Bug #2793: accepted nodes can't access their promises even if they are generated - Rudder - Issue Tracker

Actions

Copy link

Bug #2793

closed

accepted nodes can't access their promises even if they are generated

Added by Vincent MEMBRÉ over 12 years ago. Updated about 12 years ago.

Status:

Rejected

Priority:

Assignee:

Jonathan CLARKE

Category:

System techniques

Target version:

2.4.0~rc1

Pull Request:

Severity:

UX impact:

User visibility:

Effort required:

Priority:

Name check:

Fix check:

Regression:

Description

After a migration from 2.3 to 2.4, some accepted nodes can't access their promises directory (/var/rudder/share/nodeid)

but that directory has been created, and promises (common and rules) are generated for that node

the ssh keys are right both on server and node and node hostname is in /etc/host for the corresponding ip

cf-served tells me that :

rudder> Accepting connection from "192.168.42.14" 
rudder> New connection...(from 192.168.42.14:sd 4)
rudder> Spawning new thread...
rudder> Allowing 192.168.42.14 to connect without (re)checking ID
rudder> Non-verified Host ID is 192.168.42.14 (Using skipverify)
rudder> Non-verified User ID seems to be root (Using skipverify)
rudder>  -> Public key identity of host "192.168.42.14" is "MD5=2bc2e64dcac1e00d06a225db13f3fe48" 
rudder>  -> Last saw -MD5=2bc2e64dcac1e00d06a225db13f3fe48 (alias 192.168.42.14) at Thu Aug  9 11:47:15 2012
rudder> A public key was already known from 192.168.42.14/192.168.42.14 - no trust required
rudder> Adding IP 192.168.42.14 to SkipVerify - no need to check this if we have a key
rudder> The public key identity was confirmed as root@192.168.42.14
rudder>  -> Strong authentication of client 192.168.42.14/192.168.42.14 achieved
rudder>  -> Receiving session key from client (size=256)...
rudder> Filename /var/rudder/share/ab19dd83-b441-4d6e-aed9-35b05ad011ce/rules/cfengine-community is resolved to /var/rudder/share/ab19dd83-b441-4d6e-aed9-35b05ad011ce/rules/cfengine-community
rudder> Host 192.168.42.14 denied access to /var/rudder/share/ab19dd83-b441-4d6e-aed9-35b05ad011ce/rules/cfengine-community
rudder> Access control in sync
rudder> From (host=192.168.42.14,user=root,ip=192.168.42.14)
rudder> REFUSAL of request from connecting host: (SYNCH 1344505572 STAT /var/rudder/share/ab19dd83-b441-4d6e-aed9-35b05ad011ce/rules/cfengine-community)
rudder>  -> Accepting a connection
rudder> Denying repeated connection from "192.168.42.14"

I have that problem for 2 nodes (over 6);

one was a pending node in 2.3 migrated and accepted in 2.4
the other was a fresh 2.4 node

relaunching cf-served fixed that problem

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries

Bug #2793

accepted nodes can't access their promises even if they are generated

Updated by Vincent MEMBRÉ over 12 years ago

Updated by Jonathan CLARKE about 12 years ago

Updated by Jonathan CLARKE about 12 years ago

Updated by Jonathan CLARKE about 12 years ago

Updated by Jonathan CLARKE about 12 years ago

Updated by Jonathan CLARKE about 12 years ago

Updated by Nicolas PERRON about 12 years ago

Updated by Vincent MEMBRÉ about 12 years ago

Updated by Nicolas PERRON about 12 years ago

Updated by Nicolas PERRON about 12 years ago

Updated by Nicolas PERRON about 12 years ago

Updated by Nicolas CHARLES about 12 years ago