Bug #16653
closedHTTPS Reporting is not working
Description
Hello There,
as soon as I activate HTTPS reporting on the Rudder Server the Nodes are not reporting back anymore.
They list as No Report and the Last Seen is also on the Timestamp of the change to HTTPS.
When I switch back to SYSLOG it's fine.
I see that the nodes are sending Packets to Rudder to Port 443 and those are arriving on the server.
The Agents on the Nodes have no errors (rudder agent run works perfectly fine on the nodes).
There's also nothing logged at the Technical Logs tab from the Nodes.
Rudder Server is 6.0.2 (all the nodes too) and running on CentOS 8.0.1905.
Nodes are:
RedHat 8
CentOS 8
CentOS 7
Greetings,
Marius Rieck
Updated by Alexis Mousset almost 5 years ago
Could be a problem with the relayd service, what do these commands give on the Rudder server:
systemctl status rudder-relayd
journalctl -n20 -u rudder-relayd
Updated by Marius Rieck almost 5 years ago
This is the output:
● rudder-relayd.service - Rudder Relay Daemon
Loaded: loaded (/usr/lib/systemd/system/rudder-relayd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-01-15 11:49:48 CET; 2 weeks 1 days ago
Main PID: 1561 (rudder-relayd)
Tasks: 11 (limit: 24022)
Memory: 13.0M
CGroup: /system.slice/rudder-relayd.service
└─1561 /opt/rudder/bin/rudder-relayd
Jan 31 09:01:34 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=4A5BB40165982F3716BE4649E6B435D4}:node{node_id=52d90d89-8df6-4e15-a513-45c6869ee235}: relayd::processing::reporting: refused: report from "52d90d89-8df6-4e15-a513-45c6869ee235", unknown id
Jan 31 09:02:26 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=2DC9B52F6E8AAF1C6F779E2D0D786471}:node{node_id=5b601d52-fc8a-4fe5-8426-60178b0c4f70}: relayd::processing::reporting: refused: report from "5b601d52-fc8a-4fe5-8426-60178b0c4f70", unknown id
Jan 31 09:05:31 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=17D3D924BD11ED2B9BCDA42C4BA25108}:node{node_id=root}: relayd::processing::reporting: refused: report from "root", unknown id
Jan 31 09:06:57 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=1F8A7F9923F2C45ECC8A70243CF9F2D5}:node{node_id=52d90d89-8df6-4e15-a513-45c6869ee235}: relayd::processing::reporting: refused: report from "52d90d89-8df6-4e15-a513-45c6869ee235", unknown id
Jan 31 09:07:41 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=E498C0EA0532B9B37A5F951C225D96C2}:node{node_id=5b601d52-fc8a-4fe5-8426-60178b0c4f70}: relayd::processing::reporting: refused: report from "5b601d52-fc8a-4fe5-8426-60178b0c4f70", unknown id
Jan 31 09:10:31 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=E4CD3CB64804A893C1DD5EFFA469846D}:node{node_id=root}: relayd::processing::reporting: refused: report from "root", unknown id
Jan 31 09:12:20 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=7AE52BC0765BEC3D1A988153873B451F}:node{node_id=52d90d89-8df6-4e15-a513-45c6869ee235}: relayd::processing::reporting: refused: report from "52d90d89-8df6-4e15-a513-45c6869ee235", unknown id
Jan 31 09:12:54 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=0BDE5EEC175288FE9E950BA6356C7695}:node{node_id=5b601d52-fc8a-4fe5-8426-60178b0c4f70}: relayd::processing::reporting: refused: report from "5b601d52-fc8a-4fe5-8426-60178b0c4f70", unknown id
Jan 31 09:15:31 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=D15F48E0030C85B61A89B911EECA8AB7}:node{node_id=root}: relayd::processing::reporting: refused: report from "root", unknown id
