Project

General

Profile

Bug #7001

If domain name is not set in resolv.conf, the inventory generated is invalid

Added by Nicolas CHARLES over 5 years ago. Updated about 5 years ago.

Status:
Released
Priority:
N/A
Category:
Web - Nodes & inventories
Target version:
Severity:
User visibility:
Effort required:
Priority:

Description

Without a defined domain name in resolv.conf, inventory doesn't contain OS/FQDN tag (root cause is https://rt.cpan.org/Public/Bug/Display.html?id=60729 )
We should either:
  1. don't trust this field to be always set, or
  2. fix the inventory so that the value is always defined

This is even more criticla in 3.1, as we finally made this entry mandatory

This ticket is for correcting the agent behaviour, the child one is to adapt the server in 3.1 to find hostname information on inventories with empty FQDN attribute.


Files


Subtasks

Bug #7015: Some inventories have empty FQDN attribute, mandatory in 3.1ReleasedFrançois ARMAND2015-07-21Actions

Related issues

Related to Rudder - Bug #6711: Hostname in inventory may sometimes be wrongfully in lowercaseReleasedFrançois ARMAND2015-06-11Actions
Related to Rudder - Bug #7031: Inventory <FQDN> content differs from hostname --fqdn and may lead to unauthorised nodesReleasedJonathan CLARKE2015-12-08Actions
Related to Rudder - Bug #7241: Patch not applied on fusion inventoryReleasedBenoît PECCATTE2015-10-07Actions
Related to Rudder - Bug #8022: Node's FQDN-Resolution is sometimes invalidNewActions
#1

Updated by Nicolas CHARLES over 5 years ago

  • File test-fai-876cd88b-f6f2-4cf0-bd66-7eda1fb03bba.ocs added
#2

Updated by Nicolas CHARLES over 5 years ago

  • File deleted (test-fai-876cd88b-f6f2-4cf0-bd66-7eda1fb03bba.ocs)
#4

Updated by Nicolas CHARLES over 5 years ago

I see two solutions:
  • patch fusion to enforce somethginh in fqdn (editing /opt/rudder/share/fusioninventory/lib/FusionInventory/Agent/Task/Inventory/Generic.pm, to add
    use Sys::Hostname;
    
    ...
        my $base_fqdn = hostfqdn();
        my $FQDN = length($base_fqdn) ? $base_fqdn : hostname();
    

    but this solution will need an up to date agent
  • don't enforce that FQDN is filled, and if it is not, use HARDWARE/NAME
#5

Updated by Nicolas CHARLES over 5 years ago

  • Related to Bug #6711: Hostname in inventory may sometimes be wrongfully in lowercase added
#6

Updated by Nicolas CHARLES over 5 years ago

  • Target version changed from 3.1.1 to 2.10.16
#7

Updated by François ARMAND over 5 years ago

  • Description updated (diff)
#8

Updated by Nicolas CHARLES over 5 years ago

  • Related to Bug #7031: Inventory <FQDN> content differs from hostname --fqdn and may lead to unauthorised nodes added
#9

Updated by Nicolas CHARLES over 5 years ago

  • Category changed from Web - Nodes & inventories to Agent
  • Status changed from New to In progress
  • Assignee set to Nicolas CHARLES
  • Target version changed from 2.10.16 to 2.11.13
#10

Updated by Nicolas CHARLES over 5 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/718
#11

Updated by Nicolas CHARLES over 5 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100
#13

Updated by Vincent MEMBRÉ over 5 years ago

  • Category changed from Agent to Web - Nodes & inventories
#14

Updated by François ARMAND over 5 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.11.13, 3.0.8 and 3.1.1 which were released today.

#15

Updated by Vincent MEMBRÉ over 5 years ago

  • Related to Bug #7241: Patch not applied on fusion inventory added
#16

Updated by Florian Heigl about 5 years ago

Some more details...

I can still have a host (3.1.5 server and agent) that can be accepted to rudder but will be denied access to its own policy after the first run.

Problem seems to be specific to CentOS6 with network manager installed and DOMAIN not set in the interface config.
I can fix it by setting that variable in the interface config file, the HOSTNAME setting in /etc/sysconfig/network (which is supposed to be a fqdn) is not sufficient since the init scripts now set a hostname of host.domain.tld (that means, it'll show this in both 'hostname' and 'hostname --fqdn).

So this means the hostname setup code in CentOS6 is broken, assuming that host.domain.tld is a single WORD.
I wish those people would be convicted to get a job outside IP.

The fix of setting it in the interface config (so a partial / mis-configuration for this purpose - because unless you have only one interface there might be multiple DOMAINS for per-interface hostnames) does get the job done.
A post-rudder-accept update also works and then magically unlocks ACLs for the client access.

In the reverse that means it's still having problems if there's some mismatch even though the inventory is probably correctly signed and the node is generally accepted.

Oh, lovely.
On a later run it broke again. I'm now again getting refusals.
NOT working, cannot update node's policy.

Please make sure your tests for this issue involve multiple runs of the agent on the master and client.

Will gladly give access to affected node and master for debugging.

#17

Updated by François ARMAND almost 5 years ago

  • Related to Bug #8022: Node's FQDN-Resolution is sometimes invalid added

Also available in: Atom PDF