Project

General

Profile

Actions

Bug #22326

closed

some nodes are called "localhost" since #8022

Added by Nicolas CHARLES almost 2 years ago. Updated over 1 year ago.

Status:
Released
Priority:
N/A
Category:
Web - Nodes & inventories
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No

Description

since https://issues.rudder.io/issues/8022, some nodes are called "localhost"
It's because the tag RUDDER/HOSTNAME contains localhost (result of hostname --fqdn) and is not validated anymore, with no fallback to osfqdn


Related issues 3 (1 open2 closed)

Related to Rudder - User story #8022: Allow users to specify node hostname (FQDN)ReleasedAlexis MoussetActions
Related to Rudder - Enhancement #22528: Add tests for linux inventory signature with certificateReleasedVincent MEMBRÉActions
Related to Rudder - Bug #25706: FQDN on Windows node can take localhost as valueNewBenoît PECCATTEActions
Actions #2

Updated by Nicolas CHARLES almost 2 years ago

  • Related to User story #8022: Allow users to specify node hostname (FQDN) added
Actions #3

Updated by François ARMAND almost 2 years ago

  • Status changed from New to In progress
  • Assignee set to François ARMAND
Actions #4

Updated by François ARMAND almost 2 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/4649
Actions #5

Updated by Anonymous almost 2 years ago

  • Status changed from Pending technical review to Pending release
Actions #6

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 1016 to 7.2.5
Actions #7

Updated by François ARMAND over 1 year ago

I now get the signature error, so still no correct fallback at that point. It should happens before checking for hostname.

 Rejecting Inventory 'linux-cfe-bad-hostname.ocs' for Node 'baded9c8-902e-4404-96c1-278acca64e3a' because the Inventory signature is not valid: the Inventory was not signed with the same agent key as the one saved within Rudder for that Node. If you updated the agent key on this node, you can update the key stored within Rudder with the https://docs.rudder.io/api/#api-Nodes-updateNodeapi (look for 'agentKey' property). The key path depends of your OS, on linux it's: '/var/rudder/cfengine-community/ppkeys/localhost.pub'. It is also contained in the <AGENT_CERT> value of inventory (you can extract public key with `openssl x509 -pubkey -noout -in - << EOF -----BEGIN CERTIFICATE----- .... -----END CERTIFICATE----- EOF`). If you did not change the key, please ensure that the node sending that inventory is actually the node registered within Rudder

In the inventory:

....
    <OPERATINGSYSTEM>
      ....
      <FQDN>agent1.rudder.local</FQDN>
      ...
    </OPERATINGSYSTEM>
    <RUDDER>
    ...
      <HOSTNAME>localhost</HOSTNAME>    
    </RUDDER>
Actions #8

Updated by François ARMAND over 1 year ago

  • Related to Enhancement #22528: Add tests for linux inventory signature with certificate added
Actions #9

Updated by François ARMAND over 1 year ago

  • Fix check changed from To do to Checked

I chekeck the cases in unit tests in #22528 and everything is working as expected.

Actions #10

Updated by Vincent MEMBRÉ over 1 year ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 7.2.5 which was released today.

Actions #11

Updated by Elaad FURREEDAN 19 days ago

  • Related to Bug #25706: FQDN on Windows node can take localhost as value added
Actions

Also available in: Atom PDF