Project

General

Profile

Actions

Bug #10605

closed

Sharing files with "root" does not work

Added by Janos Mattyasovszky almost 7 years ago. Updated over 5 years ago.

Status:
Released
Priority:
N/A
Category:
Techniques
Target version:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Small
Priority:
56
Name check:
Fix check:
Regression:

Description

Usecase:

Share locally generated ssh hostkeys from all Nodes to the Root server.

Error:

The Root server tries to retrieve the files via cf-agent, and not directly access it on the FS (since it's its own policy server), and it appears to not trust itself, because it does not have localhost.pub named by the root-MD=${HASH}.pub format:

rudder  verbose: P: BEGIN promise 'promise_sharedfile_from_node_cf_50' of type "files" (pass 1)
rudder  verbose: P:    Promiser/affected object: '/var/rudder/configuration-repository/sha'
rudder  verbose: P:    From parameterized bundle: sharedfile_from_node( {"752da888-c98b-46a9-81b5-0be9ce22322a","service_hostkey_rsa","/var/rudder/configurati
on-repository/shared-files/hostkeys/752da888-c98b-46a9-81b5-0be9ce22322a.service_hostkey_rsa.pub"})
rudder  verbose: P:    Base context class: any
rudder  verbose: P:    Stack path: /default/rudder_directives/methods/'Process SSH Keys/Process_Service_SSH_keys'/default/Process_Service_SSH_keys/methods/'me
thod_call'/default/sharedfile_from_node/files/'/var/rudder/configuration-repository/shared-files/hostkeys/752da888-c98b-46a9-81b5-0be9ce22322a.service_hostkey
_rsa.pub'[1]
rudder  verbose: File '/var/rudder/configuration-repository/shared-files/hostkeys/752da888-c98b-46a9-81b5-0be9ce22322a.service_hostkey_rsa.pub' copy_from '/var/rudder/shared-files/root/files/752da888-c98b-46a9-81b5-0be9ce22322a/service_hostkey_rsa'
rudder  verbose: FindIdle: no existing connection to '127.0.0.1' is established.
rudder  verbose: Connecting to host 127.0.0.1, port 5309 as address 127.0.0.1
rudder  verbose: Waiting to connect...
rudder  verbose: Setting socket timeout to 30 seconds.
rudder  verbose: Connected to host 127.0.0.1 address 127.0.0.1 port 5309 (socket descriptor 4)
rudder  verbose: TLS version negotiated:  TLSv1.2; Cipher: AES256-GCM-SHA384,TLSv1/SSLv3
rudder  verbose: TLS session established, checking trust...
rudder  verbose: Did not find new key format '/var/rudder/cfengine-community/ppkeys/root-MD5=16340f76b8daa8d895e9633742ca7f50.pub'
rudder  verbose: Trying old style '/var/rudder/cfengine-community/ppkeys/root-127.0.0.1.pub'
rudder  verbose: Received key 'MD5=16340f76b8daa8d895e9633742ca7f50' not found in ppkeys
   error: TRUST FAILED, server presented untrusted key: MD5=16340f76b8daa8d895e9633742ca7f50
rudder  verbose: Connection to 127.0.0.1 is closed
rudder     info: Unable to establish connection to '127.0.0.1'
   error: No suitable server found
rudder  verbose: C:    + promise outcome class 'repair_failed_sharedfile_from_node_service_hostkey_rsa'
rudder  verbose: C:    + promise outcome class 'sharedfile_from_node_service_hostkey_rsa_failed'
rudder  verbose: C:    + promise outcome class 'sharedfile_from_node_service_hostkey_rsa_not_ok'
rudder  verbose: C:    + promise outcome class 'sharedfile_from_node_service_hostkey_rsa_error'
rudder  verbose: C:    + promise outcome class 'sharedfile_from_node_service_hostkey_rsa_not_kept'
rudder  verbose: C:    + promise outcome class 'sharedfile_from_node_service_hostkey_rsa_not_repaired'
rudder  verbose: C:    + promise outcome class 'sharedfile_from_node_service_hostkey_rsa_reached'
rudder     info: Promise belongs to bundle 'sharedfile_from_node' in file '/var/rudder/ncf/common/30_generic_methods/sharedfile_from_node.cf' near line 50
rudder  verbose: A: Promise NOT KEPT!

I can confirm, that symlinking the localhost.pub to the missing by-MD5-Name does solve the issue:

-rw------- 1 root root 1743 Apr  5 16:28 localhost.priv
-rw------- 1 root root  426 Apr  5 16:28 localhost.pub
lrwxrwxrwx 1 root root   13 Apr 18 12:09 root-MD5=16340f76b8daa8d895e9633742ca7f50.pub -> localhost.pub

Agent run now shows repaired:

E| repaired      Process_Service_SSH_keys  Sharedfile from node      service_hostkey_e| Retrieving service_hostkey_ed25519 from 752da888-c98b-46a9-81b5-0be9ce22322a into /var/rudder/configuration-repository/shared-files/hostkeys/752da888-c98b-46a9-81b5-0be9ce22322a.service_hostkey_ed25519.pub was repaired
E| repaired      Process_Service_SSH_keys  Sharedfile from node      service_hostkey_r| Retrieving service_hostkey_rsa from 752da888-c98b-46a9-81b5-0be9ce22322a into /var/rudder/configuration-repository/shared-files/hostkeys/752da888-c98b-46a9-81b5-0be9ce22322a.service_hostkey_rsa.pub was repaired


Subtasks 1 (0 open1 closed)

Bug #13761: Unexpected report caused by parent issueReleasedAlexis MoussetActions

Related issues 2 (0 open2 closed)

Related to Rudder - Bug #10283: Impossible to share file from root serverRejectedBenoît PECCATTEActions
Related to Rudder - Bug #13689: Technique "File download (Rudder server)" does not correctly copy symlink on rudder root serverRejectedAlexis MoussetActions
Actions

Also available in: Atom PDF