Project

General

Profile

Bug #16516

No flush key report on sshKeyDistribution when there is not yet an ssh key configured

Added by Nicolas CHARLES 9 months ago. Updated 9 days ago.

Status:
Released
Priority:
N/A
Category:
Techniques
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
User visibility:
Getting started - demo | first install | Technique editor and level 1 Techniques
Effort required:
Priority:
45

Description

At first configuration of the key, there is a missing report, because we are trying to copy a non existent file
Happens on 6.0, surely in 5.0


Related issues

Related to Rudder - Bug #14963: SSH key distribution failsRejectedActions
#1

Updated by Tristan Le Chanony 8 months ago

  • Target version changed from 5.0.16 to 6.0.3
  • Severity set to Minor - inconvenience | misleading | easy workaround

I encounter this problem too with rudder (5 and 6) with sshKeyDistribution (4.0) on "Flush SSH file" component.
When I add or remove a key, I have missing report.
But when I drop authorized_keys, I receive all reports and authorized_keys is recreate.

And when I runder rudder agent run I have no error


root@app-3 ~ # rudder agent inventory && rudder agent update -f && rudder agent run && rudder agent run
Rudder agent 6.0.2-debian10
Node uuid: a012b27e-6395-4df7-b226-3707470b1bab
Start execution with config [20200203-074626-cd4a5b4d]

M| State         Technique                 Component                 Key                Message
E| compliant     Inventory                 inventory                                    The inventory has been successfully sent
info     Rudder agent was run on a subset of policies - not all policies were checked

## Summary #####################################################################
1 components verified in 3 directives
   => 1 components in Enforce mode
      -> 1 compliant
Execution time: 3.38s
################################################################################
ok: Rudder agent promises were updated.
Rudder agent 6.0.2-debian10
Node uuid: a012b27e-6395-4df7-b226-3707470b1bab
Start execution with config [20200203-074626-cd4a5b4d]

