Actions
Bug #26658
open
Relay refusing reports for unknown ID
Pull Request:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No
Description
Relay OS: Debian 12
Node OS: SLES15
Version: 8.3 (but it can happen in 8.2 too)
I have a node sles15 behind a relay debian12. On the UI, I didn't see any reports.
root@sles15:~# rudder agent run
Rudder agent 8.3.0~beta2~git202503262104
Node uuid: 27f9731d-4683-470f-b662-6651b83c76a2
ok: Rudder agent policies were updated.
Start execution with config [20250401-084357-6a099c23]
M| State Technique Component Key Message
E| compliant Common ncf Initialization Configuration library initialization was correct
E| compliant Common Update Policy and configuration library are already up to date. No action required.
E| compliant Common Security parameters The internal environment security is acceptable
E| compliant Common CRON Daemon CRON is correctly running
E| compliant Common GPG key GPG key for RPM is trusted
E| compliant Common Log system for reports Reports forwarding to policy server was correct
E| compliant Inventory Inventory Next inventory scheduled between 00:00 and 06:00
E| compliant MOTD MOTD Configuration The MOTD file was correct
E| error install_tmate Package present tmate If you tried to install a virtual package, please use in place the concrete package you want to install.
E| compliant update_rudder_agent Package present rudder-agent Presence of package rudder-agent in latest available version was correct
## Summary #####################################################################
11 components verified in 8 directives
=> 11 components in Enforce mode
-> 9 compliant
-> 1 not-applicable
-> 1 error
Execution time: 0.96s
################################################################################
Reports sent.
root@sles15:~# rudder agent info
General
Hostname: sles15.rudder.local
UUID: 27f9731d-4683-470f-b662-6651b83c76a2
Policy server: 192.168.11.3
Role: node
Version: 8.3.0~beta2~git202503262104
Policies
Status: enabled
Report mode: full-compliance
Run interval: 5 min
Next run: 2025-04-01 11:43:07+0200
Inventory time: 2025-04-01 02:33:07+0200
Forced audit mode: no
Configuration id: 20250401-084357-6a099c23
Policy updated: 2025-04-01 11:38:06+0200
Inventory sent: 2025-04-01 11:17:54+0200
Key/Certificate
Key hash: MD5=f9a42063122ce86e9757f255f50b7eba
Key hash: sha256//DdnGmEg/zficccnI09YustCyqTYi7GJejFj+O3RI3Xk=
Cert. fingerprint: 83:5D:57:C9:2A:62:0B:9B:80:1B:AE:1F:FB:8E:3B:D8:56:5C:7C:F6
Key pinning: full
Cert. creation: 2025-03-28 16:56:11+0100
Cert. expiration: 2035-03-26 17:56:11+0200
root@cs83_relay:~# rudder agent info
General
Hostname: relay.rudder.local
UUID: 2ddd91f9-e347-447f-bd0b-6a0d912ea56f
Policy server: 192.168.11.2
Role: relay
Version: 8.3.0~beta2~git202503271613
Policies
Status: enabled
Report mode: full-compliance
Run interval: 5 min
Next run: 2025-04-01 09:41:45+0000
Inventory time: 2025-04-01 01:06:44+0000
Forced audit mode: no
Configuration id: 20250401-084357-9d39f3d0
Policy updated: 2025-04-01 09:37:43+0000
Inventory sent: 2025-04-01 09:15:30+0000
Key/Certificate
Key hash: MD5=26009490936673d678c6c39a27f256a7
Key hash: sha256//HJSp4cmDgfgDnXGopMXUuRMRFZK27tOFltmRr8TgSag=
Cert. fingerprint: B7:ED:5B:81:8E:3A:72:80:FC:33:E0:49:86:FE:70:BE:67:93:10:D7
Key pinning: full
Cert. creation: 2025-03-12 15:40:27+0000
Cert. expiration: 2035-03-10 15:40:27+0000
root@cs83_relay:~# cat /var/rudder/lib/relay/nodeslist.json
{
"27f9731d-4683-470f-b662-6651b83c76a2": {
"hostname": "sles15.rudder.local",
"key-hash": "sha256//DdnGmEg/zficccnI09YustCyqTYi7GJejFj+O3RI3Xk=",
"policy-server": "2ddd91f9-e347-447f-bd0b-6a0d912ea56f"
}
}
root@cs83_relay:~# ls -alh /var/rudder/lib/relay/nodeslist.json -rw-r----- 1 root rudder 248 Mar 28 16:39 /var/rudder/lib/relay/nodeslist.json
Apr 01 09:14:17 relay systemd[1]: Reloaded rudder-relayd.service - Rudder Relay Daemon.
