SYNC_PROMISES is false and sync is disabled, we want to disable classic promises too?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
RELAY_SYNC_PROMISES can only be set in rsync mode, so we should ignore it in classic mode (at least, that's what the spec said)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes we should ignore it in classic mode, so if it set and in classic mode we don't disable it (just in case)