Issue Tracker: Issueshttps://issues.rudder.io/https://issues.rudder.io/themes/rudder7/favicon/favicon.ico?17096450182024-03-19T09:36:37ZIssue Tracker
Redmine Rudder - Architecture #24532 (Pending release): Scala 3 syntax - branch 7.3 - corehttps://issues.rudder.io/issues/245322024-03-19T09:36:37ZFrançois ARMANDfrancois.armand@rudder.io
<p>Update branch to scala syntax (issue for PR <a class="external" href="https://github.com/Normation/rudder/pull/5393">https://github.com/Normation/rudder/pull/5393</a>)</p> Rudder plugins - Architecture #24530 (Pending release): Scala 3 syntax - branch 8.0 - public plu...https://issues.rudder.io/issues/245302024-03-19T09:23:10ZFrançois ARMANDfrancois.armand@rudder.io
<p>Same as parent, for public plugins</p> Rudder tools - Architecture #23420 (Pending release): Release notes for 8.0 - fixeshttps://issues.rudder.io/issues/234202023-09-13T10:09:57ZAlexis Moussetalexis.mousset@rudder.ioRudder plugins - Bug #21908 (Pending release): Ignore reported batik-util CVEhttps://issues.rudder.io/issues/219082022-10-05T14:02:05ZAlexis Moussetalexis.mousset@rudder.ioRudder plugins - Bug #21828 (Pending release): Fix plugin dependency check - privatehttps://issues.rudder.io/issues/218282022-09-23T09:14:51ZAlexis Moussetalexis.mousset@rudder.ioRudder plugins - Architecture #21396 (Pending release): Add proper tests for plugins-private - b...https://issues.rudder.io/issues/213962022-07-11T08:52:51ZAlexis Moussetalexis.mousset@rudder.io
<pre>
[2022-07-11T08:48:18.298Z] + make scala-plugins-list
[2022-07-11T08:48:18.298Z] Makefile:34: target 'dsc' given more than once in the same rule
[2022-07-11T08:48:18.298Z] Makefile:37: target 'dsc-licensed' given more than once in the same rule
[2022-07-11T08:48:18.298Z] Makefile:40: target 'dsc-nightly' given more than once in the same rule
[2022-07-11T08:48:18.298Z] Makefile:43: target 'dsc-next' given more than once in the same rule
[2022-07-11T08:48:18.298Z] Makefile:46: target 'dsc-nightly-licensed' given more than once in the same rule
[2022-07-11T08:48:18.298Z] Makefile:50: target 'dsc-next-licensed' given more than once in the same rule
[2022-07-11T08:48:18.298Z] Makefile:7: makefiles/global-vars.mk: No such file or directory
[2022-07-11T08:48:18.298Z] make: *** No rule to make target 'makefiles/global-vars.mk'. Stop.
script returned exit code 2
</pre> Rudder tools - Architecture #21342 (Pending release): Dockerize licence scripthttps://issues.rudder.io/issues/213422022-06-28T21:30:39ZAlexis Moussetalexis.mousset@rudder.ioRudder plugins - Bug #21235 (Pending release): Make page titles consistent with main app - publi...https://issues.rudder.io/issues/212352022-06-08T21:05:26ZAlexis Moussetalexis.mousset@rudder.ioScale-out relay - Bug #19998 (New): Command rudder server node-to-relay fails with curl error ab...https://issues.rudder.io/issues/199982021-09-23T10:21:50ZFrançois ARMANDfrancois.armand@rudder.io
<p>It seems to be due to the correction to <a class="issue tracker-1 status-5 priority-16 priority-default closed" title="Bug: Command rudder server node-to-relay may fail with curl error (Released)" href="https://issues.rudder.io/issues/18968">#18968</a>: on debian 9 with scale-out-relay 6.2-1.6 which contains the fix, I get the error:</p>
<pre>
root@server:/home/vagrant# rudder server node-to-relay 44a6d856-1f6c-4900-b70b-17a5c0eac34e
Rudder relay installation script starting, using UUID 44a6d856-1f6c-4900-b70b-17a5c0eac34e.
