Actions
Bug #4241
closed
CFEngine refuses to start after upgrade from 2.7.5 to 2.8.1 due to a CFEngine buffer overflow
Status:
Released
Priority:
1
Assignee:
Category:
Web - Config management
Target version:
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:
Description
Hello
We upgraded rudder server as per your tutorial and it seems that it refuses to start the agent with this error:
/etc/init.d/rudder-agent restart rudder-agent[6278]: [INFO] Using /etc/default/rudder-agent for configuration rudder-agent[6281]: [INFO] Using /var/rudder/cfengine-community for CFEngine workdir rudder-agent[6282]: [INFO] Halting CFEngine Community cf-serverd... rudder-agent[6283]: [INFO] can't read PID file, not stopping cf-serverd rudder-agent[6284]: [INFO] Halting CFEngine Community cf-execd... rudder-agent[6285]: [INFO] can't read PID file, not stopping cf-execd rudder-agent[6286]: [INFO] Launching CFEngine Community cf-serverd... input buffer overflow, can't enlarge buffer because scanner uses REJECT 2013-12-10T19:15:11+0000 error: Policy failed validation with command '"/var/rudder/cfengine-community/bin/cf-promises" -c "/var/rudder/cfengine-community/inputs/promises.cf"'
If I manually run the command I get this output:
CT-10112-bash-4.1# "/var/rudder/cfengine-community/bin/cf-promises" -c /var/rudder/cfengine-community/inputs/promises.cf -v 2013-12-10T19:16:37+0000 verbose: Work directory is /var/rudder/cfengine-community 2013-12-10T19:16:37+0000 verbose: Looking for a source of entropy in '/var/rudder/cfengine-community/randseed' .... 013-12-10T19:16:37+0000 verbose: Resolving variables in bundle 'fusionAgent' 2013-12-10T19:16:37+0000 verbose: Resolving variables in bundle 'listInstalledVM' 2013-12-10T19:16:37+0000 verbose: Resolving variables in bundle 'generateExtraInformations' 2013-12-10T19:16:37+0000 verbose: Resolving variables in bundle 'turnUsersToUnicode' 2013-12-10T19:16:37+0000 verbose: Resolving variables in bundle 'addInformationsToInventory' 2013-12-10T19:16:37+0000 verbose: Resolving variables in bundle 'moveInventoryToFinalDestination' 2013-12-10T19:16:37+0000 verbose: Resolving variables in bundle 'sendInventory' 2013-12-10T19:16:37+0000 verbose: Resolving variables in bundle 'add_information_to_inventory' 2013-12-10T19:16:37+0000 verbose: Resolving variables in bundle 'add_users_information_to_inventory' 2013-12-10T19:16:37+0000 verbose: Resolving variables in bundle 'xmlify' 2013-12-10T19:16:37+0000 verbose: Resolving variables in bundle 'cleanForceInventoryFlagFile' 2013-12-10T19:16:37+0000 verbose: Parsing file '/var/rudder/cfengine-community/inputs/common/1.0/cf-served.cf' input buffer overflow, can't enlarge buffer because scanner uses REJECT
It seems that it fails to load the /var/rudder/cfengine-community/inputs/common/1.0/cf-served.cf promise. After running the same command with strace it seems that it fails to load the ACL list located here:
!policy_server::\n \"acl\" slist => {\n \"${def.policy_server}\"\n };\n}\n\n\nbody server control\n{\n trustkeysfrom => {\n \"127.0.0.0/8\" , \"::1\",\n @{def.acl} ,\n host2ip(\"hostname1\"), \"hostname1\",
....
host2ip(\"hostname256\"), \"hostname256\", host2i" host2i", 4096) = 4096
write(2, "input buffer overflow, can't enlarge buffer because scanner uses REJECT\n", 72input buffer overflow, can't enlarge buffer because scanner uses REJECT
) = 72
exit_group(2) = ?
<pre>
It loads around 256 of the hosts and it runs out of memory for that buffer.
We are using this with a large amount of agents (over 500) and before the update rudder was running with the same number of hosts so I think this problem is caused by the newer cf-engine version which adds that extra check.
The real hostnames were replaced but can you please advise if there is any OS limit that can be increased to get this started or there is a bug that needs to be fixed in cf-engine.
Updated by 
Updated by 
Updated by 
Updated by 
Updated by
Actions