Project

General

Profile

Actions

Bug #26658

open

Relay refusing reports for unknown ID

Added by Elaad FURREEDAN 2 days ago. Updated 1 day ago.

Status:
New
Priority:
To review
Assignee:
-
Category:
Relay server or API
Target version:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

Relay OS: Debian 12
Node OS: SLES15
Version: 8.3 (but it can happen in 8.2 too)

I have a node sles15 behind a relay debian12. On the UI, I didn't see any reports.

root@sles15:~# rudder agent run
Rudder agent 8.3.0~beta2~git202503262104
Node uuid: 27f9731d-4683-470f-b662-6651b83c76a2
ok: Rudder agent policies were updated.
Start execution with config [20250401-084357-6a099c23]

M| State         Technique                 Component                 Key                Message
E| compliant     Common                    ncf Initialization                           Configuration library initialization was correct
E| compliant     Common                    Update                                       Policy and configuration library are already up to date. No action required.
E| compliant     Common                    Security parameters                          The internal environment security is acceptable
E| compliant     Common                    CRON Daemon                                  CRON is correctly running
E| compliant     Common                    GPG key                                      GPG key for RPM is trusted
E| compliant     Common                    Log system for reports                       Reports forwarding to policy server was correct
E| compliant     Inventory                 Inventory                                    Next inventory scheduled between 00:00 and 06:00
E| compliant     MOTD                      MOTD Configuration                           The MOTD file was correct
E| error         install_tmate             Package present           tmate              If you tried to install a virtual package, please use in place the concrete package you want to install.
E| compliant     update_rudder_agent       Package present           rudder-agent       Presence of package rudder-agent in latest available version  was correct

## Summary #####################################################################
11 components verified in 8 directives
   => 11 components in Enforce mode
      -> 9 compliant
      -> 1 not-applicable
      -> 1 error
Execution time: 0.96s
################################################################################
Reports sent.

root@sles15:~# rudder agent info

General
           Hostname: sles15.rudder.local
               UUID: 27f9731d-4683-470f-b662-6651b83c76a2
      Policy server: 192.168.11.3
               Role: node
            Version: 8.3.0~beta2~git202503262104

Policies
             Status: enabled
        Report mode: full-compliance
       Run interval: 5 min
           Next run: 2025-04-01 11:43:07+0200
     Inventory time: 2025-04-01 02:33:07+0200
  Forced audit mode: no
   Configuration id: 20250401-084357-6a099c23
     Policy updated: 2025-04-01 11:38:06+0200
     Inventory sent: 2025-04-01 11:17:54+0200

Key/Certificate
           Key hash: MD5=f9a42063122ce86e9757f255f50b7eba
           Key hash: sha256//DdnGmEg/zficccnI09YustCyqTYi7GJejFj+O3RI3Xk=
  Cert. fingerprint: 83:5D:57:C9:2A:62:0B:9B:80:1B:AE:1F:FB:8E:3B:D8:56:5C:7C:F6
        Key pinning: full
     Cert. creation: 2025-03-28 16:56:11+0100
   Cert. expiration: 2035-03-26 17:56:11+0200

root@cs83_relay:~# rudder agent info

General
           Hostname: relay.rudder.local
               UUID: 2ddd91f9-e347-447f-bd0b-6a0d912ea56f
      Policy server: 192.168.11.2
               Role: relay
            Version: 8.3.0~beta2~git202503271613

Policies
             Status: enabled
        Report mode: full-compliance
       Run interval: 5 min
           Next run: 2025-04-01 09:41:45+0000
     Inventory time: 2025-04-01 01:06:44+0000
  Forced audit mode: no
   Configuration id: 20250401-084357-9d39f3d0
     Policy updated: 2025-04-01 09:37:43+0000
     Inventory sent: 2025-04-01 09:15:30+0000

Key/Certificate
           Key hash: MD5=26009490936673d678c6c39a27f256a7
           Key hash: sha256//HJSp4cmDgfgDnXGopMXUuRMRFZK27tOFltmRr8TgSag=
  Cert. fingerprint: B7:ED:5B:81:8E:3A:72:80:FC:33:E0:49:86:FE:70:BE:67:93:10:D7
        Key pinning: full
     Cert. creation: 2025-03-12 15:40:27+0000
   Cert. expiration: 2035-03-10 15:40:27+0000

root@cs83_relay:~# cat /var/rudder/lib/relay/nodeslist.json
{
      "27f9731d-4683-470f-b662-6651b83c76a2": {
        "hostname": "sles15.rudder.local",
        "key-hash": "sha256//DdnGmEg/zficccnI09YustCyqTYi7GJejFj+O3RI3Xk=",
        "policy-server": "2ddd91f9-e347-447f-bd0b-6a0d912ea56f" 
      }

