Bug #18294
closed
Bug #16837: userManagement produces missing reports when used in "check only" mode
userManagement in audit mode with wrong shell lead to "abort run"
Added by François ARMAND about 4 years ago.
Updated almost 4 years ago.
Severity:
Major - prevents use of part of Rudder | no simple workaround
User visibility:
Getting started - demo | first install | Technique editor and level 1 Techniques
Fix check:
Error - Blocking
Description
After correcting parent, when the shell is not the correct one for user and audit mode is selected, I now get:
We detected a change for a check that was requested in audit policy mode. The run was aborted to further changes
Parent ticket should be reversed.
Files
- Target version changed from 6.1.6 to 6.1.7
- Status changed from New to In progress
- Assignee set to Nicolas CHARLES
- Category set to Techniques
It's not related to parent ticket, and exists independently of it
verbose output states
usermanagement_user_exists_1.usermanagement_user_update_1.(usermanagement_shell_edit_1_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812_repaired|usermanagement_shell_edit_1_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812_error).!(usermanagement_fullname_edit_1_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812_repaired|usermanagement_fullname_edit_1_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812_error)
rudder verbose: P: Stack path: /default/rudder_directives/methods/'Global configuration for all nodes/Users'/default/run_603f5df6_ba3c_48ba_b6e4_9fcfd0505812/methods/'Global configuration for all nodes/Users'/default/check_usergroup_user_parameters_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812/methods/'any'[1]
rudder verbose: B: *****************************************************************
rudder verbose: B: BEGIN bundle rudder_common_report_index( {"userGroupManagement","result_repaired","32377fd7-02fd-43d0-aab7-28460a91347b@@603f5df6-ba3c-48ba-b6e4-9fcfd0505812@@0","Users","foo","The user foo ( Without any defined full name ) had a wrong shell","1"})
there is class usermanagement_shell_edit_1_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812_error defined in audit while usermanagement_shell_edit_1_9_0_603f5df6_ba3c_48ba_b6e4_9fcfd0505812_repaired is defined in enforce
I think this technique was never ported to audit mode!
Ok, this is much more complex than that: it has a "built it" check here to behave like an audit (nut no audit)
That a lot of work to fix reporting
- Status changed from In progress to Pending technical review
- Assignee changed from Nicolas CHARLES to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/1641
- Status changed from Pending technical review to Pending release
- Priority changed from 70 to 69
- Priority changed from 69 to 68
- Fix check changed from To do to Error - Blocking
Thi is still not resolved, with same error:
rudder agent run -i shows:
E| compliant Inventory inventory Next inventory scheduled between 00:00 and 06:00
2020-12-14T12:40:16+00:00 rudder info: Setting field sub-value '/bin/sh' in '/etc/passwd'
2020-12-14T12:40:16+00:00 rudder info: Edited field inside file object /etc/passwd
2020-12-14T12:40:16+00:00 warning: edit_line warning promised: - foo:x:1001:1001::/home/foo:/bin/bash
2020-12-14T12:40:16+00:00 warning: Should edit file '/etc/passwd' but only a warning promised
2020-12-14T12:40:16+00:00 rudder info: Setting field sub-value '$5$N/qJ4jDJ$1qzgjYXRNPRXlmIikIQPKjEUwh90joq0/ktt12GDLDD' in '/etc/shadow'
2020-12-14T12:40:16+00:00 rudder info: Edited field inside file object /etc/shadow
2020-12-14T12:40:16+00:00 warning: edit_line warning promised: - foo:!!:18610:0:99999:7:::
2020-12-14T12:40:16+00:00 warning: Should edit file '/etc/shadow' but only a warning promised
A| error userGroupManagement Users foo The user foo ( Without any defined full name ) had a wrong shell
2020-12-14T12:40:16+00:00 R: [FATAL] Aborting agent run because of repaired_during_dryrun: Repaired previous component while in dry-run mode, this is a bug. Aborting immediately.
info Common Abort run repaired_during_d| Repaired previous component while in dry-run mode, this is a bug. Aborting immediately.
2020-12-14T12:40:16+00:00 notice: cf-agent aborted on defined class 'abort_agent_run'
2020-12-14T12:40:16+00:00 warning: Method 'check_usergroup_user_parameters_9_0_01dec92b_529f_47aa_9335_e50335b70a61' invoked repairs, but only warnings promised
2020-12-14T12:40:16+00:00 warning: Method 'run_01dec92b_529f_47aa_9335_e50335b70a61' invoked repairs, but only warnings promised
## Summary #####################################################################
- Status changed from Pending release to Released
This bug has been fixed in Rudder 6.1.7 which was released today.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by