M| State         Technique                 Component                 Key                Message
E| compliant     Common                    ncf Initialization                           Configuration library initialization was correct
E| repaired      Common                    Update                                       Policy or configuration library were updated
E| compliant     Common                    Security parameters                          The internal environment security is acceptable
E| compliant     Common                    CRON Daemon                                  Cron daemon status was correct
E| compliant     Common                    Log system for reports                       Logging system for report centralization is already correctly configured
E| compliant     Inventory                 inventory                                    Next inventory scheduled between 00:00 and 06:00
E| compliant     sudoParameters            Install sudo                                 Installing package sudo was correct
E| compliant     ConfigureDNS              dnsConfiguration                             The DNS is correctly configured
E| compliant     sshKeyDistribution        SSH key                   romane@melme       SSH key "romane@melme" for user dryusdan was correct
E| compliant     sshKeyDistribution        SSH key                   trist@DESKTOP-GAM| SSH key "trist@DESKTOP-GAMING" for user dryusdan was correct
E| compliant     sshKeyDistribution        SSH key                   dryusdan@Nemo.dry| SSH key "dryusdan@Nemo.dryusdan.fr" for user dryusdan was correct
E| compliant     sshKeyDistribution        SSH key                   u0_a134@localhost  SSH key "u0_a134@localhost" for user dryusdan was correct
E| compliant     sshKeyDistribution        SSH key                   ansible@Mul.dryus| SSH key "ansible@Mul.dryusdan.fr" for user dryusdan was correct
E| compliant     sshKeyDistribution        SSH key                   dryusdan@Leilith.| SSH key "dryusdan@Leilith.dryusdan.fr" for user dryusdan was correct
E| compliant     sshKeyDistribution        SSH key                   Ansible key        SSH key "Ansible key" for user root was correct
E| compliant     OpenSSH server            SSH installation                             The OpenSSH server package installation was correct
E| compliant     OpenSSH server            SSH process                                  The OpenSSH server service is running
E| compliant     OpenSSH server            SSH start at boot                            OpenSSH is starting on boot as required
E| compliant     OpenSSH server            SSH port configuration                       The OpenSSH server port configuration was correct
E| compliant     OpenSSH server            SSH listening addresses |                    The OpenSSH server listening addresses configuration was correct
E| compliant     OpenSSH server            SSH configuration                            The OpenSSH server configuration was correct
E| compliant     sudoParameters            Permissions               ansible            The user ansible was correct
E| compliant     sudoParameters            Permissions               root               The user root was correct
E| compliant     sudoParameters            Permissions               zabbix             The user zabbix was correct
E| compliant     sudoParameters            Permissions               dryusdan           The user dryusdan was correct
E| compliant     checkGenericFileContent   File                      /etc/default/syss| The file /etc/default/sysstat was already in accordance with the policy
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/default/syss| The file /etc/default/sysstat was not set for any line deletion
E| compliant     checkGenericFileContent   Line replacement regular| /etc/default/syss| The file /etc/default/sysstat was not set for any line replacement
E| compliant     checkGenericFileContent   Permission adjustment     /etc/default/syss| The file /etc/default/sysstat permissions are OK
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/default/syss| The file /etc/default/sysstat was not set for section edition, skipping
E| compliant     checkGenericFileContent   Post-modification hook    /etc/default/syss| /etc/default/sysstat was in the proper state, so no command to execute
E| compliant     userGroupManagement       Users                     ansible            The user ansible ( Without any defined full name ) is already present on the system
E| compliant     userGroupManagement       Users                     dryusdan           The user dryusdan ( Without any defined full name ) is already present on the system
E| compliant     userGroupManagement       Password                  ansible            The user ansible ( Without any defined full name ) password change is not required
E| compliant     userGroupManagement       Password                  dryusdan           The user dryusdan ( Without any defined full name ) password change is not required
E| n/a           userGroupManagement       Home directory            ansible            The user ansible doesn't need to have its home directory checked
E| n/a           userGroupManagement       Home directory            dryusdan           The user dryusdan doesn't need to have its home directory checked
E| compliant     repoGpgKeyManagement      Repository GPG Key Manag| 8F2A934F6CFAE977   The GPG Key is already imported
E| compliant     repoGpgKeyManagement      Repository GPG Key Manag| 082AB56BA14FE591   The GPG Key is already imported
E| compliant     aptPackageManagerSettings aptPackageManagerSettings                    APT settings were all already correct
E| compliant     packageManagement         Package                   wget               Presence of package wget in latest available version was correct
E| compliant     packageManagement         Package                   iotop              Presence of package iotop in latest available version was correct
E| compliant     packageManagement         Package                   ncdu               Presence of package ncdu in latest available version was correct
E| compliant     packageManagement         Package                   sysstat            Presence of package sysstat in any version was correct
E| compliant     packageManagement         Package                   needrestart        Presence of package needrestart in latest available version was correct
E| compliant     packageManagement         Package                   atop               Presence of package atop in latest available version was correct
E| compliant     packageManagement         Package                   dynamicmotd        Presence of package dynamicmotd in latest available version was correct
E| compliant     packageManagement         Package                   curl               Presence of package curl in latest available version was correct
E| compliant     packageManagement         Package                   sudo               Presence of package sudo in latest available version was correct
E| compliant     packageManagement         Package                   prometheus-node-e| Presence of package prometheus-node-exporter in latest available version was correct
