Project

General

Profile

Actions

Bug #5087

closed

Authorized networks in splitted environment, does not allow inventory sending

Added by Lionel Le Folgoc over 10 years ago. Updated over 10 years ago.

Status:
Released
Priority:
2
Assignee:
Jonathan CLARKE
Category:
System techniques
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

Hi,

I'm trying to set up a rudder server with 4 components (cf. #5080 too):
server-1: rudder-front
server-2: rudder-ldap + rudder-inventory-endpoint
server-3: rudder-db
server-4: rudder-webapp + rudder-techniques + CFEngine server

However, server-[123] cannot submit their inventory to server-4:

Jun 19 09:22:17 localhost rudder[7020]: /default/doInventory/methods/'any'/default/sendInventory/files/'/var/rudder/inventories'[0]: Finished command related to promiser '/var/rudder/inventories' -- an error occurred, returned 22
Jun 19 09:22:17 localhost rudder[7020]: /default/doInventory/methods/'any'/default/sendInventory/files/'/var/rudder/inventories'[0]: Transformer '/var/rudder/inventories/rudderfronttest-2014-06-18-08-32-01.ocs.gz' => '/usr/bin/curl -f -s --proxy '' --user rudder:rudder -T /var/rudder/inventories/rudderfronttest-2014-06-18-08-32-01.ocs.gz http://192.168.42.203/inventories/' returned error
Jun 19 09:22:17 localhost rudder[7020]: R: @@Inventory@@result_error@@inventory-all@@inventory-all@@00@@inventory@@None@@2014-06-19 13:21:32+00:00##556486fd-eb4a-4972-940b-5f5b8434a652@#Could not send the inventory

Running manually the curl command indeed returns a 403 Forbidden error.

The file /opt/rudder/etc/rudder-networks.conf only contains:

Deny from all

which could explain the error obtained.

I compared with a monolithic rudder installation, and the file is:

Allow from 127.0.0.0/8
Allow from %%POLICY_SERVER_ALLOWED_NETWORKS%%

And if I replace the content of the file on server-4 with this one, inventories can be sent.

So it would seem that /opt/rudder/bin/init does not correctly set up the trusted networks when the roles are shared among several servers?

Thanks.


Related issues 1 (0 open1 closed)

Has duplicate Rudder - Bug #5118: In splitted architecture, some checks mandatory on the Webapp are not performedRejectedNicolas CHARLES2014-06-23Actions
Actions

Also available in: Atom PDF