Actions
Bug #12248
closedBase bundle apache_acl fails when SSL cert is symlinked
Status:
Resolved
Priority:
N/A
Assignee:
-
Category:
System techniques
Target version:
-
Pull Request:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
0
Name check:
Fix check:
Regression:
Description
Getting an issue with "rudder agent run" after having installed 4.3.0.rc1 on sles12sp3:
E| error DistributePolicy Configure apache ACL Apache ACLs could not be edited
rudder verbose: P: BEGIN promise 'promise_rudder_system_directives_cf_74' of type "methods" (pass 1) rudder verbose: P: Promiser/affected object: 'distributePolicy/Distribute Policy' rudder verbose: P: From parameterized bundle: rudder_system_directives( {"DistributePolicy","result_success","root-DP@@root-distributePolicy@@0","Send inventories to Rudder server","None","No inventory to send",""}) rudder verbose: P: Base context class: any rudder verbose: P: Stack path: /default/rudder_system_directives/methods/'distributePolicy/Distribute Policy'[1] rudder verbose: B: ***************************************************************** rudder verbose: B: BEGIN bundle apache_acl rudder verbose: B: ***************************************************************** rudder verbose: V: ......................................................... rudder verbose: V: BEGIN variables (pass 1) rudder verbose: V: Computing value of 'destination' rudder verbose: V: Computing value of 'ssl_ca_file' rudder verbose: V: Computing value of 'ssl_ca_size' rudder verbose: V: Computing value of 'apache_service' rudder verbose: C: ......................................................... rudder verbose: C: BEGIN classes / conditions (pass 1) rudder verbose: C: + Private class: empty_ssl_ca rudder verbose: C: + Private class: pass1 rudder verbose: Skipping promise 'src_ca_file' because 'if'/'ifvarclass' is not defined rudder verbose: V: ......................................................... rudder verbose: V: BEGIN variables (pass 2) rudder verbose: V: Computing value of 'destination' rudder verbose: V: Computing value of 'ssl_ca_file' rudder verbose: V: Computing value of 'ssl_ca_size' rudder verbose: Skipping promise 'src_ca_file' because 'if'/'ifvarclass' is not defined rudder verbose: V: Computing value of 'src_ca_file' rudder verbose: V: Computing value of 'apache_service' rudder verbose: C: ......................................................... rudder verbose: C: BEGIN classes / conditions (pass 2) rudder verbose: C: + Private class: pass2 rudder verbose: Skipping promise 'src_ca_file' because 'if'/'ifvarclass' is not defined rudder verbose: Using the default body: files_action rudder verbose: P: ......................................................... rudder verbose: P: BEGIN promise 'promise_apache_acl_cf_48' of type "files" (pass 2) rudder verbose: P: Promiser/affected object: '/opt/rudder/etc/ssl/ca.cert' rudder verbose: P: From parameterized bundle: apache_acl( {"DistributePolicy","result_success","root-DP@@root-distributePolicy@@0","Send inventories to Rudder server","None","No inventory to send",""}) rudder verbose: P: Base context class: pass2 rudder verbose: P: Stack path: /default/rudder_system_directives/methods/'distributePolicy/Distribute Policy'/default/apache_acl/files/'/opt/rudder/etc/ssl/ca.cert'[1] rudder verbose: P: rudder verbose: P: Comment: Writing rudder apache ACL rudder verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder apache ACL' rudder verbose: File '/opt/rudder/etc/ssl/ca.cert' exists as promised rudder verbose: C: + promise outcome class 'rudder_apache_acl_kept' rudder verbose: C: + promise outcome class 'rudder_apache_acl_ok' rudder verbose: Handling file existence constraints on '/opt/rudder/etc/ssl/ca.cert' rudder verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder apache ACL' rudder verbose: File permissions on '/opt/rudder/etc/ssl/ca.cert' as promised rudder verbose: C: + promise outcome class 'rudder_apache_acl_kept' rudder verbose: C: + promise outcome class 'rudder_apache_acl_ok' rudder verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder apache ACL' rudder verbose: Basedir '/opt/rudder/etc/ssl/ca.cert' not promising anything rudder verbose: C: + promise outcome class 'rudder_apache_acl_kept' rudder verbose: C: + promise outcome class 'rudder_apache_acl_ok' rudder verbose: File '/opt/rudder/etc/ssl/ca.cert' copy_from '/opt/rudder/etc/ssl/rudder.crt' rudder verbose: Destination file '/opt/rudder/etc/ssl/ca.cert' already exists rudder verbose: Checksum comparison replaced by ctime: files not regular rudder verbose: Image file '/opt/rudder/etc/ssl/ca.cert' has a wrong digest/checksum, should be copy of '/opt/rudder/etc/ssl/rudder.crt' rudder verbose: Checking link from '/opt/rudder/etc/ssl/ca.cert' to 'sles12sp3.fqdn.crt' error: Object '/opt/rudder/etc/ssl/ca.cert' exists and is obstructing our promise rudder verbose: C: + promise outcome class 'rudder_apache_acl_failed' rudder verbose: C: + promise outcome class 'rudder_apache_acl_error' error: Unable to create link '/opt/rudder/etc/ssl/ca.cert' -> './sles12sp3.fqdn.crt', failed to move obstruction rudder verbose: C: + promise outcome class 'rudder_apache_acl_failed' rudder verbose: C: + promise outcome class 'rudder_apache_acl_error' rudder verbose: Handling file existence constraints on '/opt/rudder/etc/ssl/ca.cert' rudder verbose: Handling file existence constraints on '/opt/rudder/etc/ssl/ca.cert' rudder verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder apache ACL' rudder verbose: File permissions on '/opt/rudder/etc/ssl/ca.cert' as promised rudder verbose: C: + promise outcome class 'rudder_apache_acl_kept' rudder verbose: C: + promise outcome class 'rudder_apache_acl_ok' rudder verbose: A: Promise was KEPT rudder verbose: P: END files promise (/opt/rudder/etc/ssl/ca.cert)
I am even not sure what this file tries to accomplish after looking at it...
Updated by Benoît PECCATTE about 6 years ago
This is indeed weird, this files tries to fill the ca.cert from rudder.crt which can only work if the user has not touched rudder's certificate.
We need to handle this case at postinstall and not in promises : copy rudder.crt to ca.cert only if it doesn't exist.
Updated by Benoît PECCATTE almost 6 years ago
- User visibility changed from Getting started - demo | first install | level 1 Techniques to Operational - other Techniques | Technique editor | Rudder settings
- Priority changed from 50 to 32
Updated by Alexis Mousset about 2 years ago
- Status changed from New to Resolved
- Priority changed from 32 to 0
Fixed in 7.0, the users can now manage their own certificates.
Actions