E| compliant     packageManagement         Package                   htop               Presence of package htop in latest available version was correct
E| compliant     packageManagement         Package                   parted             Presence of package parted in latest available version was correct
E| compliant     packageManagement         Package                   vim                Presence of package vim in latest available version was correct
E| compliant     packageManagement         Package                   etckeeper          Presence of package etckeeper in latest available version was correct
E| compliant     packageManagement         Package                   strace             Presence of package strace in latest available version was correct
E| compliant     packageManagement         Package                   tcpdump            Presence of package tcpdump in any version was correct
E| compliant     packageManagement         Package                   zabbix-agent       Presence of package zabbix-agent in latest available version was correct
E| compliant     packageManagement         Package                   screen             Presence of package screen in latest available version was correct
E| compliant     packageManagement         Package                   git                Presence of package git in latest available version was correct
E| n/a           packageManagement         Post-modification script  wget               No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  iotop              No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  ncdu               No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  sysstat            No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  needrestart        No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  atop               No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  dynamicmotd        No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  curl               No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  sudo               No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  prometheus-node-e| No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  htop               No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  parted             No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  vim                No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  etckeeper          No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  strace             No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  tcpdump            No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  zabbix-agent       No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  screen             No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  git                No post-modification script was set to run
E| compliant     checkGenericFileContent   File                      /etc/default/prom| The file /etc/default/prometheus-node-exporter was already in accordance with the policy
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/default/prom| The file /etc/default/prometheus-node-exporter was not set for any line deletion
E| compliant     checkGenericFileContent   Line replacement regular| /etc/default/prom| The file /etc/default/prometheus-node-exporter was not set for any line replacement
E| compliant     checkGenericFileContent   Permission adjustment     /etc/default/prom| The file /etc/default/prometheus-node-exporter permissions are OK
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/default/prom| The file /etc/default/prometheus-node-exporter was not set for section edition, skipping
E| compliant     checkGenericFileContent   Post-modification hook    /etc/default/prom| /etc/default/prometheus-node-exporter was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   File                      /etc/apt/sources.| The file /etc/apt/sources.list was already in accordance with the policy
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/apt/sources.| The file /etc/apt/sources.list was not set for any line deletion
E| compliant     checkGenericFileContent   Line replacement regular| /etc/apt/sources.| The file /etc/apt/sources.list was not set for any line replacement
E| compliant     checkGenericFileContent   Permission adjustment     /etc/apt/sources.| The file /etc/apt/sources.list uses default permissions
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/apt/sources.| The file /etc/apt/sources.list was not set for section edition, skipping
E| compliant     checkGenericFileContent   Post-modification hook    /etc/apt/sources.| /etc/apt/sources.list was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   File                      /etc/apt/apt.conf| The file /etc/apt/apt.conf.d/02periodic was already in accordance with the policy
E| compliant     checkGenericFileContent   File                      /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/remote_command.conf was already in accordance with the policy
E| compliant     checkGenericFileContent   File                      /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/log.conf was already in accordance with the policy
E| compliant     checkGenericFileContent   File                      /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_md.conf was already in accordance with the policy
E| compliant     checkGenericFileContent   File                      /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/server.conf was already in accordance with the policy
E| compliant     checkGenericFileContent   File                      /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_needrestart.conf was already in accordance with the policy
E| compliant     checkGenericFileContent   File                      /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_mysql.conf was already in accordance with the policy
E| compliant     checkGenericFileContent   File                      /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_apt.conf was already in accordance with the policy
E| compliant     checkGenericFileContent   File                      /usr/share/zabbix| The file /usr/share/zabbix-agent/scripts/barman_discovery.py was already in accordance with the policy
E| compliant     checkGenericFileContent   File                      /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_barman.conf was already in accordance with the policy
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/apt/apt.conf| The file /etc/apt/apt.conf.d/02periodic was not set for any line deletion
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/remote_command.conf was not set for any line deletion
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/log.conf was not set for any line deletion
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_md.conf was not set for any line deletion
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/server.conf was not set for any line deletion
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_needrestart.conf was not set for any line deletion
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_mysql.conf was not set for any line deletion
