Bug #10605: Sharing files with "root" does not work - Rudder - Issue Tracker

Actions

Copy link

Bug #10605

closed

Sharing files with "root" does not work

Added by Janos Mattyasovszky about 7 years ago. Updated over 5 years ago.

Status:

Released

Priority:

N/A

Assignee:

Alexis Mousset

Category:

Techniques

Target version:

4.1.16

Pull Request:

https://github.com/Normation/rudder-t...

Severity:

Major - prevents use of part of Rudder | no simple workaround

UX impact:

User visibility:

Operational - other Techniques | Technique editor | Rudder settings

Effort required:

Small

Priority:

Name check:

Fix check:

Regression:

Description

Usecase:

Share locally generated ssh hostkeys from all Nodes to the Root server.

Error:

The Root server tries to retrieve the files via cf-agent, and not directly access it on the FS (since it's its own policy server), and it appears to not trust itself, because it does not have localhost.pub named by the root-MD=${HASH}.pub format:

rudder  verbose: P: BEGIN promise 'promise_sharedfile_from_node_cf_50' of type "files" (pass 1)
rudder  verbose: P:    Promiser/affected object: '/var/rudder/configuration-repository/sha'
rudder  verbose: P:    From parameterized bundle: sharedfile_from_node( {"752da888-c98b-46a9-81b5-0be9ce22322a","service_hostkey_rsa","/var/rudder/configurati
on-repository/shared-files/hostkeys/752da888-c98b-46a9-81b5-0be9ce22322a.service_hostkey_rsa.pub"})
rudder  verbose: P:    Base context class: any
rudder  verbose: P:    Stack path: /default/rudder_directives/methods/'Process SSH Keys/Process_Service_SSH_keys'/default/Process_Service_SSH_keys/methods/'me
thod_call'/default/sharedfile_from_node/files/'/var/rudder/configuration-repository/shared-files/hostkeys/752da888-c98b-46a9-81b5-0be9ce22322a.service_hostkey
_rsa.pub'[1]
rudder  verbose: File '/var/rudder/configuration-repository/shared-files/hostkeys/752da888-c98b-46a9-81b5-0be9ce22322a.service_hostkey_rsa.pub' copy_from '/var/rudder/shared-files/root/files/752da888-c98b-46a9-81b5-0be9ce22322a/service_hostkey_rsa'
rudder  verbose: FindIdle: no existing connection to '127.0.0.1' is established.
rudder  verbose: Connecting to host 127.0.0.1, port 5309 as address 127.0.0.1
rudder  verbose: Waiting to connect...
rudder  verbose: Setting socket timeout to 30 seconds.
rudder  verbose: Connected to host 127.0.0.1 address 127.0.0.1 port 5309 (socket descriptor 4)
rudder  verbose: TLS version negotiated:  TLSv1.2; Cipher: AES256-GCM-SHA384,TLSv1/SSLv3
rudder  verbose: TLS session established, checking trust...
rudder  verbose: Did not find new key format '/var/rudder/cfengine-community/ppkeys/root-MD5=16340f76b8daa8d895e9633742ca7f50.pub'
rudder  verbose: Trying old style '/var/rudder/cfengine-community/ppkeys/root-127.0.0.1.pub'
rudder  verbose: Received key 'MD5=16340f76b8daa8d895e9633742ca7f50' not found in ppkeys
   error: TRUST FAILED, server presented untrusted key: MD5=16340f76b8daa8d895e9633742ca7f50
rudder  verbose: Connection to 127.0.0.1 is closed
rudder     info: Unable to establish connection to '127.0.0.1'
   error: No suitable server found
rudder  verbose: C:    + promise outcome class 'repair_failed_sharedfile_from_node_service_hostkey_rsa'
rudder  verbose: C:    + promise outcome class 'sharedfile_from_node_service_hostkey_rsa_failed'
rudder  verbose: C:    + promise outcome class 'sharedfile_from_node_service_hostkey_rsa_not_ok'
rudder  verbose: C:    + promise outcome class 'sharedfile_from_node_service_hostkey_rsa_error'
rudder  verbose: C:    + promise outcome class 'sharedfile_from_node_service_hostkey_rsa_not_kept'
rudder  verbose: C:    + promise outcome class 'sharedfile_from_node_service_hostkey_rsa_not_repaired'
rudder  verbose: C:    + promise outcome class 'sharedfile_from_node_service_hostkey_rsa_reached'
rudder     info: Promise belongs to bundle 'sharedfile_from_node' in file '/var/rudder/ncf/common/30_generic_methods/sharedfile_from_node.cf' near line 50
rudder  verbose: A: Promise NOT KEPT!

