Project

General

Profile

Bug #7288

Policy does not get deleted when changing relays

Added by Janos Mattyasovszky about 4 years ago. Updated 5 days ago.

Status:
Pending technical review
Priority:
N/A
Category:
Server components
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
User visibility:
Infrequent - complex configurations | third party integrations
Effort required:
Very Small
Priority:
47

Description

Sometimes we re-balance and change the policy server (relay) a node is connected to.
I have noticed the old relay's policy for the nodes do not get removed then.

rudder-root:/var/rudder/share # ls -d /var/rudder/share/*/share/* | gawk -F/ '{print $NF}' | sort | uniq -c | grep -c -w 2
604

=> not a unique issue.

The date is also showing this:

drwx------ 3 root root 18 Sep 22 23:25 /var/rudder/share/9ee3f1c5-d83c-4daa-9465-2555476521fb/share/00208aa8-f4d1-11e4-b6d9-11cb081228de
drwxrwx--- 3 root root 18 Oct 17 22:38 /var/rudder/share/c49a0a1c-1100-11e5-9959-76b2081228de/share/00208aa8-f4d1-11e4-b6d9-11cb081228de
...
drwx------ 3 root root 18 Sep 23 00:00 /var/rudder/share/9ee3f1c5-d83c-4daa-9465-2555476521fb/share/0013855c-f377-11e4-b4af-33e8081228de
drwxrwx--- 3 root root 18 Oct 17 22:38 /var/rudder/share/78169036-10f9-11e5-b8f7-afb7081228de/share/0013855c-f377-11e4-b4af-33e8081228de

When a node changes the policy server, that policy server should get the node's folder removed.

Edit FAR: Proposed solution: each policy server has a base share directory (/var/rudder/share for root, /var/rudder/share/9ee3f1c5-d83c-4daa-9465-2555476521fb/share for relay with uuid 9ee3f1c5-d83c-4daa-9465-2555476521fb, etc recursively). At the end of the generation, we just need to check that the base share of a policy server only contains nodes directly managed by it.


Related issues

Related to Scale-out relay - Bug #7751: When we delete a relay, all system groups and directive related to this relay are not deletedIn progressActions
Related to Rudder - Bug #8046: Change of Policy Server does not trigger a PolicyupdateRejected2016-03-08Actions
Related to Rudder - Bug #9719: Node deletes are not properly cleaned upNewActions

History

#1

Updated by Janos Mattyasovszky about 4 years ago

  • Description updated (diff)
#2

Updated by Vincent MEMBRÉ about 4 years ago

  • Assignee set to Nicolas CHARLES

Thanks for reproting Janos!

You are right, the content of shared promises should only contains promises for nodes that are managed by this relay

Nicolas, what would be the easiest way to do this ?

#3

Updated by Jonathan CLARKE about 4 years ago

  • Assignee changed from Nicolas CHARLES to François ARMAND

François, I'm sure you have an idea about this? :)

#4

Updated by Janos Mattyasovszky about 4 years ago

How about detecting during the inventory processing, if it reports to a different policy server then known until now, and after a successful policy generation remove the old dir-tree below the old policy server?

I will work around it by a cronjob, some LDAP query, and checking all directory below the policy servers, if it's still valid.

Additional question: do the policies get deleted when I remove a node over GUI / API?

#5

Updated by François ARMAND over 3 years ago

I think we should "just" add the list of node managed by the relay in some accessible way on the relay, and a post-hook after promise transfert which will diff the managed node / actual directories present. The garbage collecting can be done asynchronously to avoid long processing time.

The proposed solution may imply more work to always calculate the list of nodes for a relay, not sure we have that information at all time.

Some more context information: we are not able to just remove all directories not updated on last promise transfert, because valid nodes may not have gotten updated policies on last round.

#6

Updated by François ARMAND over 3 years ago

  • Related to Bug #7751: When we delete a relay, all system groups and directive related to this relay are not deleted added
#7

Updated by François ARMAND over 3 years ago

  • Related to Bug #4709: When a node is deleted, its generated promises are not removed added
#8

Updated by François ARMAND over 3 years ago

OK, so it seems I misunderstood the root cause, and it should be in fact much easier than thought to correct.

The problem is that on the root server, we don't clean the deleted nodes, and so it is more linked to #4709 (kind of an amplificated version of it).

Nicolas, you had concerned about the following proposed solution. Does that still hold for relays ?

