Bug #15570
closed
Rudder server does not show/detect all software from agent
Updated by Edmon Evtimov over 5 years ago
Rudder server says this agent is connected, has sent an inventory and everything is recognized but I find that some installed packages don't get shown on the web interface (I was searching to ensure ClamAV is installed on all endpoints).
The server is a normal Rudder server on CentoS 7 and the agent is working happily on Fedora 30 with the package built in this ticket - https://issues.rudder.io/issues/15454
Here's logs (from server) - https://pastebin.com/SsMzPunK
Running
rudder agent inventory
rudder agent run -i
on the endpoint both show maximum compliance and don't give any warnings or errors. Agent logs don't give much other useful info but I can provide them if need be. :)
Updated by Alexis Mousset over 5 years ago
The image attachment seems to have failed. Could you give an example of a missing package (appearing in rpm -qa output but not in the inventory)?
Updated by Edmon Evtimov over 5 years ago
- Category deleted (
Agent)
Yes, it's ClamAV. Doesn't come up on the server despite agent being run on the endpoint several times from that point. ClamAV even made a scan.
For some reason PNGs fail to upload... JPG too? https://imgur.com/a/PCTf3ML EDIT: updated link with second screenshot from inventory
Anyway - it shows result locally of 'rpm -qa | grep clam' showing clamav-data, clamav-milter, clamav-filesystem, clamav-update, clamd, clamav, clamav-lib...
Rudder server doesn't show this endpoint having ClamAV while it has it. Neither in search, nor in the node itself if I browse all packages on it.
Some of the other endpoints show it though...
Updated by Alexis Mousset over 5 years ago
What does grep clamav /var/rudder/tmp/inventory/*.ocs give on the node?
Updated by Edmon Evtimov over 5 years ago
Alexis MOUSSET wrote:
What does
grep clamav /var/rudder/tmp/inventory/*.ocsgive on the node?
It returns nothing.
Updated by Alexis Mousset over 5 years ago
It means the inventory does not contain them, so the problem is on the agent. The command used by the inventory is:
rpm -qa --queryformat '%{NAME}\t%{ARCH}\t%{VERSION}-%{RELEASE}\t%{INSTALLTIME}\t%{SIZE}\t%{VENDOR}\t%{SUMMARY}\n' | grep clamav
What does it give?
Updated by Edmon Evtimov over 5 years ago
Alexis MOUSSET wrote:
It means the inventory does not contain them, so the problem is on the agent. The command used by the inventory is:
[...]
What does it give?
Shows the packages and versions - https://imgur.com/UIyfnxx
Updated by
Updated by François ARMAND over 5 years ago
We are really not sure about the root cause of that one, and we are out of luck for reproducing it.
Edmond: do you noticed something special on the nodes where the clamav is missing? Perhaps a different locale?
Updated by François ARMAND over 5 years ago
- Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
- User visibility set to Operational - other Techniques | Rudder settings | Plugins
- Priority changed from 0 to 76
Upgrading the severity to "critical", because it's really a simple package and that can cause production policy misconfiguration.
Updated by François ARMAND over 5 years ago
- Priority changed from 76 to 75
Edmon: any news about that one? We would really like to go to the root of it, since its a critical problem from our point of view.
Updated by
Updated by François ARMAND about 3 years ago
- Status changed from New to Rejected
We weren't able to reproduce. Closing it.