Actions
Bug #16576
closed
6.0 agents are unable to download their policies from a 5.0 server
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Reviewed
Fix check:
To do
Regression:
Description
I have a 5.0.8 server, but when I tried to install an agent 6.0 under it,it printed errors like this:
E| n/a Common Process checking Rudder agent proccesses check is done by the rudder-agent cron job rudder info: Moved '/etc/cron.d/rudder-agent_1579268651_Fri_Jan_17_13_44_12_2020.cf-before-edit' to repository location '/var/rudder/modified-files/_etc_cron_d_rudder_agent_1579268651_Fri_Jan_17_13_44_12_2020_cf_before_edit' rudder info: Updated rendering of '/etc/cron.d/rudder-agent' from mustache template '/var/rudder/cfengine-community/inputs/common/cron/rudder-agent-community-cron' rudder info: Edit file '/etc/cron.d/rudder-agent' E| compliant Common CRON Daemon Cron daemon status was correct rudder info: Executing 'no timeout' ... '/opt/rudder/bin/curl -L -k -1 -s -f --proxy '' -o "/var/rudder/cfengine-community/rudder-server-uuid.txt" https://192.168.44.2/uuid' rudder info: Completed execution of '/opt/rudder/bin/curl -L -k -1 -s -f --proxy '' -o "/var/rudder/cfengine-community/rudder-server-uuid.txt" https://192.168.44.2/uuid' error: Anomalous ending ' P' while parsing real number: 24 Platform : linux localhost 4.9.0 1 smp debian 4.9.0 x86_64 gnulinux error: Anomalous ending ' P' while parsing real number: 24
After running a rudder agent check, I was able to send my inventory and accept the node on the server.
But afterwards, the node could never update itself, always printing:
root@agent:~# rudder agent update R: ********************************************************************************* * rudder-agent could not get an updated configuration from the policy server. * * This can be caused by: * * * an agent key that has been changed * * * if this node is not accepted or deleted node on the Rudder root server * * * if this node has changed policy server without sending a new inventory * * Any existing configuration policy will continue to be applied without change. * ********************************************************************************* error: Rudder agent promises could not be updated.
When looking into the verbose log server-side of cf-serverd, I find out that the node was refused due to:
rudder info: 192.168.44.3> access denied to STAT: /var/rudder/share/0c462a6c-596a-443d-b610-08818b1bf28a/rules/cfengine-community/rudder_promises_generated rudder verbose: 192.168.44.3> REFUSAL to user='root' of request: SYNCH 1579269894 STAT /var/rudder/share/0c462a6c-596a-443d-b610-08818b1bf28a/rules/cfengine-community/rudder_promises_generated
And this one was resulting from the removal of the cfengine key from the inventory (CFENGINE_KEY field) in 6.0, when it is still used in 5.0 to define the ACLs which guard the policy file at update time.
It seems to be fixed since #15547.
Updated by 
Updated by
Actions