Bug #18944
closed
Value replacement in "File key-value present" and "File keys-values present" methods doesn't work correctly in some cases.
Added by Anton Yakimov about 3 years ago.
Updated almost 2 years ago.
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Description
I've run into a strange behavior of "File key-value present" method and couldn't understand if this correct behavior or not.
Steps:
- Create custom Technique
- Use generic method "File key-value present" with following params:
- File:
/etc/mysql/mysql.conf.d/mysqld.cnf
- Key:
bind-address
- Value:
${sys.ipv4}
- Separator: =
- Created necessary directive and assigned it to a particular node
- When I run rudder agent update && rudder agent run I can see that Technique is being applied to node and it shows that Technique is
compliant
Observed: In /etc/mysql/mysql.conf.d/mysqld.cnf is bind-address = 127.0.0.1
Expected: In /etc/mysql/mysql.conf.d/mysqld.cnf is bind-address = 10.0.2.46
Contents of /etc/mysql/mysql.conf.d/mysqld.cnf:
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1
mysqlx-bind-address = 127.0.0.1
Additional findings:
- If I remove or comment
bind-address in /etc/mysql/mysql.conf.d/mysqld.cnf - everything works as expected i.e. bind-address = 10.0.2.46 is added in the end of file.
- If in
/etc/mysql/mysql.conf.d/mysqld.cnf I replace bind-address = 127.0.0.1 with bind-address =127.0.0.1 (remove space after =) - works as expected.
Value = 10.0.2.46 - doesn't work.Value = 192.168.0.1 - worksValue = 10.0.2.1 - worksValue = 10.0.2.10 - doesn't workValue = 10.0.20.10 - works
Please see outputs from rudder agent run -v | grep -C200 ncf_maintain_keys_values_option when replacement works and doesn't in the attachment.
- Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
- User visibility set to Operational - other Techniques | Rudder settings | Plugins
- Priority changed from 0 to 76
Thanks for your detailed report and investigations.
There are two problems:
- Wrong "compliant" reporting while the file is not compliant (setting severity to critical because of this).
- The line edition that fails with:
2021-02-25T09:05:33+00:00 error: Promised replacement 'bind-address = 10.0.2.15' on line 'bind-address = 127.0.0.1' for pattern '^(\s*bind\-address\s*\=\s*)(?!10\.0\.2\.15$).*' is not convergent while editing '/tmp/test'
2021-02-25T09:05:33+00:00 error: Because the regular expression '^(\s*bind\-address\s*\=\s*)(?!10\.0\.2\.15$).*' still matches the replacement string 'bind-address = 10.0.2.15'
2021-02-25T09:05:33+00:00 error: Promise belongs to bundle 'ncf_maintain_keys_values_option' in file '/var/rudder/ncf/common/20_cfe_basics/files.cf' near line 111
We could reproduce the problem on 6.1 and 6.2.
- Project changed from Rudder to 41
- Category changed from Agent to Generic methods - File Management
- Target version changed from 6.2.3 to 6.1.10
- Status changed from New to In progress
- Assignee set to Vincent MEMBRÉ
- Assignee changed from Vincent MEMBRÉ to Alexis Mousset
- Pull Request set to https://github.com/Normation/ncf/pull/1285
- Status changed from In progress to Pending release
Applied in changeset commit:f66d61a59ccee1325455c9cc3a3669ec461017ab.
Hello again,
I forgot to mention that same issue exists for File keys-values present. I've tested changes in PR and they did not address this problem in File keys-values present.
Technique:
1. Variable dict
Prefix: mysql
Variable name: ConfigurationMySQLKeys
Value:
{
"bind-address": "${sys.ipv4}",
"server-id": 1,
"log_bin": "/var/log/mysql/mysql-bin.log"
}
2. File keys-values present
File: /etc/mysql/mysql.conf.d/mysqld.cnf
Keys: mysql.ConfigurationMySQLKeys
Separator: =
Could you please expand the scope of the defect.
Thanks,
Anton
Tested ok by applying changes manually on local server.
- Fix check changed from To do to Checked
- Status changed from Pending release to Released
This bug has been fixed in Rudder 6.1.10 and 6.2.3 which were released today.
- Related to Bug #19908: Strict mode of file_key_value_present_option does not introduce unwanted escpaing characters added
- Project changed from 41 to Rudder
- Category changed from Generic methods - File Management to Generic methods
- Priority changed from 76 to 63
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by