Bug #11168
closed
Search believe that CFEngine agents with "dsc" in their keys are also DSC agent
Description
Create an CFEngine agent with a key containing DSC, for ex. one with the following content for 'agentName' attribute:
{"agentType":"cfengine-community","version":"4.2.0.beta2-1.EL.7","securityToken":{"value":"-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEAyXUx8lDOtFca/aDLME1EAtvu9NhLWR74Q5jxnyUii8JujMKqv7Xk\nnsTAa2ivfopbzhNRMLsUPRkYSJEi3w0gBe2iQ9S39oXiiUUTozbV2GpOXQNLOERy\nWMol3ozsJXOuA5/2FtkvW3UxxMCfq2OPEF8Qqg3vfzBRZga5QtKGmSHMpFEDbOxn\nOUzSzN+MFSv9EGY18X61K2/+eicwCvAX9bhLapJcZf/4aIitsYKSsnQEmmR3Ae78\n6SMhDCtvJCjnt/6Pw2MI6F/0tC3xi1dQyXVcGlM8AoPKvHLv7Xmp8wrr0WEyuJlF\nYE6NrACm2kLui+FWDn0xhfm6PXGJYdSCqwIDAQAB\n-----END RSA PUBLIC KEY-----","type":"publicKey"}}
That agent will be found when looking for "agent -> DSC"
{"select":"nodeAndPolicyServer","composition":"And","where":[{"objectType":"node","attribute":"agentName","comparator":"eq","value":"dsc"}]}
Obviously, the search need to only look for the value for key agentType. This is certainly a problem with the JSON search, so referencing #10599 and more specially #10570
Updated by François ARMAND over 7 years ago
The proposed criticity is because it can put nodes in incorrect groups, and the user can't do anything about it. This is very bad. And it can happen in the first demo without chance.
Updated by Benoît PECCATTE over 7 years ago
- Severity set to Major - prevents use of part of Rudder | no simple workaround
- User visibility set to Operational - other Techniques | Technique editor | Rudder settings
- Priority changed from 0 to 52
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.22 to 3.1.23
Updated by Vincent MEMBRÉ about 7 years ago
- Target version changed from 3.1.23 to 3.1.24
- Priority changed from 52 to 51
Updated by François ARMAND about 7 years ago
- Related to Bug #10599: Impossible to search or build groups based on JSON values in node properties added
Updated by Vincent MEMBRÉ about 7 years ago
- Status changed from New to In progress
- Assignee changed from François ARMAND to Vincent MEMBRÉ
Updated by Vincent MEMBRÉ about 7 years ago
- Target version changed from 3.1.24 to 4.2.1
Updated by Vincent MEMBRÉ about 7 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Vincent MEMBRÉ to François ARMAND
- Pull Request set to https://github.com/Normation/rudder/pull/1752
Updated by François ARMAND about 7 years ago
- Related to Bug #11583: Rudder creates DSC based group and rules and breaks policy generation added
Updated by François ARMAND about 7 years ago
- Priority changed from 51 to 50
If you don't have any windows node and you hit #11583 because of that problem, you can execute that command on the Rudder server - note that you will need to execute it again after each Rudder restart:
ldapmodify -xc -H ldap://localhost:389 -D "cn=manager, cn=rudder-configuration" -w $(cat /opt/rudder/etc/rudder-passwords.conf | grep BIND_PASS | cut -d':' -f2) << EOF dn: nodeGroupId=all-nodes-with-dsc-agent,groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration changetype: modify replace: isDynamic isDynamic: FALSE - delete: nodeId - EOF
Updated by Vincent MEMBRÉ about 7 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|bd64dbe2678696f5e26d121c5e7052794f600356.
Updated by Vincent MEMBRÉ about 7 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 4.2.1 which was released today.
- 4.2.1: Announce Changelog
- Download: https://www.rudder-project.org/site/get-rudder/downloads/