Project

General

Profile

Actions

Bug #11720

closed

policy generation failure via rudder-reload-cf-served if PATH is restricted.

Added by Florian Heigl about 7 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
N/A
Assignee:
-
Category:
Packaging
Target version:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
0
Name check:
Fix check:
Regression:

Description

I just switched our master to enforcing mode (because otherwise cf-served seems to not run)

Policy generation fails since it seems to call cf-served but doesn't use a path on "service".
"service" here resides at /sbin which isn't in the search path.

What is one supposed to do then?

@(

⇨ Policy update error for process '1381' at 2017-11-13 15:42:19
⇨ Exit code=-2147483648 for hook: '/opt/rudder/etc/hooks.d/policy-generation-finished/50-reload-policy-file-server'.
stdout:
stderr: 'cf-serverd: no process found
/opt/rudder/bin/rudder-reload-cf-serverd: line 13: service: command not found
'@

(For now I have added "/sbin/" to the script but this is not ideal, and seems to be fixed in the package - I'm sure there's some code in the NCF service methods for this you can just re-use)


Related issues 1 (0 open1 closed)

Related to Rudder - Bug #11721: cf-served seems to not work in audit modeRejectedActions
Actions #1

Updated by Benoît PECCATTE about 7 years ago

  • Related to Bug #11721: cf-served seems to not work in audit mode added
Actions #2

Updated by Benoît PECCATTE about 7 years ago

  • Target version set to 4.1.9
  • Severity changed from Critical - prevents main use of Rudder | no workaround | data loss | security to Major - prevents use of part of Rudder | no simple workaround
  • Priority changed from 76 to 52

Does the PATH on your command line contain /sbin ? We'd like to know if it has been altered by Rudder or not.

In this hook we should not use service but "rudder agent" instead. Does it work if you replace :

service rudder-agent restart

in /opt/rudder/bin/rudder-reload-cf-serverd by :

rudder agent stop
rudder agent start
Actions #3

Updated by Vincent MEMBRÉ about 7 years ago

  • Target version changed from 4.1.9 to 4.1.10
Actions #4

Updated by Vincent MEMBRÉ almost 7 years ago

  • Target version changed from 4.1.10 to 4.1.11
  • Priority changed from 52 to 50
Actions #5

Updated by Vincent MEMBRÉ over 6 years ago

  • Target version changed from 4.1.11 to 4.1.12
  • Priority changed from 50 to 48
Actions #6

Updated by Vincent MEMBRÉ over 6 years ago

  • Target version changed from 4.1.12 to 4.1.13
Actions #7

Updated by Benoît PECCATTE over 6 years ago

  • Target version changed from 4.1.13 to 411
  • Priority changed from 48 to 47
Actions #8

Updated by Benoît PECCATTE over 6 years ago

  • Target version changed from 411 to 4.1.13
Actions #9

Updated by Vincent MEMBRÉ over 6 years ago

  • Target version changed from 4.1.13 to 4.1.14
  • Priority changed from 47 to 46
Actions #10

Updated by Benoît PECCATTE over 6 years ago

  • Target version changed from 4.1.14 to 4.1.15
Actions #11

Updated by Vincent MEMBRÉ about 6 years ago

  • Target version changed from 4.1.15 to 4.1.16
  • Priority changed from 46 to 44
Actions #12

Updated by Vincent MEMBRÉ about 6 years ago

  • Target version changed from 4.1.16 to 4.1.17
  • Priority changed from 44 to 43
Actions #13

Updated by Vincent MEMBRÉ about 6 years ago

  • Target version changed from 4.1.17 to 4.1.18
  • Priority changed from 43 to 0
Actions #14

Updated by Vincent MEMBRÉ almost 6 years ago

  • Target version changed from 4.1.18 to 4.1.19
Actions #15

Updated by Alexis Mousset almost 6 years ago

  • Target version changed from 4.1.19 to 4.1.20
Actions #16

Updated by François ARMAND almost 6 years ago

  • Target version changed from 4.1.20 to 4.1.21
Actions #17

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 4.1.21 to 4.1.22
Actions #18

Updated by Benoît PECCATTE over 5 years ago

  • Target version changed from 4.1.22 to 5.0.10
Actions #19

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 5.0.10 to 5.0.11
Actions #20

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 5.0.11 to 5.0.12
Actions #21

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 5.0.12 to 5.0.13
Actions #22

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 5.0.13 to 5.0.14
Actions #23

Updated by Vincent MEMBRÉ about 5 years ago

  • Target version changed from 5.0.14 to 5.0.15
Actions #24

Updated by Vincent MEMBRÉ about 5 years ago

  • Target version changed from 5.0.15 to 5.0.16
Actions #25

Updated by Alexis Mousset almost 5 years ago

  • Target version changed from 5.0.16 to 5.0.17
Actions #26

Updated by Vincent MEMBRÉ over 4 years ago

  • Target version changed from 5.0.17 to 5.0.18
Actions #27

Updated by Vincent MEMBRÉ over 4 years ago

  • Target version changed from 5.0.18 to 5.0.19
Actions #28

Updated by Vincent MEMBRÉ over 4 years ago

  • Target version changed from 5.0.19 to 5.0.20
Actions #29

Updated by Vincent MEMBRÉ about 4 years ago

  • Target version changed from 5.0.20 to 797
Actions #30

Updated by Benoît PECCATTE over 3 years ago

  • Target version changed from 797 to 6.1.14
Actions #31

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.1.14 to 6.1.15
Actions #32

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.1.15 to 6.1.16
Actions #33

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 6.1.16 to 6.1.17
Actions #34

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 6.1.17 to 6.1.18
Actions #35

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 6.1.18 to 6.1.19
Actions #36

Updated by Alexis Mousset almost 3 years ago

  • Status changed from New to Resolved

we now use systemctl on all servers anyway, closing.

Actions

Also available in: Atom PDF