Bug #7109
closed
After an upgrade to 3.1.1-1, the nodes report error on "Could not retrieve the UUID of the policy server"
Added by Nicolas CHARLES over 9 years ago.
Updated over 9 years ago.
Category:
System techniques
Description
Right after upgrading to 3.1.1-1, all my nodes are starting to report: Error: "Could not retrieve the UUID of the policy server"
The execution is
2015-08-17T21:09:02+1200 info: /default/doInventory/commands/'/usr/bin/curl -k -s -f --proxy '' -o "/var/rudder/cfengine-community/rudder-server-uuid.txt" https://server.rudder.local/uuid'[0]: Executing 'no timeout' ... '/usr/bin/curl -k -s -f --proxy '' -o "/var/rudder/cfengine-community/rudder-server-uuid.txt" https://server.rudder.local/uuid'
2015-08-17T21:09:02+1200 error: /default/doInventory/commands/'/usr/bin/curl -k -s -f --proxy '' -o "/var/rudder/cfengine-community/rudder-server-uuid.txt" https://server.rudder.local/uuid'[0]: Finished command related to promiser '/usr/bin/curl -k -s -f --proxy '' -o "/var/rudder/cfengine-community/rudder-server-uuid.txt" https://server.rudder.local/uuid' -- an error occurred, returned 35
The server is attainable
ping server.rudder.local
PING server.rudder.local (192.168.46.2) 56(84) bytes of data.
64 bytes from server.rudder.local (192.168.46.2): icmp_req=1 ttl=64 time=0.483 ms
- Related to Bug #6922: Curl SSL error on Ubuntu 10.04 added
It looks like #6922. What are the OS and openssl versions? The content of policy_server.dat?
- Status changed from New to In progress
- Assignee set to Alexis Mousset
We can force tlsv1 with the -1 option, which solves the problem.
root@agent3:/home/vagrant# uname -a
Linux agent3 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35 UTC 2014 x86_64 GNU/Linux
root@agent3:/home/vagrant# dpkg -l | grep openssl
ii openssl 0.9.8o-4squeeze14 Secure Socket Layer (SSL) binary and related cryptographic tools
cat /var/rudder/cfengine-community/policy_server.dat
server.rudder.local
Confirmed incompatibility with older OpenSSL's (0.9.8).
The "-1" curl CLI switch solves the issue and works even on very old OS'es (RHEL3), so I guess we can use this workaround without any risk :) also, SSL2/3 are deprecated anyway.
Nicolas, can you confirm that running "/usr/bin/curl -1 -k -f --proxy '' -o "/var/rudder/cfengine-community/rudder-server-uuid.txt" https://server.rudder.local/uuid'" solves the issue on your machine ? (you should get 'root' without any error)
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to Matthieu CERDA
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/733
root@agent3:/home/vagrant# /usr/bin/curl -1 -k -f --proxy '' -o "/var/rudder/cfengine-community/rudder-server-uuid.txt" https://server.rudder.local/uuid
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 5 100 5 0 0 174 0 --:--:-- --:--:-- --:--:-- 178
root@agent3:/home/vagrant# echo $?
0
- Related to deleted (Bug #6922: Curl SSL error on Ubuntu 10.04)
- Is duplicate of Bug #6922: Curl SSL error on Ubuntu 10.04 added
- Assignee changed from Matthieu CERDA to Alexis Mousset
Nicolas CHARLES wrote:
[...]
OK, that's the expected result :) it wrote "root" in /var/rudder/cfengine-community/rudder-server-uuid.txt instead of stdout, but that's fine !
Thank you
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
- Status changed from Pending release to Released
This bug has been fixed in Rudder 3.1.1 which was released today.
- Related to Bug #8436: Getting server uuid fails on agent with old openssl added
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by Matthieu CERDA 
Updated by