Project

General

Profile

Actions

Bug #15801

closed

Rudder agent cannot copy the certificate if the user defined one that is a link to a file in a different mount point

Added by Nicolas CHARLES over 4 years ago. Updated over 3 years ago.

Status:
Released
Priority:
N/A
Category:
System techniques
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Reviewed
Fix check:
Checked
Regression:

Description

If a user set a rudder.crt certificate as a link to a file to a different mount point, it won't be copied

rudder    debug: Setting class: default:rudder_apache_acl_kept
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_ok'
rudder    debug: Setting class: default:rudder_apache_acl_ok
rudder    debug: Direct file reference '/opt/rudder/etc/ssl/ca.cert', no search implied
rudder    debug: Direct file reference '/opt/rudder/etc/ssl/ca.cert', no search implied
rudder  verbose: Handling file existence constraints on '/opt/rudder/etc/ssl/ca.cert'
rudder    debug: Modestring [PLUS = 600] [MINUS = 7177]
rudder    debug: File okay, newperm '600', stat '600'
rudder  verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder a
pache ACL'
rudder  verbose: File permissions on '/opt/rudder/etc/ssl/ca.cert' as promised
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_kept'
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_ok'
rudder  verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder a
pache ACL'
rudder  verbose: Basedir '/opt/rudder/etc/ssl/ca.cert' not promising anything
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_kept'
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_ok'
rudder  verbose: File '/opt/rudder/etc/ssl/ca.cert' copy_from '/opt/rudder/etc/ssl/rudder.crt'
rudder    debug: Trying to create a parent directory for: /opt/rudder/etc/ssl/ca.cert
rudder    debug: Directory for '/opt/rudder/etc/ssl/ca.cert' exists. Okay
rudder  verbose: Destination file '/opt/rudder/etc/ssl/ca.cert' already exists
rudder  verbose: Checksum comparison replaced by ctime: files not regular
rudder  verbose: Checking link from '/opt/rudder/etc/ssl/ca.cert' to '/etc/apache2/ssl.crt/my-certificate-file.crt'
rudder    debug: Trying to create a parent directory for: /opt/rudder/etc/ssl/ca.cert
rudder    debug: Directory for '/opt/rudder/etc/ssl/ca.cert' exists. Okay
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_failed'
rudder    debug: Setting class: default:rudder_apache_acl_failed
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_error'
rudder    debug: Setting class: default:rudder_apache_acl_error
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_failed'
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_error'
rudder  verbose: Handling file existence constraints on '/opt/rudder/etc/ssl/ca.cert'
rudder    debug: Modestring [PLUS = 600] [MINUS = 7177]
rudder    debug: File okay, newperm '600', stat '600'
rudder  verbose: Additional promise info: source path '/var/rudder/cfengine-community/inputs/distributePolicy/1.0/apache-acl.cf' at line 48 comment 'Writing rudder apache ACL'
rudder  verbose: File permissions on '/opt/rudder/etc/ssl/ca.cert' as promised
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_kept'
rudder  verbose: C:    + promise outcome class 'rudder_apache_acl_ok'

so the agent first create the file, sets its permission, and finally realize it's a copy - and don't copy as the file is there


Subtasks 2 (0 open2 closed)

Bug #15806: Agent should not try to set permission of certificate if it is a symbolic linkReleasedAlexis MoussetActions
Bug #15905: If "ca.cert" exists, you can't have link for "rudder.crt"ReleasedAlexis MoussetActions
Actions

Also available in: Atom PDF