Bug #7288
openPolicy does not get deleted when changing relays
Description
Sometimes we re-balance and change the policy server (relay) a node is connected to.
I have noticed the old relay's policy for the nodes do not get removed then.
rudder-root:/var/rudder/share # ls -d /var/rudder/share/*/share/* | gawk -F/ '{print $NF}' | sort | uniq -c | grep -c -w 2 604
=> not a unique issue.
The date is also showing this:
drwx------ 3 root root 18 Sep 22 23:25 /var/rudder/share/9ee3f1c5-d83c-4daa-9465-2555476521fb/share/00208aa8-f4d1-11e4-b6d9-11cb081228de drwxrwx--- 3 root root 18 Oct 17 22:38 /var/rudder/share/c49a0a1c-1100-11e5-9959-76b2081228de/share/00208aa8-f4d1-11e4-b6d9-11cb081228de ... drwx------ 3 root root 18 Sep 23 00:00 /var/rudder/share/9ee3f1c5-d83c-4daa-9465-2555476521fb/share/0013855c-f377-11e4-b4af-33e8081228de drwxrwx--- 3 root root 18 Oct 17 22:38 /var/rudder/share/78169036-10f9-11e5-b8f7-afb7081228de/share/0013855c-f377-11e4-b4af-33e8081228de
When a node changes the policy server, that policy server should get the node's folder removed.
Edit FAR: Proposed solution: each policy server has a base share
directory (/var/rudder/share
for root, /var/rudder/share/9ee3f1c5-d83c-4daa-9465-2555476521fb/share
for relay with uuid 9ee3f1c5-d83c-4daa-9465-2555476521fb
, etc recursively). At the end of the generation, we just need to check that the base share
of a policy server only contains nodes directly managed by it.
Updated by Vincent MEMBRÉ about 9 years ago
- Assignee set to Nicolas CHARLES
Thanks for reproting Janos!
You are right, the content of shared promises should only contains promises for nodes that are managed by this relay
Nicolas, what would be the easiest way to do this ?
Updated by Jonathan CLARKE almost 9 years ago
- Assignee changed from Nicolas CHARLES to François ARMAND
François, I'm sure you have an idea about this? :)
Updated by Janos Mattyasovszky almost 9 years ago
How about detecting during the inventory processing, if it reports to a different policy server then known until now, and after a successful policy generation remove the old dir-tree below the old policy server?
I will work around it by a cronjob, some LDAP query, and checking all directory below the policy servers, if it's still valid.
Additional question: do the policies get deleted when I remove a node over GUI / API?
Updated by François ARMAND over 8 years ago
I think we should "just" add the list of node managed by the relay in some accessible way on the relay, and a post-hook after promise transfert which will diff the managed node / actual directories present. The garbage collecting can be done asynchronously to avoid long processing time.
The proposed solution may imply more work to always calculate the list of nodes for a relay, not sure we have that information at all time.
Some more context information: we are not able to just remove all directories not updated on last promise transfert, because valid nodes may not have gotten updated policies on last round.
Updated by François ARMAND over 8 years ago
- Related to Bug #7751: When we delete a relay, all system groups and directive related to this relay are not deleted added
Updated by François ARMAND over 8 years ago
- Related to Bug #4709: When a node is deleted, its generated promises are not removed added
Updated by François ARMAND over 8 years ago
OK, so it seems I misunderstood the root cause, and it should be in fact much easier than thought to correct.
The problem is that on the root server, we don't clean the deleted nodes, and so it is more linked to #4709 (kind of an amplificated version of it).
Nicolas, you had concerned about the following proposed solution. Does that still hold for relays ?
I put them back here:
- trigger a rm -rf ${nodeid} or something alike from rudder UI when a node is deleted;
- on each promise generation, delete all unknown files in /var/rudder/share to keep only existing nodes;
- have a cfengine (sytem) promise making the cleaning for us based on the list of all "currently valide node" (accepting that ${node_id_of_relay}/${node_id} is a valid one)
Updated by François ARMAND over 8 years ago
- Translation missing: en.field_tag_list set to Next minor release
Updated by Janos Mattyasovszky over 8 years ago
- Related to Bug #8046: Change of Policy Server does not trigger a Policyupdate added
Updated by Janos Mattyasovszky over 8 years ago
- Related to deleted (Bug #8046: Change of Policy Server does not trigger a Policyupdate)
Updated by François ARMAND over 8 years ago
- Related to Bug #8046: Change of Policy Server does not trigger a Policyupdate added
Updated by Jonathan CLARKE over 8 years ago
- Translation missing: en.field_tag_list deleted (
Next minor release)
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 2.11.21 to 2.11.22
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 2.11.22 to 2.11.23
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 2.11.23 to 2.11.24
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 2.11.24 to 308
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 308 to 3.1.14
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.14 to 3.1.15
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.15 to 3.1.16
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.16 to 3.1.17
Updated by Janos Mattyasovszky almost 8 years ago
- Related to Question #9719: Node deletes are not properly cleaned up added
Updated by Vincent MEMBRÉ almost 8 years ago
- Target version changed from 3.1.17 to 3.1.18
Updated by Vincent MEMBRÉ almost 8 years ago
- Target version changed from 3.1.18 to 3.1.19
Updated by Jonathan CLARKE over 7 years ago
- Severity set to Minor - inconvenience | misleading | easy workaround
