Issue Tracker: Issueshttps://issues.rudder.io/https://issues.rudder.io/themes/rudder7/favicon/favicon.ico?17096450182023-03-08T09:51:20ZIssue Tracker
Redmine Rudder - Bug #22442 (New): Could not open database txn cf_state.lmdb: Invalid argumenthttps://issues.rudder.io/issues/224422023-03-08T09:51:20ZAlexander Brunhirl
<p>Hi,</p>
<p>after upgrading Rudder from 6.2.13 to 7.2.4 we found the following cf-agent errors in our logs.<br />This happend on CentOS 7/RHEL 7, SLES12 SP5, SLES15 SP3, SLES15 SP4</p>
<pre><code class="shell syntaxhl" data-language="shell"><span class="o">[</span>tux@linux ~]<span class="nv">$ </span><span class="nb">sudo </span>journalctl <span class="nt">--priority</span> err
<span class="o">[</span>...]
Mar 08 07:44:41 linux cf-agent[11801]: CFEngine<span class="o">(</span>agent<span class="o">)</span> rudder Could not open database txn /var/rudder/cfengine-community/state/cf_state.lmdb: Invalid argument
Mar 08 07:44:41 linux cf-agent[11801]: CFEngine<span class="o">(</span>agent<span class="o">)</span> rudder While persisting class, unable to open database at <span class="s1">'/var/rudder/cfengine-community/state/cf_state.lmdb'</span> <span class="o">(</span>OpenDB: Resource temporarily unavailable<span class="o">)</span>
Mar 08 07:44:41 linux cf-agent[11801]: CFEngine<span class="o">(</span>agent<span class="o">)</span> rudder Could not open database txn /var/rudder/cfengine-community/state/cf_state.lmdb: Invalid argument
Mar 08 07:44:41 linux cf-agent[11801]: CFEngine<span class="o">(</span>agent<span class="o">)</span> rudder Could not open database txn /var/rudder/cfengine-community/state/cf_state.lmdb: Invalid argument
Mar 08 07:44:41 linux cf-agent[11801]: CFEngine<span class="o">(</span>agent<span class="o">)</span> rudder While persisting class, unable to open database at <span class="s1">'/var/rudder/cfengine-community/state/cf_state.lmdb'</span> <span class="o">(</span>OpenDB: Resource temporarily unavailable<span class="o">)</span>
Mar 08 07:44:41 linux cf-agent[11801]: CFEngine<span class="o">(</span>agent<span class="o">)</span> rudder Could not open database txn /var/rudder/cfengine-community/state/cf_state.lmdb: Invalid argument
Mar 08 07:44:41 linux cf-agent[11801]: CFEngine<span class="o">(</span>agent<span class="o">)</span> rudder Could not open database txn /var/rudder/cfengine-community/state/cf_state.lmdb: Invalid argument
Mar 08 07:44:41 linux cf-agent[11801]: CFEngine<span class="o">(</span>agent<span class="o">)</span> rudder While persisting class, unable to open database at <span class="s1">'/var/rudder/cfengine-community/state/cf_state.lmdb'</span> <span class="o">(</span>OpenDB: Resource temporarily unavailable<span class="o">)</span>
Mar 08 07:44:41 linux cf-agent[11801]: CFEngine<span class="o">(</span>agent<span class="o">)</span> rudder Could not open database txn /var/rudder/cfengine-community/state/cf_state.lmdb: Invalid argument
Mar 08 07:44:41 linux cf-agent[11801]: CFEngine<span class="o">(</span>agent<span class="o">)</span> rudder Could not open database txn /var/rudder/cfengine-community/state/cf_state.lmdb: Invalid argument
Mar 08 07:44:41 linux cf-agent[11801]: CFEngine<span class="o">(</span>agent<span class="o">)</span> rudder While persisting class, unable to open database at <span class="s1">'/var/rudder/cfengine-community/state/cf_state.lmdb'</span> <span class="o">(</span>OpenDB: Resource temporarily unavailable<span class="o">)</span>
Mar 08 07:44:41 linux cf-agent[11801]: CFEngine<span class="o">(</span>agent<span class="o">)</span> rudder Could not open database txn /var/rudder/cfengine-community/state/cf_state.lmdb: Invalid argument
<span class="o">[</span>...]