Jan 31 09:16:43 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=C64B0418794D833F958080A2588CA505}:node{node_id=52d90d89-8df6-4e15-a513-45c6869ee235}: relayd::processing::reporting: refused: report from "52d90d89-8df6-4e15-a513-45c6869ee235", unknown id
-- Logs begin at Tue 2020-01-28 05:40:50 CET, end at Fri 2020-01-31 09:17:20 CET. --
Jan 31 08:45:30 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=6099B983180E2E9A6A1EFB05E9FFEBBC}:node{node_id=root}: relayd::processing::reporting: refused: report from "root", unknown id
Jan 31 08:46:25 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=65B217BED0BA7B8E50F75F8D22C8D987}:node{node_id=52d90d89-8df6-4e15-a513-45c6869ee235}: relayd::processing::reporting: refused: report from "52d90d89-8df6-4e15-a513-45c6869ee235", unknown id
Jan 31 08:47:44 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=BE799BA5EEDAD7F537D92561DBA3D62F}:node{node_id=5b601d52-fc8a-4fe5-8426-60178b0c4f70}: relayd::processing::reporting: refused: report from "5b601d52-fc8a-4fe5-8426-60178b0c4f70", unknown id
Jan 31 08:50:30 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=E83070CCDE28C3F500A38D9C851AAAD9}:node{node_id=root}: relayd::processing::reporting: refused: report from "root", unknown id
Jan 31 08:51:48 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=DD9FD893C36E38B3EDC10C8D4EA9FD42}:node{node_id=52d90d89-8df6-4e15-a513-45c6869ee235}: relayd::processing::reporting: refused: report from "52d90d89-8df6-4e15-a513-45c6869ee235", unknown id
Jan 31 08:52:59 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=A5939919CA3F3C60EBEFD030A73A676A}:node{node_id=5b601d52-fc8a-4fe5-8426-60178b0c4f70}: relayd::processing::reporting: refused: report from "5b601d52-fc8a-4fe5-8426-60178b0c4f70", unknown id
Jan 31 08:55:30 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=EC3696D93682E3430E7483AED1C48AE4}:node{node_id=root}: relayd::processing::reporting: refused: report from "root", unknown id
Jan 31 08:57:11 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=2F82BED76D7AE48FBB5C8E7143845F53}:node{node_id=52d90d89-8df6-4e15-a513-45c6869ee235}: relayd::processing::reporting: refused: report from "52d90d89-8df6-4e15-a513-45c6869ee235", unknown id
Jan 31 08:58:13 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=4EF351A79C396314F61E7F1F8D238F47}:node{node_id=5b601d52-fc8a-4fe5-8426-60178b0c4f70}: relayd::processing::reporting: refused: report from "5b601d52-fc8a-4fe5-8426-60178b0c4f70", unknown id
Jan 31 09:00:31 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=6DB32B6017B04645F69F67DE10860E5D}:node{node_id=root}: relayd::processing::reporting: refused: report from "root", unknown id
Jan 31 09:01:34 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=4A5BB40165982F3716BE4649E6B435D4}:node{node_id=52d90d89-8df6-4e15-a513-45c6869ee235}: relayd::processing::reporting: refused: report from "52d90d89-8df6-4e15-a513-45c6869ee235", unknown id
Jan 31 09:02:26 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=2DC9B52F6E8AAF1C6F779E2D0D786471}:node{node_id=5b601d52-fc8a-4fe5-8426-60178b0c4f70}: relayd::processing::reporting: refused: report from "5b601d52-fc8a-4fe5-8426-60178b0c4f70", unknown id
Jan 31 09:05:31 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=17D3D924BD11ED2B9BCDA42C4BA25108}:node{node_id=root}: relayd::processing::reporting: refused: report from "root", unknown id
