Project

General

Profile

Actions

Bug #13674

closed

Compliance error (missing) when a directive is applied by two rules on a node

Added by François ARMAND about 6 years ago. Updated almost 6 years ago.

Status:
Released
Priority:
N/A
Category:
Web - Compliance & node report
Target version:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Getting started - demo | first install | level 1 Techniques
Effort required:
Very Small
Priority:
0
Name check:
Fix check:
Regression:

Description

This is a variant of #11917 but unlike what is there (or what was worked on in #7616), the problem happen with non unique directive like package.

You need to use a non unique technique that support directive by directive generation. Then, Rudder generation miss the fact that in at least one rule, the directive already exists, and should not be done.

In "rudder-directive.cf" we get:

bundle agent rudder_directives {
  methods:
      "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => rudder_reporting_context("8505f47b-83a7-41c3-a4e7-f7b70edaa633","32377fd7-02fd-43d0-aab7-28460a91347b","packageManagement");
      "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => set_dry_run_mode("false");
      "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => disable_reporting;
      "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => package_management_1_2_8505f47b_83a7_41c3_a4e7_f7b70edaa633;
      "00 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => clean_reporting_context;
      "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => rudder_reporting_context("8505f47b-83a7-41c3-a4e7-f7b70edaa633","7a8522b8-d6f7-41fa-9c23-565966f03931","packageManagement");
      "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => set_dry_run_mode("false");
      "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => disable_reporting;
      "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => package_management_1_2_8505f47b_83a7_41c3_a4e7_f7b70edaa633;
      "50 - Global configuration for all nodes/Install vim with JS textfield param" usebundle => clean_reporting_context;
      "remove_dry_run_mode"                                                         usebundle => disable_reporting;
      "remove_dry_run_mode"                                                         usebundle => set_dry_run_mode("false");
      "remove_dry_run_mode"                                                         usebundle => clean_reporting_context;

}

And in compliance, we get missing reports, because only one of the directive is executed.

So, we can see that in two way: either we actually want to skip one of the directive (it's the same), and we need to treat non unique directive supporting directive by directive generation as unique one.
Or we can change the directive unique context for directive by directive to make it also use rule id, and in that case we would get the directive executed two times.

I think the correct semantic is to only have one directive in the node, and the other one doesn't showed in the compliance

Actions

Also available in: Atom PDF