Project

General

Profile

Actions

Question #3541

closed

Nodes No Answer

Added by Corentin Guilleme over 11 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
N/A
Assignee:
-
Category:
Packaging
Target version:
Regression:

Description

I have accepted a new nodes.

node : corentin (192.168.22.79)

server-rudder-root : 192.168.22.104

I created a rules :
- I created a techniques
- I add the node at this rules

After to have define this nodes, i wait 10 minutes and i have no answer.

I don't understand why my node said no answer.

How i can to verify my node receive this rules ?

Thank


Files

bug (257 KB) bug Corentin Guilleme, 2013-04-26 10:15
Actions #1

Updated by Vincent MEMBRÉ over 11 years ago

You can see the node output by running the agent on it.

the command is : /var/rudder/cfengine-community/cf-agent -KI

You have to be root to use that command.

If the node is still not answering, can you please post the output of that command?

Actions #2

Updated by Corentin Guilleme over 11 years ago

The node is not answering

Here is the message :

root@corentin:/home/corentin# /var/rudder/cfengine-community/bin/cf-agent -KI
!! Duplicate selection of value for variable "execRun" in scope g
!! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf at/before line 58
R:
@Common@log_info@hasPolicyServer-root@common-root@00@common@StartRun@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c#Start execution
Can't stat /var/rudder/share/2f30796d-dd5f-4462-9fc8-f0737aa0a14c/rules/cfengine-community/rudder_promises_generated in files.copyfrom promise
R: @Common@result_error@hasPolicyServer-root@common-root@00@Update@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#Cannot update node's policy or dependencies
R: @Common@result_success@hasPolicyServer-root@common-root@00@Security parameters@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#The internal environment security is acceptable
R: @Common@result_success@&TRACKINGKEY&@Process checking@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#There is an acceptable number of cf-execd processes (between 0 and 2) and cf-agent processes (between 0 and 5)
R: @Common@result_success@hasPolicyServer-root@common-root@00@CRON Daemon@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#The CRON daemon is running
R: @Common@result_success@hasPolicyServer-root@common-root@00@Binaries update@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#The CFengine binaries in /var/rudder/cfengine-community/bin are up to date
-> Executing '/usr/bin/curl -s -f --proxy '' -o "/var/rudder/tmp/uuid.txt" http://192.168.22.104/uuid' ...(timeout=-678,owner=-1,group=-1)
-> Completed execution of /usr/bin/curl -s -f --proxy '' -o "/var/rudder/tmp/uuid.txt" http://192.168.22.104/uuid
R: @Inventory@log_info@inventory-all@inventory-all@00@inventory@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#An inventory was already sent less than 8 hours ago
R: @Inventory@result_success@inventory-all@inventory-all@00@inventory@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#Next inventory scheduled between 00:00 and 06:00
R: @Common@log_info@hasPolicyServer-root@common-root@00@common@EndRun@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#End execution@

Actions #3

Updated by Vincent MEMBRÉ over 11 years ago

We can see that the node could not get its promises generated by the server:

Can't stat /var/rudder/share/2f30796d-dd5f-4462-9fc8-f0737aa0a14c/rules/cfengine-community/rudder_promises_generated in files.copyfrom promise
R: @Common@result_error@hasPolicyServer-root@common-root@00@Update@None@2013-04-26 09:05:20+02:00##2f30796d-dd5f-4462-9fc8-f0737aa0a14c@#Cannot update node's policy or dependencies
That may happen for several reasons:
  • There is a network problem (dns, /etc/hosts file) : Make sure that the server and the node can ping each other using their hostnames
  • Time problem: Make sure the server and the node are time synchronized

If those are correct, can you send us a execution of the agent in verbose

/var/rudder/cfengine-community/bin/cf-agent -KI -v

Actions #4

Updated by Corentin Guilleme over 11 years ago

I have in the file /etc/hosts
192.168.22.104 debian6-tests3.vtech.fr debian6-tests3

Can't stat /var/rudder/share/2f30796d-dd5f-4462-9fc8-f0737aa0a14c/rules/cfengine-community/rudder_promises_generated in files.copyfrom promise

There are still no reports in Configuration Policy (compliace 0%)

I think my node does not respond
I sent you the file after the command:

/var/rudder/cfengine-community/bin/cf-agent -KI -v

Actions #5

Updated by Vincent MEMBRÉ over 11 years ago

Ok then it seems that it's not a networking issue.

Does the deployment went well ? ( in the up right corner of the webapp)

if not, can you tell me what is in the detail section?