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_apt.conf was not set for any line deletion
E| compliant     checkGenericFileContent   Line deletion regular ex| /usr/share/zabbix| The file /usr/share/zabbix-agent/scripts/barman_discovery.py was not set for any line deletion
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_barman.conf was not set for any line deletion
E| compliant     checkGenericFileContent   Line replacement regular| /etc/apt/apt.conf| The file /etc/apt/apt.conf.d/02periodic was not set for any line replacement
E| compliant     checkGenericFileContent   Line replacement regular| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/remote_command.conf was not set for any line replacement
E| compliant     checkGenericFileContent   Line replacement regular| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/log.conf was not set for any line replacement
E| compliant     checkGenericFileContent   Line replacement regular| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_md.conf was not set for any line replacement
E| compliant     checkGenericFileContent   Line replacement regular| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/server.conf was not set for any line replacement
E| compliant     checkGenericFileContent   Line replacement regular| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_needrestart.conf was not set for any line replacement
E| compliant     checkGenericFileContent   Line replacement regular| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_mysql.conf was not set for any line replacement
E| compliant     checkGenericFileContent   Line replacement regular| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_apt.conf was not set for any line replacement
E| compliant     checkGenericFileContent   Line replacement regular| /usr/share/zabbix| The file /usr/share/zabbix-agent/scripts/barman_discovery.py was not set for any line replacement
E| compliant     checkGenericFileContent   Line replacement regular| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_barman.conf was not set for any line replacement
E| compliant     checkGenericFileContent   Permission adjustment     /etc/apt/apt.conf| The file /etc/apt/apt.conf.d/02periodic permissions are OK
E| compliant     checkGenericFileContent   Permission adjustment     /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/remote_command.conf permissions are OK
E| compliant     checkGenericFileContent   Permission adjustment     /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/log.conf permissions are OK
E| compliant     checkGenericFileContent   Permission adjustment     /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_md.conf permissions are OK
E| compliant     checkGenericFileContent   Permission adjustment     /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/server.conf permissions are OK
E| compliant     checkGenericFileContent   Permission adjustment     /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_needrestart.conf permissions are OK
E| compliant     checkGenericFileContent   Permission adjustment     /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_mysql.conf permissions are OK
E| compliant     checkGenericFileContent   Permission adjustment     /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_apt.conf permissions are OK
E| compliant     checkGenericFileContent   Permission adjustment     /usr/share/zabbix| The file /usr/share/zabbix-agent/scripts/barman_discovery.py permissions are OK
E| compliant     checkGenericFileContent   Permission adjustment     /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_barman.conf permissions are OK
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/apt/apt.conf| The file /etc/apt/apt.conf.d/02periodic was not set for section edition, skipping
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/remote_command.conf was not set for section edition, skipping
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/log.conf was not set for section edition, skipping
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_md.conf was not set for section edition, skipping
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/server.conf was not set for section edition, skipping
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_needrestart.conf was not set for section edition, skipping
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_mysql.conf was not set for section edition, skipping
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_apt.conf was not set for section edition, skipping
E| compliant     checkGenericFileContent   Enforce content by secti| /usr/share/zabbix| The file /usr/share/zabbix-agent/scripts/barman_discovery.py was not set for section edition, skipping
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_barman.conf was not set for section edition, skipping
E| n/a           checkGenericFileContent   Post-modification hook    /etc/apt/apt.conf| No command for /etc/apt/apt.conf.d/02periodic was to be executed
E| compliant     checkGenericFileContent   Post-modification hook    /etc/zabbix/zabbi| /etc/zabbix/zabbix_agentd.d/remote_command.conf was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   Post-modification hook    /etc/zabbix/zabbi| /etc/zabbix/zabbix_agentd.d/log.conf was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   Post-modification hook    /etc/zabbix/zabbi| /etc/zabbix/zabbix_agentd.d/userparameter_md.conf was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   Post-modification hook    /etc/zabbix/zabbi| /etc/zabbix/zabbix_agentd.d/server.conf was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   Post-modification hook    /etc/zabbix/zabbi| /etc/zabbix/zabbix_agentd.d/userparameter_needrestart.conf was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   Post-modification hook    /etc/zabbix/zabbi| /etc/zabbix/zabbix_agentd.d/userparameter_mysql.conf was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   Post-modification hook    /etc/zabbix/zabbi| /etc/zabbix/zabbix_agentd.d/userparameter_apt.conf was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   Post-modification hook    /usr/share/zabbix| /usr/share/zabbix-agent/scripts/barman_discovery.py was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   Post-modification hook    /etc/zabbix/zabbi| /etc/zabbix/zabbix_agentd.d/userparameter_barman.conf was in the proper state, so no command to execute
E| compliant     ntpConfiguration          Time synchronization (NT|                    The ntp package installation was correct
E| compliant     ntpConfiguration          Time zone                                    Time zone was already correctly configured
E| compliant     ntpConfiguration          Hardware clock (RTC)                         It is not yet time to synchronize the hardware clock with the NTP time. Skipping...
E| compliant     sshKeyDistribution        Flush SSH file            Ansible key        The keys for user root were all correctly set
E| compliant     sudoParameters            sudoersFile                                  The sudoers file did not require any modification
E| n/a           Common                    Monitoring                                   No Rudder monitoring information to share with the server

