<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Le 13/09/2012 13:55, Michael Gliwinski
a écrit :<br>
</div>
<br>
<br>
Hello Michael, <br>
<br>
To start with, we are very sorry that the migration failed, and
well, that comfort my opinion of migration ("it's hard" ;)<br>
<br>
One first general remark: what you see in the Rudder Web UI for
Groups, Directives and Rules is what is in the <b>LDAP</b>. <br>
<br>
The XML files that are in /var/rudder/configuration-
repository/{groups, rules, directives} are there to allow archiving
and import/export feature - so that you could bootstrap a new Rudder
instance more quickly (by preparing these file and then importing
them), or restore a previous state of you configuration policy (the
files are in a Git repository and when you "export" from the
administration->archive screen, that creates a tag that could be
used latter as a snapshot point). <br>
<br>
So, even without the /var/rudder/configuration-
repository/{groups, rules, directives} directories, Rudder should
work fine, and on the opposite, it's not because these files are
presents that that means that Rudder should work. <br>
<br>
/var/rudder/configuration-
repository/<b>techniques</b> is a completely different beast, as it
is required for Rudder to work. <br>
<br>
But your case is *really* strange, because your LDAP content seems
OK, and you still don't have anything on the UI, on three really
different parts (rules, directives, groups...)<br>
<br>
So, as for now I don't see what could lead to that behavior, I have
some questions:<br>
<ul>
<li>what was your first Rudder version installed ? A 2.3 ? A 2.4 ?
If 2.4, before beta 2 ? And how many update did you do ?<br>
</li>
<ul>
<li>that will allows to know what was the starting point, and
what could have failed along. <br>
</li>
</ul>
<li>you don't see any rules or only some of them are missing ?</li>
<ul>
<li>if no rules at all, are you able to create new ones (and see
them afterward) ?</li>
</ul>
<li>you don't see anything in directive screen ? Or at least some
categories ? Or some categories and directives ?</li>
<li>you don't see any group nor category at all ? Or at least some
groups and categories ?</li>
<li>could you check that the LDAP directory is actually up and
running when you try to access Rudder (well, ok... but that's
just to be sure :)</li>
<li>could you set the loglevel of the Webapp to "debug" to see if
some more relevant information are available ? <br>
</li>
<ul>
<li>That's on the file /opt/rudder/etc/logback.xml, changin
<root level="info"> to <root level="debug">, and
restarting Rudder</li>
</ul>
<li>could you give us the number of items in the LDAP for each of
groups (nodeGroupId), directive (directiveId) and rules (ruleId)
?</li>
</ul>
<br>
And I have some other questions (and some comments) in the following
body of the email:<br>
<br>
<blockquote cite="mid:1565664.ixSq8sTaWe@hgis96" type="cite">
<pre wrap="">On Wednesday 12 Sep 2012 16:36:53 Nicolas Perron wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Ok, then it could be due to LDAP which fail during migration. Do you
have the output from the migration and if so could you send it to us ?
</pre>
</blockquote>
<pre wrap="">
Sorry, don't have the output anymore. I had to re-try upgrading a couple of
times, some of the failures were:
- rudder-agent 'Text file busy' error while updating cf-agent (that's #2792 I
think), re-trying fixed it
- rudder-server-root - the problem here was that there was an installed but
unconfigured version from yesterday, couldn't configure today because newer
version of rudder-webapp was already installed; fixed by running `sudo dpkg --
configure --force-depends rudder-server-root` and then `sudo apt-get install
rudder-server-root`
- rudder-webapp error from git commit (no changes to commit), this was due to
deletion of techniques/system/distributePolicy/1.0/logrotate.st, fixed by doing
git rm and git commit manually, then re-trying
</pre>
<blockquote type="cite">
<pre wrap="">I've tried to reproduce your problem without success.
Could it be possible to have a dump of your LDAP base with
/opt/rudder/sbin/slapcat , please ?
