Bug #4915
closed
Rudder init script may not correctly initialize policy_server.dat file, resulting in a non functionning Rudder server
Description
My main guess is that :
- user install rudder-server-root
- user waits a bit, the webapp start (and may generate promises
- user runs init script, and say "no" to reset initial promises
The init script check the presence of promises by
INITREP=/var/rudder/cfengine-community/inputs
INITPRO=`ls ${INITREP} 2>/dev/null | wc -l`
and based on this condition, do no write by default the /var/rudder/cfengine_community/policy_server.dat
The script should not leave the server in a broken state, and always check if the file is there. If not, create it.
Updated by Nicolas CHARLES over 10 years ago
- Project changed from Rudder to 34
- Priority changed from N/A to 1 (highest)
Updated by Nicolas CHARLES over 10 years ago
- Target version changed from 2.9.5 to 2.6.13
I cross checked:
when we install rudder-server-root, it installs promises in /var/rudder/cfengine-community/inputs, even before the script is run
The script see that promises are there, so asks if want to reset promises (the logical answer at this point is no)
So no policy_server.dat, and a broken rudder server root installation
Updated by Nicolas CHARLES over 10 years ago
- Status changed from New to In progress
- Assignee set to Nicolas CHARLES
Updated by Nicolas CHARLES over 10 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Nicolas CHARLES to Jonathan CLARKE
- Pull Request set to https://github.com/Normation/rudder-packages/pull/338
Updated by Jonathan CLARKE over 10 years ago
- Status changed from Pending technical review to Discussion
- Assignee changed from Jonathan CLARKE to Nicolas CHARLES
Nicolas CHARLES wrote:
I cross checked:
when we install rudder-server-root, it installs promises in /var/rudder/cfengine-community/inputs, even before the script is run
The script see that promises are there, so asks if want to reset promises (the logical answer at this point is no)
So no policy_server.dat, and a broken rudder server root installation
I agree with the change you're proposing (always enforce the presence and contents of policy_server.dat), but you mention also that you have found a bug: the script should not ask whether to reset initial promises all the time, because this is dumb. We should check this differently (if ! diff -Naur /opt/rudder/share/initial-promises/ /var/rudder/cfengine-community/inputs/) and therefore avoid the question if it is pointless.
I feel that this should be handled in this ticket too, because it is the same root cause. However, if you'd rather create a separate ticket for this, I'm also fine with that, so long as we fix both bugs.
Updated by Nicolas CHARLES over 10 years ago
- Assignee changed from Nicolas CHARLES to Jonathan CLARKE
Ha. Interesting.
Indeed, this is a double bug.
The diff solution on the whole folder will not work (because of the magical %% text in initial promises); do you think checking differences for the promises.cf would be enough?
Updated by Jonathan CLARKE over 10 years ago
- Assignee changed from Jonathan CLARKE to Nicolas CHARLES
Nicolas CHARLES wrote:
Ha. Interesting.
Indeed, this is a double bug.The diff solution on the whole folder will not work (because of the magical %% text in initial promises); do you think checking differences for the promises.cf would be enough?
Ah, well spotted.
We could just use the same method as the script already uses and "generate" the initial promises in a tmp directory, then diff that?
Updated by Nicolas CHARLES over 10 years ago
Make sense, and it would allow also to detect changes in parameters !
Updated by Nicolas CHARLES over 10 years ago
- Status changed from Discussion to Pending technical review
- Assignee changed from Nicolas CHARLES to Jonathan CLARKE
PR updated
Updated by Nicolas CHARLES over 10 years ago
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
Applied in changeset commit:b38f62c500d347acfd1965b382f74e66ba9b374d.
Updated by Jonathan CLARKE over 10 years ago
Applied in changeset commit:7fb81063e8f06c88a5c3e3320eb3a07ffa35db9b.
Updated by Vincent MEMBRÉ over 10 years ago
- Subject changed from policy_server.dat may not be automatically filled when runing init script, causing the Rudder server to be non functionnal to Rudder init script may not correctly initialize policy_server.dat file, resulting in a non functionning Rudder server
Updated by Vincent MEMBRÉ over 10 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 2.6.13 (announcement , changelog), 2.9.5 (announcement , changelog) and 2.10.1 (announcement , changelog), which were released today.
- Download information: https://www.rudder-project.org/site/get-rudder/downloads/
Updated by Benoît PECCATTE over 9 years ago
- Project changed from 34 to Rudder
- Category set to Packaging