Does the /var/rudder/share/2f30796d-dd5f-4462-9fc8-f0737aa0a14c/ and its subdirectory are generated on the server ?

Finally, can you kill and relaunch the cf-serverd in verbose on your server :

first, kill the running cf-serverd

ps -aux | grep cf-serverd
kill -9 pid

or
killall cf-serverd

then launch

/var/rudder/cfengine-community/bin/cf-serverd -Kv

You can now see all outputs of CFEngine on the server.
When the agent will be launched on the node you should get messages here, can you send the message you get here ?

Actions #6

Updated by Vincent MEMBRÉ over 11 years ago

  • Tracker changed from Bug to Question

Switched the issue to Question type, As for now, it is not a bug (it may change later, when we found it out)

Actions #7

Updated by Corentin Guilleme over 11 years ago

Yes the deployment went well

Success: Rules Applied at 2013-04-26 10:34 (Took less than 1s)

Yes I have the directory and subdirectories in
/ Var/rudder/share/2f30796d-dd5f-4462-9fc8-f0737aa0a14c /

I subdirectories / rules / cfengine-communty and below I:
checkGenericFileContent / failsafe.cf promises.cf
common / inventory / rudder_promises_generated

Then I killed the process cf-serverd

rudder> Listening for connections ...
rudder> -> Accepting a connection
rudder> Accepting connection from "192.168.22.79"
rudder> New Connection ... (from 192.168.22.79: sd 4)
rudder> Spawning new thread ...
rudder> Allowing 192.168.22.79 to connect without (re) checking ID
rudder> Non-verified Host ID is corentin.local (Using skipverify)
rudder> Non-verified User ID Seems to be root (Using skipverify)
rudder> -> Public key identity of host "192.168.22.79" is "MD5 = d1a9f1252d36fcec3bf0cf9563e05f2d"
rudder> -> Last saw-MD5 = d1a9f1252d36fcec3bf0cf9563e05f2d (aka 192.168.22.79) at Fri Apr 26 10:47:36 2013
rudder> A public key was Already known from corentin.local/192.168.22.79 - no trust required
rudder> Adding IP 192.168.22.79 to SkipVerify - no need to check this if We Have a key
rudder> The public key identity was confirmed as
rudder> -> Strong authentication of customer corentin.local/192.168.22.79 Achieved
rudder> -> Receiving session key from client (size = 256) ...
rudder> Filename is resolved to
rudder> Found a matching rule in access list in / var/rudder/share/2f30796d-dd5f-4462-9fc8-f0737aa0a14c)
rudder> Host corentin.local denied access to
rudder> Access control in sync
rudder> From (host = corentin.local, user = root, ip = 192.168.22.79)
rudder> REFUSAL of request from connecting host: (SYNCH 1366966061 STAT

Actions #8

Updated by Vincent MEMBRÉ over 11 years ago

  • Tracker changed from Question to Bug

To work correctly, Rudder need a fully functional DNS system.
If the server could not resolve the hostname, the server refuse the connection.

You need to add a line to the /etc/hosts file of your Rudder server:

192.168.22.79      corentin.local
Actions #9

Updated by Vincent MEMBRÉ over 11 years ago

  • Status changed from New to Discussion
Actions #10

Updated by Vincent MEMBRÉ over 11 years ago

  • Tracker changed from Bug to Question

There is some examples of how to configure a server Rudder in the "rudder-vagrant" project: https://github.com/Normation/rudder-vagrant

You have to checkout to branch branches/rudder/2.5 and check provision/server.sh

Actions #11

Updated by Corentin Guilleme over 11 years ago

I have add in the /etc/hosts on rudder-server-root (192.168.22.104) :

192.168.22.79 corentin.vtech.fr corentin

After launch the commande on the rudder-agent (192.168.22.79)

/var/rudder/cfengine-community/bin/cf-agent -KI -v

On the rudder-server-root (192.168.22.104) :
There is Success for the rules

Actions #12

Updated by Vincent MEMBRÉ over 11 years ago

Nice :) So everything's working fine ?

If you have any more questions don't hesitate, We will be glad to answer all your questions.

If you want to discuss directly you can find us on IRC: #rudder

Actions #13

Updated by Nicolas PERRON over 11 years ago

  • Target version changed from 2.5.3 to 2.5.4
Actions #14

Updated by Nicolas CHARLES over 11 years ago

  • Status changed from Discussion to Resolved

Since everything seems to be in order, i'm closing this ticket

Actions #15

Updated by Benoît PECCATTE over 9 years ago

  • Project changed from 34 to Rudder
  • Category set to Packaging
Actions

Also available in: Atom PDF