Project

General

Profile

Actions

Bug #12732

closed

When policies have wrong permissions (660), agent cannot be executed, and reload server fails, it breaks the generation, and prevent correcting the permission

Added by Nicolas CHARLES over 4 years ago. Updated over 4 years ago.

Status:
Released
Priority:
N/A
Category:
Web - Config management
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Regression:

Description

Somehow, on two instances (rudder 4.2 debian, centos7 rudder 4.3), my policies are in 660 mode

Policy generation doesn't stop

[2018-06-01 15:43:14] DEBUG hooks - Run hook: '/opt/rudder/etc/hooks.d/policy-generation-finished/50-reload-policy-file-server' with environment parameters: [RUDDER_GENERATION_DATETIME:2018-06-01T15:43:12.092+02:00] [RUDDER_END_GENERATION_DATETIME:2018-06-01T15:43:14.702+02:00] [RUDDER_NODE_IDS:root] [RUDDER_NUMBER_NODES_UPDATED:1] [RUDDER_ROOT_POLICY_SERVER_UPDATED:0] [RUDDER_NODEIDS:root]
[2018-06-01 15:43:14] TRACE hooks - System environment variables: [PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] [OLDPWD:/] [PWD:/opt/rudder/jetty7] [SHLVL:1] [_:/sbin/start-stop-daemon]
[2018-06-01 15:43:42] TRACE hooks -   -> results: Exit code=0 for hook: '/opt/rudder/etc/hooks.d/policy-generation-finished/50-reload-policy-file-server'.
[2018-06-01 15:43:42] TRACE hooks -   -> stdout : 
[2018-06-01 15:43:42] TRACE hooks -   -> stderr : cf-serverd: no process found

[2018-06-01 15:43:42] DEBUG hooks - Done in 28252 ms: '/opt/rudder/etc/hooks.d/policy-generation-finished' with environment parameters: [RUDDER_GENERATION_DATETIME:2018-06-01T15:43:12.092+02:00] [RUDDER_END_GENERATION_DATETIME:2018-06-01T15:43:14.702+02:00] [RUDDER_NODE_IDS:root] [RUDDER_NUMBER_NODES_UPDATED:1] [RUDDER_ROOT_POLICY_SERVER_UPDATED:0] [RUDDER_NODEIDS:root]
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Post-policy-generation hooks ran in 28258 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Timing summary:
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Run pre-gen scripts hooks :         16 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Run pre-gen modules hooks :          0 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Fetch all information     :        249 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Historize names           :         93 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Build current rule values :          1 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Build target configuration:         64 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Update rule vals          :          5 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Increment rule serials    :         21 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Write node configurations :       2033 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Save expected reports     :         72 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Run post generation hooks :      28258 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Number of nodes updated   :          1   
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Policy generation completed in 30871 ms
[2018-06-01 15:43:42] INFO  com.normation.rudder.batch.AsyncDeploymentAgent - Successful policy update '3' [started 2018-06-01 15:43:12 - ended 2018-06-01 15:43:42]
(END)

(i had to kill process)
and the 90_change_permission doesn't run either
So i got stuck with non runnable policies

Targeting to 4.1 because hooks running probably didn't change


Related issues 1 (0 open1 closed)

Related to Rudder - Bug #11347: Windows node show an empty Certificate Hash field in node detailsReleasedFrançois ARMANDActions
Actions #1

Updated by Nicolas CHARLES over 4 years ago

actually, it timed-out after a lot of minutes for one node, but still it doesn't fix anything

Actions #2

Updated by Nicolas CHARLES over 4 years ago

  • Assignee set to Nicolas CHARLES
  • Target version changed from 4.1.13 to 4.2.7

Permission of hook 90-change-perms what changed in #11347

Actions #3

Updated by Nicolas CHARLES over 4 years ago

  • Related to Bug #11347: Windows node show an empty Certificate Hash field in node details added
Actions #4

Updated by Nicolas CHARLES over 4 years ago

  • Status changed from New to In progress
Actions #5

Updated by Nicolas CHARLES over 4 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/1956
Actions #6

Updated by Nicolas CHARLES over 4 years ago

  • Status changed from Pending technical review to Pending release
Actions #7

Updated by Nicolas CHARLES over 4 years ago

  • Subject changed from When policies have wrong permissions (660), agent cannot be executed, and reload server fails, but it doesn't break the generation, and prevent correcting the permission to When policies have wrong permissions (660), agent cannot be executed, and reload server fails, it breaks the generation, and prevent correcting the permission
Actions #8

Updated by Vincent MEMBRÉ over 4 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.2.7 and 4.3.3 which were released today.

Actions

Also available in: Atom PDF