Project

General

Profile

Actions

Bug #7109

closed

After an upgrade to 3.1.1-1, the nodes report error on "Could not retrieve the UUID of the policy server"

Added by Nicolas CHARLES over 9 years ago. Updated over 9 years ago.

Status:
Released
Priority:
1 (highest)
Category:
System techniques
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

Right after upgrading to 3.1.1-1, all my nodes are starting to report: Error: "Could not retrieve the UUID of the policy server"

The execution is

2015-08-17T21:09:02+1200     info: /default/doInventory/commands/'/usr/bin/curl -k -s -f --proxy '' -o "/var/rudder/cfengine-community/rudder-server-uuid.txt" https://server.rudder.local/uuid'[0]: Executing 'no timeout' ... '/usr/bin/curl -k -s -f --proxy '' -o "/var/rudder/cfengine-community/rudder-server-uuid.txt" https://server.rudder.local/uuid'
2015-08-17T21:09:02+1200    error: /default/doInventory/commands/'/usr/bin/curl -k -s -f --proxy '' -o "/var/rudder/cfengine-community/rudder-server-uuid.txt" https://server.rudder.local/uuid'[0]: Finished command related to promiser '/usr/bin/curl -k -s -f --proxy '' -o "/var/rudder/cfengine-community/rudder-server-uuid.txt" https://server.rudder.local/uuid' -- an error occurred, returned 35


Related issues 2 (0 open2 closed)

Related to Rudder - Bug #8436: Getting server uuid fails on agent with old opensslRejectedActions
Is duplicate of Rudder - Bug #6922: Curl SSL error on Ubuntu 10.04Rejected2015-07-02Actions
Actions #1

Updated by Nicolas CHARLES over 9 years ago

The server is attainable

ping server.rudder.local
PING server.rudder.local (192.168.46.2) 56(84) bytes of data.
64 bytes from server.rudder.local (192.168.46.2): icmp_req=1 ttl=64 time=0.483 ms

Actions #2

Updated by Alexis Mousset over 9 years ago

  • Related to Bug #6922: Curl SSL error on Ubuntu 10.04 added
Actions #3

Updated by Alexis Mousset over 9 years ago

It looks like #6922. What are the OS and openssl versions? The content of policy_server.dat?

Actions #4

Updated by Alexis Mousset over 9 years ago

  • Status changed from New to In progress
  • Assignee set to Alexis Mousset

We can force tlsv1 with the -1 option, which solves the problem.

Actions #5

Updated by Nicolas CHARLES over 9 years ago

root@agent3:/home/vagrant# uname -a
Linux agent3 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35 UTC 2014 x86_64 GNU/Linux

root@agent3:/home/vagrant# dpkg -l | grep openssl
ii  openssl                             0.9.8o-4squeeze14            Secure Socket Layer (SSL) binary and related cryptographic tools

cat /var/rudder/cfengine-community/policy_server.dat 
server.rudder.local
Actions #6

Updated by Matthieu CERDA over 9 years ago

Confirmed incompatibility with older OpenSSL's (0.9.8).

The "-1" curl CLI switch solves the issue and works even on very old OS'es (RHEL3), so I guess we can use this workaround without any risk :) also, SSL2/3 are deprecated anyway.

Nicolas, can you confirm that running "/usr/bin/curl -1 -k -f --proxy '' -o "/var/rudder/cfengine-community/rudder-server-uuid.txt" https://server.rudder.local/uuid'" solves the issue on your machine ? (you should get 'root' without any error)

Actions #7

Updated by Alexis Mousset over 9 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis Mousset to Matthieu CERDA
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/733
Actions #8

Updated by Nicolas CHARLES over 9 years ago

root@agent3:/home/vagrant# /usr/bin/curl -1 -k -f --proxy '' -o "/var/rudder/cfengine-community/rudder-server-uuid.txt" https://server.rudder.local/uuid
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100     5  100     5    0     0    174      0 --:--:-- --:--:-- --:--:--   178
root@agent3:/home/vagrant# echo $?
0

Actions #9

Updated by Alexis Mousset over 9 years ago

  • Related to deleted (Bug #6922: Curl SSL error on Ubuntu 10.04)
Actions #10

Updated by Alexis Mousset over 9 years ago

  • Is duplicate of Bug #6922: Curl SSL error on Ubuntu 10.04 added
Actions #11

Updated by Matthieu CERDA over 9 years ago

  • Assignee changed from Matthieu CERDA to Alexis Mousset

Nicolas CHARLES wrote:

[...]

OK, that's the expected result :) it wrote "root" in /var/rudder/cfengine-community/rudder-server-uuid.txt instead of stdout, but that's fine !

Thank you

Actions #12

Updated by Alexis Mousset over 9 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100
Actions #13

Updated by Matthieu CERDA over 9 years ago

Actions #14

Updated by François ARMAND over 9 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 3.1.1 which was released today.

Actions #15

Updated by Alexis Mousset over 8 years ago

  • Related to Bug #8436: Getting server uuid fails on agent with old openssl added
Actions

Also available in: Atom PDF