Project

General

Profile

Actions

Bug #5089

closed

uuid.hive gets overwritten on the root server if rudder-agent is installed after rudder-webapp

Added by Lionel Le Folgoc about 8 years ago. Updated almost 8 years ago.

Status:
Released
Priority:
1
Assignee:
Matthieu CERDA
Category:
System integration
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:

Description

Hi again,

Still with the 4 components architecture (cf. #5080 and #5087).

server-4 (rudder-webapp + rudder-techniques + CFEngine server) does not seem to be recognized as the policy server. When I force an inventory with "/var/rudder/cfengine-community/bin/cf-agent -KI -D force_inventory", the content added by rudder-agent is the following:

<POLICY_SERVER>f6d3513b-fef2-452a-8990-f9871a516059</POLICY_SERVER>
<SERVER_ROLES>
<SERVER_ROLE>rudder-webapp</SERVER_ROLE>
<SERVER_ROLE>rudder-jetty</SERVER_ROLE>
</SERVER_ROLES>

"f6d3513b-fef2-452a-8990-f9871a516059" is its own UUID, but I guess it should be "root", because it's not recognized as is, and is blocking node acceptance in the web UI.
Quote from /var/log/rudder/webapp/2014_06_19.stderrout.log:

[...]
[2014-06-19 12:52:34] ERROR com.normation.rudder.web.services.DisplayNode - Could not fetch policy server details (id NodeId(f6d3513b-fef2-452a-8990-f9871a516059)) for no
de with id NodeId(f6d3513b-fef2-452a-8990-f9871a516059) <- Node with ID 'f6d3513b-fef2-452a-8990-f9871a516059' was not found
[...]
[2014-06-19 12:52:41] ERROR com.normation.rudder.services.servers.NewNodeManagerImpl - Unit acceptor error for node NodeId(f6d3513b-fef2-452a-8990-f9871a516059) <- Error
when trying to accept node f6d3513b-fef2-452a-8990-f9871a516059 <- Error when executing accept node process named accept_new_server:add_system_configuration_rules <- Tech
nical group with ID 'NodeGroupId(hasPolicyServer-f6d3513b-fef2-452a-8990-f9871a516059)' was not found <- Error when retrieving the entry for NodeGroup 'NodeGroupId(hasPol
icyServer-f6d3513b-fef2-452a-8990-f9871a516059)'

I compared with a monolithic rudder-server-root installation, and the inventory file contains the proper policy server:

<POLICY_SERVER>root</POLICY_SERVER>
<SERVER_ROLES>
<SERVER_ROLE>rudder-reports</SERVER_ROLE>
<SERVER_ROLE>rudder-inventory-endpoint</SERVER_ROLE>
<SERVER_ROLE>rudder-inventory-ldap</SERVER_ROLE>
<SERVER_ROLE>rudder-webapp</SERVER_ROLE>
<SERVER_ROLE>rudder-jetty</SERVER_ROLE>
<SERVER_ROLE>rudder-ldap</SERVER_ROLE>
<SERVER_ROLE>rudder-db</SERVER_ROLE>
<SERVER_ROLE>rudder-server-root</SERVER_ROLE>
</SERVER_ROLES>

I'm not sure whether the bug is that "root" isn't used, or that the policy server UUID isn't automagically resolved.

Thanks.

Actions #1

Updated by Lionel Le Folgoc about 8 years ago

I can work around that by forcing "echo 'root' > /opt/rudder/etc/uuid.hive" on server-4, although I'm not sure it's the correct thing to do, but at least the policy server is now recognized and I can accept nodes.

Actions #2

Updated by Jonathan CLARKE about 8 years ago

  • Status changed from New to 8
  • Priority changed from N/A to 1

This bug is indeed that the UUID is not "root". It should always be on the root server, which we still consider to be where rudder-webapp is installed.

I'm looking into why this happens now.

