Bug #11686
Updated by Janos Mattyasovszky over 6 years ago
I did import a complete set (groups, rules etc) of the git-tree within @/var/rudder/configuration-repository@ (GUI Click "latest commit" button). The policy generation was apparently started, but it generated a policy without re-evaluating the dynamic groups, which caused all nodes to receive a completely different set of policies it should have received with the newly imported stuff :-( Please, when one imports all objects from the archive, also do a re-evaluation of the dynamic groups. _(I I am putting this to "Critical", because even if you do not hit this issue often, there is no easy workaround to make Rudder generate a correct policy after one imports a new policy / group definitions other than disabling all node access (iptables or similar), and make sure the groups are reloaded after the import from git, otherwise there is still a short but existent time when a node could download a set of policy it was never ment to receive, and if you don't know about this, you tend to believe it would work until you realize it's not and sadness, pain and suffering happens.)_ receive.