Actions
Bug #12248
closedBase bundle apache_acl fails when SSL cert is symlinked
Status:
Resolved
Priority:
N/A
Assignee:
-
Category:
System techniques
Target version:
-
Pull Request:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
0
Name check:
Fix check:
Regression:
Description
Getting an issue with "rudder agent run" after having installed 4.3.0.rc1 on sles12sp3:
E| error DistributePolicy Configure apache ACL Apache ACLs could not be edited
rudder verbose: P: BEGIN promise 'promise_rudder_system_directives_cf_74' of type "methods" (pass 1) rudder verbose: P: Promiser/affected object: 'distributePolicy/Distribute Policy' rudder verbose: P: From parameterized bundle: rudder_system_directives( {"DistributePolicy","result_success","root-DP@@root-distributePolicy@@0","Send inventories to Rudder server","None","No inventory to send",""}) rudder verbose: P: Base context class: any rudder verbose: P: Stack path: /default/rudder_system_directives/methods/'distributePolicy/Distribute Policy'[1] rudder verbose: B: ***************************************************************** rudder verbose: B: BEGIN bundle apache_acl rudder verbose: B: ***************************************************************** rudder verbose: V: ......................................................... rudder verbose: V: BEGIN variables (pass 1) rudder verbose: V: Computing value of 'destination' rudder verbose: V: Computing value of 'ssl_ca_file' rudder verbose: V: Computing value of 'ssl_ca_size' rudder verbose: V: Computing value of 'apache_service' rudder verbose: C: ......................................................... rudder verbose: C: BEGIN classes / conditions (pass 1) rudder verbose: C: + Private class: empty_ssl_ca rudder verbose: C: + Private class: pass1 rudder verbose: Skipping promise 'src_ca_file' because 'if'/'ifvarclass' is not defined rudder verbose: V: ......................................................... rudder verbose: V: BEGIN variables (pass 2) rudder verbose: V: Computing value of 'destination' rudder verbose: V: Computing value of 'ssl_ca_file' rudder verbose: V: Computing value of 'ssl_ca_size' rudder verbose: Skipping promise 'src_ca_file' because 'if'/'ifvarclass' is not defined rudder verbose: V: Computing value of 'src_ca_file' rudder verbose: V: Computing value of 'apache_service' rudder verbose: C: ......................................................... rudder verbose: C: BEGIN classes / conditions (pass 2) rudder verbose: C: + Private class: pass2 rudder verbose: Skipping promise 'src_ca_file' because 'if'/'ifvarclass' is not defined rudder verbose: Using the default body: files_action rudder verbose: P: ......................................................... rudder verbose: P: BEGIN promise 'promise_apache_acl_cf_48' of type "files" (pass 2) rudder verbose: P: Promiser/affected object: '/opt/rudder/etc/ssl/ca.cert' rudder verbose: P: From parameterized bundle: apache_acl( {"DistributePolicy","result_success","root-DP@@root-distributePolicy@@0","Send inventories to Rudder server","None","No inventory to send",""}) rudder verbose: P: Base context class: pass2 rudder verbose: P: Stack path: /default/rudder_system_directives/methods/'distributePolicy/Distribute Policy'/default/apache_acl/files/'/opt/rudder/etc/ssl/ca.cert'[1] rudder verbose: P: rudder verbose: P: Comment: Writing rudder apache ACL rudder verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder apache ACL' rudder verbose: File '/opt/rudder/etc/ssl/ca.cert' exists as promised rudder verbose: C: + promise outcome class 'rudder_apache_acl_kept' rudder verbose: C: + promise outcome class 'rudder_apache_acl_ok' rudder verbose: Handling file existence constraints on '/opt/rudder/etc/ssl/ca.cert' rudder verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder apache ACL' rudder verbose: File permissions on '/opt/rudder/etc/ssl/ca.cert' as promised rudder verbose: C: + promise outcome class 'rudder_apache_acl_kept' rudder verbose: C: + promise outcome class 'rudder_apache_acl_ok' rudder verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder apache ACL' rudder verbose: Basedir '/opt/rudder/etc/ssl/ca.cert' not promising anything rudder verbose: C: + promise outcome class 'rudder_apache_acl_kept' rudder verbose: C: + promise outcome class 'rudder_apache_acl_ok' rudder verbose: File '/opt/rudder/etc/ssl/ca.cert' copy_from '/opt/rudder/etc/ssl/rudder.crt' rudder verbose: Destination file '/opt/rudder/etc/ssl/ca.cert' already exists rudder verbose: Checksum comparison replaced by ctime: files not regular rudder verbose: Image file '/opt/rudder/etc/ssl/ca.cert' has a wrong digest/checksum, should be copy of '/opt/rudder/etc/ssl/rudder.crt' rudder verbose: Checking link from '/opt/rudder/etc/ssl/ca.cert' to 'sles12sp3.fqdn.crt' error: Object '/opt/rudder/etc/ssl/ca.cert' exists and is obstructing our promise rudder verbose: C: + promise outcome class 'rudder_apache_acl_failed' rudder verbose: C: + promise outcome class 'rudder_apache_acl_error' error: Unable to create link '/opt/rudder/etc/ssl/ca.cert' -> './sles12sp3.fqdn.crt', failed to move obstruction rudder verbose: C: + promise outcome class 'rudder_apache_acl_failed' rudder verbose: C: + promise outcome class 'rudder_apache_acl_error' rudder verbose: Handling file existence constraints on '/opt/rudder/etc/ssl/ca.cert' rudder verbose: Handling file existence constraints on '/opt/rudder/etc/ssl/ca.cert' rudder verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder apache ACL' rudder verbose: File permissions on '/opt/rudder/etc/ssl/ca.cert' as promised rudder verbose: C: + promise outcome class 'rudder_apache_acl_kept' rudder verbose: C: + promise outcome class 'rudder_apache_acl_ok' rudder verbose: A: Promise was KEPT rudder verbose: P: END files promise (/opt/rudder/etc/ssl/ca.cert)
I am even not sure what this file tries to accomplish after looking at it...
Actions