Project

General

Profile

Actions

Bug #11168

closed

Search believe that CFEngine agents with "dsc" in their keys are also DSC agent

Added by François ARMAND over 6 years ago. Updated over 6 years ago.

Status:
Released
Priority:
N/A
Category:
Web - Config management
Target version:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
50
Name check:
Fix check:
Regression:

Description

Create an CFEngine agent with a key containing DSC, for ex. one with the following content for 'agentName' attribute:

{"agentType":"cfengine-community","version":"4.2.0.beta2-1.EL.7","securityToken":{"value":"-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEAyXUx8lDOtFca/aDLME1EAtvu9NhLWR74Q5jxnyUii8JujMKqv7Xk\nnsTAa2ivfopbzhNRMLsUPRkYSJEi3w0gBe2iQ9S39oXiiUUTozbV2GpOXQNLOERy\nWMol3ozsJXOuA5/2FtkvW3UxxMCfq2OPEF8Qqg3vfzBRZga5QtKGmSHMpFEDbOxn\nOUzSzN+MFSv9EGY18X61K2/+eicwCvAX9bhLapJcZf/4aIitsYKSsnQEmmR3Ae78\n6SMhDCtvJCjnt/6Pw2MI6F/0tC3xi1dQyXVcGlM8AoPKvHLv7Xmp8wrr0WEyuJlF\nYE6NrACm2kLui+FWDn0xhfm6PXGJYdSCqwIDAQAB\n-----END RSA PUBLIC KEY-----","type":"publicKey"}}

That agent will be found when looking for "agent -> DSC"

{"select":"nodeAndPolicyServer","composition":"And","where":[{"objectType":"node","attribute":"agentName","comparator":"eq","value":"dsc"}]}

Obviously, the search need to only look for the value for key agentType. This is certainly a problem with the JSON search, so referencing #10599 and more specially #10570


Subtasks 2 (0 open2 closed)

Bug #11634: CFEngine agent are not more matched after parent-ticket correctionReleasedFrançois ARMANDActions
Bug #11646: Query to search Only Rudder-agent or cfengine-community only does not matchReleasedFrançois ARMANDActions

Related issues 2 (0 open2 closed)

Related to Rudder - Bug #10599: Impossible to search or build groups based on JSON values in node propertiesReleasedVincent MEMBRÉActions
Related to Rudder - Bug #11583: Rudder creates DSC based group and rules and breaks policy generationReleasedVincent MEMBRÉActions
Actions #1

Updated by François ARMAND over 6 years ago

The proposed criticity is because it can put nodes in incorrect groups, and the user can't do anything about it. This is very bad. And it can happen in the first demo without chance.

Actions #2

Updated by Benoît PECCATTE over 6 years ago

  • Severity set to Major - prevents use of part of Rudder | no simple workaround
  • User visibility set to Operational - other Techniques | Technique editor | Rudder settings
  • Priority changed from 0 to 52
Actions #3

Updated by Vincent MEMBRÉ over 6 years ago

  • Target version changed from 3.1.22 to 3.1.23
Actions #4

Updated by Vincent MEMBRÉ over 6 years ago

  • Target version changed from 3.1.23 to 3.1.24
  • Priority changed from 52 to 51
Actions #5

Updated by François ARMAND over 6 years ago

  • Related to Bug #10599: Impossible to search or build groups based on JSON values in node properties added
Actions #6

Updated by Vincent MEMBRÉ over 6 years ago

  • Status changed from New to In progress
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
Actions #7

Updated by Vincent MEMBRÉ over 6 years ago

  • Target version changed from 3.1.24 to 4.2.1
Actions #8

Updated by Vincent MEMBRÉ over 6 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Vincent MEMBRÉ to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/1752
Actions #9

Updated by François ARMAND over 6 years ago

  • Related to Bug #11583: Rudder creates DSC based group and rules and breaks policy generation added
Actions #10

Updated by François ARMAND over 6 years ago

  • Priority changed from 51 to 50

If you don't have any windows node and you hit #11583 because of that problem, you can execute that command on the Rudder server - note that you will need to execute it again after each Rudder restart:

ldapmodify -xc -H ldap://localhost:389 -D "cn=manager, cn=rudder-configuration" -w $(cat /opt/rudder/etc/rudder-passwords.conf | grep BIND_PASS | cut -d':' -f2) << EOF
dn: nodeGroupId=all-nodes-with-dsc-agent,groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration
changetype: modify
replace: isDynamic
isDynamic: FALSE
-
delete: nodeId
-
EOF
Actions #11

Updated by Vincent MEMBRÉ over 6 years ago

  • Status changed from Pending technical review to Pending release
Actions #12

Updated by Vincent MEMBRÉ over 6 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.2.1 which was released today.

Actions

Also available in: Atom PDF