Actions
Bug #18348
closed
Bug #18286: Agents fail to check their policy server's identity
After a factory reset agents can no longer download their policies from the new server they are managed by
Pull Request:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Infrequent - complex configurations | third party integrations
Effort required:
Priority:
37
Name check:
Reviewed
Fix check:
Checked
Regression:
Description
I tried to switch a node from a Rudder server to another. To do it I:
- Deleted the node from the initial server
- run rudder agent factory-reset on the target node
- rm /var/rudder/cfengine-community/ppkeys/policy_server_hash on the node (should be done by the factory reset)
- run a first inventory:
agent1:~ # rudder agent inventory Agent is currently in bootstrap policies, cannot run an inventory. Please download initial policies from the server with command notice: Trusting new key: MD5=bc0c9963a2cd481f2b9d9521b9958b2f R: Initial policies have been successfully downloaded from the policy server ok: Rudder agent policies were updated. first. If problem persists, use WARNING: The file /var/rudder/cfengine-community/last_successful_inputs_update is older than twice 10 minutes, the agent is probably stuck. Purging the CFEngine lock database... Done FINISH: Rudder agent check ran properly, please look at messages above to see if there has been any error. for diagnostic
- run a second inventory which worked
agent1:~ # rudder agent inventory Rudder agent 6.1.6.rc1.git202010150124 Node uuid: 6a56a9f1-07b3-4d92-89ec-0c0e0cf10b85 M| State Technique Component Key Message E| repaired Common Compute inventory splay rudder_run_invent| Scheduling rudder_run_inventory was repaired Start execution with config [0] E| compliant Inventory inventory The inventory has been successfully sent info Rudder agent was run on a subset of policies - not all policies were checked ## Summary ##################################################################### 2 components verified in 4 directives => 2 components in Enforce mode -> 1 compliant -> 1 repaired Execution time: 3.40s ################################################################################ - Accept the node on the new server
- Try to update my node, which failed:
agent1:~ # rudder agent update R: ********************************************************************************* * rudder-agent could not get an updated configuration from the policy server. * * This can be caused by: * * * an agent key that has been changed * * * if this node is not accepted or deleted node on the Rudder root server * * * if this node has changed policy server without sending a new inventory * * Any existing configuration policy will continue to be applied without change. * *********************************************************************************
Updated by Nicolas CHARLES over 3 years ago
- Status changed from New to In progress
- Assignee set to Nicolas CHARLES
Updated by Nicolas CHARLES over 3 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Nicolas CHARLES to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder-agent/pull/324
Updated by Nicolas CHARLES over 3 years ago
- Related to Bug #18356: Add a command to reset trust added
Updated by Nicolas CHARLES over 3 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder-agent|a390852d532740c3a54d56f97ac93173c4cfc6a2.
Updated by Alexis Mousset over 3 years ago
- Fix check changed from To do to Error - Blocking
Updated by Alexis Mousset over 3 years ago
- Fix check changed from Error - Blocking to Checked
Updated by Alexis Mousset over 3 years ago
- Name check changed from To do to Reviewed
Updated by Vincent MEMBRÉ over 3 years ago
This bug has been fixed in Rudder 6.1.6 and 6.2.0~beta1 which were released today.
Updated by Vincent MEMBRÉ almost 3 years ago
- Status changed from Pending release to Released
- Priority changed from 41 to 37
Actions