<span class="o">[</span>tux@linux ~]<span class="nv">$ </span><span class="nb">sudo </span>rudder agent info
General
Hostname: linux.example.com
UUID: 32cd0812-248c-473c-b289-20ad2b5f24eb
Policy server: rudder.example.com
Role: node
Version: 7.2.4
Policies
Status: enabled
Report mode: changes-only
Run interval: 10 min
Forced audit mode: no
Configuration <span class="nb">id</span>: 20230303-122535-cfc4ea7a
Policy updated: 2023-03-08 07:49:28
Inventory sent: 2023-03-08 07:42:41
Key/Certificate
Key <span class="nb">hash</span>: <span class="nv">MD5</span><span class="o">=</span>298988589d5b126a23b5867f11f81069
Key <span class="nb">hash</span>: sha256//+Mfzd8IWnZHyTGPXvD8ZST2i04H8k3CtRZ0xjLeykr4<span class="o">=</span>
Cert. fingerprint: EF:DA:1D:BC:29:53:36:C1:D1:D7:06:94:73:4F:EC:6A:05:C6:9D:1C
Key pinning: full
Cert. creation: 2020-09-10
Cert. expiration: 2030-09-08
<span class="o">[</span>tux@linux ~]<span class="nv">$ </span>
<span class="o">[</span>tux@linux ~]<span class="nv">$ </span><span class="nb">sudo </span>rudder agent health
OK
<span class="o">[</span>tux@linux ~]<span class="nv">$ </span><span class="nb">sudo</span> /var/rudder/cfengine-community/bin/cf-agent <span class="nt">--self-diagnostics</span>
self-diagnostics <span class="k">for </span>agent using workdir <span class="s1">'/var/rudder/cfengine-community'</span>
self-diagnostics <span class="k">for </span>agent using inputdir <span class="s1">'/var/rudder/cfengine-community/inputs'</span>
self-diagnostics <span class="k">for </span>agent using logdir <span class="s1">'/var/rudder/cfengine-community'</span>
self-diagnostics <span class="k">for </span>agent using statedir <span class="s1">'/var/rudder/cfengine-community/state'</span>
<span class="o">[</span> YES <span class="o">]</span> Check that agent is bootstrapped: rudder.example.com
<span class="o">[</span> NO <span class="o">]</span> Check <span class="k">if </span>agent is acting as a policy server: Not acting as a policy server
<span class="o">[</span> YES <span class="o">]</span> Check private key: OK at <span class="s1">'/var/rudder/cfengine-community/ppkeys/localhost.priv'</span>
<span class="o">[</span> NO <span class="o">]</span> Check public key: Public key at <span class="s1">'/var/rudder/cfengine-community/ppkeys/localhost.pub'</span> had size 775 bytes, expected 426 bytes
<span class="o">[</span> NO <span class="o">]</span> Check persistent classes DB: Unable to diagnose LMDB file <span class="o">(</span>not implemented<span class="o">)</span> <span class="k">for</span> <span class="s1">'/var/rudder/cfengine-community/state/cf_state.lmdb'</span>
<span class="o">[</span> NO <span class="o">]</span> Check checksums DB: Unable to diagnose LMDB file <span class="o">(</span>not implemented<span class="o">)</span> <span class="k">for</span> <span class="s1">'/var/rudder/cfengine-community/state/checksum_digests.lmdb'</span>
<span class="o">[</span> NO <span class="o">]</span> Check observations DB: Unable to diagnose LMDB file <span class="o">(</span>not implemented<span class="o">)</span> <span class="k">for</span> <span class="s1">'/var/rudder/cfengine-community/state/cf_observations.lmdb'</span>
<span class="o">[</span> NO <span class="o">]</span> Check file stats DB: Unable to diagnose LMDB file <span class="o">(</span>not implemented<span class="o">)</span> <span class="k">for</span> <span class="s1">'/var/rudder/cfengine-community/state/stats.lmdb'</span>
