Bug #2783
closed
After a migration from 2.3 to 2.4.0~beta3, a dynamic group defined in Rudder 2.3 isn't updated automatically and doesn't add a new node accepted, even if this node correspond to this group
Description
A dynamic group has been made and is generic (All linux) in Rudder server 2.3 but there is no way to it to be updated automatically. Indeed, Even if a node is accepted correspond to criteria of the group, it is not added. The only way to add a node in this group is to update it manually
Files
Updated by Nicolas PERRON over 12 years ago
It seems that the LDAP migration is missing something:
Here is the dynamic group from 2.3 (All Linux):
version: 1 dn: nodeGroupId=732a7e64-27b6-4513-ae2a-33fbcc8a478f,groupCategoryId=GroupRo ot,ou=Rudder,cn=rudder-configuration objectClass: nodeGroup objectClass: top cn: All Linux isDynamic: TRUE nodeGroupId: 732a7e64-27b6-4513-ae2a-33fbcc8a478f isEnabled: TRUE isSystem: FALSE
Here is the new dynamic group (only node2 not static):
version: 1
dn: nodeGroupId=a1e6f1b2-7ebb-41c7-bede-685900ed40c2,groupCategoryId=GroupRo
ot,ou=Rudder,cn=rudder-configuration
objectClass: nodeGroup
objectClass: top
cn: Only node2 not static
isDynamic: TRUE
nodeGroupId: a1e6f1b2-7ebb-41c7-bede-685900ed40c2
isEnabled: TRUE
isSystem: FALSE
jsonNodeGroupQuery: {"select":"node","composition":"And","where":[{"objectTy
pe":"networkInterfaceLogicalElement","attribute":"ipHostNumber","comparator
":"eq","value":"192.168.42.12"}]}
Updated by François ARMAND over 12 years ago
- Assignee changed from François ARMAND to Nicolas PERRON
Clearly, if the jsonNodeGroupQuery element is missing, that just can't work (that's what allow to check if a node belongs to a group or not).
And there is absolutely no reason at all for that element to be missing - that's just not a valid group entry.
So, something in the migration seems to erase that. Something along with LDAP migration ? (I can't see anything else doing that ?)
Updated by Nicolas PERRON over 12 years ago
- Status changed from New to Discussion
This is odds, the LDAP migration script doesn't modify anything about the groups.
I should try to reproduce it to be sure this is a bug.
Updated by Nicolas PERRON over 12 years ago
I have reproduce this bug with two dynamic groups which was missing jsonNodeGroupQuery.
This is a SLES 11 64 bits and here is the output from the update
Updated by Nicolas PERRON over 12 years ago
The log from /var/log/rudder/ldap/slapd.log doesn't seem to display anything useful for this issue:
2012-08-09T10:04:33.304015+00:00 server slapd[20858]: <= bdb_equality_candidates: (isSystem) not indexed
2012-08-09T10:06:29.223887+00:00 server slapd[22829]: [INFO] Using /etc/default/slapd for configuration
2012-08-09T10:06:29.230776+00:00 server slapd[22834]: [INFO] Halting OpenLDAP...
2012-08-09T10:06:29.232500+00:00 server slapd[20858]: daemon: shutdown requested and initiated.
2012-08-09T10:06:29.232518+00:00 server slapd[20858]: slapd shutdown: waiting for 0 operations/tasks to finish
2012-08-09T10:06:29.334344+00:00 server slapd[20858]: slapd stopped.
2012-08-09T10:06:30.254509+00:00 server slapd[22838]: [OK] OpenLDAP stopped after 1 seconds
2012-08-09T10:06:30.260644+00:00 server slapd[22839]: [INFO] Launching OpenLDAP database backup...
2012-08-09T10:06:30.330392+00:00 server slapd[22856]: [OK] data save in /var/rudder/ldap/backup/openldap-data-20120809100629.ldif
2012-08-09T10:06:30.332294+00:00 server slapd[22858]: [INFO] Halting OpenLDAP replication...
