Bug #22948
opennode accepted when clock is in the futur doesn't show up because of cache not seeing it
Description
I have accepted a node with a hook in Rudder 7.2.7, and it doesn't show up in the interface
acceptance logs are
[2023-06-23 08:14:09+0000] INFO inventory-processing - Received new inventory file 'agent2-40ae8304-b779-4293-9f55-610cd50bc2a6.ocs' with signature available: process. [2023-06-23 08:14:11+0000] INFO inventory-processing - Inventory 'agent2-40ae8304-b779-4293-9f55-610cd50bc2a6.ocs' for node 'agent2.rudder.local' [40ae8304-b779-4293-9f55-610cd50bc2a6] (signature:certified) processed in 471 milliseconds [2023-06-23 08:14:12+0000] INFO nodes - New node accepted and managed by Rudder: 40ae8304-b779-4293-9f55-610cd50bc2a6 [2023-06-23 08:14:12+0000] WARN explain_compliance.40ae8304-b779-4293-9f55-610cd50bc2a6 - Can not get compliance for node with ID '40ae8304-b779-4293-9f55-610cd50bc2a6' because it has no configuration id initialised nor sent reports (node just added ?) [2023-06-23 08:14:12+0000] WARN explain_compliance.40ae8304-b779-4293-9f55-610cd50bc2a6 - Can not get compliance for node with ID '40ae8304-b779-4293-9f55-610cd50bc2a6' because it has no configuration id initialised nor sent reports (node just added ?)
sending anew inventory doesn't solve the issue
restarting the web interface does
the node is indeed in ldap, in ou=nodes and ou=accepted inventory
Updated by Nicolas CHARLES over 1 year ago
with more logs
[2023-06-23 08:55:02+0000] DEBUG com.normation.rudder.services.nodes.NodeInfoServiceCachedImpl - NodeInfo cache is up to date, last modification time: '2023-06-23T09:18:46.000Z' for: '20230623091846.140403Z#000000#000#000000','20230623091846.523187Z#000000#000#000000' [2023-06-23 08:55:15+0000] INFO inventory-processing - Received new inventory file 'agent2-c96f4b1b-fa38-4fea-b97c-7e9c4ee9ce82.ocs' with signature available: process. [2023-06-23 08:55:17+0000] DEBUG com.normation.rudder.services.nodes.NodeInfoServiceCachedImpl - NodeInfo cache is up to date, last modification time: '2023-06-23T09:18:46.000Z' for: '20230623091846.140403Z#000000#000#000000','20230623091846.523187Z#000000#000#000000' [2023-06-23 08:55:18+0000] INFO inventory-processing - Inventory 'agent2-c96f4b1b-fa38-4fea-b97c-7e9c4ee9ce82.ocs' for node 'agent2.rudder.local' [c96f4b1b-fa38-4fea-b97c-7e9c4ee9ce82] (signature:certified) processed in 1 second and 608 milliseconds [2023-06-23 08:55:19+0000] DEBUG com.normation.rudder.services.nodes.NodeInfoServiceCachedImpl - NodeInfo cache is up to date, last modification time: '2023-06-23T09:18:46.000Z' for: '20230623091846.140403Z#000000#000#000000','20230623091846.523187Z#000000#000#000000' [2023-06-23 08:55:19+0000] DEBUG com.normation.rudder.services.nodes.NodeInfoServiceCachedImpl - NodeInfo cache is up to date, last modification time: '2023-06-23T09:18:46.000Z' for: '20230623091846.140403Z#000000#000#000000','20230623091846.523187Z#000000#000#000000' [2023-06-23 08:55:20+0000] DEBUG com.normation.rudder.services.nodes.NodeInfoServiceCachedImpl - NodeInfo cache is up to date, last modification time: '2023-06-23T09:18:46.000Z' for: '20230623091846.140403Z#000000#000#000000','20230623091846.523187Z#000000#000#000000' [2023-06-23 08:55:20+0000] DEBUG com.normation.rudder.services.nodes.NodeInfoServiceCachedImpl - NodeInfo cache is up to date, last modification time: '2023-06-23T09:18:46.000Z' for: '20230623091846.140403Z#000000#000#000000','20230623091846.523187Z#000000#000#000000' [2023-06-23 08:55:21+0000] INFO nodes - New node accepted and managed by Rudder: c96f4b1b-fa38-4fea-b97c-7e9c4ee9ce82 [2023-06-23 08:55:21+0000] DEBUG com.normation.rudder.services.nodes.NodeInfoServiceCachedImpl - NodeInfo cache is up to date, last modification time: '2023-06-23T09:18:46.000Z' for: '20230623091846.140403Z#000000#000#000000','20230623091846.523187Z#000000#000#000000' [2023-06-23 08:55:21+0000] WARN explain_compliance.c96f4b1b-fa38-4fea-b97c-7e9c4ee9ce82 - Can not get compliance for node with ID 'c96f4b1b-fa38-4fea-b97c-7e9c4ee9ce82' because it has no configuration id initialised nor sent reports (node just added ?) [2023-06-23 08:55:21+0000] WARN explain_compliance.c96f4b1b-fa38-4fea-b97c-7e9c4ee9ce82 - Can not get compliance for node with ID 'c96f4b1b-fa38-4fea-b97c-7e9c4ee9ce82' because it has no configuration id initialised nor sent reports (node just added ?) [2023-06-23 08:55:21+0000] DEBUG com.normation.rudder.services.nodes.NodeInfoServiceCachedImpl - NodeInfo cache is up to date, last modification time: '2023-06-23T09:18:46.000Z' for: '20230623091846.140403Z#000000#000#000000','20230623091846.523187Z#000000#000#000000'
but in ldap it's been modified at 2023-06-23T08:55:21Z
dn: nodeId=c96f4b1b-fa38-4fea-b97c-7e9c4ee9ce82,ou=Nodes,cn=rudder-configurati on nodeId: c96f4b1b-fa38-4fea-b97c-7e9c4ee9ce82 objectClass: rudderNode objectClass: top cn: c96f4b1b-fa38-4fea-b97c-7e9c4ee9ce82 state: enabled isSystem: FALSE structuralObjectClass: rudderNode entryUUID: 6db6d790-a5ef-103d-8a5d-ff9981e4e66e creatorsName: cn=manager,cn=rudder-configuration createTimestamp: 20230623085521Z entryCSN: 20230623085521.081603Z#0002ac#000#000000 modifiersName: cn=manager,cn=rudder-configuration modifyTimestamp: 20230623085521Z
It says the modification is in the future
last modification time: '2023-06-23T09:18:46.000Z'
Updated by Nicolas CHARLES over 1 year ago
ok, that was because my computer was in the future at some point, and date was restored.
