Project

General

Profile

Actions

Bug #4915

closed

Rudder init script may not correctly initialize policy_server.dat file, resulting in a non functionning Rudder server

Added by Nicolas CHARLES over 8 years ago. Updated almost 8 years ago.

Status:
Released
Priority:
1
Category:
Packaging
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Regression:

Description

When the rudder-server-root is installed, it is possible to have promises there, but no policy_server.dat
My main guess is that :
  1. user install rudder-server-root
  2. user waits a bit, the webapp start (and may generate promises
  3. user runs init script, and say "no" to reset initial promises

The init script check the presence of promises by

INITREP=/var/rudder/cfengine-community/inputs
INITPRO=`ls ${INITREP} 2>/dev/null | wc -l`

and based on this condition, do no write by default the /var/rudder/cfengine_community/policy_server.dat

The script should not leave the server in a broken state, and always check if the file is there. If not, create it.

Actions #1

Updated by Nicolas CHARLES over 8 years ago

  • Project changed from Rudder to 34
  • Priority changed from N/A to 1
Actions #2

Updated by Nicolas CHARLES over 8 years ago

  • Target version changed from 2.9.5 to 2.6.13

I cross checked:
when we install rudder-server-root, it installs promises in /var/rudder/cfengine-community/inputs, even before the script is run
The script see that promises are there, so asks if want to reset promises (the logical answer at this point is no)
So no policy_server.dat, and a broken rudder server root installation

Actions #3

Updated by Nicolas CHARLES over 8 years ago

  • Status changed from New to In progress
  • Assignee set to Nicolas CHARLES
Actions #4

Updated by Nicolas CHARLES over 8 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Jonathan CLARKE
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/338
Actions #5

Updated by Jonathan CLARKE over 8 years ago

  • Status changed from Pending technical review to Discussion
  • Assignee changed from Jonathan CLARKE to Nicolas CHARLES

Nicolas CHARLES wrote:

I cross checked:
when we install rudder-server-root, it installs promises in /var/rudder/cfengine-community/inputs, even before the script is run
The script see that promises are there, so asks if want to reset promises (the logical answer at this point is no)
So no policy_server.dat, and a broken rudder server root installation

I agree with the change you're proposing (always enforce the presence and contents of policy_server.dat), but you mention also that you have found a bug: the script should not ask whether to reset initial promises all the time, because this is dumb. We should check this differently (if ! diff -Naur /opt/rudder/share/initial-promises/ /var/rudder/cfengine-community/inputs/) and therefore avoid the question if it is pointless.

I feel that this should be handled in this ticket too, because it is the same root cause. However, if you'd rather create a separate ticket for this, I'm also fine with that, so long as we fix both bugs.

Actions #6

Updated by Nicolas CHARLES over 8 years ago

  • Assignee changed from Nicolas CHARLES to Jonathan CLARKE

Ha. Interesting.
Indeed, this is a double bug.

The diff solution on the whole folder will not work (because of the magical %% text in initial promises); do you think checking differences for the promises.cf would be enough?

Actions #7

Updated by Jonathan CLARKE over 8 years ago

  • Assignee changed from Jonathan CLARKE to Nicolas CHARLES

Nicolas CHARLES wrote:

Ha. Interesting.
Indeed, this is a double bug.

The diff solution on the whole folder will not work (because of the magical %% text in initial promises); do you think checking differences for the promises.cf would be enough?

Ah, well spotted.

We could just use the same method as the script already uses and "generate" the initial promises in a tmp directory, then diff that?

Actions #8

Updated by Nicolas CHARLES over 8 years ago

Make sense, and it would allow also to detect changes in parameters !

Actions #9

Updated by Nicolas CHARLES over 8 years ago

  • Status changed from Discussion to Pending technical review
  • Assignee changed from Nicolas CHARLES to Jonathan CLARKE

PR updated

Actions #10

Updated by Nicolas CHARLES over 8 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100

Applied in changeset commit:b38f62c500d347acfd1965b382f74e66ba9b374d.

Actions #11

Updated by Jonathan CLARKE over 8 years ago

Applied in changeset commit:7fb81063e8f06c88a5c3e3320eb3a07ffa35db9b.

Actions #12

Updated by Vincent MEMBRÉ over 8 years ago

  • Subject changed from policy_server.dat may not be automatically filled when runing init script, causing the Rudder server to be non functionnal to Rudder init script may not correctly initialize policy_server.dat file, resulting in a non functionning Rudder server
Actions #13

Updated by Vincent MEMBRÉ over 8 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.6.13 (announcement , changelog), 2.9.5 (announcement , changelog) and 2.10.1 (announcement , changelog), which were released today.

Actions #14

Updated by Benoît PECCATTE almost 8 years ago

  • Project changed from 34 to Rudder
  • Category set to Packaging
Actions

Also available in: Atom PDF