}

root@cs83_relay:~# ls -alh /var/rudder/lib/relay/nodeslist.json
-rw-r----- 1 root rudder 248 Mar 28 16:39 /var/rudder/lib/relay/nodeslist.json

Apr 01 09:14:17 relay systemd[1]: Reloaded rudder-relayd.service - Rudder Relay Daemon.
Apr 01 09:14:52 relay systemd[1]: Reloading rudder-relayd.service - Rudder Relay Daemon...
Apr 01 09:14:52 relay rudder-relayd[419]:  INFO rudder_relayd: Configuration reload requested
Apr 01 09:14:52 relay rudder-relayd[419]:  INFO rudder_relayd::data::node: Parsing nodes list from "/var/rudder/lib/relay/nodeslist.json" 
Apr 01 09:14:52 relay rudder-relayd[419]:  INFO rudder_relayd::data::node: Nodes list file does not exist, considering it as empty
Apr 01 09:14:52 relay rudder-relayd[419]:  WARN rudder_relayd::data::node: certificate for unknown node: 2ddd91f9-e347-447f-bd0b-6a0d912ea56f
Apr 01 09:14:52 relay rudder-relayd[419]:  INFO relayd::api: 127.0.0.1:60744 "POST /rudder/relay-api/1/system/reload HTTP/1.1" 200 "-" "curl/7.88.1" 432.593µs
Apr 01 09:14:52 relay rudder[18666]: ok: reload relayd configuration.
Apr 01 09:14:52 relay systemd[1]: Reloaded rudder-relayd.service - Rudder Relay Daemon.
Apr 01 09:15:12 relay rudder-relayd[419]: ERROR report{queue_id=1A121052D02A6FDAD5FAFBAC650DEAD9}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:15:51 relay rudder-relayd[419]: ERROR report{queue_id=B9737923B73E00C6DC8E852C99BA97C1}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:15:55 relay rudder-relayd[419]: ERROR report{queue_id=62086503B198A7A7A467D0733611181C}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:17:55 relay rudder-relayd[419]: ERROR report{queue_id=C0ECE5F5EE14E82880C88AF6642C6A95}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:18:09 relay rudder-relayd[419]: ERROR report{queue_id=22F480F0A81978703854CDB6D592E024}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:19:07 relay rudder-relayd[419]: ERROR report{queue_id=0E6097F9D5F88D8DBAC57FCE415EC36A}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:28:00 relay rudder-relayd[419]: ERROR report{queue_id=592FDF6F393BEA5D7AAF4C85404D21BD}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:28:07 relay rudder-relayd[419]: ERROR report{queue_id=64FB36B70BFB166D64461CDFCF6C8F5D}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:29:07 relay rudder-relayd[419]: ERROR report{queue_id=CD00E1E01CD879B3E0E150EB7FA7B289}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:35:33 relay rudder-relayd[419]: ERROR report{queue_id=019468FA9F539EE5A42AE9CD30E5555D}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:38:07 relay rudder-relayd[419]: ERROR report{queue_id=F4706C41EADCCBC3582A429DC916F1C0}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:39:07 relay rudder-relayd[419]: ERROR report{queue_id=C74E9A492F1A445004B06EFFC84BBBC4}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id

Files

relay_no_reports_logs.zip (66.2 KB) relay_no_reports_logs.zip Elaad FURREEDAN, 2025-04-01 12:02
Actions #1

Updated by Elaad FURREEDAN 1 day ago · Edited

The permissions seem to not be what we want

root@cs83_relay:~# ls -alh /var/rudder/lib/
total 16K
drwxr-xr-x  4 root root 4.0K Mar 12 15:42 .
drwxr-xr-x 13 root root 4.0K Mar 28 16:35 ..
drwx------  2 root root 4.0K Mar 28 16:39 relay
drwxr-xr-x  2 root root 4.0K Mar 28 16:35 ssl

Changing the permission on the directory have fixed the issue
chmod 711 /var/rudder/lib/relay/

Actions #2

Updated by Elaad FURREEDAN 1 day ago

  • Target version changed from 8.3.0~beta2 to 8.2.6
Actions

Also available in: Atom PDF