Bug #7064
closed
System object (techniques, directives, rules, groups) must be always enabled
Added by François ARMAND over 9 years ago.
Updated almost 9 years ago.
Category:
Web - Config management
Description
Today, we have build Rudder with the system rules actually on the node. If they are not, nothing work.
But system object still have a "isEnabled field", and it is actually used. That a big problem.
Moreover, if one of these object is disabled, the user can't do anything about it (safe invoking LDAP magic).
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Nicolas CHARLES
- Pull Request set to https://github.com/Normation/rudder/pull/905
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
- Status changed from Pending release to Released
This bug has been fixed in Rudder 2.10.16, 2.11.13, 3.0.8 and 3.1.1 which were released today.
this can be solved by
RUDDER_OPT="/opt/rudder"
LDAP_CREDENTIALS=$(grep -c -E "^ldap.auth(dn|pw)[ \t]*=" /opt/rudder/etc/rudder-web.properties || true)
LDAP_USER="$(grep -E '^ldap.authdn[ \t]*=' ${RUDDER_OPT}/etc/rudder-web.properties | cut -d "=" -f 2-)"
LDAP_PASSWORD="$(grep -E '^ldap.authpw[ \t]*=' ${RUDDER_OPT}/etc/rudder-web.properties | cut -d "=" -f 2-)"
LDAP_SERVER='localhost'
LDAP_PORT='389'
LDAP_PARAMETERS="-H ldap://${LDAP_SERVER}:${LDAP_PORT}/ -D ${LDAP_USER} -w ${LDAP_PASSWORD} -x"
LDAPMODIFY="ldapmodify ${LDAP_PARAMETERS}"
${LDAPMODIFY} >/dev/null 2>&1 << EOF
dn: activeTechniqueId=common,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration
changetype: modify
replace: isEnabled
isEnabled: TRUE
EOF
${LDAPMODIFY} >/dev/null 2>&1 << EOF
dn: ruleId=hasPolicyServer-root,ou=Rules,ou=Rudder,cn=rudder-configuration
changetype: modify
replace: isEnabled
isEnabled: TRUE
EOF
${LDAPMODIFY} >/dev/null 2>&1 << EOF
dn: directiveId=common-root,activeTechniqueId=common,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration
changetype: modify
replace: isEnabled
isEnabled: TRUE
EOF
And then, clear cache in the web interface
Also available in: Atom
PDF
Updated by 
Updated by