## Summary #####################################################################
157 components verified in 18 directives
   => 157 components in Enforce mode
      -> 133 compliant
      -> 1 repaired
      -> 23 not-applicable
Execution time: 8.23s
################################################################################
Rudder agent 6.0.2-debian10
Node uuid: a012b27e-6395-4df7-b226-3707470b1bab
Start execution with config [20200203-074626-cd4a5b4d]

M| State         Technique                 Component                 Key                Message
E| compliant     Common                    ncf Initialization                           Configuration library initialization was correct
E| repaired      Common                    Update                                       Policy or configuration library were updated
E| compliant     Common                    Security parameters                          The internal environment security is acceptable
E| compliant     Common                    CRON Daemon                                  Cron daemon status was correct
E| compliant     Common                    Log system for reports                       Logging system for report centralization is already correctly configured
E| compliant     Inventory                 inventory                                    Next inventory scheduled between 00:00 and 06:00
E| compliant     sudoParameters            Install sudo                                 Installing package sudo was correct
E| compliant     ConfigureDNS              dnsConfiguration                             The DNS is correctly configured
E| compliant     sshKeyDistribution        SSH key                   romane@melme       SSH key "romane@melme" for user dryusdan was correct
E| compliant     sshKeyDistribution        SSH key                   trist@DESKTOP-GAM| SSH key "trist@DESKTOP-GAMING" for user dryusdan was correct
E| compliant     sshKeyDistribution        SSH key                   dryusdan@Nemo.dry| SSH key "dryusdan@Nemo.dryusdan.fr" for user dryusdan was correct
E| compliant     sshKeyDistribution        SSH key                   u0_a134@localhost  SSH key "u0_a134@localhost" for user dryusdan was correct
E| compliant     sshKeyDistribution        SSH key                   ansible@Mul.dryus| SSH key "ansible@Mul.dryusdan.fr" for user dryusdan was correct
E| compliant     sshKeyDistribution        SSH key                   dryusdan@Leilith.| SSH key "dryusdan@Leilith.dryusdan.fr" for user dryusdan was correct
E| compliant     sshKeyDistribution        SSH key                   Ansible key        SSH key "Ansible key" for user root was correct
E| compliant     OpenSSH server            SSH installation                             The OpenSSH server package installation was correct
E| compliant     OpenSSH server            SSH process                                  The OpenSSH server service is running
E| compliant     OpenSSH server            SSH start at boot                            OpenSSH is starting on boot as required
E| compliant     OpenSSH server            SSH port configuration                       The OpenSSH server port configuration was correct
E| compliant     OpenSSH server            SSH listening addresses |                    The OpenSSH server listening addresses configuration was correct
E| compliant     OpenSSH server            SSH configuration                            The OpenSSH server configuration was correct
E| compliant     sudoParameters            Permissions               ansible            The user ansible was correct
E| compliant     sudoParameters            Permissions               root               The user root was correct
E| compliant     sudoParameters            Permissions               zabbix             The user zabbix was correct
E| compliant     sudoParameters            Permissions               dryusdan           The user dryusdan was correct
E| compliant     checkGenericFileContent   File                      /etc/default/syss| The file /etc/default/sysstat was already in accordance with the policy
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/default/syss| The file /etc/default/sysstat was not set for any line deletion
E| compliant     checkGenericFileContent   Line replacement regular| /etc/default/syss| The file /etc/default/sysstat was not set for any line replacement
E| compliant     checkGenericFileContent   Permission adjustment     /etc/default/syss| The file /etc/default/sysstat permissions are OK
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/default/syss| The file /etc/default/sysstat was not set for section edition, skipping
E| compliant     checkGenericFileContent   Post-modification hook    /etc/default/syss| /etc/default/sysstat was in the proper state, so no command to execute
E| compliant     userGroupManagement       Users                     ansible            The user ansible ( Without any defined full name ) is already present on the system
E| compliant     userGroupManagement       Users                     dryusdan           The user dryusdan ( Without any defined full name ) is already present on the system
E| compliant     userGroupManagement       Password                  ansible            The user ansible ( Without any defined full name ) password change is not required
E| compliant     userGroupManagement       Password                  dryusdan           The user dryusdan ( Without any defined full name ) password change is not required
E| n/a           userGroupManagement       Home directory            ansible            The user ansible doesn't need to have its home directory checked
E| n/a           userGroupManagement       Home directory            dryusdan           The user dryusdan doesn't need to have its home directory checked
E| compliant     repoGpgKeyManagement      Repository GPG Key Manag| 8F2A934F6CFAE977   The GPG Key is already imported
E| compliant     repoGpgKeyManagement      Repository GPG Key Manag| 082AB56BA14FE591   The GPG Key is already imported
E| compliant     aptPackageManagerSettings aptPackageManagerSettings                    APT settings were all already correct
E| compliant     packageManagement         Package                   wget               Presence of package wget in latest available version was correct
E| compliant     packageManagement         Package                   iotop              Presence of package iotop in latest available version was correct
E| compliant     packageManagement         Package                   ncdu               Presence of package ncdu in latest available version was correct
E| compliant     packageManagement         Package                   sysstat            Presence of package sysstat in any version was correct
E| compliant     packageManagement         Package                   needrestart        Presence of package needrestart in latest available version was correct
E| compliant     packageManagement         Package                   atop               Presence of package atop in latest available version was correct
E| compliant     packageManagement         Package                   dynamicmotd        Presence of package dynamicmotd in latest available version was correct
E| compliant     packageManagement         Package                   curl               Presence of package curl in latest available version was correct
E| compliant     packageManagement         Package                   sudo               Presence of package sudo in latest available version was correct