<span class="o">[</span> NO <span class="o">]</span> Check locks DB: Unable to diagnose LMDB file <span class="o">(</span>not implemented<span class="o">)</span> <span class="k">for</span> <span class="s1">'/var/rudder/cfengine-community/state/cf_lock.lmdb'</span>
<span class="o">[</span> NO <span class="o">]</span> Check performance DB: Unable to diagnose LMDB file <span class="o">(</span>not implemented<span class="o">)</span> <span class="k">for</span> <span class="s1">'/var/rudder/cfengine-community/state/performance.lmdb'</span>
<span class="o">[</span> NO <span class="o">]</span> Check lastseen DB: Unable to diagnose LMDB file <span class="o">(</span>not implemented<span class="o">)</span> <span class="k">for</span> <span class="s1">'/var/rudder/cfengine-community/state/cf_lastseen.lmdb'</span>
<span class="o">[</span>tux@linux ~]<span class="nv">$ </span>
</code></pre> Rudder tools - Bug #18894 (New): Technique Package repository keys (RPM/APT) - The key's content ...https://issues.rudder.io/issues/188942021-02-11T11:25:07ZAlexander Brunhirl
<p>Hi,</p>
<p>I tried to import the Google GPG keys for Kubernetes [1].<br />Unfortunatly for the first GPG key [2] which uses the default Technique "Package repository keys (RPM/APT)" creates an error "The key's content contains multiple pubkeys!". The second GPG key [3] which does not contain any additional public key is imported without any issues.</p>
<pre><code class="text syntaxhl" data-language="text">rudder:~ # sudo rudder agent run -q
Rudder agent 6.1.3.release
Node uuid: 45f243a9-d781-4c54-a5c5-f00c482371a1
ok: Rudder agent policies were updated.
Start execution with config [20210211-111248-1aecf0]
M| State Technique Component Key Message
E| repaired repoGpgKeyManagement Repository GPG Key Manag| F09C394C3E1BA8D5 The GPG Key was imported successfully
E| error repoGpgKeyManagement Repository GPG Key Manag| 48419E688DD52AC0 The key's content contains multiple pubkeys!
## Summary #####################################################################
Not all components were displayed because we are not in full compliance mode. Please run with -g to force full compliance mode.
=> 2 components in Enforce mode
-> 1 repaired
-> 1 error
Execution time: 32.89s
################################################################################
Reports sent.
rudder:~ #
rudder:~ # gpg --keyid-format=long rpm-package-key.gpg
pub 2048R/F09C394C3E1BA8D5 2015-06-24 Google Cloud Packages RPM Signing Key <gc-team@google.com>
rudder:~ # gpg --keyid-format=long ./yum-key.gpg
pub 2048R/3746C208A7317B0F 2015-04-03 Google Cloud Packages Automatic Signing Key <gc-team@google.com>
pub 2048R/6A030B21BA07F4FB 2018-04-01 Google Cloud Packages Automatic Signing Key <gc-team@google.com>
pub 2048R/8B57C5C2836F4BEB 2020-12-04 gLinux Rapture Automatic Signing Key (//depot/google3/production/borg/cloud-rapture/keys/cloud-rapture-pubkeys/cloud-rapture-signing-key-2020-12-03-16_0
8_05.pub) <glinux-team@google.com>
sub 2048R/48419E688DD52AC0 2020-12-04
rudder:~ #
rudder:~ # rpm --import ./yum-key.gpg
rudder:~ # rpm -q --last gpg-pubkey-* |head -2
gpg-pubkey-836f4beb-5fc97e5e Thu 11 Feb 2021 11:15:01 AM UTC
gpg-pubkey-3e1ba8d5-558ab6a8 Thu 11 Feb 2021 11:12:55 AM UTC
rudder:~ #
</code></pre>
<p>Best regards<br />Alex</p>
<p>[1] <a class="external" href="https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#installing-kubeadm-kubelet-and-kubectl">https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#installing-kubeadm-kubelet-and-kubectl</a><br />[2] <a class="external" href="https://packages.cloud.google.com/yum/doc/yum-key.gpg">https://packages.cloud.google.com/yum/doc/yum-key.gpg</a><br />[3] <a class="external" href="https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg">https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg</a></p> Rudder - User story #18229 (New): Add "Trigger Inventory" option to node Compliance reportshttps://issues.rudder.io/issues/182292020-09-18T13:52:47ZAlexander Brunhirl
