Project

General

Profile

Actions

Bug #10605

closed

Sharing files with "root" does not work

Added by Janos Mattyasovszky over 7 years ago. Updated about 6 years ago.

Status:
Released
Priority:
N/A
Category:
Techniques
Target version:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Small
Priority:
56
Name check:
Fix check:
Regression:

Description

Usecase:

Share locally generated ssh hostkeys from all Nodes to the Root server.

Error:

The Root server tries to retrieve the files via cf-agent, and not directly access it on the FS (since it's its own policy server), and it appears to not trust itself, because it does not have localhost.pub named by the root-MD=${HASH}.pub format:

rudder  verbose: P: BEGIN promise 'promise_sharedfile_from_node_cf_50' of type "files" (pass 1)
rudder  verbose: P:    Promiser/affected object: '/var/rudder/configuration-repository/sha'
rudder  verbose: P:    From parameterized bundle: sharedfile_from_node( {"752da888-c98b-46a9-81b5-0be9ce22322a","service_hostkey_rsa","/var/rudder/configurati
on-repository/shared-files/hostkeys/752da888-c98b-46a9-81b5-0be9ce22322a.service_hostkey_rsa.pub"})
rudder  verbose: P:    Base context class: any
rudder  verbose: P:    Stack path: /default/rudder_directives/methods/'Process SSH Keys/Process_Service_SSH_keys'/default/Process_Service_SSH_keys/methods/'me
thod_call'/default/sharedfile_from_node/files/'/var/rudder/configuration-repository/shared-files/hostkeys/752da888-c98b-46a9-81b5-0be9ce22322a.service_hostkey
_rsa.pub'[1]
rudder  verbose: File '/var/rudder/configuration-repository/shared-files/hostkeys/752da888-c98b-46a9-81b5-0be9ce22322a.service_hostkey_rsa.pub' copy_from '/var/rudder/shared-files/root/files/752da888-c98b-46a9-81b5-0be9ce22322a/service_hostkey_rsa'
rudder  verbose: FindIdle: no existing connection to '127.0.0.1' is established.
rudder  verbose: Connecting to host 127.0.0.1, port 5309 as address 127.0.0.1
rudder  verbose: Waiting to connect...
rudder  verbose: Setting socket timeout to 30 seconds.
rudder  verbose: Connected to host 127.0.0.1 address 127.0.0.1 port 5309 (socket descriptor 4)
rudder  verbose: TLS version negotiated:  TLSv1.2; Cipher: AES256-GCM-SHA384,TLSv1/SSLv3
rudder  verbose: TLS session established, checking trust...
rudder  verbose: Did not find new key format '/var/rudder/cfengine-community/ppkeys/root-MD5=16340f76b8daa8d895e9633742ca7f50.pub'
rudder  verbose: Trying old style '/var/rudder/cfengine-community/ppkeys/root-127.0.0.1.pub'
rudder  verbose: Received key 'MD5=16340f76b8daa8d895e9633742ca7f50' not found in ppkeys
   error: TRUST FAILED, server presented untrusted key: MD5=16340f76b8daa8d895e9633742ca7f50
rudder  verbose: Connection to 127.0.0.1 is closed
rudder     info: Unable to establish connection to '127.0.0.1'
   error: No suitable server found
rudder  verbose: C:    + promise outcome class 'repair_failed_sharedfile_from_node_service_hostkey_rsa'
rudder  verbose: C:    + promise outcome class 'sharedfile_from_node_service_hostkey_rsa_failed'
rudder  verbose: C:    + promise outcome class 'sharedfile_from_node_service_hostkey_rsa_not_ok'
rudder  verbose: C:    + promise outcome class 'sharedfile_from_node_service_hostkey_rsa_error'
rudder  verbose: C:    + promise outcome class 'sharedfile_from_node_service_hostkey_rsa_not_kept'
rudder  verbose: C:    + promise outcome class 'sharedfile_from_node_service_hostkey_rsa_not_repaired'
rudder  verbose: C:    + promise outcome class 'sharedfile_from_node_service_hostkey_rsa_reached'
rudder     info: Promise belongs to bundle 'sharedfile_from_node' in file '/var/rudder/ncf/common/30_generic_methods/sharedfile_from_node.cf' near line 50
rudder  verbose: A: Promise NOT KEPT!