E| compliant     packageManagement         Package                   prometheus-node-e| Presence of package prometheus-node-exporter in latest available version was correct
E| compliant     packageManagement         Package                   htop               Presence of package htop in latest available version was correct
E| compliant     packageManagement         Package                   parted             Presence of package parted in latest available version was correct
E| compliant     packageManagement         Package                   vim                Presence of package vim in latest available version was correct
E| compliant     packageManagement         Package                   etckeeper          Presence of package etckeeper in latest available version was correct
E| compliant     packageManagement         Package                   strace             Presence of package strace in latest available version was correct
E| compliant     packageManagement         Package                   tcpdump            Presence of package tcpdump in any version was correct
E| compliant     packageManagement         Package                   zabbix-agent       Presence of package zabbix-agent in latest available version was correct
E| compliant     packageManagement         Package                   screen             Presence of package screen in latest available version was correct
E| compliant     packageManagement         Package                   git                Presence of package git in latest available version was correct
E| n/a           packageManagement         Post-modification script  wget               No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  iotop              No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  ncdu               No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  sysstat            No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  needrestart        No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  atop               No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  dynamicmotd        No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  curl               No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  sudo               No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  prometheus-node-e| No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  htop               No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  parted             No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  vim                No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  etckeeper          No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  strace             No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  tcpdump            No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  zabbix-agent       No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  screen             No post-modification script was set to run
E| n/a           packageManagement         Post-modification script  git                No post-modification script was set to run
E| compliant     checkGenericFileContent   File                      /etc/default/prom| The file /etc/default/prometheus-node-exporter was already in accordance with the policy
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/default/prom| The file /etc/default/prometheus-node-exporter was not set for any line deletion
E| compliant     checkGenericFileContent   Line replacement regular| /etc/default/prom| The file /etc/default/prometheus-node-exporter was not set for any line replacement
E| compliant     checkGenericFileContent   Permission adjustment     /etc/default/prom| The file /etc/default/prometheus-node-exporter permissions are OK
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/default/prom| The file /etc/default/prometheus-node-exporter was not set for section edition, skipping
E| compliant     checkGenericFileContent   Post-modification hook    /etc/default/prom| /etc/default/prometheus-node-exporter was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   File                      /etc/apt/sources.| The file /etc/apt/sources.list was already in accordance with the policy
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/apt/sources.| The file /etc/apt/sources.list was not set for any line deletion
E| compliant     checkGenericFileContent   Line replacement regular| /etc/apt/sources.| The file /etc/apt/sources.list was not set for any line replacement
E| compliant     checkGenericFileContent   Permission adjustment     /etc/apt/sources.| The file /etc/apt/sources.list uses default permissions
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/apt/sources.| The file /etc/apt/sources.list was not set for section edition, skipping
E| compliant     checkGenericFileContent   Post-modification hook    /etc/apt/sources.| /etc/apt/sources.list was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   File                      /etc/apt/apt.conf| The file /etc/apt/apt.conf.d/02periodic was already in accordance with the policy
E| compliant     checkGenericFileContent   File                      /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/remote_command.conf was already in accordance with the policy
E| compliant     checkGenericFileContent   File                      /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/log.conf was already in accordance with the policy
E| compliant     checkGenericFileContent   File                      /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_md.conf was already in accordance with the policy
E| compliant     checkGenericFileContent   File                      /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/server.conf was already in accordance with the policy
E| compliant     checkGenericFileContent   File                      /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_needrestart.conf was already in accordance with the policy
E| compliant     checkGenericFileContent   File                      /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_mysql.conf was already in accordance with the policy
E| compliant     checkGenericFileContent   File                      /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_apt.conf was already in accordance with the policy
E| compliant     checkGenericFileContent   File                      /usr/share/zabbix| The file /usr/share/zabbix-agent/scripts/barman_discovery.py was already in accordance with the policy
E| compliant     checkGenericFileContent   File                      /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_barman.conf was already in accordance with the policy
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/apt/apt.conf| The file /etc/apt/apt.conf.d/02periodic was not set for any line deletion
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/remote_command.conf was not set for any line deletion
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/log.conf was not set for any line deletion
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_md.conf was not set for any line deletion
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/server.conf was not set for any line deletion
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_needrestart.conf was not set for any line deletion
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_mysql.conf was not set for any line deletion
