Project

General

Profile

Actions

Bug #14268

closed

Broken authorized networks in centos6

Added by Félix DALLIDET almost 6 years ago. Updated almost 5 years ago.

Status:
Rejected
Priority:
N/A
Assignee:
-
Category:
Server components
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Getting started - demo | first install | Technique editor and level 1 Techniques
Effort required:
Priority:
43
Name check:
Fix check:
Regression:

Description

When installing a centos6 server, the authorized networks set up with rudder-init does not seems to be immediatly effective.
This can be see easily in rtf, setting up a server and an agent and then running the base scenario on it.

Each inventory coming from the agent will be denied by the server, until another server run is triggered.
Output on the agent:

04:50:56        +   info          Inventory                 inventory                                    User list generation tool is not present yet. Skipping...
04:50:56        +rudder     info: Edit file '/var/rudder/tmp/inventory/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs'
04:50:56        +rudder     info: Edit file '/var/rudder/tmp/inventory/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs'
04:50:56        +rudder     info: Copying from 'localhost:/var/rudder/tmp/inventory/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs'
04:50:56        +rudder     info: Transforming '/opt/rudder/bin/rudder-sign "/var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs"' 
04:50:56        +rudder     info: Transformer '/var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs' => '/opt/rudder/bin/rudder-sign "/var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs"' seemed to work ok
04:50:56        +rudder     info: Transforming '/bin/gzip -fq /var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs' 
04:50:56        +rudder     info: Transformer '/var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs' => '/bin/gzip -fq /var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs' seemed to work ok
04:50:56        +rudder     info: Transforming '/usr/bin/curl -L -k -1 -f -s --proxy '' --user rudder:rudder -T /var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.sign https://server/inventories/' 
04:50:56        +   error: Finished command related to promiser '/var/rudder/inventories' -- an error occurred, returned 22
04:50:56        +rudder     info: Automatically promoting context scope for 'cant_send_inventory' to namespace visibility, due to persistence
04:50:56        +   error: Transformer '/var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.sign' => '/usr/bin/curl -L -k -1 -f -s --proxy '' --user rudder:rudder -T /var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.sign https://server/inventories/' returned error
04:50:56        +rudder     info: Transforming '/usr/bin/curl -L -k -1 -f -s --proxy '' --user rudder:rudder -T /var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.gz https://server/inventories/' 
04:50:56        +   error: Finished command related to promiser '/var/rudder/inventories' -- an error occurred, returned 22
04:50:56        +rudder     info: Automatically promoting context scope for 'cant_send_inventory' to namespace visibility, due to persistence
04:50:56        +   error: Transformer '/var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.gz' => '/usr/bin/curl -L -k -1 -f -s --proxy '' --user rudder:rudder -T /var/rudder/inventories/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.gz https://server/inventories/' returned error
04:50:56        +E| error         Inventory                 inventory                                    Could not send the inventory
04:50:56        +   error: Method 'sendInventory' failed in some repairs
04:50:56        +   error: Method 'doInventory_always' failed in some repairs

Apache logs on the rudder server:

04:52:07 [Fri Feb 01 03:50:03 2019] [error] [client 192.168.41.3] client denied by server configuration: /var/rudder/inventories/incoming/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.sign
04:52:07 [Fri Feb 01 03:50:04 2019] [error] [client 192.168.41.3] client denied by server configuration: /var/rudder/inventories/incoming/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.gz
04:52:07 [Fri Feb 01 03:50:54 2019] [error] [client 192.168.41.3] client denied by server configuration: /var/rudder/inventories/incoming/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.sign
04:52:07 [Fri Feb 01 03:50:54 2019] [error] [client 192.168.41.3] client denied by server configuration: /var/rudder/inventories/incoming/agent-2d1d03ed-3ce4-4ee2-8e6a-f356d85a93ee.ocs.gz

This problem is centos6 specific, in rudder 4.1 and rudder 4.3

Actions #1

Updated by François ARMAND over 5 years ago

  • Target version changed from 4.1.20 to 4.1.21
Actions #2

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 4.1.21 to 4.1.22
Actions #3

Updated by François ARMAND over 5 years ago

  • Severity set to Minor - inconvenience | misleading | easy workaround
  • User visibility set to Getting started - demo | first install | Technique editor and level 1 Techniques
  • Priority changed from 0 to 49

I'm setting it to minor as it is self-correcting, and so an inconvenience.

Actions #4

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 4.1.22 to 4.1.23
Actions #5

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 4.1.23 to 4.1.24
  • Priority changed from 49 to 48
Actions #6

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 4.1.24 to 588
  • Priority changed from 48 to 47
Actions #7

Updated by Alexis Mousset over 5 years ago

  • Status changed from New to Rejected

I think it is an expected behavior: rudder-init sets the allowed network in ldap, but it requires a policy generation + agent run to be effective.

Closing, please reopen with more information if the problem persists after first generation+run.

Actions #8

Updated by Alexis Mousset almost 5 years ago

  • Target version changed from 588 to 4.1.24
  • Priority changed from 47 to 43
Actions

Also available in: Atom PDF