<p>Hi,</p>
<p>for some users it would be useful to include a button to trigger a node Inventory similar to "trigger Agent run" (see screenshot).<br />Also an API implementation <code>/rudder/api/latest/nodes/{nodeId}/applyInventory</code> ( like [1] ) would be nice.</p>
<p>Best regards,<br />Alex</p>
<p>[1] <a class="external" href="https://docs.rudder.io/api/#operation/applyNode">https://docs.rudder.io/api/#operation/applyNode</a></p> Rudder - User story #17693 (New): Missing filter option in group criteriahttps://issues.rudder.io/issues/176932020-06-10T09:35:14ZAlexander Brunhirl
<p>Hi,</p>
<p>in Groups for the filter criteria with "Group ID" there are some operands missing e.g. != (not equal).<br />It would also be nice to add the matching regex and non-matching regex operands as well.</p>
<p>Best regards,<br />Alex</p>
<p>Rudder version: 6.0.4</p> Rudder - User story #13802 (New): By directive run schedulehttps://issues.rudder.io/issues/138022018-11-12T13:30:00ZAlexander Brunhirl
<p>Hi,</p>
<p>I would be great if there was an advanced option for directive/rules that can be run on demand and once a day (customisable).<br />This shortens the runtime of reports and agent runtime for large environments.</p>
<p>For example:<br />Install the software X via Rule as needed, and then verify this only once a day to ensure compliance.<br />Also make sure that the configuration for sshd meets the requirements for each agent run.</p>
<p>Best regards,<br />Alex</p> Rudder - User story #13796 (New): Local properties via inventoryhttps://issues.rudder.io/issues/137962018-11-11T18:04:29ZAlexander Brunhirl
<p>Hi,</p>
<p>it would be great if we could use the local properties generated in <code>/var/rudder/local/properties.d/</code> and push them into the inventory to be displayed in the node overview ( properties ) and used like normal server defined properties (e.g. in groups and templates).</p>
<p>Best regards,<br />Alex</p> Rudder - User story #12770 (New): python-Jinja2 as recommended packagehttps://issues.rudder.io/issues/127702018-06-11T08:08:09ZAlexander Brunhirl
<p>Hi,</p>
<p>it would be great if you add "python-Jinja2" as a recommended package.</p>
<p>Best regards,<br />Alex</p>
<p>System: OpenSuSE Leap 42.3<br />Agent: 4.3.1-release-1</p> Rudder - User story #11614 (New): CSV exportshttps://issues.rudder.io/issues/116142017-10-17T16:14:42ZAlexander Brunhirl
<p>Hi,</p>
<p>allow CSV export of any tabular views/search results.</p>
<p>Best regards,<br />Alex</p> Rudder - User story #11612 (New): Group search query: missing greater than and lesser than compar...https://issues.rudder.io/issues/116122017-10-17T16:10:51ZAlexander Brunhirl
<p>Hi,</p>
<p>in "group search" the criteria "greater than" or "smaller than" version is missing.<br />Which would be very useful to upgrade software to a certain version.</p>
<p>Best regards,<br />Alex</p> Rudder - User story #11301 (New): missing memory variablehttps://issues.rudder.io/issues/113012017-08-24T15:18:48ZAlexander Brunhirl
<p>Hi,</p>
<p>for some configurations it's necessary to add the systems memory or a fraction.<br />See <a href="https://tracker.mender.io/browse/CFE-395" class="external">CFE-395</a> for further information.</p>