2012-08-09T10:06:30.333291+00:00 server slapd[22859]: [INFO] no replica found in configuration, aborting stopping slurpd
2012-08-09T10:06:30.334243+00:00 server slapd[22860]: [INFO] Launching OpenLDAP configuration test...
2012-08-09T10:06:30.346665+00:00 server slapd[22862]: [OK] OpenLDAP configuration test successful
2012-08-09T10:06:30.347649+00:00 server slapd[22863]: [INFO] Launching OpenLDAP replication...
2012-08-09T10:06:30.348537+00:00 server slapd[22864]: [INFO] no replica found in configuration, aborting lauching slurpd
2012-08-09T10:06:30.349954+00:00 server slapd[22865]: [INFO] no db_recover done
2012-08-09T10:06:30.350826+00:00 server slapd[22866]: [INFO] Launching OpenLDAP...
2012-08-09T10:06:30.351717+00:00 server slapd[22867]: [OK] file descriptor limit set to 1024
2012-08-09T10:06:30.353728+00:00 server slapd[22868]: @(#) $OpenLDAP: slapd 2.4.30 (Aug 9 2012 07:38:18) $
root@sles-builder-11-64:/usr/src/packages/BUILD/openldap-source/servers/slapd
2012-08-09T10:06:30.368237+00:00 server slapd[22869]: slapd starting
2012-08-09T10:06:31.377845+00:00 server slapd[22874]: [OK] OpenLDAP started on port 389 and 636
2012-08-09T10:06:57.101617+00:00 server slapd[22869]: <= bdb_equality_candidates: (ipHostNumber) not indexed
How could this attribute be missing sometimes and not all the times ?
Updated by Nicolas PERRON over 12 years ago
In the backup file, jsonNodeGroupQuery is already missing:
[...] dn: nodeGroupId=c1dcfe83-a545-45e3-8237-a57b5629d508,groupCategoryId=GroupRoot ,ou=Rudder,cn=rudder-configuration nodeGroupId: c1dcfe83-a545-45e3-8237-a57b5629d508 objectClass: nodeGroup objectClass: top cn: Only 192.168.13.11 isActivated: TRUE isSystem: FALSE isDynamic: TRUE structuralObjectClass: nodeGroup entryUUID: 93399dd6-7653-1031-8b09-8b1fc31f3517 creatorsName: cn=manager,cn=rudder-configuration createTimestamp: 20120809095145Z entryCSN: 20120809095145.821193Z#000000#000#000000 modifiersName: cn=manager,cn=rudder-configuration modifyTimestamp: 20120809095145 [...]
We should try to know if in rudder 2.3, the LDAP backup works correctly
Updated by Nicolas PERRON over 12 years ago
- Status changed from Discussion to Pending technical review
- % Done changed from 0 to 100
We don't know how this could happen, so we have decided to include a test which stop upgrade if the backup doesn't contain jsonNodeGroupQuery.
Updated by Nicolas PERRON over 12 years ago
- File openldap-data-pre-upgrade-20120809145448.ldif openldap-data-pre-upgrade-20120809145448.ldif added
- Status changed from Pending technical review to In progress
- % Done changed from 100 to 80
I have reproduce it again. Here is the backup file with one jsonNodeGroupQuery missing:
Updated by Nicolas PERRON over 12 years ago
- Assignee changed from Nicolas PERRON to François ARMAND
Bug spotted ! This is not due to LDAP migration or backup !
The LDAP entries in Rudder 2.3 was already with these jsonNodeGroupQuery missing.
How to do that ? Easy, create a Dynamic group and do not save.
Updated by Nicolas PERRON over 12 years ago
This is no more considered as a migration bug so I rejected it.
The real bug is here: #2798
Updated by Nicolas PERRON over 12 years ago
- Status changed from In progress to Discussion
Could someone reject this bug, please ?
Updated by Nicolas PERRON over 12 years ago
- Status changed from Discussion to New
Updated by Nicolas PERRON over 12 years ago
- Status changed from New to Rejected
Ok, I can reject myself. Done.