Project

General

Profile

Actions

Bug #18944

closed

Value replacement in "File key-value present" and "File keys-values present" methods doesn't work correctly in some cases.

Added by Anton Yakimov almost 2 years ago. Updated 8 months ago.

Status:
Released
Priority:
N/A
Category:
Generic methods
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Priority:
63
Regression:

Description

I've run into a strange behavior of "File key-value present" method and couldn't understand if this correct behavior or not.

Steps:

  1. Create custom Technique
  2. Use generic method "File key-value present" with following params:
    1. File: /etc/mysql/mysql.conf.d/mysqld.cnf
    2. Key: bind-address
    3. Value: ${sys.ipv4}
    4. Separator: =
  3. Created necessary directive and assigned it to a particular node
  4. When I run rudder agent update && rudder agent run I can see that Technique is being applied to node and it shows that Technique is compliant

Observed: In /etc/mysql/mysql.conf.d/mysqld.cnf is bind-address = 127.0.0.1
Expected: In /etc/mysql/mysql.conf.d/mysqld.cnf is bind-address = 10.0.2.46

Contents of /etc/mysql/mysql.conf.d/mysqld.cnf:

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address            = 127.0.0.1
mysqlx-bind-address     = 127.0.0.1

Additional findings:

  • If I remove or comment bind-address in /etc/mysql/mysql.conf.d/mysqld.cnf - everything works as expected i.e. bind-address = 10.0.2.46 is added in the end of file.
  • If in /etc/mysql/mysql.conf.d/mysqld.cnf I replace bind-address = 127.0.0.1 with bind-address =127.0.0.1 (remove space after =) - works as expected.
  • Value = 10.0.2.46 - doesn't work.
  • Value = 192.168.0.1 - works
  • Value = 10.0.2.1 - works
  • Value = 10.0.2.10 - doesn't work
  • Value = 10.0.20.10 - works

Please see outputs from rudder agent run -v | grep -C200 ncf_maintain_keys_values_option when replacement works and doesn't in the attachment.


Subtasks 1 (0 open1 closed)

Bug #18946: also treat strict case and values methodReleasedAlexis MoussetActions

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #19908: Strict mode of file_key_value_present_option does not introduce unwanted escpaing charactersReleasedNicolas CHARLESActions
Actions #1

Updated by Alexis Mousset almost 2 years ago

  • Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
  • User visibility set to Operational - other Techniques | Rudder settings | Plugins
  • Priority changed from 0 to 76

Thanks for your detailed report and investigations.

There are two problems:

  • Wrong "compliant" reporting while the file is not compliant (setting severity to critical because of this).
  • The line edition that fails with:
2021-02-25T09:05:33+00:00    error: Promised replacement 'bind-address = 10.0.2.15' on line 'bind-address = 127.0.0.1' for pattern '^(\s*bind\-address\s*\=\s*)(?!10\.0\.2\.15$).*' is not convergent while editing '/tmp/test'
2021-02-25T09:05:33+00:00    error: Because the regular expression '^(\s*bind\-address\s*\=\s*)(?!10\.0\.2\.15$).*' still matches the replacement string 'bind-address = 10.0.2.15'
2021-02-25T09:05:33+00:00    error: Promise belongs to bundle 'ncf_maintain_keys_values_option' in file '/var/rudder/ncf/common/20_cfe_basics/files.cf' near line 111
Actions #2

Updated by Alexis Mousset almost 2 years ago

We could reproduce the problem on 6.1 and 6.2.

Actions #3

Updated by Vincent MEMBRÉ almost 2 years ago

  • Project changed from Rudder to 41
  • Category changed from Agent to Generic methods - File Management
  • Target version changed from 6.2.3 to 6.1.10
Actions #4

Updated by Vincent MEMBRÉ almost 2 years ago

  • Status changed from New to In progress
  • Assignee set to Vincent MEMBRÉ
Actions #5

Updated by Vincent MEMBRÉ almost 2 years ago

  • Assignee changed from Vincent MEMBRÉ to Alexis Mousset
  • Pull Request set to https://github.com/Normation/ncf/pull/1285
Actions #6

Updated by Vincent MEMBRÉ almost 2 years ago

  • Status changed from In progress to Pending release

Applied in changeset commit:f66d61a59ccee1325455c9cc3a3669ec461017ab.

Actions #7

Updated by Anton Yakimov almost 2 years ago

Hello again,

I forgot to mention that same issue exists for File keys-values present. I've tested changes in PR and they did not address this problem in File keys-values present.

Technique:

1. Variable dict
Prefix: mysql
Variable name: ConfigurationMySQLKeys
Value:

{
  "bind-address": "${sys.ipv4}",
  "server-id": 1,
  "log_bin": "/var/log/mysql/mysql-bin.log" 
}

2. File keys-values present
File: /etc/mysql/mysql.conf.d/mysqld.cnf
Keys: mysql.ConfigurationMySQLKeys
Separator: =

Could you please expand the scope of the defect.

Thanks,
Anton

Actions #8

Updated by Anton Yakimov almost 2 years ago

Tested ok by applying changes manually on local server.

Actions #10

Updated by Vincent MEMBRÉ almost 2 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 6.1.10 and 6.2.3 which were released today.

Actions #11

Updated by Félix DALLIDET over 1 year ago

  • Related to Bug #19908: Strict mode of file_key_value_present_option does not introduce unwanted escpaing characters added
Actions #12

Updated by Alexis Mousset 8 months ago

  • Project changed from 41 to Rudder
  • Category changed from Generic methods - File Management to Generic methods
  • Priority changed from 76 to 63
Actions

Also available in: Atom PDF