Project

General

Profile

Bug #7064

System object (techniques, directives, rules, groups) must be always enabled

Added by François ARMAND over 5 years ago. Updated about 5 years ago.

Status:
Released
Priority:
1
Category:
Web - Config management
Target version:
Severity:
User visibility:
Effort required:
Priority:

Description

Today, we have build Rudder with the system rules actually on the node. If they are not, nothing work.

But system object still have a "isEnabled field", and it is actually used. That a big problem.

Moreover, if one of these object is disabled, the user can't do anything about it (safe invoking LDAP magic).

#1

Updated by François ARMAND over 5 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Nicolas CHARLES
  • Pull Request set to https://github.com/Normation/rudder/pull/905
#2

Updated by François ARMAND over 5 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100
#4

Updated by François ARMAND over 5 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 2.10.16, 2.11.13, 3.0.8 and 3.1.1 which were released today.

#5

Updated by Nicolas CHARLES about 5 years ago

this can be solved by

RUDDER_OPT="/opt/rudder" 
LDAP_CREDENTIALS=$(grep -c -E "^ldap.auth(dn|pw)[ \t]*=" /opt/rudder/etc/rudder-web.properties || true)
LDAP_USER="$(grep -E '^ldap.authdn[ \t]*=' ${RUDDER_OPT}/etc/rudder-web.properties | cut -d "=" -f 2-)" 
LDAP_PASSWORD="$(grep -E '^ldap.authpw[ \t]*=' ${RUDDER_OPT}/etc/rudder-web.properties | cut -d "=" -f 2-)" 

LDAP_SERVER='localhost'
LDAP_PORT='389'

LDAP_PARAMETERS="-H ldap://${LDAP_SERVER}:${LDAP_PORT}/ -D ${LDAP_USER} -w ${LDAP_PASSWORD} -x" 

LDAPMODIFY="ldapmodify ${LDAP_PARAMETERS}" 

${LDAPMODIFY} >/dev/null 2>&1 << EOF
dn: activeTechniqueId=common,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration
changetype: modify
replace: isEnabled
isEnabled: TRUE
EOF

${LDAPMODIFY} >/dev/null 2>&1 << EOF
dn: ruleId=hasPolicyServer-root,ou=Rules,ou=Rudder,cn=rudder-configuration
changetype: modify
replace: isEnabled
isEnabled: TRUE
EOF

${LDAPMODIFY} >/dev/null 2>&1 << EOF
dn: directiveId=common-root,activeTechniqueId=common,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration
changetype: modify
replace: isEnabled
isEnabled: TRUE
EOF

And then, clear cache in the web interface

Also available in: Atom PDF