Project

General

Profile

Bug #12732

When policies have wrong permissions (660), agent cannot be executed, and reload server fails, it breaks the generation, and prevent correcting the permission

Added by Nicolas CHARLES 6 months ago. Updated 5 months ago.

Status:
Released
Priority:
N/A
Category:
Web - Config management
Target version:
Severity:
User visibility:
Effort required:
Priority:
0

Description

Somehow, on two instances (rudder 4.2 debian, centos7 rudder 4.3), my policies are in 660 mode

Policy generation doesn't stop

[2018-06-01 15:43:14] DEBUG hooks - Run hook: '/opt/rudder/etc/hooks.d/policy-generation-finished/50-reload-policy-file-server' with environment parameters: [RUDDER_GENERATION_DATETIME:2018-06-01T15:43:12.092+02:00] [RUDDER_END_GENERATION_DATETIME:2018-06-01T15:43:14.702+02:00] [RUDDER_NODE_IDS:root] [RUDDER_NUMBER_NODES_UPDATED:1] [RUDDER_ROOT_POLICY_SERVER_UPDATED:0] [RUDDER_NODEIDS:root]
[2018-06-01 15:43:14] TRACE hooks - System environment variables: [PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin] [OLDPWD:/] [PWD:/opt/rudder/jetty7] [SHLVL:1] [_:/sbin/start-stop-daemon]
[2018-06-01 15:43:42] TRACE hooks -   -> results: Exit code=0 for hook: '/opt/rudder/etc/hooks.d/policy-generation-finished/50-reload-policy-file-server'.
[2018-06-01 15:43:42] TRACE hooks -   -> stdout : 
[2018-06-01 15:43:42] TRACE hooks -   -> stderr : cf-serverd: no process found

[2018-06-01 15:43:42] DEBUG hooks - Done in 28252 ms: '/opt/rudder/etc/hooks.d/policy-generation-finished' with environment parameters: [RUDDER_GENERATION_DATETIME:2018-06-01T15:43:12.092+02:00] [RUDDER_END_GENERATION_DATETIME:2018-06-01T15:43:14.702+02:00] [RUDDER_NODE_IDS:root] [RUDDER_NUMBER_NODES_UPDATED:1] [RUDDER_ROOT_POLICY_SERVER_UPDATED:0] [RUDDER_NODEIDS:root]
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Post-policy-generation hooks ran in 28258 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Timing summary:
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Run pre-gen scripts hooks :         16 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Run pre-gen modules hooks :          0 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Fetch all information     :        249 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Historize names           :         93 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Build current rule values :          1 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Build target configuration:         64 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Update rule vals          :          5 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Increment rule serials    :         21 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Write node configurations :       2033 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Save expected reports     :         72 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Run post generation hooks :      28258 ms
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Number of nodes updated   :          1   
[2018-06-01 15:43:42] DEBUG com.normation.rudder.services.policies.PromiseGenerationServiceImpl - Policy generation completed in 30871 ms
[2018-06-01 15:43:42] INFO  com.normation.rudder.batch.AsyncDeploymentAgent - Successful policy update '3' [started 2018-06-01 15:43:12 - ended 2018-06-01 15:43:42]
(END)

(i had to kill process)
and the 90_change_permission doesn't run either
So i got stuck with non runnable policies

Targeting to 4.1 because hooks running probably didn't change


Related issues

Related to Rudder - Bug #11347: Windows node show an empty Certificate Hash field in node detailsReleased

Associated revisions

Revision 0c19b6e7 (diff)
Added by Nicolas CHARLES 6 months ago

Fixes #12732: When policies have wrong permissions (660), agent cannot be executed, and reload server fails, but it doesn't break the generation, and prevent correcting the permission

History

#1 Updated by Nicolas CHARLES 6 months ago

actually, it timed-out after a lot of minutes for one node, but still it doesn't fix anything

#2 Updated by Nicolas CHARLES 6 months ago

  • Assignee set to Nicolas CHARLES
  • Target version changed from 4.1.13 to 4.2.7

Permission of hook 90-change-perms what changed in #11347

#3 Updated by Nicolas CHARLES 6 months ago

  • Related to Bug #11347: Windows node show an empty Certificate Hash field in node details added

#4 Updated by Nicolas CHARLES 6 months ago

  • Status changed from New to In progress

#5 Updated by Nicolas CHARLES 6 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/1956

#6 Updated by Nicolas CHARLES 6 months ago

  • Status changed from Pending technical review to Pending release

#7 Updated by Nicolas CHARLES 6 months ago

  • Subject changed from When policies have wrong permissions (660), agent cannot be executed, and reload server fails, but it doesn't break the generation, and prevent correcting the permission to When policies have wrong permissions (660), agent cannot be executed, and reload server fails, it breaks the generation, and prevent correcting the permission

#8 Updated by Vincent MEMBRÉ 5 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.2.7 and 4.3.3 which were released today.

Also available in: Atom PDF