Project

General

Profile

Actions
Copy link

Bug #11686

closed

Dynamic groups not reloaded after importing archive

Added by Janos Mattyasovszky over 6 years ago. Updated about 6 years ago.

Status:
Rejected
Priority:
N/A
Assignee:
Vincent MEMBRÉ
Category:
Server components
Target version:
-
Pull Request:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Small
Priority:
87
Name check:
Fix check:
Regression:

Description

I did import a complete set (groups, rules etc) of the git-tree within /var/rudder/configuration-repository (GUI Click "latest commit" button).

The policy generation was apparently started, but it generated a policy without re-evaluating the dynamic groups, which caused all nodes to receive a completely different set of policies it should have received with the newly imported stuff :-(

Please, when one imports all objects from the archive, also do a re-evaluation of the dynamic groups.

(I am putting this to "Critical", because even if you do not hit this issue often, there is no easy workaround to make Rudder generate a correct policy after one imports a new policy / group definitions other than disabling all node access (iptables or similar), and make sure the groups are reloaded after the import from git, otherwise there is still a short but existent time when a node could download a set of policy it was never ment to receive, and if you don't know about this, you tend to believe it would work until you realize it's not and sadness, pain and suffering happens.)

Related issues 1 (1 open0 closed)

Related to Rudder - Bug #20520: Error while importing ncf techniques using the restore from latest commit featureNewActions
Actions
Copy link
 #1

Updated by Janos Mattyasovszky over 6 years ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Benoît PECCATTE over 6 years ago

  • User visibility set to Operational - other Techniques | Technique editor | Rudder settings
  • Effort required set to Small
  • Priority changed from 0 to 91
Actions
Copy link
 #3

Updated by Benoît PECCATTE over 6 years ago

  • Assignee set to Vincent MEMBRÉ

Hi Janos, could you send us the webapp logs of when this event occurred (/var/log/rudder/webapp/ )?
This should have been fixed in 4.1.8.

Actions
Copy link
 #4

Updated by Benoît PECCATTE over 6 years ago

Hi Janos, any news on this ?

Actions
Copy link
 #5

Updated by Janos Mattyasovszky over 6 years ago

I'll do a new deployment (hopefully) today with some modifications that include changes in dynamic groups, I'll retest this issue.

Actions
Copy link
 #6

Updated by Benoît PECCATTE over 6 years ago

  • Priority changed from 91 to 89

Did the deployment give any result ?

Actions
Copy link
 #7

Updated by François ARMAND about 6 years ago

  • Status changed from New to Rejected
  • Priority changed from 89 to 87

Janos, I'm closing it to clean our (long) stack of bugs. We tested and it works for us(tm). Of course, if you see any problem on your side, please reopen the ticket.

Actions
Copy link
 #8

Updated by François ARMAND over 2 years ago

  • Related to Bug #20520: Error while importing ncf techniques using the restore from latest commit feature added
Actions
Copy link

Also available in: Atom PDF