Bug #15806
closed
Bug #15801: Rudder agent cannot copy the certificate if the user defined one that is a link to a file in a different mount point
Agent should not try to set permission of certificate if it is a symbolic link
Added by Nicolas CHARLES about 5 years ago.
Updated about 4 years ago.
Category:
System techniques
Fix check:
Error - Next version
Description
rudder.crt may be a symbolic link, in this case, the resulting ca.cert will also be a symbolic link, and agnt should not try to envorce permissions on the link - it may cause mayhem
- Status changed from New to In progress
- Assignee set to Nicolas CHARLES
- Status changed from In progress to Pending technical review
- Assignee changed from Nicolas CHARLES to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/1517
- Status changed from Pending technical review to Pending release
- Name check changed from To do to Reviewed
- Name check changed from Reviewed to To do
- Fix check changed from To do to Error - Blocking
So, it is still broken.
Orig:
root@server:~# ls -la /opt/rudder/etc/ssl/
drwxr-xr-x 2 root root 4096 Oct 9 13:50 .
drwxr-xr-x 9 root root 4096 Oct 9 13:18 ..
-rw------- 1 root root 1375 Oct 9 13:50 ca.cert
-rw-r--r-- 1 root root 781 Nov 22 2017 openssl.cnf
-rw-r--r-- 1 root root 1375 Oct 9 07:35 rudder.crt
-rw-r----- 1 root www-data 1708 Oct 9 07:35 rudder.key
Changed to:
root@server:~# ls -la /opt/rudder/etc/ssl/
total 28
drwxr-xr-x 2 root root 4096 Oct 9 13:52 .
drwxr-xr-x 9 root root 4096 Oct 9 13:18 ..
-rw------- 1 root root 1375 Oct 9 13:50 ca.cert
-rw-r--r-- 1 root root 781 Nov 22 2017 openssl.cnf
lrwxrwxrwx 1 root root 35 Oct 9 13:52 rudder.crt -> /opt/rudder/etc/ssl/rudder.crt_orig
-rw-r--r-- 1 root root 1375 Oct 9 07:35 rudder.crt_orig
lrwxrwxrwx 1 root root 35 Oct 9 13:52 rudder.key -> /opt/rudder/etc/ssl/rudder.key_orig
-rw-r----- 1 root www-data 1708 Oct 9 07:35 rudder.key_orig
I get with rudder agent run -i:
error: Object '/opt/rudder/etc/ssl/ca.cert' exists and is obstructing our promise
error: Unable to create link '/opt/rudder/etc/ssl/ca.cert' -> '/opt/rudder/etc/ssl/rudder.crt_orig', failed to move obstruction
- Name check changed from To do to Reviewed
- Fix check changed from Error - Blocking to Error - Next version
This bug has been fixed in Rudder 5.0.14 which was released today.
- Status changed from Pending release to Released
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by