I put them back here:

- trigger a rm -rf ${nodeid} or something alike from rudder UI when a node is deleted;
- on each promise generation, delete all unknown files in /var/rudder/share to keep only existing nodes;
- have a cfengine (sytem) promise making the cleaning for us based on the list of all "currently valide node" (accepting that ${node_id_of_relay}/${node_id} is a valid one)

#9

Updated by François ARMAND over 3 years ago

  • Tags set to Next minor release
#10

Updated by Janos Mattyasovszky over 3 years ago

  • Related to Bug #8046: Change of Policy Server does not trigger a Policyupdate added
#11

Updated by Janos Mattyasovszky over 3 years ago

  • Related to deleted (Bug #8046: Change of Policy Server does not trigger a Policyupdate)
#12

Updated by François ARMAND over 3 years ago

  • Related to Bug #8046: Change of Policy Server does not trigger a Policyupdate added
#13

Updated by Benoît PECCATTE over 3 years ago

  • Target version set to 2.11.21
#14

Updated by Jonathan CLARKE over 3 years ago

  • Tags deleted (Next minor release)
#15

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 2.11.21 to 2.11.22
#16

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 2.11.22 to 2.11.23
#17

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 2.11.23 to 2.11.24
#18

Updated by Vincent MEMBRÉ over 3 years ago

  • Target version changed from 2.11.24 to 308
#19

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 308 to 3.1.14
#20

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 3.1.14 to 3.1.15
#21

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 3.1.15 to 3.1.16
#22

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 3.1.16 to 3.1.17
#23

Updated by Janos Mattyasovszky about 3 years ago

  • Related to Bug #9719: Node deletes are not properly cleaned up added
#24

Updated by Vincent MEMBRÉ about 3 years ago

  • Target version changed from 3.1.17 to 3.1.18
#25

Updated by Vincent MEMBRÉ almost 3 years ago

  • Target version changed from 3.1.18 to 3.1.19
#26

Updated by Jonathan CLARKE over 2 years ago

  • Severity set to Minor - inconvenience | misleading | easy workaround
  • User visibility set to Infrequent - complex configurations | third party integrations
#27

Updated by Benoît PECCATTE over 2 years ago

  • Priority set to 5
#28

Updated by François ARMAND over 2 years ago

  • Related to deleted (Bug #4709: When a node is deleted, its generated promises are not removed)
#29

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 3.1.19 to 3.1.20
#30

Updated by Jonathan CLARKE over 2 years ago

  • Assignee deleted (François ARMAND)
#31

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 3.1.20 to 3.1.21
#32

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 3.1.21 to 3.1.22
#33

Updated by Benoît PECCATTE over 2 years ago

  • Priority changed from 5 to 18
#34

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 3.1.22 to 3.1.23
#35

Updated by Vincent MEMBRÉ over 2 years ago

  • Target version changed from 3.1.23 to 3.1.24
#36

Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 3.1.24 to 3.1.25
#37

Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 3.1.25 to 387
#38

Updated by Vincent MEMBRÉ almost 2 years ago

  • Target version changed from 387 to 4.1.10
#39

Updated by Vincent MEMBRÉ almost 2 years ago

  • Target version changed from 4.1.10 to 4.1.11
#40

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 4.1.11 to 4.1.12
#41

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 4.1.12 to 4.1.13
#42

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 4.1.13 to 4.1.14
#43

Updated by Benoît PECCATTE over 1 year ago

  • Target version changed from 4.1.14 to 4.1.15
#44

Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 4.1.15 to 4.1.16
#45

Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 4.1.16 to 4.1.17
#46

Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 4.1.17 to 4.1.18
#47

Updated by Vincent MEMBRÉ 11 months ago

  • Target version changed from 4.1.18 to 4.1.19
#48

Updated by Alexis MOUSSET 10 months ago

  • Target version changed from 4.1.19 to 4.1.20
  • Priority changed from 18 to 19
#49

Updated by François ARMAND 9 months ago

  • Target version changed from 4.1.20 to 4.1.21
#50

Updated by Vincent MEMBRÉ 8 months ago

  • Target version changed from 4.1.21 to 4.1.22
#51

Updated by Vincent MEMBRÉ 7 months ago

  • Target version changed from 4.1.22 to 4.1.23
#52

Updated by Vincent MEMBRÉ 7 months ago

  • Target version changed from 4.1.23 to 4.1.24
#53

Updated by Vincent MEMBRÉ 5 months ago

  • Target version changed from 4.1.24 to 4.1.25
#54

Updated by Vincent MEMBRÉ 5 months ago

  • Target version changed from 4.1.25 to 5.0.13
#55

Updated by Vincent MEMBRÉ 3 months ago

  • Target version changed from 5.0.13 to 5.0.14
  • Priority changed from 19 to 20
#56

Updated by Vincent MEMBRÉ 2 months ago

  • Target version changed from 5.0.14 to 5.0.15
#57

Updated by François ARMAND about 1 month ago

  • Description updated (diff)
  • Effort required set to Very Small
  • Priority changed from 20 to 47

The proposed solution seems really simple to implement.

#58

Updated by Vincent MEMBRÉ 26 days ago

  • Status changed from New to In progress
  • Assignee set to Vincent MEMBRÉ
#59

Updated by Vincent MEMBRÉ 26 days ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Vincent MEMBRÉ to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/2591
#60

Updated by Vincent MEMBRÉ 5 days ago

  • Target version changed from 5.0.15 to 5.0.16

Also available in: Atom PDF