Project

General

Profile

Actions
Copy link

Bug #18294

closed

Bug #16837: userManagement produces missing reports when used in "check only" mode

userManagement in audit mode with wrong shell lead to "abort run"

Added by François ARMAND about 4 years ago. Updated almost 4 years ago.

Status:
Released
Priority:
N/A
Assignee:
Alexis Mousset
Category:
Techniques
Target version:
6.1.7
Pull Request:
https://github.com/Normation/rudder-t...
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Getting started - demo | first install | Technique editor and level 1 Techniques
Effort required:
Priority:
68
Name check:
To do
Fix check:
Error - Blocking
Regression:

Description

After correcting parent, when the shell is not the correct one for user and audit mode is selected, I now get: 

We detected a change for a check that was requested in audit policy mode. The run was aborted to further changes

Parent ticket should be reversed.

Files

clipboard-202010052144-4syp5.png (95 KB) clipboard-202010052144-4syp5.png François ARMAND, 2020-10-05 21:44
Actions
Copy link
 #1

Updated by Vincent MEMBRÉ about 4 years ago

  • Target version changed from 6.1.6 to 6.1.7
Actions
Copy link
 #2

Updated by Nicolas CHARLES about 4 years ago

  • Status changed from New to In progress
  • Assignee set to Nicolas CHARLES
Actions
Copy link
 #3

Updated by Nicolas CHARLES about 4 years ago

  • Category set to Techniques
Actions
Copy link
 #4

Updated by Nicolas CHARLES about 4 years ago

It's not related to parent ticket, and exists independently of it

Actions
Copy link
 #5

Updated by Nicolas CHARLES about 4 years ago

verbose output states

usermanagement_user_exists_1.usermanagement_user_update_1.(usermanagement_shell_edit_1_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812_repaired|usermanagement_shell_edit_1_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812_error).!(usermanagement_fullname_edit_1_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812_repaired|usermanagement_fullname_edit_1_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812_error)
rudder  verbose: P:    Stack path: /default/rudder_directives/methods/'Global configuration for all nodes/Users'/default/run_603f5df6_ba3c_48ba_b6e4_9fcfd0505812/methods/'Global configuration for all nodes/Users'/default/check_usergroup_user_parameters_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812/methods/'any'[1]
rudder  verbose: B: *****************************************************************
rudder  verbose: B: BEGIN bundle rudder_common_report_index( {"userGroupManagement","result_repaired","32377fd7-02fd-43d0-aab7-28460a91347b@@603f5df6-ba3c-48ba-b6e4-9fcfd0505812@@0","Users","foo","The user foo ( Without any defined full name ) had a wrong shell","1"})

there is class usermanagement_shell_edit_1_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812_error defined in audit while usermanagement_shell_edit_1_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812_repaired is defined in enforce

I think this technique was never ported to audit mode!

Actions
Copy link
 #6

Updated by Nicolas CHARLES about 4 years ago

Ok, this is much more complex than that: it has a "built it" check here to behave like an audit (nut no audit)
That a lot of work to fix reporting

Actions
Copy link
 #7

Updated by Nicolas CHARLES about 4 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Alexis Mousset
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/1641
Actions
Copy link
 #8

Updated by Nicolas CHARLES almost 4 years ago

  • Status changed from Pending technical review to Pending release
  • Priority changed from 70 to 69
Actions
Copy link
 #9

Updated by François ARMAND almost 4 years ago

  • Priority changed from 69 to 68
  • Fix check changed from To do to Error - Blocking

Thi is still not resolved, with same error:

Actions
Copy link
 #10

Updated by François ARMAND almost 4 years ago

rudder agent run -i shows:

E| compliant     Inventory                 inventory                                    Next inventory scheduled between 00:00 and 06:00
2020-12-14T12:40:16+00:00 rudder     info: Setting field sub-value '/bin/sh' in '/etc/passwd'
2020-12-14T12:40:16+00:00 rudder     info: Edited field inside file object /etc/passwd
2020-12-14T12:40:16+00:00  warning: edit_line warning promised: - foo:x:1001:1001::/home/foo:/bin/bash
2020-12-14T12:40:16+00:00  warning: Should edit file '/etc/passwd' but only a warning promised
2020-12-14T12:40:16+00:00 rudder     info: Setting field sub-value '$5$N/qJ4jDJ$1qzgjYXRNPRXlmIikIQPKjEUwh90joq0/ktt12GDLDD' in '/etc/shadow'
2020-12-14T12:40:16+00:00 rudder     info: Edited field inside file object /etc/shadow
2020-12-14T12:40:16+00:00  warning: edit_line warning promised: - foo:!!:18610:0:99999:7:::
2020-12-14T12:40:16+00:00  warning: Should edit file '/etc/shadow' but only a warning promised
A| error         userGroupManagement       Users                     foo                The user foo ( Without any defined full name ) had a wrong shell
2020-12-14T12:40:16+00:00 R: [FATAL] Aborting agent run because of repaired_during_dryrun: Repaired previous component while in dry-run mode, this is a bug. Aborting immediately.
   info          Common                    Abort run                 repaired_during_d| Repaired previous component while in dry-run mode, this is a bug. Aborting immediately.
2020-12-14T12:40:16+00:00   notice: cf-agent aborted on defined class 'abort_agent_run'
2020-12-14T12:40:16+00:00  warning: Method 'check_usergroup_user_parameters_9_0_01dec92b_529f_47aa_9335_e50335b70a61' invoked repairs, but only warnings promised
2020-12-14T12:40:16+00:00  warning: Method 'run_01dec92b_529f_47aa_9335_e50335b70a61' invoked repairs, but only warnings promised

## Summary #####################################################################
Actions
Copy link
 #11

Updated by Vincent MEMBRÉ almost 4 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 6.1.7 which was released today.

Actions
Copy link

Also available in: Atom PDF