Actions
Bug #16450
closed
Webapp can't connect to postgres before first agent run
Added by François ARMAND almost 5 years ago. Updated almost 5 years ago.
Pull Request:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
First impressions of Rudder
Effort required:
Priority:
80
Name check:
Reviewed
Fix check:
Checked
Regression:
Description
Password are not correct. A rudder agent run -u correct it, but the user experience is abysmal.
Updated by Nicolas CHARLES almost 5 years ago
interestingly, it worked, and then stopped working as something changed it
relevant agent logs are
rudder info: Object '/opt/rudder/etc/relayd' had permission 0755, changed it to 0750
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Relayd service configuration@@/opt/rudder/etc/relayd@@2019-12-23 13:50:22+00:00##root@#Ensure permissions mode 640, owner root and group rudder on /opt/rudder/etc/relayd on type all with inf recursion level was repaired
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Relayd service configuration@@/opt/rudder/etc/relayd@@2019-12-23 13:50:22+00:00##root@#Ensure permissions mode 640, owner root and group rudder on /opt/rudder/etc/relayd with ${recursion} recursion level was repaired
rudder info: Moved '/opt/rudder/etc/relayd/main.conf_1577109021_Mon_Dec_23_13_50_24_2019.cf-before-edit' to repository location '/var/rudder/modified-files/_opt_rudder_etc_relayd_main_conf_1577109021_Mon_Dec_23_13_50_24_2019_cf_before_edit'
rudder info: Updated rendering of '/opt/rudder/etc/relayd/main.conf' from mustache template '/var/rudder/cfengine-community/inputs/server-roles/1.0/relayd.conf.tpl'
rudder info: Edit file '/opt/rudder/etc/relayd/main.conf'
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Relayd service configuration@@/opt/rudder/etc/relayd/main.conf@@2019-12-23 13:50:22+00:00##root@#Build file /opt/rudder/etc/relayd/main.conf from mustache type template /var/rudder/cfengine-community/inputs/server-roles/1.0/relayd.conf.tpl was repaired
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Relayd service configuration@@/opt/rudder/etc/relayd/main.conf@@2019-12-23 13:50:22+00:00##root@#Build file /opt/rudder/etc/relayd/main.conf from mustache template /var/rudder/cfengine-community/inputs/server-roles/1.0/relayd.conf.tpl was repaired
rudder info: Executing 'no timeout' ... '/bin/systemctl --no-ask-password restart rudder-relayd.service'
rudder info: Completed execution of '/bin/systemctl --no-ask-password restart rudder-relayd.service'
R: [INFO] Executing restart on rudder-relayd using the systemctl method
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Relayd service configuration@@rudder-relayd@@2019-12-23 13:50:22+00:00##root@#Run action restart on service rudder-relayd was repaired
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Relayd service configuration@@rudder-relayd@@2019-12-23 13:50:22+00:00##root@#Restart service rudder_relayd if 'any' condition defined was repaired
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Relayd service configuration@@rudder-relayd@@2019-12-23 13:50:22+00:00##root@#Restart service rudder-relayd was repaired
R: @@server-roles@@result_repaired@@server-roles@@server-roles-directive@@0@@Relayd service configuration@@None@@2019-12-23 13:50:22+00:00##root@#rudder-relayd configration was repaired
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Relayd service configuration@@None@@2019-12-23 13:50:22+00:00##root@#rudder-relayd service has been restarted
R: [INFO] Executing is-active on postgresql using the systemctl method
R: @@server-roles@@log_info@@server-roles@@server-roles-directive@@0@@Check postgresql process@@postgresql@@2019-12-23 13:50:22+00:00##root@#Check if the service postgresql is started was correct
R: @@server-roles@@log_info@@server-roles@@server-roles-directive@@0@@Check postgresql process@@postgresql@@2019-12-23 13:50:22+00:00##root@#Ensure that service postgresql is running was correct