I can confirm, that symlinking the localhost.pub to the missing by-MD5-Name does solve the issue:

-rw------- 1 root root 1743 Apr  5 16:28 localhost.priv
-rw------- 1 root root  426 Apr  5 16:28 localhost.pub
lrwxrwxrwx 1 root root   13 Apr 18 12:09 root-MD5=16340f76b8daa8d895e9633742ca7f50.pub -> localhost.pub

Agent run now shows repaired:

E| repaired      Process_Service_SSH_keys  Sharedfile from node      service_hostkey_e| Retrieving service_hostkey_ed25519 from 752da888-c98b-46a9-81b5-0be9ce22322a into /var/rudder/configuration-repository/shared-files/hostkeys/752da888-c98b-46a9-81b5-0be9ce22322a.service_hostkey_ed25519.pub was repaired
E| repaired      Process_Service_SSH_keys  Sharedfile from node      service_hostkey_r| Retrieving service_hostkey_rsa from 752da888-c98b-46a9-81b5-0be9ce22322a into /var/rudder/configuration-repository/shared-files/hostkeys/752da888-c98b-46a9-81b5-0be9ce22322a.service_hostkey_rsa.pub was repaired


Subtasks 1 (0 open1 closed)

Bug #13761: Unexpected report caused by parent issueReleasedAlexis MoussetActions

Related issues 2 (0 open2 closed)

Related to Rudder - Bug #10283: Impossible to share file from root serverRejectedBenoît PECCATTEActions
Related to Rudder - Bug #13689: Technique "File download (Rudder server)" does not correctly copy symlink on rudder root serverRejectedAlexis MoussetActions
Actions #1

Updated by Janos Mattyasovszky over 7 years ago

  • Description updated (diff)
Actions #2

Updated by Janos Mattyasovszky over 7 years ago

  • Severity changed from Major - prevents use of part of Rudder | no simple workaround to Minor - inconvenience | misleading | easy workaround
  • Found in version (s) 4.1.2 added

Workaround by using ln -s on localhost.pub.

Actions #3

Updated by François ARMAND over 7 years ago

  • Related to Bug #10599: Impossible to search or build groups based on JSON values in node properties added
Actions #4

Updated by François ARMAND over 7 years ago

  • Related to deleted (Bug #10599: Impossible to search or build groups based on JSON values in node properties)
Actions #5

Updated by François ARMAND over 7 years ago

  • Related to Bug #10283: Impossible to share file from root server added
Actions #6

Updated by François ARMAND over 7 years ago

  • Severity changed from Minor - inconvenience | misleading | easy workaround to Major - prevents use of part of Rudder | no simple workaround
  • Effort required set to Small
  • Priority changed from 0 to 44
Actions #7

Updated by Benoît PECCATTE over 7 years ago

  • Priority changed from 44 to 54
Actions #8

Updated by Benoît PECCATTE about 7 years ago

  • Priority changed from 54 to 61
Actions #9

Updated by Benoît PECCATTE over 6 years ago

  • Assignee set to Benoît PECCATTE
  • Priority changed from 61 to 56

This is probably solved, we should check it

Actions #10

Updated by Benoît PECCATTE over 6 years ago

  • Status changed from New to Rejected

This now works, it is used by the centreon plugin successfully.

Actions #11

Updated by Alexis Mousset about 6 years ago

  • Status changed from Rejected to New

Seen it again on 5.0.1, Ubuntu 18.04 with a fresh install.

Reopening. We need at least documentation to work around this issue.

Actions #12

Updated by Nicolas CHARLES about 6 years ago

  • Target version set to 4.1.16
Actions #13

Updated by Nicolas CHARLES about 6 years ago

  • Status changed from New to In progress
  • Assignee changed from Benoît PECCATTE to Nicolas CHARLES
Actions #14

Updated by Nicolas CHARLES about 6 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Alexis Mousset
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/1348
Actions #15

Updated by Nicolas CHARLES about 6 years ago

  • Status changed from Pending technical review to Pending release
Actions #16

Updated by Alexis Mousset about 6 years ago

  • Related to Bug #13689: Technique "File download (Rudder server)" does not correctly copy symlink on rudder root server added
Actions #17

Updated by Vincent MEMBRÉ about 6 years ago

  • Status changed from Pending release to Released
This bug has been fixed in Rudder 4.1.16, 4.3.6 and 5.0.2 which were released today.
Changelog
Changelog
Changelog
Actions

Also available in: Atom PDF