<pre>
# cf-promises --show-vars | egrep -wi 'memory|ram'
#
</pre>
<p>Best regards,<br />Alex</p> Rudder - Enhancement #9578 (New): Ensure that python is presenthttps://issues.rudder.io/issues/95782016-10-28T13:58:25ZAlexandre Anriot
<p>Hello,</p>
<p>We just triggered an issue which happens on minimalist systems (i.e. without Python), when you try to install a package:</p>
<pre>
error: unsupported package module wrapper API version: -1
error: Some error occurred while contacting package module - promise: curl
error: Method 'package_state' failed in some repairs
</pre>
<p>In a such case, contrary to [[<a class="external" href="https://www.rudder-project.org/redmine/issues/9576">https://www.rudder-project.org/redmine/issues/9576</a>]], I guess that it's not possible to add the dependency through a promise as 'package_*' methods are broken?</p>
<p>Thanks.</p> Rudder - Enhancement #9576 (New): Ensure that the python-jinja2 library is presenthttps://issues.rudder.io/issues/95762016-10-28T12:25:29ZAlexandre Anriot
<p>Hello,</p>
<p>At the moment, the rendering of a <em>Jinja2</em> template fails on a server without <em>python-jinja2</em>.</p>
<p>Could it be possible to add the library either:</p>
<p>- In the dependencies of the <em>rudder-agent</em> package ;<br />- Through a promise, when it's needed.</p>
<p>Thanks.</p> Rudder - User story #9575 (New): Display when a technique is not used by any directivehttps://issues.rudder.io/issues/95752016-10-28T12:21:18ZAlexandre Anriot
<p>Hello,</p>
<p>As discussed with Alexis, it could be helpful to display an information / warning in the <em>Technique Editor</em> when a technique is not used by any directive.</p>
<p>Cleaning of deprecated techniques would become easier.</p>
<p>Thanks.</p> Rudder - User story #5942 (New): Let user define the full gecos field in user management techniquehttps://issues.rudder.io/issues/59422014-12-08T12:19:26ZAlexander Brunhirl
<p>Hi,</p>
<p>if there's a comma in the GECOS field, the rule is not be actually applied.</p>
<p>Example Output:<br />Status Success "The user testuser1 ( test user 1 111 49089-XYZ 00_1 ) is already present on the system" <br />Status Repaired "The user testuser2 ( test user 2, 111, 49089-XYZ, 00_2 ) had a wrong fullname"</p>
<p>Directive: User management<br />Directive version: 5.0<br />Rudder version: Rudder v.2.11.5~rc1~git201411220241</p> Rudder - User story #4395 (Discussion): How difficult would be to implement support for system ma...https://issues.rudder.io/issues/43952014-01-20T19:47:50ZAlex Tkachenkoalex.sysadm@gmail.com
<p>This information is actually collected by the fusioninventory and is available as SMANUFACTURER/SMODEL.</p>
<p>However it does not make it to the LDAP and therefore not available for search criteria to build groups. Available fields (i.e. BIOS attrs) are not sufficiently selective.</p>
<p>In our case we have sun and supermicro servers which both have American Megatrends BIOS.</p>
<p>I may be mistaken, but it looks like SMODEL is actually loaded as BIOS Name. Unfortunately, given a sheer number of available Supermicro server models, building a proper search criteria becomes complicated. Besides it does not guarantee that some new model released in the future would be automatically included.</p>
<p>In all considered cases the SMANUFACTURER field clearly identifies the system manufacturer, either Supermicro or Sun Microsystems (well, the later one may now be also "Oracle Corporation", but this is still just two additional cases to consider).</p>