R: [INFO] Executing is-enabled on postgresql using the systemctl method
R: @@server-roles@@log_info@@server-roles@@server-roles-directive@@0@@Check postgresql process@@postgresql@@2019-12-23 13:50:22+00:00##root@#Check if service postgresql is started at boot was correct
R: @@server-roles@@log_info@@server-roles@@server-roles-directive@@0@@Check postgresql process@@postgresql@@2019-12-23 13:50:22+00:00##root@#Ensure service postgresql is started at boot was correct
R: @@server-roles@@result_success@@server-roles@@server-roles-directive@@0@@Check postgresql process@@None@@2019-12-23 13:50:22+00:00##root@#postgresql service running was correct
R: @@server-roles@@result_success@@server-roles@@server-roles-directive@@0@@Check postgresql boot script@@None@@2019-12-23 13:50:22+00:00##root@#postgresql service enabled was correct
rudder info: Moved '/opt/rudder/etc/openldap/slapd.conf.cf-before-edit' to repository location '/var/rudder/modified-files/_opt_rudder_etc_openldap_slapd_conf_cf_before_edit'
rudder info: Edit file '/opt/rudder/etc/openldap/slapd.conf'
rudder info: Executing 'no timeout' ... '/bin/systemctl --no-ask-password reset-failed rudder-slapd.service'
rudder info: Completed execution of '/bin/systemctl --no-ask-password reset-failed rudder-slapd.service'
rudder info: Executing 'no timeout' ... '/bin/systemctl --no-ask-password restart rudder-slapd.service'
rudder info: Completed execution of '/bin/systemctl --no-ask-password restart rudder-slapd.service'
R: [INFO] Executing restart on rudder-slapd using the systemctl method
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Check LDAP in rudder-webapp.properties@@rudder-slapd@@2019-12-23 13:50:22+00:00##root@#Run action restart on service rudder-slapd was repaired
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Check LDAP in rudder-webapp.properties@@rudder-slapd@@2019-12-23 13:50:22+00:00##root@#Restart service rudder_slapd if 'any' condition defined was repaired
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Check LDAP in rudder-webapp.properties@@rudder-slapd@@2019-12-23 13:50:22+00:00##root@#Restart service rudder-slapd was repaired
R: @@server-roles@@result_success@@server-roles@@server-roles-directive@@0@@Check LDAP in rudder-webapp.properties@@None@@2019-12-23 13:50:22+00:00##root@#Web interface configuration files (checked LDAP password) was correct
R: @@server-roles@@result_repaired@@server-roles@@server-roles-directive@@0@@Check LDAP credentials@@None@@2019-12-23 13:50:22+00:00##root@#OpenLDAP configuration file (rootdn password) was repaired
R: @@server-roles@@log_info@@server-roles@@server-roles-directive@@0@@Check LDAP credentials@@None@@2019-12-23 13:50:22+00:00##root@#rudder-slapd has been restarted
rudder info: Setting field sub-value 'de69d5cb6e5463e21035' in '//root/.pgpass'
rudder info: Edited field inside file object //root/.pgpass
rudder info: Moved '//root/.pgpass.cf-before-edit' to repository location '/var/rudder/modified-files/__root__pgpass_cf_before_edit'
rudder info: Edit file '//root/.pgpass'
R: @@server-roles@@result_success@@server-roles@@server-roles-directive@@0@@Check rudder-passwords.conf@@None@@2019-12-23 13:50:22+00:00##root@#Presence and permissions of Rudder password file was correct
R: @@server-roles@@result_repaired@@server-roles@@server-roles-directive@@0@@Check pgpass file@@None@@2019-12-23 13:50:22+00:00##root@#Presence and permissions of pgsql password file was repaired
R: @@server-roles@@result_success@@server-roles@@server-roles-directive@@0@@Check SQL in rudder-webapp.properties@@None@@2019-12-23 13:50:22+00:00##root@#Web interface configuration files (SQL password) was correct
R: @@server-roles@@result_success@@server-roles@@server-roles-directive@@0@@Check SQL credentials@@None@@2019-12-23 13:50:22+00:00##root@#PostgreSQL user account's already correct.
