Bug #4915
closed
Rudder init script may not correctly initialize policy_server.dat file, resulting in a non functionning Rudder server
Added by Nicolas CHARLES over 10 years ago.
Updated over 9 years ago.
Description
When the rudder-server-root is installed, it is possible to have promises there, but no policy_server.dat
My main guess is that :
- user install rudder-server-root
- user waits a bit, the webapp start (and may generate promises
- user runs init script, and say "no" to reset initial promises
The init script check the presence of promises by
INITREP=/var/rudder/cfengine-community/inputs
INITPRO=`ls ${INITREP} 2>/dev/null | wc -l`
and based on this condition, do no write by default the /var/rudder/cfengine_community/policy_server.dat
The script should not leave the server in a broken state, and always check if the file is there. If not, create it.
- Project changed from Rudder to 34
- Priority changed from N/A to 1 (highest)
- Target version changed from 2.9.5 to 2.6.13
I cross checked:
when we install rudder-server-root, it installs promises in /var/rudder/cfengine-community/inputs, even before the script is run
The script see that promises are there, so asks if want to reset promises (the logical answer at this point is no)
So no policy_server.dat, and a broken rudder server root installation
- Status changed from New to In progress
- Assignee set to Nicolas CHARLES
- Status changed from In progress to Pending technical review
- Assignee changed from Nicolas CHARLES to Jonathan CLARKE
- Pull Request set to https://github.com/Normation/rudder-packages/pull/338
- Status changed from Pending technical review to Discussion
- Assignee changed from Jonathan CLARKE to Nicolas CHARLES
Nicolas CHARLES wrote:
I cross checked:
when we install rudder-server-root, it installs promises in /var/rudder/cfengine-community/inputs, even before the script is run
The script see that promises are there, so asks if want to reset promises (the logical answer at this point is no)
So no policy_server.dat, and a broken rudder server root installation
I agree with the change you're proposing (always enforce the presence and contents of policy_server.dat), but you mention also that you have found a bug: the script should not ask whether to reset initial promises all the time, because this is dumb. We should check this differently (if ! diff -Naur /opt/rudder/share/initial-promises/ /var/rudder/cfengine-community/inputs/) and therefore avoid the question if it is pointless.
I feel that this should be handled in this ticket too, because it is the same root cause. However, if you'd rather create a separate ticket for this, I'm also fine with that, so long as we fix both bugs.
- Assignee changed from Nicolas CHARLES to Jonathan CLARKE
Ha. Interesting.
Indeed, this is a double bug.
The diff solution on the whole folder will not work (because of the magical %% text in initial promises); do you think checking differences for the promises.cf would be enough?
- Assignee changed from Jonathan CLARKE to Nicolas CHARLES
Nicolas CHARLES wrote:
Ha. Interesting.
Indeed, this is a double bug.
The diff solution on the whole folder will not work (because of the magical %% text in initial promises); do you think checking differences for the promises.cf would be enough?
Ah, well spotted.
We could just use the same method as the script already uses and "generate" the initial promises in a tmp directory, then diff that?
Make sense, and it would allow also to detect changes in parameters !
- Status changed from Discussion to Pending technical review
- Assignee changed from Nicolas CHARLES to Jonathan CLARKE
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
Applied in changeset commit:b38f62c500d347acfd1965b382f74e66ba9b374d.
Applied in changeset commit:7fb81063e8f06c88a5c3e3320eb3a07ffa35db9b.
- Subject changed from policy_server.dat may not be automatically filled when runing init script, causing the Rudder server to be non functionnal to Rudder init script may not correctly initialize policy_server.dat file, resulting in a non functionning Rudder server
- Status changed from Pending release to Released
- Project changed from 34 to Rudder
- Category set to Packaging
Also available in: Atom
PDF
Updated by 
Updated by Jonathan CLARKE 
Updated by 
Updated by