Project

General

Profile

Actions

Bug #7031

closed

Inventory <FQDN> content differs from hostname --fqdn and may lead to unauthorised nodes

Added by François ARMAND over 8 years ago. Updated over 8 years ago.

Status:
Released
Priority:
N/A
Category:
Web - Nodes & inventories
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

When testing Rudder, at one moment every nodes stopped to being able to get their policies updated. So as always, it was a DNS problem.

The problem was that at that moment, they all decided to send new inventories, and it was after a DHCP new lease - yeah, that would have never happened if not working at 3AM.

In these inventories, the <FQDN> content was <FQDN>myapp.normation.com</FQDN> in place of <FQDN>myapp</FQDN>.

That was because DHCP had modified their resolv.conf, and the new resolv.conf content was:

search normation.com
domain normation.com
nameserver XXXX

But interestingly, on these nodes, "hostname --fqdn" still returned "myapp", and "getent hosts myapp.normation.com" was returning an error. See http://serverfault.com/questions/574301/non-woking-domain-parameter-at-resolv-conf for inputs.

Of course, cf-served.cf was filled with myapp inventory data, so with "myapp.normation.com", and so CFEngine was refusing "myapp" any update.

So, it seems that fusion inventory <FQDN> is filled with a value that IS NOT the DNS resolvable FQDN, so the use of that attribute in 3.1 is really dangerous.


Subtasks 1 (0 open1 closed)

Bug #7570: If RUDDER_HOSTNAME is localhost we should fallback to FQDNReleasedFrançois ARMAND2015-12-08Actions

Related issues 6 (0 open6 closed)

Related to Rudder - Bug #6782: Broken inventory - missing 'FQDN'ReleasedFrançois ARMAND2015-06-23Actions
Related to Rudder - Bug #6711: Hostname in inventory may sometimes be wrongfully in lowercaseReleasedFrançois ARMAND2015-06-11Actions
Related to Rudder - Bug #7001: If domain name is not set in resolv.conf, the inventory generated is invalidReleasedVincent MEMBRÉ2015-07-21Actions
Related to Rudder - Bug #7015: Some inventories have empty FQDN attribute, mandatory in 3.1ReleasedFrançois ARMAND2015-07-21Actions
Related to Rudder - User story #8022: Allow users to specify node hostname (FQDN)ReleasedAlexis MoussetActions
Related to Rudder - Bug #7568: Inventory <FQDN> content differs from hostname --fqdn and may lead to unauthorised nodes (impl for system techniques)RejectedActions
Actions

Also available in: Atom PDF