Updated by François ARMAND over 1 year ago
- Subject changed from node doesn't show up when auto accepted with an hook to node accepted when clock is in the futur doesn't show up when auto accepted with an hook
Updated by François ARMAND over 1 year ago
- Status changed from New to In progress
- Assignee set to François ARMAND
Updated by François ARMAND over 1 year ago
- Subject changed from node accepted when clock is in the futur doesn't show up when auto accepted with an hook to node accepted when clock is in the futur doesn't show up because of cache not seeing it
So, unsurprisingly this is complicated.
This is complicated at two level:
- the first one is knowing what to do with the cache when clock is not monotonous
- the second is knowing how to deal with LDAP data in the futur.
For one, once we know where to put the test for "is last-cache-update-time before current time and not in the future?", the only solution seems to reset the cache and start from scratch. It allows to be sure that we don't have spurious data in cache anymore without having to find out what could be the problem.
The second is more complicated: the problem is that if we have a node LDAP entry modified when the clock is in the futur, then its modifyTimestamp
attribute is in the future. It's that attribute value that we use to know if there is modification since "last-update-time".
So in that case, when cache is initialized, we have a "most entry mod time" in the future. And so, no modification in any entry in the time until that date will be seen as "new" since they are older than the known last-update-time.
We can't totally ignore these entries in the future, since they still exist and user likely want to see them in Rudder.
We should be able to not ignore them, but ignore their time and use the time of the most recent mod (in the past) (or now if all entries are in the future), but it is extremelly complicated given the code (cache are complicated). For now it is not a success.
We could compensate and correct entries in the future to bring them back in present. It is likely the simplest and most simple to understand solution, but it needs a whole new dev.
Lastly, we chose at some point to not use entryCSN
for the cache most recent entry, and I don't remember why but it was obviously a bad idea.
EDIT: ah yes, entryCSN is also time-based, so exactly the same problems arise. It looks like: 20230908084516.157879Z#000001#000#000000
Updated by Vincent MEMBRÉ over 1 year ago
- Target version changed from 7.2.11 to 1046
Updated by François ARMAND over 1 year ago
Note: you can look to see if your LDAP has corrupted data by executing following command on rudder server:
ldapsearch -o ldif-wrap=no -H "ldap://localhost:389" -x -D "cn=Manager,cn=rudder-configuration" -W -b "ou=Nodes,cn=rudder-configuration" -s sub "(&(modifyTimestamp>=$(date +'%Y%m%d%H%M%S%z'))(nodeId=*))" '1.1' ldapsearch -o ldif-wrap=no -H "ldap://localhost:389" -x -D "cn=Manager,cn=rudder-configuration" -W -b "ou=Inventories,cn=rudder-configuration" -s sub "(&(modifyTimestamp>=$(date +'%Y%m%d%H%M%S%z'))(nodeId=*))" '1.1'
They should not return any data.
If any entry is returned, you will need to modify it so that the modifyTimestamp
get corrected.
Updated by Alexis Mousset about 1 year ago
- Target version changed from 1046 to 7.3.8
Updated by Vincent MEMBRÉ about 1 year ago
- Target version changed from 7.3.8 to 7.3.9
Updated by Vincent MEMBRÉ about 1 year ago
- Target version changed from 7.3.9 to 7.3.10
Updated by Vincent MEMBRÉ about 1 year ago
- Target version changed from 7.3.10 to 7.3.11
Updated by Vincent MEMBRÉ 11 months ago
- Target version changed from 7.3.11 to 7.3.12
Updated by Vincent MEMBRÉ 10 months ago
- Target version changed from 7.3.12 to 7.3.13
Updated by Vincent MEMBRÉ 10 months ago
- Target version changed from 7.3.13 to 7.3.14
Updated by Vincent MEMBRÉ 8 months ago
- Target version changed from 7.3.14 to 7.3.15
Updated by Vincent MEMBRÉ 7 months ago
- Target version changed from 7.3.15 to 7.3.16
Updated by Vincent MEMBRÉ 6 months ago
- Target version changed from 7.3.16 to 7.3.17