Bug #14268
closedBroken authorized networks in centos6
Description
When installing a centos6 server, the authorized networks set up with rudder-init does not seems to be immediatly effective.
This can be see easily in rtf, setting up a server and an agent and then running the base scenario on it.
Each inventory coming from the agent will be denied by the server, until another server run is triggered.
Output on the agent:
04:50:56 + info Inventory inventory User list generation tool is not present yet. Skipping... 04:50:56 +rudder info: Edit file '/var/rudder/tmp/inventory/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs' 04:50:56 +rudder info: Edit file '/var/rudder/tmp/inventory/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs' 04:50:56 +rudder info: Copying from 'localhost:/var/rudder/tmp/inventory/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs' 04:50:56 +rudder info: Transforming '/opt/rudder/bin/rudder-sign "/var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs"' 04:50:56 +rudder info: Transformer '/var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs' => '/opt/rudder/bin/rudder-sign "/var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs"' seemed to work ok 04:50:56 +rudder info: Transforming '/bin/gzip -fq /var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs' 04:50:56 +rudder info: Transformer '/var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs' => '/bin/gzip -fq /var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs' seemed to work ok 04:50:56 +rudder info: Transforming '/usr/bin/curl -L -k -1 -f -s --proxy '' --user rudder:rudder -T /var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.sign https://server/inventories/' 04:50:56 + error: Finished command related to promiser '/var/rudder/inventories' -- an error occurred, returned 22 04:50:56 +rudder info: Automatically promoting context scope for 'cant_send_inventory' to namespace visibility, due to persistence 04:50:56 + error: Transformer '/var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.sign' => '/usr/bin/curl -L -k -1 -f -s --proxy '' --user rudder:rudder -T /var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.sign https://server/inventories/' returned error 04:50:56 +rudder info: Transforming '/usr/bin/curl -L -k -1 -f -s --proxy '' --user rudder:rudder -T /var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.gz https://server/inventories/' 04:50:56 + error: Finished command related to promiser '/var/rudder/inventories' -- an error occurred, returned 22 04:50:56 +rudder info: Automatically promoting context scope for 'cant_send_inventory' to namespace visibility, due to persistence 04:50:56 + error: Transformer '/var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.gz' => '/usr/bin/curl -L -k -1 -f -s --proxy '' --user rudder:rudder -T /var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.gz https://server/inventories/' returned error 04:50:56 +E| error Inventory inventory Could not send the inventory 04:50:56 + error: Method 'sendInventory' failed in some repairs 04:50:56 + error: Method 'doInventory_always' failed in some repairs
Apache logs on the rudder server:
04:52:07 [Fri Feb 01 03:50:03 2019] [error] [client 192.168.41.3] client denied by server configuration: /var/rudder/inventories/incoming/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.sign 04:52:07 [Fri Feb 01 03:50:04 2019] [error] [client 192.168.41.3] client denied by server configuration: /var/rudder/inventories/incoming/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.gz 04:52:07 [Fri Feb 01 03:50:54 2019] [error] [client 192.168.41.3] client denied by server configuration: /var/rudder/inventories/incoming/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.sign 04:52:07 [Fri Feb 01 03:50:54 2019] [error] [client 192.168.41.3] client denied by server configuration: /var/rudder/inventories/incoming/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.gz
This problem is centos6 specific, in rudder 4.1 and rudder 4.3
Updated by François ARMAND over 5 years ago
- Target version changed from 4.1.20 to 4.1.21
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 4.1.21 to 4.1.22
Updated by François ARMAND over 5 years ago
- Severity set to Minor - inconvenience | misleading | easy workaround
- User visibility set to Getting started - demo | first install | Technique editor and level 1 Techniques
- Priority changed from 0 to 49
I'm setting it to minor as it is self-correcting, and so an inconvenience.
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 4.1.22 to 4.1.23
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 4.1.23 to 4.1.24
- Priority changed from 49 to 48
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 4.1.24 to 588
- Priority changed from 48 to 47
Updated by Alexis Mousset over 5 years ago
- Status changed from New to Rejected
I think it is an expected behavior: rudder-init sets the allowed network in ldap, but it requires a policy generation + agent run to be effective.
Closing, please reopen with more information if the problem persists after first generation+run.
Updated by Alexis Mousset almost 5 years ago
- Target version changed from 588 to 4.1.24
- Priority changed from 47 to 43