Jan 31 09:06:57 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=1F8A7F9923F2C45ECC8A70243CF9F2D5}:node{node_id=52d90d89-8df6-4e15-a513-45c6869ee235}: relayd::processing::reporting: refused: report from "52d90d89-8df6-4e15-a513-45c6869ee235", unknown id
Jan 31 09:07:41 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=E498C0EA0532B9B37A5F951C225D96C2}:node{node_id=5b601d52-fc8a-4fe5-8426-60178b0c4f70}: relayd::processing::reporting: refused: report from "5b601d52-fc8a-4fe5-8426-60178b0c4f70", unknown id
Jan 31 09:10:31 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=E4CD3CB64804A893C1DD5EFFA469846D}:node{node_id=root}: relayd::processing::reporting: refused: report from "root", unknown id
Jan 31 09:12:20 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=7AE52BC0765BEC3D1A988153873B451F}:node{node_id=52d90d89-8df6-4e15-a513-45c6869ee235}: relayd::processing::reporting: refused: report from "52d90d89-8df6-4e15-a513-45c6869ee235", unknown id
Jan 31 09:12:54 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=0BDE5EEC175288FE9E950BA6356C7695}:node{node_id=5b601d52-fc8a-4fe5-8426-60178b0c4f70}: relayd::processing::reporting: refused: report from "5b601d52-fc8a-4fe5-8426-60178b0c4f70", unknown id
Jan 31 09:15:31 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=D15F48E0030C85B61A89B911EECA8AB7}:node{node_id=root}: relayd::processing::reporting: refused: report from "root", unknown id
Jan 31 09:16:43 svtc-app-03 rudder-relayd[1561]: ERROR report{queue_id=C64B0418794D833F958080A2588CA505}:node{node_id=52d90d89-8df6-4e15-a513-45c6869ee235}: relayd::processing::reporting: refused: report from "52d90d89-8df6-4e15-a513-45c6869ee235", unknown id
Updated by Alexis Mousset almost 5 years ago
What do you have in /var/rudder/lib/relay/nodeslist.json
? Apparently some info may be missing there.
Updated by Marius Rieck almost 5 years ago
The information seems to be okay:
I replaced the server fqdns in this snippet, they were correct.
# cat /var/rudder/lib/relay/nodeslist.json
{
"52d90d89-8df6-4e15-a513-45c6869ee235": {
"hostname": "server1.local.domain",
"key-hash": "sha256:8c72bc79b6950397414a75414a55a1ac48a9d521380f64bd1b3aaf94171c682f",
"policy-server": "root"
}
,
"5b601d52-fc8a-4fe5-8426-60178b0c4f70": {
"hostname": "server2.local.domain",
"key-hash": "sha256:6f40e36d521c38cbecbe643365c63d1687daf2560496bbb35e316edb2e25b2a2",
"policy-server": "root"
}
,
"root": {
"hostname": "rudderroot.local.domain",
"key-hash": "sha256:7d18001341700e11997babfc5fe5eda98759bffddcf21583f35d6ace723ace33",
"policy-server": "root"
}
}
Updated by Alexis Mousset almost 5 years ago
Can you try a rudder relay reload
an send what it gives? (it should be responsible for nodeslist.json reloading, is triggered by the webapp after each policy generation).
Then you can systemctl restart rudder-relayd
and see if it improves the situation.
Updated by Marius Rieck almost 5 years ago
The reload didn't help.
# rudder relay reload
ok: reload relayd configuration.
Service restart didn't help either, the problem persists.
I printed the logs after the restart:
Jan 31 13:24:08 svtc-app-03 systemd[1]: Stopping Rudder Relay Daemon...
Jan 31 13:24:08 svtc-app-03 rudder-relayd[1561]: INFO relayd: Signal received: shutdown requested
Jan 31 13:24:08 svtc-app-03 systemd[1]: Stopped Rudder Relay Daemon.
Jan 31 13:24:08 svtc-app-03 systemd[1]: Started Rudder Relay Daemon.
