Bug #22326
closed
- Status changed from New to In progress
- Assignee set to François ARMAND
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Vincent MEMBRÉ
- Pull Request set to https://github.com/Normation/rudder/pull/4649
- Status changed from Pending technical review to Pending release
- Target version changed from 1016 to 7.2.5
I now get the signature error, so still no correct fallback at that point. It should happens before checking for hostname.
Rejecting Inventory 'linux-cfe-bad-hostname.ocs' for Node 'baded9c8-902e-4404-96c1-278acca64e3a' because the Inventory signature is not valid: the Inventory was not signed with the same agent key as the one saved within Rudder for that Node. If you updated the agent key on this node, you can update the key stored within Rudder with the https://docs.rudder.io/api/#api-Nodes-updateNodeapi (look for 'agentKey' property). The key path depends of your OS, on linux it's: '/var/rudder/cfengine-community/ppkeys/localhost.pub'. It is also contained in the <AGENT_CERT> value of inventory (you can extract public key with `openssl x509 -pubkey -noout -in - << EOF -----BEGIN CERTIFICATE----- .... -----END CERTIFICATE----- EOF`). If you did not change the key, please ensure that the node sending that inventory is actually the node registered within Rudder
In the inventory:
....
<OPERATINGSYSTEM>
....
<FQDN>agent1.rudder.local</FQDN>
...
</OPERATINGSYSTEM>
<RUDDER>
...
<HOSTNAME>localhost</HOSTNAME>
</RUDDER>
- Related to Enhancement #22528: Add tests for linux inventory signature with certificate added
- Fix check changed from To do to Checked
I chekeck the cases in unit tests in #22528 and everything is working as expected.
- Status changed from Pending release to Released
This bug has been fixed in Rudder 7.2.5 which was released today.
- Related to Bug #25706: FQDN on Windows node can take localhost as value added
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by Anonymous 
Updated by 
Updated by