Project

General

Profile

Actions

Bug #7428

closed

Bug #7393: Selinux policy prevent running cf-agent when using technique editor

Error when creating a Technique

Added by Nicolas CHARLES about 9 years ago. Updated about 9 years ago.

Status:
Released
Priority:
N/A
Category:
Web - Technique editor
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

On branch 3.2, with nch branch master, when trying to save a simple technique, I get the following error
An Error occured! Could not write technique 'test_method' from path /var/rudder/configuration-repository/ncf, cause is: Error while running post-hook command [u'/var/rudder/configuration-repository/ncf/ncf-hooks.d/post.write_technique.rudderify.sh', u'/var/rudder/configuration-repository/ncf', u'test_method']
Details: INFO: Alternative source path added: /var/rudder/configuration-repository/ncf ERROR: Could not parse Technique file '/var/rudder/configuration-repository/ncf/50_techniques/test_method/test_method.cf' caused by : Error while running post-hook command ['cf-promises', '-pjson', '-f', '/var/rudder/configuration-repository/ncf/50_techniques/test_method/test_method.cf'] Error: Unable to create Rudder Technique files related to ncf Technique test_method ('method_calls') Traceback (most recent call last): File "/usr/share/ncf/tools/ncf_rudder.py", line 46, in write_one_technique_for_rudder write_technique_for_rudder(destination_path, metadata) File "/usr/share/ncf/tools/ncf_rudder.py", line 122, in write_technique_for_rudder include_rudder_reporting = not all(method_call['class_context'] == 'any' for method_call in technique["method_calls"]) KeyError: 'method_calls'

Actions #1

Updated by Nicolas CHARLES about 9 years ago

Real underlying issue is:

ls -al /var/lib/ncf-api-venv/
total 8
drwxr-xr-x.  2 root root 4096 22 nov.  08:23 .
drwxr-xr-x. 24 root root 4096 20 nov.  15:06 ..

Actions #2

Updated by Nicolas CHARLES about 9 years ago

Creating the .cfagent folder with correct permission solved the issue

Actions #3

Updated by Vincent MEMBRÉ about 9 years ago

  • Target version changed from 3.2.0~beta1 to 3.1.5

This needs to be fixed in 3.1 with selinux policies, The proposed policy is working but needs to be tested (and also test that update applies the new policy

Actions #4

Updated by Vincent MEMBRÉ about 9 years ago

  • Status changed from New to In progress
Actions #5

Updated by Vincent MEMBRÉ about 9 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Vincent MEMBRÉ to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/797
Actions #6

Updated by Vincent MEMBRÉ about 9 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100
Actions #8

Updated by Vincent MEMBRÉ about 9 years ago

  • Parent task set to #7393
Actions #9

Updated by Vincent MEMBRÉ about 9 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 3.1.5 which was released today.

Actions

Also available in: Atom PDF