curl: (5) Could not resolve proxy: ''
Failed to promote 44a6d856-1f6c-4900-b70b-17a5c0eac34e to relay. Code 5
</pre>
<p>And the correction was: <br /><img src="https://issues.rudder.io/attachments/download/1961/clipboard-202109231221-jzcql.png" alt="" loading="lazy" /></p>
<p>Workaround:</p>
<p>- edit /opt/rudder/share/commands/server-node-to-relay<br />- replace <code>--proxy ''</code> by <code>--noproxy '*'</code></p> Rudder - Architecture #19127 (New): Overridden directives in the same rule are missing before a ...https://issues.rudder.io/issues/191272021-04-06T19:38:06ZFrançois ARMANDfrancois.armand@rudder.io
<p>So, in <a class="issue tracker-1 status-5 priority-16 priority-default closed" title="Bug: Overridden directives in the same rule are missing (not even "skipped") (Released)" href="https://issues.rudder.io/issues/19114">#19114</a>, we had missing directive because of a bug.<br />Now, we have the correct behavior, but only after a full regeneration <strong>if</strong> the added directive doesn't change actual configuration.</p>
<p>This is because is the added directive is skipped everywhere, the effective configuration doesn't change on any nodes, so the first step of policy generation that looks if it is necessary to compute new generation say "no, it isn't", then we don't have new expected configuration, and it's expected configuration that are used to check if directives are skipped. <br />That's all because we don't really apply directives to rule, we apply directives to nodes (with a lot of graphe resolution in the middle, involving rules and groups).</p>
<p>Correcting that one would mean that we need to change expected configuration in a case when it's actually not needed (because, well, they don't change) and would lead to poetentially long computation for nothing. I'm not sure about what to do.</p> Rudder - Bug #18945 (New): Manage keys-values in file does not handle correctly duplicateshttps://issues.rudder.io/issues/189452021-02-25T15:38:49ZFélix DALLIDET
<p>The technique does not clean duplicates in files.<br />I had my sysctl.conf with this block:</p>
<pre>
vm.swappiness = 0
vm.swappiness = 0
</pre>
<p>But it did not cleaned it up. I am sure the equivalent GM does clean it.</p> Rudder - Bug #18774 (New): Synchronization method from Relay servers https://issues.rudder.io/issues/187742020-12-21T08:18:33ZMatthew Frost
<p>In the Synchronization method from Relay servers page if you choose rsync and do not select an option (so manual rsync) when hovering over each of the two prompts they imply that you only need to sync /var/rudder/share to the relay and not /var/rudder/share/{relay-uuid}.</p>
<p>I would recommend adding either this Rsync command to the docs and referencing the docs via the prompt in the screen shot or showing the user command like below:</p>
<p>Shared Files:<br />*/5 * * * * rsync -avz -e ssh --archive --checksum --compress --sparse --delete /var/rudder/configuration-repository/shared-files/ root@relay:/var/rudder/configuration-repository/shared-files/</p>
<p>Relay Policies:<br />*/5 * * * * rsync -avz -e ssh --archive --checksum --compress --sparse --delete /var/rudder/share/{UUID-OF-THE-RELAY}/share/ root@relay-xyz:/var/rudder/share/</p> Rudder - Bug #12812 (New): Wrong reports on "File content" when using undefined variableshttps://issues.rudder.io/issues/128122018-06-21T08:11:24ZFélix DALLIDET
<p>I tried to use file content with a call to a undefined variable on rudder 4.3.3</p>
<p>In file content:</p>
<p>file: /tmp/fda<br />value: ${my_prefix.my_name}<br />enforce: true</p>
<p>I end up with a GM reporting "compliant", not a repaired one, creating the file /tmp/fda with the following content:<br />${my_prefix.my_name}</p>
<p>I was expecting an error report, or at least a repaired and a warning.</p> Rudder - User story #12059 (New): Make node post-acceptation properties and run period configurablehttps://issues.rudder.io/issues/120592018-01-29T15:30:11ZFrançois ARMANDfrancois.armand@rudder.io
<p>Like for node state / policy mode (<a class="issue tracker-2 status-5 priority-16 priority-default closed" title="User story: Make node post-acceptation properties configurable (Released)" href="https://issues.rudder.io/issues/11811">#11811</a>), we want to be able to be able to configure:</p>
<p>- predefined set of node properties<br />- run period</p>
<p>for a newly accepted node.</p> Rudder - User story #6248 (Discussion): Manage security attributeshttps://issues.rudder.io/issues/62482015-02-10T14:05:33ZFlorian Heigl
<p>It would be nice[tm] to be able to also set other file permission details than the basic 1970's set.</p>
This means:
<ul>
<li>SElinux Contexts</li>
<li>BSD-style security labels (sys immutable, user appendable) etc.</li>
<li>Unix extended filesystem ACLs (xfs, etc. I think by now even ext might have them)</li>
</ul>
<p>Putting stuff like that in policy would allow people to considerably raise the security level of their systems without the major nightmares involved by manually maintaining this.</p>
<p>Personally I'd just use the SELinux one on folders, recursively and it might be crazy to do that from within cfengine. I.e. think a webserver with a few million files.</p>
<p>I have no idea how people maintain "trusted systems" from configuration management, but will try to get some extra input on that.<br />BSD labels are a different story and nicer to think about.</p>
<p>I.e. setting the right flags on the sshd binary so it's no longer possible for certain interested parties to embed a different ssh key for backdooring.<br />manually, upkeep of such a policy is extremely resource consuming.</p>