Jan 31 13:24:08 svtc-app-03 rudder-relayd[23481]: INFO relayd: Starting rudder-relayd 6.0.2
Jan 31 13:24:08 svtc-app-03 rudder-relayd[23481]: INFO relayd: Read configuration from "/opt/rudder/etc/relayd/"
Jan 31 13:24:08 svtc-app-03 rudder-relayd[23481]: INFO relayd::data::node: Parsing nodes list from "/var/rudder/lib/relay/nodeslist.json"
Jan 31 13:24:08 svtc-app-03 rudder-relayd[23481]: INFO relayd::data::node: Nodes list file does not exist, considering it as empty
Jan 31 13:24:08 svtc-app-03 rudder-relayd[23481]: INFO relayd::data::node: Certificates file does not exist, skipping
Jan 31 13:24:08 svtc-app-03 rudder-relayd[23481]: INFO relayd::api: Starting API on 127.0.0.1:3030
Jan 31 13:24:08 svtc-app-03 rudder-relayd[23481]: INFO relayd::input::watch: Starting file watcher on "/var/rudder/reports/incoming"
Jan 31 13:24:08 svtc-app-03 rudder-relayd[23481]: INFO relayd: Skipping inventory as it is disabled
Jan 31 13:24:08 svtc-app-03 rudder-relayd[23481]: INFO relayd: Server started
Jan 31 13:25:35 svtc-app-03 rudder-relayd[23481]: ERROR report{queue_id=82D7218E851FF0743EC3D78CDFBEB0CB}:node{node_id=root}: relayd::processing::reporting: refused: report from "root", unknown id
Jan 31 13:26:56 svtc-app-03 rudder-relayd[23481]: ERROR report{queue_id=8E151B238FE8FB88B462329DF2BD5FE8}:node{node_id=52d90d89-8df6-4e15-a513-45c6869ee235}: relayd::processing::reporting: refused: report from "52d90d89-8df6-4e15-a513-45c6869ee235", unknown id
Updated by Alexis Mousset almost 5 years ago
What does ls -ahl /var/rudder/lib/relay/
give?
Could you try setenforce 0
in case it is an SELinux problem? It is strange it fails to read /var/rudder/lib/relay/nodeslist.json
which exists and looks correct.
Updated by Marius Rieck almost 5 years ago
Alexis MOUSSET wrote:
What does
ls -ahl /var/rudder/lib/relay/
give?Could you try
setenforce 0
in case it is an SELinux problem? It is strange it fails to read/var/rudder/lib/relay/nodeslist.json
which exists and looks correct.
# ls -ahlZ /var/rudder/lib/relay/
total 8.0K
drwxr-xr-x. 2 root root system_u:object_r:var_t:s0 50 Jan 8 20:55 .
drwxr-xr-x. 4 root root system_u:object_r:var_t:s0 30 Dec 23 10:38 ..
-rw-------. 1 root root system_u:object_r:var_t:s0 1.4K Dec 23 10:45 nodescerts.pem
-rw-r-----. 1 rudder-relayd root system_u:object_r:var_t:s0 675 Jan 31 04:22 nodeslist.json
The set enforce 0 did the trick, so somethings up with the labels, complete sealert output:
# sealert -a /var/log/audit/audit.log
1% done'generator' object is not subscriptable
100% done
found 2 alerts in /var/log/audit/audit.log
--------------------------------------------------------------------------------
SELinux is preventing /opt/rudder/bin/rudder-relayd from getattr access on the file /var/rudder/lib/relay/nodeslist.json.
***** Plugin restorecon (99.5 confidence) suggests ************************
If you want to fix the label.
/var/rudder/lib/relay/nodeslist.json default label should be rudder_relayd_var_lib_t.
Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly.