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_apt.conf was not set for any line deletion
E| compliant     checkGenericFileContent   Line deletion regular ex| /usr/share/zabbix| The file /usr/share/zabbix-agent/scripts/barman_discovery.py was not set for any line deletion
E| compliant     checkGenericFileContent   Line deletion regular ex| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_barman.conf was not set for any line deletion
E| compliant     checkGenericFileContent   Line replacement regular| /etc/apt/apt.conf| The file /etc/apt/apt.conf.d/02periodic was not set for any line replacement
E| compliant     checkGenericFileContent   Line replacement regular| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/remote_command.conf was not set for any line replacement
E| compliant     checkGenericFileContent   Line replacement regular| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/log.conf was not set for any line replacement
E| compliant     checkGenericFileContent   Line replacement regular| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_md.conf was not set for any line replacement
E| compliant     checkGenericFileContent   Line replacement regular| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/server.conf was not set for any line replacement
E| compliant     checkGenericFileContent   Line replacement regular| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_needrestart.conf was not set for any line replacement
E| compliant     checkGenericFileContent   Line replacement regular| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_mysql.conf was not set for any line replacement
E| compliant     checkGenericFileContent   Line replacement regular| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_apt.conf was not set for any line replacement
E| compliant     checkGenericFileContent   Line replacement regular| /usr/share/zabbix| The file /usr/share/zabbix-agent/scripts/barman_discovery.py was not set for any line replacement
E| compliant     checkGenericFileContent   Line replacement regular| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_barman.conf was not set for any line replacement
E| compliant     checkGenericFileContent   Permission adjustment     /etc/apt/apt.conf| The file /etc/apt/apt.conf.d/02periodic permissions are OK
E| compliant     checkGenericFileContent   Permission adjustment     /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/remote_command.conf permissions are OK
E| compliant     checkGenericFileContent   Permission adjustment     /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/log.conf permissions are OK
E| compliant     checkGenericFileContent   Permission adjustment     /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_md.conf permissions are OK
E| compliant     checkGenericFileContent   Permission adjustment     /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/server.conf permissions are OK
E| compliant     checkGenericFileContent   Permission adjustment     /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_needrestart.conf permissions are OK
E| compliant     checkGenericFileContent   Permission adjustment     /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_mysql.conf permissions are OK
E| compliant     checkGenericFileContent   Permission adjustment     /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_apt.conf permissions are OK
E| compliant     checkGenericFileContent   Permission adjustment     /usr/share/zabbix| The file /usr/share/zabbix-agent/scripts/barman_discovery.py permissions are OK
E| compliant     checkGenericFileContent   Permission adjustment     /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_barman.conf permissions are OK
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/apt/apt.conf| The file /etc/apt/apt.conf.d/02periodic was not set for section edition, skipping
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/remote_command.conf was not set for section edition, skipping
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/log.conf was not set for section edition, skipping
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_md.conf was not set for section edition, skipping
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/server.conf was not set for section edition, skipping
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_needrestart.conf was not set for section edition, skipping
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_mysql.conf was not set for section edition, skipping
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_apt.conf was not set for section edition, skipping
E| compliant     checkGenericFileContent   Enforce content by secti| /usr/share/zabbix| The file /usr/share/zabbix-agent/scripts/barman_discovery.py was not set for section edition, skipping
E| compliant     checkGenericFileContent   Enforce content by secti| /etc/zabbix/zabbi| The file /etc/zabbix/zabbix_agentd.d/userparameter_barman.conf was not set for section edition, skipping
E| n/a           checkGenericFileContent   Post-modification hook    /etc/apt/apt.conf| No command for /etc/apt/apt.conf.d/02periodic was to be executed
E| compliant     checkGenericFileContent   Post-modification hook    /etc/zabbix/zabbi| /etc/zabbix/zabbix_agentd.d/remote_command.conf was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   Post-modification hook    /etc/zabbix/zabbi| /etc/zabbix/zabbix_agentd.d/log.conf was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   Post-modification hook    /etc/zabbix/zabbi| /etc/zabbix/zabbix_agentd.d/userparameter_md.conf was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   Post-modification hook    /etc/zabbix/zabbi| /etc/zabbix/zabbix_agentd.d/server.conf was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   Post-modification hook    /etc/zabbix/zabbi| /etc/zabbix/zabbix_agentd.d/userparameter_needrestart.conf was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   Post-modification hook    /etc/zabbix/zabbi| /etc/zabbix/zabbix_agentd.d/userparameter_mysql.conf was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   Post-modification hook    /etc/zabbix/zabbi| /etc/zabbix/zabbix_agentd.d/userparameter_apt.conf was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   Post-modification hook    /usr/share/zabbix| /usr/share/zabbix-agent/scripts/barman_discovery.py was in the proper state, so no command to execute
E| compliant     checkGenericFileContent   Post-modification hook    /etc/zabbix/zabbi| /etc/zabbix/zabbix_agentd.d/userparameter_barman.conf was in the proper state, so no command to execute
E| compliant     ntpConfiguration          Time synchronization (NT|                    The ntp package installation was correct
E| compliant     ntpConfiguration          Time zone                                    Time zone was already correctly configured
E| compliant     ntpConfiguration          Hardware clock (RTC)                         It is not yet time to synchronize the hardware clock with the NTP time. Skipping...
E| compliant     sshKeyDistribution        Flush SSH file            Ansible key        The keys for user root were all correctly set
E| compliant     sudoParameters            sudoersFile                                  The sudoers file did not require any modification
E| n/a           Common                    Monitoring                                   No Rudder monitoring information to share with the server

