Project

General

Profile

Bug #13674

Compliance error (missing) when a directive is applied by two rules on a node

Added by François ARMAND about 2 months ago. Updated 12 days ago.

Status:
Released
Priority:
N/A
Category:
Web - Compliance & node report
Target version:
Severity:
Major - prevents use of part of Rudder | no simple workaround
User visibility:
Getting started - demo | first install | level 1 Techniques
Effort required:
Very Small
Priority:
0

Description

This is a variant of #11917 but unlike what is there (or what was worked on in #7616), the problem happen with non unique directive like package.

You need to use a non unique technique that support directive by directive generation. Then, Rudder generation miss the fact that in at least one rule, the directive already exists, and should not be done.

In "rudder-directive.cf" we get:

bundle agent rudder_directives {
  methods:
      "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => rudder_reporting_context("8505f47b-83a7-41c3-a4e7-f7b70edaa633","32377fd7-02fd-43d0-aab7-28460a91347b","packageManagement");
      "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => set_dry_run_mode("false");
      "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => disable_reporting;
      "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => package_management_1_2_8505f47b_83a7_41c3_a4e7_f7b70edaa633;
      "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => clean_reporting_context;
      "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => rudder_reporting_context("8505f47b-83a7-41c3-a4e7-f7b70edaa633","7a8522b8-d6f7-41fa-9c23-565966f03931","packageManagement");
      "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => set_dry_run_mode("false");
      "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => disable_reporting;
      "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => package_management_1_2_8505f47b_83a7_41c3_a4e7_f7b70edaa633;
      "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => clean_reporting_context;
      "remove_dry_run_mode"                                                         usebundle => disable_reporting;
      "remove_dry_run_mode"                                                         usebundle => set_dry_run_mode("false");
      "remove_dry_run_mode"                                                         usebundle => clean_reporting_context;

}

And in compliance, we get missing reports, because only one of the directive is executed.

So, we can see that in two way: either we actually want to skip one of the directive (it's the same), and we need to treat non unique directive supporting directive by directive generation as unique one.
Or we can change the directive unique context for directive by directive to make it also use rule id, and in that case we would get the directive executed two times.

I think the correct semantic is to only have one directive in the node, and the other one doesn't showed in the compliance

Associated revisions

Revision 1e202349 (diff)
Added by François ARMAND 26 days ago

Fixes #13674: Compliance error (missing) when a directive is applied by two rules on a node

History

#1 Updated by Alexis MOUSSET about 2 months ago

  • Subject changed from Compiiance error when a directive is applied by two rules on a node to Compliance error when a directive is applied by two rules on a node

#2 Updated by François ARMAND about 2 months ago

  • Subject changed from Compliance error when a directive is applied by two rules on a node to Compliance error (missing) when a directive is applied by two rules on a node

#3 Updated by François ARMAND about 2 months ago

  • Severity set to Major - prevents use of part of Rudder | no simple workaround
  • User visibility set to Getting started - demo | first install | level 1 Techniques
  • Priority changed from 0 to 70

It's major, because it breaks compliance. And it is the kind of things that an user would test in a demo.

#4 Updated by Vincent MEMBRÉ about 1 month ago

  • Target version changed from 4.3.6 to 4.3.7

#5 Updated by François ARMAND about 1 month ago

It should not be hard to correct, most likely a missing unification somewhere. Puting is "very small", at least to know why it would not be so.

#6 Updated by François ARMAND about 1 month ago

  • Effort required set to Very Small
  • Priority changed from 70 to 98

#7 Updated by François ARMAND 26 days ago

  • Priority changed from 98 to 0

So, the correct semantic is:

- keep the first (rule, directive) (sorted alpha-num)
- other ones are marked "overiden"

#8 Updated by François ARMAND 26 days ago

  • Status changed from New to In progress

#9 Updated by François ARMAND 26 days ago

(ie the semantic should be the same than in previous directive).

#10 Updated by François ARMAND 26 days ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Nicolas CHARLES
  • Pull Request set to https://github.com/Normation/rudder/pull/2077

#11 Updated by Normation Quality Assistant 26 days ago

  • Assignee changed from Nicolas CHARLES to François ARMAND

#12 Updated by François ARMAND 26 days ago

  • Status changed from Pending technical review to Pending release

#13 Updated by Nicolas CHARLES 19 days ago

  • Description updated (diff)

#14 Updated by Vincent MEMBRÉ 12 days ago

  • Status changed from Pending release to Released
This bug has been fixed in Rudder 4.3.7 and 5.0.3 which were released today.
Changelog
Changelog

Also available in: Atom PDF