Bug #12248: Base bundle apache_acl fails when SSL cert is symlinked - Rudder - Issue Tracker

Actions

Copy link

Bug #12248

closed

Base bundle apache_acl fails when SSL cert is symlinked

Added by Janos Mattyasovszky about 6 years ago. Updated over 2 years ago.

Status:

Resolved

Priority:

N/A

Assignee:

Category:

System techniques

Target version:

Pull Request:

Severity:

Minor - inconvenience | misleading | easy workaround

UX impact:

User visibility:

Operational - other Techniques | Technique editor | Rudder settings

Effort required:

Priority:

Name check:

Fix check:

Regression:

Description

Getting an issue with "rudder agent run" after having installed 4.3.0.rc1 on sles12sp3:

E| error         DistributePolicy          Configure apache ACL                         Apache ACLs could not be edited

rudder  verbose: P: BEGIN promise 'promise_rudder_system_directives_cf_74' of type "methods" (pass 1)
rudder  verbose: P:    Promiser/affected object: 'distributePolicy/Distribute Policy'
rudder  verbose: P:    From parameterized bundle: rudder_system_directives( {"DistributePolicy","result_success","root-DP@@root-distributePolicy@@0","Send inventories to Rudder server","None","No inventory to send",""})
rudder  verbose: P:    Base context class: any
rudder  verbose: P:    Stack path: /default/rudder_system_directives/methods/'distributePolicy/Distribute Policy'[1]
rudder  verbose: B: *****************************************************************
rudder  verbose: B: BEGIN bundle apache_acl
rudder  verbose: B: *****************************************************************
rudder  verbose: V: .........................................................
rudder  verbose: V: BEGIN variables (pass 1)
rudder  verbose: V:     Computing value of 'destination'
rudder  verbose: V:     Computing value of 'ssl_ca_file'
rudder  verbose: V:     Computing value of 'ssl_ca_size'
rudder  verbose: V:     Computing value of 'apache_service'
rudder  verbose: C: .........................................................
rudder  verbose: C: BEGIN classes / conditions (pass 1)
rudder  verbose: C:     +  Private class: empty_ssl_ca
rudder  verbose: C:     +  Private class: pass1
rudder  verbose: Skipping promise 'src_ca_file' because 'if'/'ifvarclass' is not defined
rudder  verbose: V: .........................................................
rudder  verbose: V: BEGIN variables (pass 2)
rudder  verbose: V:     Computing value of 'destination'
rudder  verbose: V:     Computing value of 'ssl_ca_file'
rudder  verbose: V:     Computing value of 'ssl_ca_size'
rudder  verbose: Skipping promise 'src_ca_file' because 'if'/'ifvarclass' is not defined
rudder  verbose: V:     Computing value of 'src_ca_file'
rudder  verbose: V:     Computing value of 'apache_service'
rudder  verbose: C: .........................................................
rudder  verbose: C: BEGIN classes / conditions (pass 2)
rudder  verbose: C:     +  Private class: pass2
rudder  verbose: Skipping promise 'src_ca_file' because 'if'/'ifvarclass' is not defined
rudder  verbose: Using the default body: files_action
rudder  verbose: P: .........................................................
rudder  verbose: P: BEGIN promise 'promise_apache_acl_cf_48' of type "files" (pass 2)
rudder  verbose: P:    Promiser/affected object: '/opt/rudder/etc/ssl/ca.cert'
rudder  verbose: P:    From parameterized bundle: apache_acl( {"DistributePolicy","result_success","root-DP@@root-distributePolicy@@0","Send inventories to Rudder server","None","No inventory to send",""})
rudder  verbose: P:    Base context class: pass2
rudder  verbose: P:    Stack path: /default/rudder_system_directives/methods/'distributePolicy/Distribute Policy'/default/apache_acl/files/'/opt/rudder/etc/ssl/ca.cert'[1]
rudder  verbose: P:
rudder  verbose: P:    Comment:  Writing rudder apache ACL
rudder  verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder apache ACL'
rudder  verbose: File '/opt/rudder/etc/ssl/ca.cert' exists as promised
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_kept'
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_ok'
rudder  verbose: Handling file existence constraints on '/opt/rudder/etc/ssl/ca.cert'
rudder  verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder apache ACL'
rudder  verbose: File permissions on '/opt/rudder/etc/ssl/ca.cert' as promised
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_kept'
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_ok'
rudder  verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder apache ACL'
rudder  verbose: Basedir '/opt/rudder/etc/ssl/ca.cert' not promising anything
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_kept'
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_ok'
rudder  verbose: File '/opt/rudder/etc/ssl/ca.cert' copy_from '/opt/rudder/etc/ssl/rudder.crt'
rudder  verbose: Destination file '/opt/rudder/etc/ssl/ca.cert' already exists
rudder  verbose: Checksum comparison replaced by ctime: files not regular
rudder  verbose: Image file '/opt/rudder/etc/ssl/ca.cert' has a wrong digest/checksum, should be copy of '/opt/rudder/etc/ssl/rudder.crt'
rudder  verbose: Checking link from '/opt/rudder/etc/ssl/ca.cert' to 'sles12sp3.fqdn.crt'
   error: Object '/opt/rudder/etc/ssl/ca.cert' exists and is obstructing our promise
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_failed'
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_error'
   error: Unable to create link '/opt/rudder/etc/ssl/ca.cert' -> './sles12sp3.fqdn.crt', failed to move obstruction
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_failed'
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_error'
rudder  verbose: Handling file existence constraints on '/opt/rudder/etc/ssl/ca.cert'
rudder  verbose: Handling file existence constraints on '/opt/rudder/etc/ssl/ca.cert'
rudder  verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder apache ACL'
rudder  verbose: File permissions on '/opt/rudder/etc/ssl/ca.cert' as promised
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_kept'
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_ok'
rudder  verbose: A: Promise was KEPT
rudder  verbose: P: END files promise (/opt/rudder/etc/ssl/ca.cert)

I am even not sure what this file tries to accomplish after looking at it...

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries

Bug #12248

Base bundle apache_acl fails when SSL cert is symlinked

Updated by Benoît PECCATTE about 6 years ago

Updated by Benoît PECCATTE almost 6 years ago

Updated by Alexis Mousset over 2 years ago