Actions
Bug #22326
closed
some nodes are called "localhost" since #8022
Status:
Released
Priority:
N/A
Assignee:
Category:
Web - Nodes & inventories
Target version:
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No
Description
since https://issues.rudder.io/issues/8022, some nodes are called "localhost"
It's because the tag RUDDER/HOSTNAME contains localhost (result of hostname --fqdn) and is not validated anymore, with no fallback to osfqdn
Updated by Nicolas CHARLES about 1 year ago
- Related to User story #8022: Allow users to specify node hostname (FQDN) added
Updated by François ARMAND about 1 year ago
- Status changed from New to In progress
- Assignee set to François ARMAND
Updated by François ARMAND about 1 year ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Vincent MEMBRÉ
- Pull Request set to https://github.com/Normation/rudder/pull/4649
Updated by Anonymous about 1 year ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|7d3556c971342bbe72bb80df2cf6971171edc0cf.
Updated by Vincent MEMBRÉ about 1 year ago
- Target version changed from 1016 to 7.2.5
Updated by François ARMAND about 1 year ago
I now get the signature error, so still no correct fallback at that point. It should happens before checking for hostname.
Rejecting Inventory 'linux-cfe-bad-hostname.ocs' for Node 'baded9c8-902e-4404-96c1-278acca64e3a' because the Inventory signature is not valid: the Inventory was not signed with the same agent key as the one saved within Rudder for that Node. If you updated the agent key on this node, you can update the key stored within Rudder with the https://docs.rudder.io/api/#api-Nodes-updateNodeapi (look for 'agentKey' property). The key path depends of your OS, on linux it's: '/var/rudder/cfengine-community/ppkeys/localhost.pub'. It is also contained in the <AGENT_CERT> value of inventory (you can extract public key with `openssl x509 -pubkey -noout -in - << EOF -----BEGIN CERTIFICATE----- .... -----END CERTIFICATE----- EOF`). If you did not change the key, please ensure that the node sending that inventory is actually the node registered within Rudder
In the inventory:
....
<OPERATINGSYSTEM>
....
<FQDN>agent1.rudder.local</FQDN>
...
</OPERATINGSYSTEM>
<RUDDER>
...
<HOSTNAME>localhost</HOSTNAME>
</RUDDER>
Updated by François ARMAND about 1 year ago
- Related to Enhancement #22528: Add tests for linux inventory signature with certificate added
Updated by François ARMAND about 1 year ago
- Fix check changed from To do to Checked
I chekeck the cases in unit tests in #22528 and everything is working as expected.
Updated by Vincent MEMBRÉ about 1 year ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 7.2.5 which was released today.
Actions