## Summary #####################################################################
157 components verified in 18 directives
   => 157 components in Enforce mode
      -> 133 compliant
      -> 1 repaired
      -> 23 not-applicable
Execution time: 10.72s
################################################################################

Regard

#2

Updated by Vincent MEMBRÉ 7 months ago

  • Target version changed from 6.0.3 to 6.0.4
#3

Updated by Vincent MEMBRÉ 7 months ago

  • Target version changed from 6.0.4 to 6.0.5
#4

Updated by Vincent MEMBRÉ 5 months ago

  • Target version changed from 6.0.5 to 6.0.6
#5

Updated by Vincent MEMBRÉ 5 months ago

  • Target version changed from 6.0.6 to 6.0.7
#6

Updated by Vincent MEMBRÉ 3 months ago

  • Target version changed from 6.0.7 to 6.0.8
#7

Updated by Nicolas Ecarnot 3 months ago

Hello,

I'm facing the same issue, and as I see the bug resolution gets postponed versions after versions, may I ask in which part of the code I could have a look at to try to help?

#8

Updated by François ARMAND 3 months ago

  • Related to Bug #4963: RHEL 3 and 4 don't report correctly due to "/bin/date: unrecognized option `--rfc-3339=second'" added
#9

Updated by François ARMAND 3 months ago

  • Related to deleted (Bug #4963: RHEL 3 and 4 don't report correctly due to "/bin/date: unrecognized option `--rfc-3339=second'")
#10

Updated by François ARMAND 3 months ago

  • Related to Bug #14963: SSH key distribution fails added
#11

Updated by François ARMAND 3 months ago

Backporting relevant info from #14963:

From Félix:

On a rudder 5.0 I tried to deploy a new ssh key to a user without any .ssh/authorized_keys defined.
I had already another directive handling ssh keys for other user, applied on this node.

At execution time, I have no report for the new directive and I only have an error prompt like:

   error: Failed to chdir into '/var/rudder/tmp/check_ssh_key_distribution'. (chdir: 'No such file or directory')
   error: Promised to edit '/var/rudder/tmp/check_ssh_key_distribution//vincent.membre.authorized_keys.tmp', but file does not exist
   error: Method 'check_ssh_key_distribution_4_0_497ba345_ee17_4622_af54_20dbe0d9048f' failed in some repairs

The "other" directive was in 3.0 with the flushing key option set.
The "new" one was in 4.0 without the option set.

Migrating the "new" one to 3.0 fixed the issue. I guess that we are now handling the flushing the same way between 3.0 and 4.0 which break the compatibility

#12

Updated by François ARMAND 3 months ago

  • User visibility set to Getting started - demo | first install | Technique editor and level 1 Techniques
  • Priority changed from 0 to 47

It seems to not have a real impact on file distribution, so letting to minor.
But several users are hitting it, so user visibility is hight.

#13

Updated by Vincent MEMBRÉ 2 months ago

  • Target version changed from 6.0.8 to 6.0.9
  • Priority changed from 47 to 46
#14

Updated by Nicolas CHARLES about 1 month ago

  • Target version changed from 6.0.9 to 5.0.19
#15

Updated by Nicolas CHARLES about 1 month ago

  • Status changed from New to In progress
  • Assignee set to Nicolas CHARLES
#16

Updated by Nicolas CHARLES about 1 month ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Alexis MOUSSET
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/1616
#17

Updated by Nicolas CHARLES about 1 month ago

  • Status changed from Pending technical review to Pending release
#18

Updated by Nicolas CHARLES 17 days ago

  • Priority changed from 46 to 45
#19

Updated by Vincent MEMBRÉ 9 days ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 5.0.19, 6.0.8 and 6.1.4 which were released today.

Also available in: Atom PDF