Do
# /sbin/restorecon -v /var/rudder/lib/relay/nodeslist.json
***** Plugin catchall (1.49 confidence) suggests **************************
If you believe that rudder-relayd should be allowed getattr access on the nodeslist.json file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'tokio-runtime-w' --raw | audit2allow -M my-tokioruntimew
# semodule -X 300 -i my-tokioruntimew.pp
Additional Information:
Source Context system_u:system_r:rudder_relayd_t:s0
Target Context system_u:object_r:var_t:s0
Target Objects /var/rudder/lib/relay/nodeslist.json [ file ]
Source tokio-runtime-w
Source Path /opt/rudder/bin/rudder-relayd
Port <Unknown>
Host <Unknown>
Source RPM Packages rudder-server-relay-6.0.2.release-1.EL.8.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.14.1-61.el8_0.2.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name rudderroot
Platform Linux rudderroot 4.18.0-80.11.2.el8_0.x86_64 #1
SMP Tue Sep 24 11:32:19 UTC 2019 x86_64 x86_64
Alert Count 33
First Seen 2020-01-27 01:20:57 CET
Last Seen 2020-01-31 14:57:29 CET
Local ID c0dddcdc-378d-49e7-b005-78e368d62377
Raw Audit Messages
type=AVC msg=audit(1580479049.987:68257): avc: denied { getattr } for pid=25145 comm="rudder-relayd" path="/var/rudder/lib/relay/nodeslist.json" dev="dm-0" ino=33856593 scontext=system_u:system_r:rudder_relayd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1580479049.987:68257): arch=x86_64 syscall=stat success=yes exit=0 a0=559e27ed0fe0 a1=7ffd6cfbb9d0 a2=7ffd6cfbb9d0 a3=559e27d77010 items=0 ppid=1 pid=25145 auid=4294967295 uid=994 gid=990 euid=994 suid=994 fsuid=994 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm=rudder-relayd exe=/opt/rudder/bin/rudder-relayd subj=system_u:system_r:rudder_relayd_t:s0 key=(null)ARCH=x86_64 SYSCALL=stat AUID=unset UID=rudder-relayd GID=rudder EUID=rudder-relayd SUID=rudder-relayd FSUID=rudder-relayd EGID=rudder SGID=rudder FSGID=rudder
Hash: tokio-runtime-w,rudder_relayd_t,var_t,file,getattr
--------------------------------------------------------------------------------
SELinux is preventing /opt/rudder/bin/rudder-relayd from read access on the file nodeslist.json.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that rudder-relayd should be allowed read access on the nodeslist.json file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'rudder-relayd' --raw | audit2allow -M my-rudderrelayd
# semodule -X 300 -i my-rudderrelayd.pp
Additional Information:
Source Context system_u:system_r:rudder_relayd_t:s0
Target Context system_u:object_r:var_t:s0
Target Objects nodeslist.json [ file ]
Source rudder-relayd
Source Path /opt/rudder/bin/rudder-relayd
Port <Unknown>
Host <Unknown>
Source RPM Packages rudder-server-relay-6.0.2.release-1.EL.8.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.14.1-61.el8_0.2.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name rudderroot
Platform Linux rudderroot 4.18.0-80.11.2.el8_0.x86_64 #1
SMP Tue Sep 24 11:32:19 UTC 2019 x86_64 x86_64
Alert Count 1
First Seen 2020-01-31 14:57:29 CET
Last Seen 2020-01-31 14:57:29 CET
Local ID 91f5579e-4574-48d7-ad29-6f9a2d8202fa
Raw Audit Messages
type=AVC msg=audit(1580479049.987:68258): avc: denied { read } for pid=25145 comm="rudder-relayd" name="nodeslist.json" dev="dm-0" ino=33856593 scontext=system_u:system_r:rudder_relayd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
type=AVC msg=audit(1580479049.987:68258): avc: denied { open } for pid=25145 comm="rudder-relayd" path="/var/rudder/lib/relay/nodeslist.json" dev="dm-0" ino=33856593 scontext=system_u:system_r:rudder_relayd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1580479049.987:68258): arch=x86_64 syscall=openat success=yes exit=EFAULT a0=ffffff9c a1=559e27ed0fe0 a2=80000 a3=0 items=0 ppid=1 pid=25145 auid=4294967295 uid=994 gid=990 euid=994 suid=994 fsuid=994 egid=990 sgid=990 fsgid=990 tty=(none) ses=4294967295 comm=rudder-relayd exe=/opt/rudder/bin/rudder-relayd subj=system_u:system_r:rudder_relayd_t:s0 key=(null)ARCH=x86_64 SYSCALL=openat AUID=unset UID=rudder-relayd GID=rudder EUID=rudder-relayd SUID=rudder-relayd FSUID=rudder-relayd EGID=rudder SGID=rudder FSGID=rudder
Hash: rudder-relayd,rudder_relayd_t,var_t,file,read
Interesting thing that SYSLOG works then.
