Project

General

Profile

Actions

Bug #11686

closed

Dynamic groups not reloaded after importing archive

Added by Janos Mattyasovszky about 7 years ago. Updated over 6 years ago.

Status:
Rejected
Priority:
N/A
Category:
Server components
Target version:
-
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Small
Priority:
87
Name check:
Fix check:
Regression:

Description

I did import a complete set (groups, rules etc) of the git-tree within /var/rudder/configuration-repository (GUI Click "latest commit" button).

The policy generation was apparently started, but it generated a policy without re-evaluating the dynamic groups, which caused all nodes to receive a completely different set of policies it should have received with the newly imported stuff :-(

Please, when one imports all objects from the archive, also do a re-evaluation of the dynamic groups.

(I am putting this to "Critical", because even if you do not hit this issue often, there is no easy workaround to make Rudder generate a correct policy after one imports a new policy / group definitions other than disabling all node access (iptables or similar), and make sure the groups are reloaded after the import from git, otherwise there is still a short but existent time when a node could download a set of policy it was never ment to receive, and if you don't know about this, you tend to believe it would work until you realize it's not and sadness, pain and suffering happens.)


Related issues 1 (1 open0 closed)

Related to Rudder - Bug #20520: Error while importing ncf techniques using the restore from latest commit featureNewActions
Actions #1

Updated by Janos Mattyasovszky about 7 years ago

  • Description updated (diff)
Actions #2

Updated by Benoît PECCATTE about 7 years ago

  • User visibility set to Operational - other Techniques | Technique editor | Rudder settings
  • Effort required set to Small
  • Priority changed from 0 to 91
Actions #3

Updated by Benoît PECCATTE about 7 years ago

  • Assignee set to Vincent MEMBRÉ

Hi Janos, could you send us the webapp logs of when this event occurred (/var/log/rudder/webapp/ )?
This should have been fixed in 4.1.8.

Actions #4

Updated by Benoît PECCATTE almost 7 years ago

Hi Janos, any news on this ?

Actions #5

Updated by Janos Mattyasovszky almost 7 years ago

I'll do a new deployment (hopefully) today with some modifications that include changes in dynamic groups, I'll retest this issue.

Actions #6

Updated by Benoît PECCATTE almost 7 years ago

  • Priority changed from 91 to 89

Did the deployment give any result ?

Actions #7

Updated by François ARMAND over 6 years ago

  • Status changed from New to Rejected
  • Priority changed from 89 to 87

Janos, I'm closing it to clean our (long) stack of bugs. We tested and it works for us(tm). Of course, if you see any problem on your side, please reopen the ticket.

Actions #8

Updated by François ARMAND almost 3 years ago

  • Related to Bug #20520: Error while importing ncf techniques using the restore from latest commit feature added
Actions

Also available in: Atom PDF