- User visibility set to Infrequent - complex configurations | third party integrations
Updated by François ARMAND over 7 years ago
- Related to deleted (Bug #4709: When a node is deleted, its generated promises are not removed)
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.19 to 3.1.20
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.20 to 3.1.21
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.21 to 3.1.22
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.22 to 3.1.23
Updated by Vincent MEMBRÉ about 7 years ago
- Target version changed from 3.1.23 to 3.1.24
Updated by Vincent MEMBRÉ about 7 years ago
- Target version changed from 3.1.24 to 3.1.25
Updated by Vincent MEMBRÉ almost 7 years ago
- Target version changed from 3.1.25 to 387
Updated by Vincent MEMBRÉ almost 7 years ago
- Target version changed from 387 to 4.1.10
Updated by Vincent MEMBRÉ almost 7 years ago
- Target version changed from 4.1.10 to 4.1.11
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 4.1.11 to 4.1.12
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 4.1.12 to 4.1.13
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 4.1.13 to 4.1.14
Updated by Benoît PECCATTE over 6 years ago
- Target version changed from 4.1.14 to 4.1.15
Updated by Vincent MEMBRÉ about 6 years ago
- Target version changed from 4.1.15 to 4.1.16
Updated by Vincent MEMBRÉ about 6 years ago
- Target version changed from 4.1.16 to 4.1.17
Updated by Vincent MEMBRÉ almost 6 years ago
- Target version changed from 4.1.17 to 4.1.18
Updated by Vincent MEMBRÉ almost 6 years ago
- Target version changed from 4.1.18 to 4.1.19
Updated by Alexis Mousset almost 6 years ago
- Target version changed from 4.1.19 to 4.1.20
- Priority changed from 18 to 19
Updated by François ARMAND over 5 years ago
- Target version changed from 4.1.20 to 4.1.21
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 4.1.21 to 4.1.22
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 4.1.22 to 4.1.23
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 4.1.23 to 4.1.24
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 4.1.24 to 588
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 588 to 5.0.13
Updated by Vincent MEMBRÉ about 5 years ago
- Target version changed from 5.0.13 to 5.0.14
- Priority changed from 19 to 20
Updated by Vincent MEMBRÉ about 5 years ago
- Target version changed from 5.0.14 to 5.0.15
Updated by François ARMAND about 5 years ago
- Description updated (diff)
- Effort required set to Very Small
- Priority changed from 20 to 47
The proposed solution seems really simple to implement.
Updated by Vincent MEMBRÉ about 5 years ago
- Status changed from New to In progress
- Assignee set to Vincent MEMBRÉ
Updated by Vincent MEMBRÉ about 5 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Vincent MEMBRÉ to François ARMAND
- Pull Request set to https://github.com/Normation/rudder/pull/2591
Updated by Vincent MEMBRÉ almost 5 years ago
- Target version changed from 5.0.15 to 5.0.16
Updated by Alexis Mousset almost 5 years ago
- Target version changed from 5.0.16 to 5.0.17
- Priority changed from 47 to 48
Updated by Vincent MEMBRÉ over 4 years ago
- Target version changed from 5.0.17 to 5.0.18
- Priority changed from 48 to 49
Updated by Vincent MEMBRÉ over 4 years ago
- Target version changed from 5.0.18 to 5.0.19
- Priority changed from 49 to 50
Updated by Vincent MEMBRÉ about 4 years ago
- Target version changed from 5.0.19 to 5.0.20
Updated by Vincent MEMBRÉ about 4 years ago
- Target version changed from 5.0.20 to 797
Updated by Vincent MEMBRÉ almost 4 years ago
- Status changed from Pending technical review to New
Updated by Benoît PECCATTE over 3 years ago
- Target version changed from 797 to 6.1.14
Updated by Vincent MEMBRÉ over 3 years ago
- Target version changed from 6.1.14 to 6.1.15
Updated by Vincent MEMBRÉ over 3 years ago
- Target version changed from 6.1.15 to 6.1.16
Updated by Vincent MEMBRÉ about 3 years ago
- Target version changed from 6.1.16 to 6.1.17
Updated by Vincent MEMBRÉ about 3 years ago
- Target version changed from 6.1.17 to 6.1.18
Updated by Vincent MEMBRÉ almost 3 years ago
- Target version changed from 6.1.18 to 6.1.19
Updated by François ARMAND almost 3 years ago
- Effort required changed from Very Small to Large
- Priority changed from 50 to -7
This happen to be non trivial regarding perf, see all the comments under PR.
This likely need an other approach than the one we tried, like tracking when a node change policy server (ie when we notice it when an inventory is received) and at the moment delete corresponding policies on old policy server.
Updated by Vincent MEMBRÉ over 2 years ago
- Target version changed from 6.1.19 to 6.1.20
Updated by Vincent MEMBRÉ over 2 years ago
- Target version changed from 6.1.20 to 6.1.21
Updated by Vincent MEMBRÉ over 2 years ago
- Target version changed from 6.1.21 to old 6.1 issues to relocate
Updated by François ARMAND about 1 year ago
- Target version changed from old 6.1 issues to relocate to 7.3.10
- Priority changed from -7 to 0
- Regression set to No
Updated by Vincent MEMBRÉ 12 months ago
- Target version changed from 7.3.10 to 7.3.11
Updated by Vincent MEMBRÉ 10 months ago
- Target version changed from 7.3.11 to 7.3.12
Updated by Vincent MEMBRÉ 9 months ago
- Target version changed from 7.3.12 to 7.3.13
Updated by Vincent MEMBRÉ 9 months ago
- Target version changed from 7.3.13 to 7.3.14
Updated by Vincent MEMBRÉ 7 months ago
- Target version changed from 7.3.14 to 7.3.15
Updated by Vincent MEMBRÉ 6 months ago
- Target version changed from 7.3.15 to 7.3.16
Updated by Vincent MEMBRÉ 5 months ago
- Target version changed from 7.3.16 to 7.3.17