Project

General

Profile

Bug #16498

version 6.0.1-debian10 breaks /opt/rudder/etc/rudder-networks-24.conf

Added by Tim Taler 11 months ago. Updated 8 months ago.

Status:
Resolved
Priority:
N/A
Assignee:
-
Category:
-
Target version:
Pull Request:
Severity:
User visibility:
Effort required:
Priority:
0

Description

rudder v6.0.1 on debian buster
keeps editing /opt/rudder/etc/rudder-networks-24.conf
leading to a file content like this:

cat /opt/rudder/etc/rudder-networks-24.conf
Require ip 127.0.0.0/8
Require ip ::1
Require ip 127.0.0.1
Require ip <my_ip_v4>
Require ip 127.0.0.1
Require ip <my_ip_v4/mask>
Require ip 2:
Require ip ens18
Require ip inet6
Require ip <my_ip_v6/mask>
Require ip scope
Require ip global
Require ip dynamic
Require ip mngtmpaddr
Require ip \ndirectiveVariable: ALLOWEDNETWORK[10]:valid_lft
Require ip 
Require ip 604793sec
Require ip preferred_lft
Require ip 86393sec

with this config apache2 won't start (leading to an unavailable GUI)

when manually deleting everything after line 6 (after <my_ip_v4/mask>)
apache2 can be manually started and the GUI is reachable.

Nevertheless on the next agent run the file is broken again.


Related issues

Related to Rudder - Bug #16499: Validate detected networks in rudder-initRejectedActions
Is duplicate of Rudder - Bug #16680: rudder-init fails when there are only IPv6 addressesReleasedAlexis MOUSSETActions
#1

Updated by Alexis MOUSSET 11 months ago

It looks like automatic allowed network detection severely failed. What do you see in the settings page, in the allowed networks section?

#2

Updated by Alexis MOUSSET 11 months ago

  • Description updated (diff)
#3

Updated by Alexis MOUSSET 11 months ago

The list of networks is parsed from LANG=C ip -family inet -oneline address and LANG=C ip -family inet6 -oneline address outputs, what does it give on your machine? (you can anonymize IPs, it is probably a unexpected format somewhere). We also need to check the detected networks before inserting them.

#4

Updated by Alexis MOUSSET 11 months ago

  • Related to Bug #16499: Validate detected networks in rudder-init added
#5

Updated by Vincent MEMBRÉ 11 months ago

  • Target version changed from 6.0.2 to 6.0.3
#6

Updated by Tim Taler 11 months ago

here the output of the above mentioned ip command (with blanked ip addresses):

LANG=C ip -family inet -oneline address
1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever
2: ens18 inet <my_ip_v4>/<mask> brd <my_ip_v4_broadcast_addr> scope global ens18\ valid_lft forever preferred_lft forever

LANG=C ip -family inet6 -oneline address
1: lo inet6 ::1/128 scope host \ valid_lft forever preferred_lft forever
2: ens18 inet6 <my_ip_v6>/<mask> scope global dynamic mngtmpaddr \ valid_lft 604790sec preferred_lft 86390sec
2: ens18 inet6 <my_ip_v6_link_local>/<mask> scope link \ valid_lft forever preferred_lft forever

(piped through od -a tells me all blanks are spaces not tabs)

and attached a partial screenshot from the GUI settings page (blanked fields are hostname, ipv4/mask, ipv6/mask - all three correct though)
... ups, no, seems upload don't allow .png files?

Well under "Allowed networks ..." in the GUI I have 14 fields with the following content(by row):

- correct ipv4
- 2:
- ens18

- inet6
- correct ipv6
- scope

- global
- dynamic
- mngtmpaddr

- \ndirectiveVariable: ALLOWEDNETWORK10:valid_lft
- an empty field
- 604793sec

- preferred_lft
- 86393sec

from "man ip" I get:
...
-o, -oneline
output each record on a single line, replacing line feeds with the '\' character. This is convenient when you want to count records with wc(1) or to grep(1) the output.

...

#7

Updated by Benoît PECCATTE 10 months ago

  • Related to Bug #16680: rudder-init fails when there are only IPv6 addresses added
#8

Updated by Vincent MEMBRÉ 10 months ago

  • Target version changed from 6.0.3 to 6.0.4
#9

Updated by Vincent MEMBRÉ 9 months ago

  • Target version changed from 6.0.4 to 6.0.5
#10

Updated by François ARMAND 8 months ago

  • Related to deleted (Bug #16680: rudder-init fails when there are only IPv6 addresses)
#11

Updated by François ARMAND 8 months ago

  • Is duplicate of Bug #16680: rudder-init fails when there are only IPv6 addresses added
#12

Updated by François ARMAND 8 months ago

  • Status changed from New to Resolved

This ticket was actually a duplicate of #16680 and was resolved in Rudder 5.0.16 and 6.0.3.

Also available in: Atom PDF