Actions #3

Updated by Jonathan CLARKE about 8 years ago

  • Category set to System integration
  • Assignee set to Jonathan CLARKE
  • Target version set to 2.11.0~beta2
Actions #4

Updated by Jonathan CLARKE about 8 years ago

I don't understand how this can happen. In the rudder-webapp postinst scriptlet, we force the UUID to "root":

echo 'root' > /opt/rudder/etc/uuid.hive

And in the rudder-agent postinst scriptlet, we check a UUID is defined or valid, as follows:

if [ ! -e /opt/rudder/etc/uuid.hive ]                                                                                
then
  uuidgen > /opt/rudder/etc/uuid.hive
else
  # UUID is valid only if it has been generetaed by uuidgen or if it is set to 'root' for policy server
  CHECK_UUID=`cat /opt/rudder/etc/uuid.hive | grep -E "^[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}|root" | wc -l`
  # If the UUID is not valid, regenerate it
  if [ ${CHECK_UUID} -ne 1 ]
  then
    uuidgen > /opt/rudder/etc/uuid.hive
  fi
fi

So, even if these 2 scriptlets are run in the wrong order, I don't see how the UUID could end up containing anything except "root".

Any ideas?

Actions #5

Updated by Lionel Le Folgoc about 8 years ago

I think I figured what happened:

Here's the install sequence:

Jun 19 10:10:25 Installed: 1398866025:rudder-jetty-2.11.0.beta1-1.EL.6.noarch
Jun 19 10:10:29 Installed: 1398866025:rudder-webapp-2.11.0.beta1-1.EL.6.noarch
Jun 19 10:10:32 Installed: 1398866025:rudder-agent-thin-2.11.0.beta1-1.EL.6.x86_64

So, rudder-webapp writes "root".

rudder-agent(-thin) ships a fake uuid.hive file:

root# rpm -qf /opt/rudder/etc/uuid.hive
rudder-agent-thin-2.11.0.beta1-1.EL.6.x86_64

which contains:

root# cat opt/rudder/etc/uuid.hive 
# The content of this file should be replaced with a valid UUID for Rudder

So, "root" has been overwritten.

Then, the %post scriptlet:

root# cat opt/rudder/etc/uuid.hive | grep -E "^[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}|root" | wc -l 
0

So it's overwritten again to the value of uuidgen.

The fix is probably not to ship uuid.hive in rudder-agent(-thin), it's created during %post anyway. If you really want to ship it in the package, prepending %ghost to /opt/rudder/etc/uuid.hive in the %files section of the rpmspec should do it (it marks it as owned by the package, but doesn't install it).

Actions #6

Updated by Jonathan CLARKE about 8 years ago

  • Status changed from 8 to In progress

Oh, you have a very good point. Thanks for the analysis!

I will adapt rudder-agent(-thin) to not install the dummy file, which seems pretty useless to me.

Actions #7

Updated by Matthieu CERDA almost 8 years ago

  • Target version changed from 2.11.0~beta2 to 2.11.0~rc1
Actions #8

Updated by Jonathan CLARKE almost 8 years ago

This unfortunately got dropped from 2.11.0~beta2. One of the reasons is that we were looking how to do this in a Debian package.

After discussing this with Lionel, it now appears that this is not necessary on Debian, because the uuid.hive file is listed as a config file, so Debian will never overwrite it.

Actions #9

Updated by Jonathan CLARKE almost 8 years ago

  • Subject changed from Unrecognized policy server to uuid.hive gets overwritten on the root server if rudder-agent is installed after rudder-webapp
  • Status changed from In progress to Pending technical review
  • Assignee changed from Jonathan CLARKE to Matthieu CERDA
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/426

Renamed the ticket for clarity.

Actions #10

Updated by Jonathan CLARKE almost 8 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100

Applied in changeset packages:commit:d5cb1a5f48027ee2ea051b60be75276e6c6f447e.

Actions #11

Updated by Matthieu CERDA almost 8 years ago

Applied in changeset packages:commit:5d1c2dd94b75e4078867f80ab3c729d323106062.

Actions #12

Updated by Vincent MEMBRÉ almost 8 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.11.0~rc1 (announcement , changelog), which was released today.

Actions

Also available in: Atom PDF