Actions
Bug #18294
closed
Bug #16837: userManagement produces missing reports when used in "check only" mode
userManagement in audit mode with wrong shell lead to "abort run"
Pull Request:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Getting started - demo | first install | Technique editor and level 1 Techniques
Effort required:
Priority:
68
Name check:
To do
Fix check:
Error - Blocking
Regression:
Description
After correcting parent, when the shell is not the correct one for user and audit mode is selected, I now get:
We detected a change for a check that was requested in audit policy mode. The run was aborted to further changes
Parent ticket should be reversed.
Files
Updated by Vincent MEMBRÉ over 3 years ago
- Target version changed from 6.1.6 to 6.1.7
Updated by Nicolas CHARLES over 3 years ago
- Status changed from New to In progress
- Assignee set to Nicolas CHARLES
Updated by Nicolas CHARLES over 3 years ago
It's not related to parent ticket, and exists independently of it
Updated by Nicolas CHARLES over 3 years ago
verbose output states
usermanagement_user_exists_1.usermanagement_user_update_1.(usermanagement_shell_edit_1_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812_repaired|usermanagement_shell_edit_1_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812_error).!(usermanagement_fullname_edit_1_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812_repaired|usermanagement_fullname_edit_1_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812_error)
rudder verbose: P: Stack path: /default/rudder_directives/methods/'Global configuration for all nodes/Users'/default/run_603f5df6_ba3c_48ba_b6e4_9fcfd0505812/methods/'Global configuration for all nodes/Users'/default/check_usergroup_user_parameters_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812/methods/'any'[1]
rudder verbose: B: *****************************************************************
rudder verbose: B: BEGIN bundle rudder_common_report_index( {"userGroupManagement","result_repaired","32377fd7-02fd-43d0-aab7-28460a91347b@@603f5df6-ba3c-48ba-b6e4-9fcfd0505812@@0","Users","foo","The user foo ( Without any defined full name ) had a wrong shell","1"})
there is class usermanagement_shell_edit_1_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812_error defined in audit while usermanagement_shell_edit_1_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812_repaired is defined in enforce
I think this technique was never ported to audit mode!
Updated by Nicolas CHARLES over 3 years ago
Ok, this is much more complex than that: it has a "built it" check here to behave like an audit (nut no audit)
That a lot of work to fix reporting
Updated by Nicolas CHARLES over 3 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Nicolas CHARLES to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/1641
Updated by Nicolas CHARLES over 3 years ago
- Status changed from Pending technical review to Pending release
- Priority changed from 70 to 69
Applied in changeset rudder-techniques|f701db66a892ba99d6136f10d759ea01afc888c8.
Updated by François ARMAND over 3 years ago
- Priority changed from 69 to 68
- Fix check changed from To do to Error - Blocking
Thi is still not resolved, with same error:
Updated by François ARMAND over 3 years ago
rudder agent run -i shows:
E| compliant Inventory inventory Next inventory scheduled between 00:00 and 06:00 2020-12-14T12:40:16+00:00 rudder info: Setting field sub-value '/bin/sh' in '/etc/passwd' 2020-12-14T12:40:16+00:00 rudder info: Edited field inside file object /etc/passwd 2020-12-14T12:40:16+00:00 warning: edit_line warning promised: - foo:x:1001:1001::/home/foo:/bin/bash 2020-12-14T12:40:16+00:00 warning: Should edit file '/etc/passwd' but only a warning promised 2020-12-14T12:40:16+00:00 rudder info: Setting field sub-value '$5$N/qJ4jDJ$1qzgjYXRNPRXlmIikIQPKjEUwh90joq0/ktt12GDLDD' in '/etc/shadow' 2020-12-14T12:40:16+00:00 rudder info: Edited field inside file object /etc/shadow 2020-12-14T12:40:16+00:00 warning: edit_line warning promised: - foo:!!:18610:0:99999:7::: 2020-12-14T12:40:16+00:00 warning: Should edit file '/etc/shadow' but only a warning promised A| error userGroupManagement Users foo The user foo ( Without any defined full name ) had a wrong shell 2020-12-14T12:40:16+00:00 R: [FATAL] Aborting agent run because of repaired_during_dryrun: Repaired previous component while in dry-run mode, this is a bug. Aborting immediately. info Common Abort run repaired_during_d| Repaired previous component while in dry-run mode, this is a bug. Aborting immediately. 2020-12-14T12:40:16+00:00 notice: cf-agent aborted on defined class 'abort_agent_run' 2020-12-14T12:40:16+00:00 warning: Method 'check_usergroup_user_parameters_9_0_01dec92b_529f_47aa_9335_e50335b70a61' invoked repairs, but only warnings promised 2020-12-14T12:40:16+00:00 warning: Method 'run_01dec92b_529f_47aa_9335_e50335b70a61' invoked repairs, but only warnings promised ## Summary #####################################################################
Updated by Vincent MEMBRÉ over 3 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 6.1.7 which was released today.
Actions