Bug #13674
closedCompliance error (missing) when a directive is applied by two rules on a node
Description
This is a variant of #11917 but unlike what is there (or what was worked on in #7616), the problem happen with non unique directive like package.
You need to use a non unique technique that support directive by directive generation. Then, Rudder generation miss the fact that in at least one rule, the directive already exists, and should not be done.
In "rudder-directive.cf" we get:
bundle agent rudder_directives { methods: "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => rudder_reporting_context("8505f47b-83a7-41c3-a4e7-f7b70edaa633","32377fd7-02fd-43d0-aab7-28460a91347b","packageManagement"); "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => set_dry_run_mode("false"); "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => disable_reporting; "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => package_management_1_2_8505f47b_83a7_41c3_a4e7_f7b70edaa633; "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => clean_reporting_context; "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => rudder_reporting_context("8505f47b-83a7-41c3-a4e7-f7b70edaa633","7a8522b8-d6f7-41fa-9c23-565966f03931","packageManagement"); "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => set_dry_run_mode("false"); "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => disable_reporting; "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => package_management_1_2_8505f47b_83a7_41c3_a4e7_f7b70edaa633; "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => clean_reporting_context; "remove_dry_run_mode" usebundle => disable_reporting; "remove_dry_run_mode" usebundle => set_dry_run_mode("false"); "remove_dry_run_mode" usebundle => clean_reporting_context; }
And in compliance, we get missing reports, because only one of the directive is executed.
So, we can see that in two way: either we actually want to skip one of the directive (it's the same), and we need to treat non unique directive supporting directive by directive generation as unique one.
Or we can change the directive unique context for directive by directive to make it also use rule id, and in that case we would get the directive executed two times.
I think the correct semantic is to only have one directive in the node, and the other one doesn't showed in the compliance
Updated by Alexis Mousset about 6 years ago
- Subject changed from Compiiance error when a directive is applied by two rules on a node to Compliance error when a directive is applied by two rules on a node
Updated by François ARMAND about 6 years ago
- Subject changed from Compliance error when a directive is applied by two rules on a node to Compliance error (missing) when a directive is applied by two rules on a node
Updated by François ARMAND about 6 years ago
- Severity set to Major - prevents use of part of Rudder | no simple workaround
- User visibility set to Getting started - demo | first install | level 1 Techniques
- Priority changed from 0 to 70
It's major, because it breaks compliance. And it is the kind of things that an user would test in a demo.
Updated by Vincent MEMBRÉ about 6 years ago
- Target version changed from 4.3.6 to 4.3.7
Updated by François ARMAND about 6 years ago
It should not be hard to correct, most likely a missing unification somewhere. Puting is "very small", at least to know why it would not be so.
Updated by François ARMAND about 6 years ago
- Effort required set to Very Small
- Priority changed from 70 to 98
Updated by François ARMAND about 6 years ago
- Priority changed from 98 to 0
So, the correct semantic is:
- keep the first (rule, directive) (sorted alpha-num)
- other ones are marked "overiden"
Updated by François ARMAND about 6 years ago
- Status changed from New to In progress
Updated by François ARMAND about 6 years ago
(ie the semantic should be the same than in previous directive).
Updated by François ARMAND about 6 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Nicolas CHARLES
- Pull Request set to https://github.com/Normation/rudder/pull/2077
Updated by Rudder Quality Assistant about 6 years ago
- Assignee changed from Nicolas CHARLES to François ARMAND
Updated by François ARMAND about 6 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|1e20234900cbb9569e781fc9dbae1b7fb7e4ceae.
Updated by Vincent MEMBRÉ about 6 years ago
- Status changed from Pending release to Released