Bug #16498
closed
version 6.0.1-debian10 breaks /opt/rudder/etc/rudder-networks-24.conf
Description
rudder v6.0.1 on debian buster
keeps editing /opt/rudder/etc/rudder-networks-24.conf
leading to a file content like this:
cat /opt/rudder/etc/rudder-networks-24.conf Require ip 127.0.0.0/8 Require ip ::1 Require ip 127.0.0.1 Require ip <my_ip_v4> Require ip 127.0.0.1 Require ip <my_ip_v4/mask> Require ip 2: Require ip ens18 Require ip inet6 Require ip <my_ip_v6/mask> Require ip scope Require ip global Require ip dynamic Require ip mngtmpaddr Require ip \ndirectiveVariable: ALLOWEDNETWORK[10]:valid_lft Require ip Require ip 604793sec Require ip preferred_lft Require ip 86393sec
with this config apache2 won't start (leading to an unavailable GUI)
when manually deleting everything after line 6 (after <my_ip_v4/mask>)
apache2 can be manually started and the GUI is reachable.
Nevertheless on the next agent run the file is broken again.
Updated by Alexis Mousset almost 5 years ago
It looks like automatic allowed network detection severely failed. What do you see in the settings page, in the allowed networks section?
Updated by Alexis Mousset almost 5 years ago
The list of networks is parsed from LANG=C ip -family inet -oneline address and LANG=C ip -family inet6 -oneline address outputs, what does it give on your machine? (you can anonymize IPs, it is probably a unexpected format somewhere). We also need to check the detected networks before inserting them.
Updated by Alexis Mousset almost 5 years ago
- Related to Bug #16499: Validate detected networks in rudder-init added
Updated by Vincent MEMBRÉ almost 5 years ago
- Target version changed from 6.0.2 to 6.0.3
Updated by Tim Taler almost 5 years ago
here the output of the above mentioned ip command (with blanked ip addresses):
LANG=C ip -family inet -oneline address
1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever
2: ens18 inet <my_ip_v4>/<mask> brd <my_ip_v4_broadcast_addr> scope global ens18\ valid_lft forever preferred_lft forever
LANG=C ip -family inet6 -oneline address
1: lo inet6 ::1/128 scope host \ valid_lft forever preferred_lft forever
2: ens18 inet6 <my_ip_v6>/<mask> scope global dynamic mngtmpaddr \ valid_lft 604790sec preferred_lft 86390sec
2: ens18 inet6 <my_ip_v6_link_local>/<mask> scope link \ valid_lft forever preferred_lft forever
(piped through od -a tells me all blanks are spaces not tabs)
and attached a partial screenshot from the GUI settings page (blanked fields are hostname, ipv4/mask, ipv6/mask - all three correct though)
... ups, no, seems upload don't allow .png files?
Well under "Allowed networks ..." in the GUI I have 14 fields with the following content(by row):
- correct ipv4
- 2:
- ens18
- inet6
- correct ipv6
- scope
- global
- dynamic
- mngtmpaddr
- \ndirectiveVariable: ALLOWEDNETWORK10:valid_lft
- an empty field
- 604793sec
- preferred_lft
- 86393sec
from "man ip" I get:
...
-o, -oneline
output each record on a single line, replacing line feeds with the '\' character. This is convenient when you want to count records with wc(1) or to grep(1) the output.
...
Updated by Benoît PECCATTE almost 5 years ago
- Related to Bug #16680: rudder-init fails when there are only IPv6 addresses added
Updated by Vincent MEMBRÉ almost 5 years ago
- Target version changed from 6.0.3 to 6.0.4
Updated by Vincent MEMBRÉ over 4 years ago
- Target version changed from 6.0.4 to 6.0.5
Updated by François ARMAND over 4 years ago
- Related to deleted (Bug #16680: rudder-init fails when there are only IPv6 addresses)
Updated by François ARMAND over 4 years ago
- Is duplicate of Bug #16680: rudder-init fails when there are only IPv6 addresses added
Updated by François ARMAND over 4 years ago
- Status changed from New to Resolved
This ticket was actually a duplicate of #16680 and was resolved in Rudder 5.0.16 and 6.0.3.