Project

General

Profile

Actions

Bug #15801

closed

Rudder agent cannot copy the certificate if the user defined one that is a link to a file in a different mount point

Added by Nicolas CHARLES over 1 year ago. Updated 7 months ago.

Status:
Released
Priority:
N/A
Category:
System techniques
Target version:
Severity:
User visibility:
Effort required:
Priority:
0

Description

If a user set a rudder.crt certificate as a link to a file to a different mount point, it won't be copied

rudder    debug: Setting class: default:rudder_apache_acl_kept
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_ok'
rudder    debug: Setting class: default:rudder_apache_acl_ok
rudder    debug: Direct file reference '/opt/rudder/etc/ssl/ca.cert', no search implied
rudder    debug: Direct file reference '/opt/rudder/etc/ssl/ca.cert', no search implied
rudder  verbose: Handling file existence constraints on '/opt/rudder/etc/ssl/ca.cert'
rudder    debug: Modestring [PLUS = 600] [MINUS = 7177]
rudder    debug: File okay, newperm '600', stat '600'
rudder  verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder a
pache ACL'
rudder  verbose: File permissions on '/opt/rudder/etc/ssl/ca.cert' as promised
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_kept'
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_ok'
rudder  verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder a
pache ACL'
rudder  verbose: Basedir '/opt/rudder/etc/ssl/ca.cert' not promising anything
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_kept'
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_ok'
rudder  verbose: File '/opt/rudder/etc/ssl/ca.cert' copy_from '/opt/rudder/etc/ssl/rudder.crt'
rudder    debug: Trying to create a parent directory for: /opt/rudder/etc/ssl/ca.cert
rudder    debug: Directory for '/opt/rudder/etc/ssl/ca.cert' exists. Okay
rudder  verbose: Destination file '/opt/rudder/etc/ssl/ca.cert' already exists
rudder  verbose: Checksum comparison replaced by ctime: files not regular
rudder  verbose: Checking link from '/opt/rudder/etc/ssl/ca.cert' to '/etc/apache2/ssl.crt/my-certificate-file.crt'
rudder    debug: Trying to create a parent directory for: /opt/rudder/etc/ssl/ca.cert
rudder    debug: Directory for '/opt/rudder/etc/ssl/ca.cert' exists. Okay
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_failed'
rudder    debug: Setting class: default:rudder_apache_acl_failed
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_error'
rudder    debug: Setting class: default:rudder_apache_acl_error
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_failed'
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_error'
rudder  verbose: Handling file existence constraints on '/opt/rudder/etc/ssl/ca.cert'
rudder    debug: Modestring [PLUS = 600] [MINUS = 7177]
rudder    debug: File okay, newperm '600', stat '600'
rudder  verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder apache ACL'
rudder  verbose: File permissions on '/opt/rudder/etc/ssl/ca.cert' as promised
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_kept'
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_ok'

so the agent first create the file, sets its permission, and finally realize it's a copy - and don't copy as the file is there


Subtasks 2 (0 open2 closed)

Bug #15806: Agent should not try to set permission of certificate if it is a symbolic linkReleasedAlexis MOUSSETActions
Bug #15905: If "ca.cert" exists, you can't have link for "rudder.crt"ReleasedAlexis MOUSSETActions
Actions #1

Updated by Nicolas CHARLES over 1 year ago

removing the create => "true" fixes the issue

Actions #2

Updated by Nicolas CHARLES over 1 year ago

  • Status changed from New to In progress
  • Assignee set to Nicolas CHARLES
Actions #3

Updated by Nicolas CHARLES over 1 year ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/1516
Actions #4

Updated by Nicolas CHARLES over 1 year ago

  • Status changed from Pending technical review to Pending release
Actions #9

Updated by Vincent MEMBRÉ over 1 year ago

This bug has been fixed in Rudder 5.0.14 which was released today.

Actions #10

Updated by Vincent MEMBRÉ 7 months ago

  • Status changed from Pending release to Released
Actions

Also available in: Atom PDF