Apr 01 09:14:52 relay systemd[1]: Reloading rudder-relayd.service - Rudder Relay Daemon...
Apr 01 09:14:52 relay rudder-relayd[419]: INFO rudder_relayd: Configuration reload requested
Apr 01 09:14:52 relay rudder-relayd[419]: INFO rudder_relayd::data::node: Parsing nodes list from "/var/rudder/lib/relay/nodeslist.json"
Apr 01 09:14:52 relay rudder-relayd[419]: INFO rudder_relayd::data::node: Nodes list file does not exist, considering it as empty
Apr 01 09:14:52 relay rudder-relayd[419]: WARN rudder_relayd::data::node: certificate for unknown node: 2ddd91f9-e347-447f-bd0b-6a0d912ea56f
Apr 01 09:14:52 relay rudder-relayd[419]: INFO relayd::api: 127.0.0.1:60744 "POST /rudder/relay-api/1/system/reload HTTP/1.1" 200 "-" "curl/7.88.1" 432.593µs
Apr 01 09:14:52 relay rudder[18666]: ok: reload relayd configuration.
Apr 01 09:14:52 relay systemd[1]: Reloaded rudder-relayd.service - Rudder Relay Daemon.
Apr 01 09:15:12 relay rudder-relayd[419]: ERROR report{queue_id=1A121052D02A6FDAD5FAFBAC650DEAD9}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:15:51 relay rudder-relayd[419]: ERROR report{queue_id=B9737923B73E00C6DC8E852C99BA97C1}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:15:55 relay rudder-relayd[419]: ERROR report{queue_id=62086503B198A7A7A467D0733611181C}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:17:55 relay rudder-relayd[419]: ERROR report{queue_id=C0ECE5F5EE14E82880C88AF6642C6A95}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:18:09 relay rudder-relayd[419]: ERROR report{queue_id=22F480F0A81978703854CDB6D592E024}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:19:07 relay rudder-relayd[419]: ERROR report{queue_id=0E6097F9D5F88D8DBAC57FCE415EC36A}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:28:00 relay rudder-relayd[419]: ERROR report{queue_id=592FDF6F393BEA5D7AAF4C85404D21BD}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:28:07 relay rudder-relayd[419]: ERROR report{queue_id=64FB36B70BFB166D64461CDFCF6C8F5D}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:29:07 relay rudder-relayd[419]: ERROR report{queue_id=CD00E1E01CD879B3E0E150EB7FA7B289}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:35:33 relay rudder-relayd[419]: ERROR report{queue_id=019468FA9F539EE5A42AE9CD30E5555D}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:38:07 relay rudder-relayd[419]: ERROR report{queue_id=F4706C41EADCCBC3582A429DC916F1C0}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Apr 01 09:39:07 relay rudder-relayd[419]: ERROR report{queue_id=C74E9A492F1A445004B06EFFC84BBBC4}: rudder_relayd::processing::reporting: refused: report from "27f9731d-4683-470f-b662-6651b83c76a2", unknown id
Files
Updated by Elaad FURREEDAN 27 days ago
· Edited
The permissions seem to not be what we want
root@cs83_relay:~# ls -alh /var/rudder/lib/ total 16K drwxr-xr-x 4 root root 4.0K Mar 12 15:42 . drwxr-xr-x 13 root root 4.0K Mar 28 16:35 .. drwx------ 2 root root 4.0K Mar 28 16:39 relay drwxr-xr-x 2 root root 4.0K Mar 28 16:35 ssl
Changing the permission on the directory have fixed the issue
chmod 711 /var/rudder/lib/relay/
Updated by Elaad FURREEDAN 27 days ago
- Target version changed from 8.3.0~rc1 to 8.2.6
Updated by Nicolas CHARLES 26 days ago
- Assignee set to Alexis Mousset
- Priority changed from To review to 2
Setting to P2 as it is uncommon and we have a workaround, but this needs investigating
Actions