rudder info: Object '/opt/rudder/etc/rudder-web.properties' had permission 0644, changed it to 0600
rudder info: Object '/opt/rudder/etc/rudder-users.xml' had permission 0644, changed it to 0600
rudder info: Executing 'no timeout' ... '/bin/systemctl --no-ask-password reset-failed rudder-jetty.service'
rudder info: Completed execution of '/bin/systemctl --no-ask-password reset-failed rudder-jetty.service'
rudder info: Executing 'no timeout' ... '/bin/systemctl --no-ask-password restart rudder-jetty.service'
error: Finished command related to promiser '/bin/systemctl --no-ask-password restart rudder-jetty.service' -- an error occurred, returned 1
rudder info: Completed execution of '/bin/systemctl --no-ask-password restart rudder-jetty.service'
R: [INFO] Executing restart on rudder-jetty using the systemctl method
error: Method 'ncf_services' failed in some repairs
R: @@server-roles@@log_warn@@server-roles@@server-roles-directive@@0@@Check rudder-webapp.properties@@rudder-jetty@@2019-12-23 13:50:22+00:00##root@#Run action restart on service rudder-jetty could not be repaired
error: Method 'service_action' failed in some repairs
R: @@server-roles@@log_warn@@server-roles@@server-roles-directive@@0@@Check rudder-webapp.properties@@rudder-jetty@@2019-12-23 13:50:22+00:00##root@#Restart service rudder_jetty if 'any' condition defined could not be repaired
error: Method 'service_restart_if' failed in some repairs
R: @@server-roles@@log_warn@@server-roles@@server-roles-directive@@0@@Check rudder-webapp.properties@@rudder-jetty@@2019-12-23 13:50:22+00:00##root@#Restart service rudder-jetty could not be repaired
error: Method 'service_restart' failed in some repairs
error: Method 'root_password_restart_jetty' failed in some repairs
rudder info: Object '/opt/rudder/etc/rudder-networks-policy-server-24.conf' had permission 0644, changed it to 0600
rudder info: Moved '/opt/rudder/etc/rudder-networks-policy-server-24.conf_1577109021_Mon_Dec_23_13_51_27_2019.cf-before-edit' to repository location '/var/rudder/modified-files/_opt_rudder_etc_rudder_networks_policy_server_24_conf_1577109021_Mon_Dec_23_13_51_27_2019_cf_before_edit'
rudder info: Edit file '/opt/rudder/etc/rudder-networks-policy-server-24.conf'
rudder info: Object '/opt/rudder/etc/rudder-networks-24.conf' had permission 0644, changed it to 0600
rudder info: Moved '/opt/rudder/etc/rudder-networks-24.conf_1577109021_Mon_Dec_23_13_51_27_2019.cf-before-edit' to repository location '/var/rudder/modified-files/_opt_rudder_etc_rudder_networks_24_conf_1577109021_Mon_Dec_23_13_51_27_2019_cf_before_edit'
rudder info: Edit file '/opt/rudder/etc/rudder-networks-24.conf'
R: @@server-roles@@result_repaired@@server-roles@@server-roles-directive@@0@@Check allowed networks configuration@@None@@2019-12-23 13:50:22+00:00##root@#Allowed networks configuration has been repaired
R: @@server-roles@@log_repaired@@server-roles@@server-roles-directive@@0@@Check allowed networks configuration@@None@@2019-12-23 13:50:22+00:00##root@#Apache has been reloaded successfully
rudder info: Group of '/opt/rudder/etc/htpasswd-webdav' was 0, setting to 48
rudder info: Object '/opt/rudder/etc/htpasswd-webdav' had permission 0644, changed it to 0640
rudder info: Setting field sub-value '3072817ea8d67191b62b' in '/opt/rudder/etc/rudder-web.properties'
rudder info: Edited field inside file object /opt/rudder/etc/rudder-web.properties
rudder info: Moved '/opt/rudder/etc/rudder-web.properties.cf-before-edit' to repository location '/var/rudder/modified-files/_opt_rudder_etc_rudder_web_properties_cf_before_edit'
rudder info: Edit file '/opt/rudder/etc/rudder-web.properties'
rudder info: Executing 'no timeout' ... '/usr/bin/htpasswd -b /opt/rudder/etc/htpasswd-webdav rudder 3072817ea8d67191b62b'
Updated by Nicolas CHARLES almost 5 years ago
There is something really odd: rudder-init update passwords in rudder-passwords.conf, and restart rudder-jetty. But is doesn't ensure passwords are propagated correctly
Updated by Nicolas CHARLES almost 5 years ago
rudder-init used to
# Run all server-specific bundles (except propagatePromises, because they're aren't any yet)
"${CF_AGENT}" -b propagatePromises,install_rsyslogd,root_component_check >> "$TMP_LOG" 2>&1
Updated by Nicolas CHARLES almost 5 years ago
- Status changed from New to In progress
- Assignee set to Nicolas CHARLES
Updated by Nicolas CHARLES almost 5 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Nicolas CHARLES to Benoît PECCATTE
- Pull Request set to https://github.com/Normation/rudder-packages/pull/2171
Updated by Nicolas CHARLES almost 5 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder-packages|103d6fbb214aa2d9ec3664212d807925a8a28e29.
Updated by François ARMAND almost 5 years ago
- Fix check changed from To do to Checked
Updated by Alexis Mousset almost 5 years ago
- Subject changed from Rudder can't connect to postgres after installation to Webapp can't connect to postgres before first agent run
- Name check changed from To do to Reviewed
Updated by Vincent MEMBRÉ almost 5 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 6.0.2 which was released today.
Actions