Actions
Bug #15801
closed
Rudder agent cannot copy the certificate if the user defined one that is a link to a file in a different mount point
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Reviewed
Fix check:
Checked
Regression:
Description
If a user set a rudder.crt certificate as a link to a file to a different mount point, it won't be copied
rudder debug: Setting class: default:rudder_apache_acl_kept rudder verbose: C: + promise outcome class 'rudder_apache_acl_ok' rudder debug: Setting class: default:rudder_apache_acl_ok rudder debug: Direct file reference '/opt/rudder/etc/ssl/ca.cert', no search implied rudder debug: Direct file reference '/opt/rudder/etc/ssl/ca.cert', no search implied rudder verbose: Handling file existence constraints on '/opt/rudder/etc/ssl/ca.cert' rudder debug: Modestring [PLUS = 600] [MINUS = 7177] rudder debug: File okay, newperm '600', stat '600' rudder verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder a pache ACL' rudder verbose: File permissions on '/opt/rudder/etc/ssl/ca.cert' as promised rudder verbose: C: + promise outcome class 'rudder_apache_acl_kept' rudder verbose: C: + promise outcome class 'rudder_apache_acl_ok' rudder verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder a pache ACL' rudder verbose: Basedir '/opt/rudder/etc/ssl/ca.cert' not promising anything rudder verbose: C: + promise outcome class 'rudder_apache_acl_kept' rudder verbose: C: + promise outcome class 'rudder_apache_acl_ok' rudder verbose: File '/opt/rudder/etc/ssl/ca.cert' copy_from '/opt/rudder/etc/ssl/rudder.crt' rudder debug: Trying to create a parent directory for: /opt/rudder/etc/ssl/ca.cert rudder debug: Directory for '/opt/rudder/etc/ssl/ca.cert' exists. Okay rudder verbose: Destination file '/opt/rudder/etc/ssl/ca.cert' already exists rudder verbose: Checksum comparison replaced by ctime: files not regular rudder verbose: Checking link from '/opt/rudder/etc/ssl/ca.cert' to '/etc/apache2/ssl.crt/my-certificate-file.crt' rudder debug: Trying to create a parent directory for: /opt/rudder/etc/ssl/ca.cert rudder debug: Directory for '/opt/rudder/etc/ssl/ca.cert' exists. Okay rudder verbose: C: + promise outcome class 'rudder_apache_acl_failed' rudder debug: Setting class: default:rudder_apache_acl_failed rudder verbose: C: + promise outcome class 'rudder_apache_acl_error' rudder debug: Setting class: default:rudder_apache_acl_error rudder verbose: C: + promise outcome class 'rudder_apache_acl_failed' rudder verbose: C: + promise outcome class 'rudder_apache_acl_error' rudder verbose: Handling file existence constraints on '/opt/rudder/etc/ssl/ca.cert' rudder debug: Modestring [PLUS = 600] [MINUS = 7177] rudder debug: File okay, newperm '600', stat '600' rudder verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder apache ACL' rudder verbose: File permissions on '/opt/rudder/etc/ssl/ca.cert' as promised rudder verbose: C: + promise outcome class 'rudder_apache_acl_kept' rudder verbose: C: + promise outcome class 'rudder_apache_acl_ok'
so the agent first create the file, sets its permission, and finally realize it's a copy - and don't copy as the file is there
Updated by Nicolas CHARLES about 5 years ago
removing the create => "true" fixes the issue
Updated by Nicolas CHARLES about 5 years ago
- Status changed from New to In progress
- Assignee set to Nicolas CHARLES
Updated by Nicolas CHARLES about 5 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Nicolas CHARLES to Benoît PECCATTE
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/1516
Updated by Nicolas CHARLES about 5 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder-techniques|48170f6da54c60f76a81ac1ddebc513387604865.
Updated by Alexis Mousset about 5 years ago
- Name check changed from To do to Reviewed
Updated by François ARMAND about 5 years ago
- Fix check changed from To do to Error - Blocking
Updated by François ARMAND about 5 years ago
- Fix check changed from Error - Blocking to To do
Updated by Nicolas CHARLES about 5 years ago
- Fix check changed from To do to Checked
Updated by Vincent MEMBRÉ about 5 years ago
This bug has been fixed in Rudder 5.0.14 which was released today.
Updated by Vincent MEMBRÉ about 4 years ago
- Status changed from Pending release to Released
Actions