Project

General

Profile

Actions

Bug #13674

closed

Compliance error (missing) when a directive is applied by two rules on a node

Added by François ARMAND about 6 years ago. Updated almost 6 years ago.

Status:
Released
Priority:
N/A
Category:
Web - Compliance & node report
Target version:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Getting started - demo | first install | level 1 Techniques
Effort required:
Very Small
Priority:
0
Name check:
Fix check:
Regression:

Description

This is a variant of #11917 but unlike what is there (or what was worked on in #7616), the problem happen with non unique directive like package.

You need to use a non unique technique that support directive by directive generation. Then, Rudder generation miss the fact that in at least one rule, the directive already exists, and should not be done.

In "rudder-directive.cf" we get:

bundle agent rudder_directives {
  methods:
      "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => rudder_reporting_context("8505f47b-83a7-41c3-a4e7-f7b70edaa633","32377fd7-02fd-43d0-aab7-28460a91347b","packageManagement");
      "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => set_dry_run_mode("false");
      "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => disable_reporting;
      "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => package_management_1_2_8505f47b_83a7_41c3_a4e7_f7b70edaa633;
      "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => clean_reporting_context;
      "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => rudder_reporting_context("8505f47b-83a7-41c3-a4e7-f7b70edaa633","7a8522b8-d6f7-41fa-9c23-565966f03931","packageManagement");
      "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => set_dry_run_mode("false");
      "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => disable_reporting;
      "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => package_management_1_2_8505f47b_83a7_41c3_a4e7_f7b70edaa633;
      "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => clean_reporting_context;
      "remove_dry_run_mode"                                                         usebundle => disable_reporting;
      "remove_dry_run_mode"                                                         usebundle => set_dry_run_mode("false");
      "remove_dry_run_mode"                                                         usebundle => clean_reporting_context;

}

And in compliance, we get missing reports, because only one of the directive is executed.

So, we can see that in two way: either we actually want to skip one of the directive (it's the same), and we need to treat non unique directive supporting directive by directive generation as unique one.
Or we can change the directive unique context for directive by directive to make it also use rule id, and in that case we would get the directive executed two times.

I think the correct semantic is to only have one directive in the node, and the other one doesn't showed in the compliance

Actions #1

Updated by Alexis Mousset about 6 years ago

  • Subject changed from Compiiance error when a directive is applied by two rules on a node to Compliance error when a directive is applied by two rules on a node
Actions #2

Updated by François ARMAND about 6 years ago

  • Subject changed from Compliance error when a directive is applied by two rules on a node to Compliance error (missing) when a directive is applied by two rules on a node
Actions #3

Updated by François ARMAND about 6 years ago

  • Severity set to Major - prevents use of part of Rudder | no simple workaround
  • User visibility set to Getting started - demo | first install | level 1 Techniques
  • Priority changed from 0 to 70

It's major, because it breaks compliance. And it is the kind of things that an user would test in a demo.

Actions #4

Updated by Vincent MEMBRÉ about 6 years ago

  • Target version changed from 4.3.6 to 4.3.7
Actions #5

Updated by François ARMAND about 6 years ago

It should not be hard to correct, most likely a missing unification somewhere. Puting is "very small", at least to know why it would not be so.

Actions #6

Updated by François ARMAND about 6 years ago

  • Effort required set to Very Small
  • Priority changed from 70 to 98
Actions #7

Updated by François ARMAND about 6 years ago

  • Priority changed from 98 to 0

So, the correct semantic is:

- keep the first (rule, directive) (sorted alpha-num)
- other ones are marked "overiden"

Actions #8

Updated by François ARMAND about 6 years ago

  • Status changed from New to In progress
Actions #9

Updated by François ARMAND about 6 years ago

(ie the semantic should be the same than in previous directive).

Actions #10

Updated by François ARMAND about 6 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Nicolas CHARLES
  • Pull Request set to https://github.com/Normation/rudder/pull/2077
Actions #11

Updated by Rudder Quality Assistant about 6 years ago

  • Assignee changed from Nicolas CHARLES to François ARMAND
Actions #12

Updated by François ARMAND about 6 years ago

  • Status changed from Pending technical review to Pending release
Actions #13

Updated by Nicolas CHARLES about 6 years ago

  • Description updated (diff)
Actions #14

Updated by Vincent MEMBRÉ almost 6 years ago

  • Status changed from Pending release to Released
This bug has been fixed in Rudder 4.3.7 and 5.0.3 which were released today.
Changelog
Changelog
Actions

Also available in: Atom PDF