Question #3541: Nodes No Answer - Rudder - Issue Tracker

Actions

Copy link

Question #3541

closed

Nodes No Answer

Added by Corentin Guilleme about 11 years ago. Updated about 9 years ago.

Status:

Resolved

Priority:

N/A

Assignee:

Category:

Packaging

Target version:

2.5.4

Regression:

Description

I have accepted a new nodes.

node : corentin (192.168.22.79)

server-rudder-root : 192.168.22.104

I created a rules :
- I created a techniques
- I add the node at this rules

After to have define this nodes, i wait 10 minutes and i have no answer.

I don't understand why my node said no answer.

How i can to verify my node receive this rules ?

Thank

Files

bug (257 KB) bug

Corentin Guilleme, 2013-04-26 10:15

Actions

Copy link

Updated by Vincent MEMBRÉ about 11 years ago

You can see the node output by running the agent on it.

the command is : /var/rudder/cfengine-community/cf-agent -KI

You have to be root to use that command.

If the node is still not answering, can you please post the output of that command?

Actions

Copy link

Updated by Corentin Guilleme almost 11 years ago

The node is not answering

Here is the message :

root@corentin:/home/corentin# /var/rudder/cfengine-community/bin/cf-agent -KI !! Duplicate selection of value for variable "execRun" in scope g !! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf at/before line 58 R:@Common@log_info@hasPolicyServer-root@common-root@00@common@StartRun@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c#Start execution
Can't stat /var/rudder/share/2f30796d-dd5f-4462-9fc8-f0737aa0a14c/rules/cfengine-community/rudder_promises_generated in files.copyfrom promise
R: @Common@result_error@hasPolicyServer-root@common-root@00@Update@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#Cannot update node's policy or dependencies
R: @Common@result_success@hasPolicyServer-root@common-root@00@Security parameters@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#The internal environment security is acceptable
R: @Common@result_success@&TRACKINGKEY&@Process checking@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#There is an acceptable number of cf-execd processes (between 0 and 2) and cf-agent processes (between 0 and 5)
R: @Common@result_success@hasPolicyServer-root@common-root@00@CRON Daemon@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#The CRON daemon is running
R: @Common@result_success@hasPolicyServer-root@common-root@00@Binaries update@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#The CFengine binaries in /var/rudder/cfengine-community/bin are up to date
-> Executing '/usr/bin/curl -s -f --proxy '' -o "/var/rudder/tmp/uuid.txt" http://192.168.22.104/uuid' ...(timeout=-678,owner=-1,group=-1)
-> Completed execution of /usr/bin/curl -s -f --proxy '' -o "/var/rudder/tmp/uuid.txt" http://192.168.22.104/uuid
R: @Inventory@log_info@inventory-all@inventory-all@00@inventory@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#An inventory was already sent less than 8 hours ago
R: @Inventory@result_success@inventory-all@inventory-all@00@inventory@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#Next inventory scheduled between 00:00 and 06:00
R: @Common@log_info@hasPolicyServer-root@common-root@00@common@EndRun@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#End execution@

Actions

Copy link

Updated by Vincent MEMBRÉ almost 11 years ago

We can see that the node could not get its promises generated by the server:

Can't stat /var/rudder/share/2f30796d-dd5f-4462-9fc8-f0737aa0a14c/rules/cfengine-community/rudder_promises_generated in files.copyfrom promise
R: @Common@result_error@hasPolicyServer-root@common-root@00@Update@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#Cannot update node's policy or dependencies

That may happen for several reasons:

There is a network problem (dns, /etc/hosts file) : Make sure that the server and the node can ping each other using their hostnames
Time problem: Make sure the server and the node are time synchronized

If those are correct, can you send us a execution of the agent in verbose

/var/rudder/cfengine-community/bin/cf-agent -KI -v

Actions

Copy link

Updated by Corentin Guilleme almost 11 years ago

File bug bug added

I have in the file /etc/hosts
192.168.22.104 debian6-tests3.vtech.fr debian6-tests3

Can't stat /var/rudder/share/2f30796d-dd5f-4462-9fc8-f0737aa0a14c/rules/cfengine-community/rudder_promises_generated in files.copyfrom promise

There are still no reports in Configuration Policy (compliace 0%)

I think my node does not respond
I sent you the file after the command:

/var/rudder/cfengine-community/bin/cf-agent -KI -v

Actions

Copy link

Updated by Vincent MEMBRÉ almost 11 years ago

Ok then it seems that it's not a networking issue.

Does the deployment went well ? ( in the up right corner of the webapp)

if not, can you tell me what is in the detail section?

Does the /var/rudder/share/2f30796d-dd5f-4462-9fc8-f0737aa0a14c/ and its subdirectory are generated on the server ?

Finally, can you kill and relaunch the cf-serverd in verbose on your server :

first, kill the running cf-serverd

ps -aux | grep cf-serverd
kill -9 pid

killall cf-serverd

then launch

/var/rudder/cfengine-community/bin/cf-serverd -Kv

You can now see all outputs of CFEngine on the server.
When the agent will be launched on the node you should get messages here, can you send the message you get here ?

Actions

Copy link

Updated by Vincent MEMBRÉ almost 11 years ago

Tracker changed from Bug to Question

Switched the issue to Question type, As for now, it is not a bug (it may change later, when we found it out)

Actions

Copy link

Updated by Corentin Guilleme almost 11 years ago

Yes the deployment went well

Success: Rules Applied at 2013-04-26 10:34 (Took less than 1s)

Yes I have the directory and subdirectories in
/ Var/rudder/share/2f30796d-dd5f-4462-9fc8-f0737aa0a14c /

I subdirectories / rules / cfengine-communty and below I:
checkGenericFileContent / failsafe.cf promises.cf
common / inventory / rudder_promises_generated

Then I killed the process cf-serverd

rudder> Listening for connections ...
rudder> -> Accepting a connection
rudder> Accepting connection from "192.168.22.79"
rudder> New Connection ... (from 192.168.22.79: sd 4)
rudder> Spawning new thread ...
rudder> Allowing 192.168.22.79 to connect without (re) checking ID
rudder> Non-verified Host ID is corentin.local (Using skipverify)
rudder> Non-verified User ID Seems to be root (Using skipverify)
rudder> -> Public key identity of host "192.168.22.79" is "MD5 = d1a9f1252d36fcec3bf0cf9563e05f2d"
rudder> -> Last saw-MD5 = d1a9f1252d36fcec3bf0cf9563e05f2d (aka 192.168.22.79) at Fri Apr 26 10:47:36 2013
rudder> A public key was Already known from corentin.local/192.168.22.79 - no trust required
rudder> Adding IP 192.168.22.79 to SkipVerify - no need to check this if We Have a key
rudder> The public key identity was confirmed as root@corentin.local
rudder> -> Strong authentication of customer corentin.local/192.168.22.79 Achieved
rudder> -> Receiving session key from client (size = 256) ...
rudder> Filename is resolved to
rudder> Found a matching rule in access list in / var/rudder/share/2f30796d-dd5f-4462-9fc8-f0737aa0a14c)
rudder> Host corentin.local denied access to
rudder> Access control in sync
rudder> From (host = corentin.local, user = root, ip = 192.168.22.79)
rudder> REFUSAL of request from connecting host: (SYNCH 1366966061 STAT