Updated by Marius Rieck almost 5 years ago
After those errors fixed, there was the same for the /var/rudder/lib/ssl/allnodescerts.pem so i used:
/sbin/restorecon -v /var/rudder/lib/ssl/*
restored the right contexts it is now working again, so the nodes are reporting.
Updated by Alexis Mousset almost 5 years ago
- Category set to Packaging
- Target version set to 6.0.3
Thanks for the detailed analysis!
It may be an ordering problem in the way we apply the SELinux policy, I'll check the postinst script.
Updated by Vincent MEMBRÉ almost 5 years ago
- Target version changed from 6.0.3 to 6.0.4
Updated by Vincent MEMBRÉ almost 5 years ago
- Target version changed from 6.0.4 to 6.0.5
Updated by Nicolas CHARLES almost 5 years ago
I'm having exaclty the same error on Centos 7, with SELinux deactivated
Mar 12 21:31:22 server rudder-relayd[22067]: INFO relayd: Starting rudder-relayd 6.0.3 Mar 12 21:31:22 server rudder-relayd[22067]: INFO relayd: Read configuration from "/opt/rudder/etc/relayd/" Mar 12 21:31:22 server rudder-relayd[22067]: INFO relayd::data::node: Parsing nodes list from "/var/rudder/lib/relay/nodeslist.json" Mar 12 21:31:22 server rudder-relayd[22067]: INFO relayd::data::node: Nodes list file does not exist, considering it as empty Mar 12 21:31:22 server rudder-relayd[22067]: INFO relayd::data::node: Certificates file does not exist, skipping Mar 12 21:31:22 server rudder-relayd[22067]: INFO relayd::api: Starting API on 127.0.0.1:3030 Mar 12 21:31:22 server rudder-relayd[22067]: INFO relayd::input::watch: Starting file watcher on "/var/rudder/reports/incoming" Mar 12 21:31:22 server rudder-relayd[22067]: INFO relayd: Skipping inventory as it is disabled Mar 12 21:31:22 server rudder-relayd[22067]: INFO relayd: Server started
I tried to 777 the files, without success
[root@server /]# ls -alh /var/rudder/lib/relay/nodeslist.json -rwxrwxrwx. 1 rudder-relayd root 1017K Mar 12 21:31 /var/rudder/lib/relay/nodeslist.json [root@server /]# ls -alh /var/rudder/lib/ssl/allnodescerts.pem -rwxrwxrwx. 1 root rudder 8.8M Mar 12 21:27 /var/rudder/lib/ssl/allnodescerts.pem
Updated by Nicolas CHARLES almost 5 years ago
ok, doing
chmod o+x /var/rudder/lib
solved the issue
Somehow /var/rudder/lib was 770 root:root
Updated by Vincent MEMBRÉ over 4 years ago
- Target version changed from 6.0.5 to 6.0.6
Updated by Alexis Mousset over 4 years ago
- Status changed from New to Rejected
SELinux config is now correct and latest tests on CentOS8 showed no permission problems. Please reopen if it happens again.