Project

General

Profile

Actions

Bug #15905

closed

Bug #15801: Rudder agent cannot copy the certificate if the user defined one that is a link to a file in a different mount point

Bug #15806: Agent should not try to set permission of certificate if it is a symbolic link

If "ca.cert" exists, you can't have link for "rudder.crt"

Added by François ARMAND about 5 years ago. Updated about 4 years ago.

Status:
Released
Priority:
N/A
Category:
System integration
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Reviewed
Fix check:
Error - Fixed
Regression:

Description

So, it is still broken.

Orig:

root@server:~# ls -la /opt/rudder/etc/ssl/
drwxr-xr-x 2 root root     4096 Oct  9 13:50 .
drwxr-xr-x 9 root root     4096 Oct  9 13:18 ..
-rw------- 1 root root     1375 Oct  9 13:50 ca.cert
-rw-r--r-- 1 root root      781 Nov 22  2017 openssl.cnf
-rw-r--r-- 1 root root     1375 Oct  9 07:35 rudder.crt
-rw-r----- 1 root www-data 1708 Oct  9 07:35 rudder.key

Changed to:

root@server:~# ls -la /opt/rudder/etc/ssl/
total 28
drwxr-xr-x 2 root root     4096 Oct  9 13:52 .
drwxr-xr-x 9 root root     4096 Oct  9 13:18 ..
-rw------- 1 root root     1375 Oct  9 13:50 ca.cert
-rw-r--r-- 1 root root      781 Nov 22  2017 openssl.cnf
lrwxrwxrwx 1 root root       35 Oct  9 13:52 rudder.crt -> /opt/rudder/etc/ssl/rudder.crt_orig
-rw-r--r-- 1 root root     1375 Oct  9 07:35 rudder.crt_orig
lrwxrwxrwx 1 root root       35 Oct  9 13:52 rudder.key -> /opt/rudder/etc/ssl/rudder.key_orig
-rw-r----- 1 root www-data 1708 Oct  9 07:35 rudder.key_orig

I get with rudder agent run -i:

   error: Object '/opt/rudder/etc/ssl/ca.cert' exists and is obstructing our promise
   error: Unable to create link '/opt/rudder/etc/ssl/ca.cert' -> '/opt/rudder/etc/ssl/rudder.crt_orig', failed to move obstruction

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #16289: Errors in rudder agent run when rudder.crt is a symbolic linkRejectedActions
Actions #1

Updated by Nicolas CHARLES about 5 years ago

  • Assignee set to Nicolas CHARLES
Actions #2

Updated by Nicolas CHARLES about 5 years ago

  • Status changed from New to In progress
Actions #3

Updated by Nicolas CHARLES about 5 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Alexis Mousset
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/1532
Actions #4

Updated by Nicolas CHARLES about 5 years ago

  • Status changed from Pending technical review to Pending release
Actions #5

Updated by Alexis Mousset about 5 years ago

  • Name check changed from To do to Reviewed
Actions #6

Updated by François ARMAND about 5 years ago

  • Fix check changed from To do to Error - Blocking
Actions #7

Updated by François ARMAND about 5 years ago

  • Fix check changed from Error - Blocking to Error - Fixed

The child ticket is not blocking anymore for the first use case, so we will not correct it in 5.0.15.

Actions #8

Updated by Vincent MEMBRÉ about 5 years ago

This bug has been fixed in Rudder 5.0.15 which was released today.

Actions #9

Updated by Vincent MEMBRÉ about 4 years ago

  • Related to Bug #16289: Errors in rudder agent run when rudder.crt is a symbolic link added
Actions #10

Updated by Vincent MEMBRÉ about 4 years ago

  • Status changed from Pending release to Released
Actions

Also available in: Atom PDF