I can confirm, that symlinking the localhost.pub to the missing by-MD5-Name does solve the issue:

-rw------- 1 root root 1743 Apr  5 16:28 localhost.priv
-rw------- 1 root root  426 Apr  5 16:28 localhost.pub
lrwxrwxrwx 1 root root   13 Apr 18 12:09 root-MD5=16340f76b8daa8d895e9633742ca7f50.pub -> localhost.pub

Agent run now shows repaired:

E| repaired      Process_Service_SSH_keys  Sharedfile from node      service_hostkey_e| Retrieving service_hostkey_ed25519 from 752da888-c98b-46a9-81b5-0be9ce22322a into /var/rudder/configuration-repository/shared-files/hostkeys/752da888-c98b-46a9-81b5-0be9ce22322a.service_hostkey_ed25519.pub was repaired
E| repaired      Process_Service_SSH_keys  Sharedfile from node      service_hostkey_r| Retrieving service_hostkey_rsa from 752da888-c98b-46a9-81b5-0be9ce22322a into /var/rudder/configuration-repository/shared-files/hostkeys/752da888-c98b-46a9-81b5-0be9ce22322a.service_hostkey_rsa.pub was repaired

Subtasks 1 (0 open — 1 closed)

Related issues 2 (0 open — 2 closed)

Actions

Copy link

Updated by Janos Mattyasovszky about 7 years ago

Description updated (diff)

Actions

Copy link

Updated by Janos Mattyasovszky about 7 years ago

Severity changed from Major - prevents use of part of Rudder | no simple workaround to Minor - inconvenience | misleading | easy workaround
Found in version (s) 4.1.2 added

Workaround by using ln -s on localhost.pub.

Actions

Copy link

Updated by François ARMAND almost 7 years ago

Related to Bug #10599: Impossible to search or build groups based on JSON values in node properties added

Actions

Copy link

Updated by François ARMAND almost 7 years ago

Related to deleted (Bug #10599: Impossible to search or build groups based on JSON values in node properties)

Actions

Copy link

Updated by François ARMAND almost 7 years ago

Related to Bug #10283: Impossible to share file from root server added

Actions

Copy link

Updated by François ARMAND almost 7 years ago

Severity changed from Minor - inconvenience | misleading | easy workaround to Major - prevents use of part of Rudder | no simple workaround
Effort required set to Small
Priority changed from 0 to 44

Actions

Copy link

Updated by Benoît PECCATTE almost 7 years ago

Priority changed from 44 to 54

Actions

Copy link

Updated by Benoît PECCATTE over 6 years ago

Priority changed from 54 to 61

Actions

Copy link

Updated by Benoît PECCATTE almost 6 years ago

Assignee set to Benoît PECCATTE
Priority changed from 61 to 56

This is probably solved, we should check it

Actions

Copy link

#10

Updated by Benoît PECCATTE almost 6 years ago

Status changed from New to Rejected

This now works, it is used by the centreon plugin successfully.

Actions

Copy link

#11

Updated by Alexis Mousset over 5 years ago

Status changed from Rejected to New

Seen it again on 5.0.1, Ubuntu 18.04 with a fresh install.

Reopening. We need at least documentation to work around this issue.

Actions

Copy link

#12

Updated by Nicolas CHARLES over 5 years ago

Target version set to 4.1.16

Actions

Copy link

#13

Updated by Nicolas CHARLES over 5 years ago

Status changed from New to In progress
Assignee changed from Benoît PECCATTE to Nicolas CHARLES

Actions

Copy link

#14

Updated by Nicolas CHARLES over 5 years ago

Status changed from In progress to Pending technical review
Assignee changed from Nicolas CHARLES to Alexis Mousset
Pull Request set to https://github.com/Normation/rudder-techniques/pull/1348

PR https://github.com/Normation/rudder-techniques/pull/1348

Actions

Copy link

#15