Bug #5089
closed
uuid.hive gets overwritten on the root server if rudder-agent is installed after rudder-webapp
Description
Hi again,
Still with the 4 components architecture (cf. #5080 and #5087).
server-4 (rudder-webapp + rudder-techniques + CFEngine server) does not seem to be recognized as the policy server. When I force an inventory with "/var/rudder/cfengine-community/bin/cf-agent -KI -D force_inventory", the content added by rudder-agent is the following:
<POLICY_SERVER>f6d3513b-fef2-452a-8990-f9871a516059</POLICY_SERVER> <SERVER_ROLES> <SERVER_ROLE>rudder-webapp</SERVER_ROLE> <SERVER_ROLE>rudder-jetty</SERVER_ROLE> </SERVER_ROLES>
"f6d3513b-fef2-452a-8990-f9871a516059" is its own UUID, but I guess it should be "root", because it's not recognized as is, and is blocking node acceptance in the web UI.
Quote from /var/log/rudder/webapp/2014_06_19.stderrout.log:
[...] [2014-06-19 12:52:34] ERROR com.normation.rudder.web.services.DisplayNode - Could not fetch policy server details (id NodeId(f6d3513b-fef2-452a-8990-f9871a516059)) for no de with id NodeId(f6d3513b-fef2-452a-8990-f9871a516059) <- Node with ID 'f6d3513b-fef2-452a-8990-f9871a516059' was not found [...] [2014-06-19 12:52:41] ERROR com.normation.rudder.services.servers.NewNodeManagerImpl - Unit acceptor error for node NodeId(f6d3513b-fef2-452a-8990-f9871a516059) <- Error when trying to accept node f6d3513b-fef2-452a-8990-f9871a516059 <- Error when executing accept node process named accept_new_server:add_system_configuration_rules <- Tech nical group with ID 'NodeGroupId(hasPolicyServer-f6d3513b-fef2-452a-8990-f9871a516059)' was not found <- Error when retrieving the entry for NodeGroup 'NodeGroupId(hasPol icyServer-f6d3513b-fef2-452a-8990-f9871a516059)'
I compared with a monolithic rudder-server-root installation, and the inventory file contains the proper policy server:
<POLICY_SERVER>root</POLICY_SERVER> <SERVER_ROLES> <SERVER_ROLE>rudder-reports</SERVER_ROLE> <SERVER_ROLE>rudder-inventory-endpoint</SERVER_ROLE> <SERVER_ROLE>rudder-inventory-ldap</SERVER_ROLE> <SERVER_ROLE>rudder-webapp</SERVER_ROLE> <SERVER_ROLE>rudder-jetty</SERVER_ROLE> <SERVER_ROLE>rudder-ldap</SERVER_ROLE> <SERVER_ROLE>rudder-db</SERVER_ROLE> <SERVER_ROLE>rudder-server-root</SERVER_ROLE> </SERVER_ROLES>
I'm not sure whether the bug is that "root" isn't used, or that the policy server UUID isn't automagically resolved.
Thanks.
Updated by Lionel Le Folgoc over 10 years ago
I can work around that by forcing "echo 'root' > /opt/rudder/etc/uuid.hive" on server-4, although I'm not sure it's the correct thing to do, but at least the policy server is now recognized and I can accept nodes.
Updated by Jonathan CLARKE over 10 years ago
- Status changed from New to 8
- Priority changed from N/A to 1 (highest)
This bug is indeed that the UUID is not "root". It should always be on the root server, which we still consider to be where rudder-webapp is installed.
I'm looking into why this happens now.
Updated by Jonathan CLARKE over 10 years ago
- Category set to System integration
- Assignee set to Jonathan CLARKE
- Target version set to 2.11.0~beta2
Updated by Jonathan CLARKE over 10 years ago
I don't understand how this can happen. In the rudder-webapp postinst scriptlet, we force the UUID to "root":
echo 'root' > /opt/rudder/etc/uuid.hive
And in the rudder-agent postinst scriptlet, we check a UUID is defined or valid, as follows:
if [ ! -e /opt/rudder/etc/uuid.hive ]
then
uuidgen > /opt/rudder/etc/uuid.hive
else
# UUID is valid only if it has been generetaed by uuidgen or if it is set to 'root' for policy server
CHECK_UUID=`cat /opt/rudder/etc/uuid.hive | grep -E "^[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}|root" | wc -l`
# If the UUID is not valid, regenerate it
if [ ${CHECK_UUID} -ne 1 ]
then
uuidgen > /opt/rudder/etc/uuid.hive
fi
fi
So, even if these 2 scriptlets are run in the wrong order, I don't see how the UUID could end up containing anything except "root".
Any ideas?
Updated by Lionel Le Folgoc over 10 years ago
I think I figured what happened:
Here's the install sequence:
Jun 19 10:10:25 Installed: 1398866025:rudder-jetty-2.11.0.beta1-1.EL.6.noarch Jun 19 10:10:29 Installed: 1398866025:rudder-webapp-2.11.0.beta1-1.EL.6.noarch Jun 19 10:10:32 Installed: 1398866025:rudder-agent-thin-2.11.0.beta1-1.EL.6.x86_64
So, rudder-webapp writes "root".
rudder-agent(-thin) ships a fake uuid.hive file:
root# rpm -qf /opt/rudder/etc/uuid.hive rudder-agent-thin-2.11.0.beta1-1.EL.6.x86_64
which contains:
root# cat opt/rudder/etc/uuid.hive # The content of this file should be replaced with a valid UUID for Rudder
So, "root" has been overwritten.
Then, the %post scriptlet:
root# cat opt/rudder/etc/uuid.hive | grep -E "^[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}|root" | wc -l
0
So it's overwritten again to the value of uuidgen.
The fix is probably not to ship uuid.hive in rudder-agent(-thin), it's created during %post anyway. If you really want to ship it in the package, prepending %ghost to /opt/rudder/etc/uuid.hive in the %files section of the rpmspec should do it (it marks it as owned by the package, but doesn't install it).
Updated by Jonathan CLARKE over 10 years ago
- Status changed from 8 to In progress
Oh, you have a very good point. Thanks for the analysis!
I will adapt rudder-agent(-thin) to not install the dummy file, which seems pretty useless to me.
Updated by Matthieu CERDA over 10 years ago
- Target version changed from 2.11.0~beta2 to 2.11.0~rc1
Updated by Jonathan CLARKE over 10 years ago
This unfortunately got dropped from 2.11.0~beta2. One of the reasons is that we were looking how to do this in a Debian package.
After discussing this with Lionel, it now appears that this is not necessary on Debian, because the uuid.hive file is listed as a config file, so Debian will never overwrite it.
Updated by Jonathan CLARKE over 10 years ago
- Subject changed from Unrecognized policy server to uuid.hive gets overwritten on the root server if rudder-agent is installed after rudder-webapp
- Status changed from In progress to Pending technical review
- Assignee changed from Jonathan CLARKE to Matthieu CERDA
- Pull Request set to https://github.com/Normation/rudder-packages/pull/426
Renamed the ticket for clarity.
Updated by Jonathan CLARKE over 10 years ago
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
Applied in changeset packages:commit:d5cb1a5f48027ee2ea051b60be75276e6c6f447e.
Updated by Matthieu CERDA over 10 years ago
Applied in changeset packages:commit:5d1c2dd94b75e4078867f80ab3c729d323106062.
Updated by Vincent MEMBRÉ over 10 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 2.11.0~rc1 (announcement , changelog), which was released today.
- Download information: https://www.rudder-project.org/site/get-rudder/downloads/