</pre>
</blockquote>
<pre wrap="">
Yeah, I imagine this would be non-reproducible :) I may have done something
wrong during upgrade, just trying to figure out if this can be fixed without
starting over.
Regarding the LDAP dump, I'd rather not send the entire thing over email
(security reasons), is there something specific I can check?</pre>
</blockquote>
<br>
<br>
Yeah, you are right for the security problem :)<br>
We will try to ask for more precise things now. <br>
<br>
<br>
<blockquote cite="mid:1565664.ixSq8sTaWe@hgis96" type="cite">
<pre wrap="">
Looking through the LDAP dump I can actually see the rules and directives
there, e.g. here's one rule:
dn: ruleId=441d550b-4a3a-4c99-
a710-14860667dfd0,ou=Rules,ou=Rudder,cn=rudder-c
onfiguration
ruleId: 441d550b-4a3a-4c99-a710-14860667dfd0
objectClass: rule
objectClass: top
isEnabled: TRUE
isSystem: FALSE
structuralObjectClass: rule
entryUUID: f934115e-7bfb-1031-88cc-c913f245ae37
creatorsName: cn=manager,cn=rudder-configuration
createTimestamp: 20120816143948Z
ruleTarget: group:beb7373d-0a16-4f14-ae94-4655b9cfc944
description: Setup servers for CUPS server role.
longDescription: This installs CUPS server packages and configures CUPS to ena
ble remote administration.
cn: cups-server
directiveId: 5538072f-e853-48e4-b163-160b5223fa9e
directiveId: a1924bbe-2cc9-49a0-9c81-396217f77e6e
directiveId: fcc8c069-777f-49a5-acb5-1fad13a8bf02
directiveId: e186f22d-b3da-414a-bcf9-fc88d073aac6
serial: 9
entryCSN: 20120831115436.454389Z#000000#000#000000
modifiersName: cn=manager,cn=rudder-configuration
modifyTimestamp: 20120831115436Z
I also checked the referenced group and directive IDs and they are all there.
I just noticed this problem also applies to groups, e.g. on 'Node Management -
</pre>
<blockquote type="cite">
<pre wrap="">Groups' I see errors like "Can not find node db7463eb-
</pre>
</blockquote>
<pre wrap="">c5ac-432d-9749-39e9503ef7cb", yet the file /var/rudder/configuration-
repository/groups/db7463eb-c5ac-432d-9749-39e9503ef7cb.xml is there with
contents:</pre>
</blockquote>
<br>
As explain at the beginning, what you should look for is the LDAP
entry with RDN nodeGroupId=beb7373d-0a16-4f14-ae94-4655b9cfc944, as
you checked just after. <br>
<br>
<blockquote cite="mid:1565664.ixSq8sTaWe@hgis96" type="cite">
<pre wrap="">
<nodeGroup fileFormat="2">
<id>db7463eb-c5ac-432d-9749-39e9503ef7cb</id>
<displayName>linux</displayName>
<description>All GNU/Linux hosts.</description>
<query>
{"select":"node","composition":"And","where":
[{"objectType":"node","attribute":"OS","comparator":"eq","value":"Linux"}]}
</query>
<isDynamic>true</isDynamic>
<nodeIds>
<id>456601f4-0a41-4d63-898e-51a965fd5f1f</id>
<id>adc79f12-633e-4338-94ca-681bf09c066e</id>
<id>546de2a2-9631-423b-b8d4-987318e9baf8</id>
<id>e472f66e-9001-465e-a83e-82fb1101e8c0</id>
<id>f958c6d2-1cad-45a8-9579-4ff397592880</id>
</nodeIds>
<isEnabled>true</isEnabled>
<isSystem>false</isSystem>
</nodeGroup></pre>
</blockquote>
<br>
Here, you perhaps found one bug in our migration script: the
fileFormat should be "3". That seems to be an actual problem in our
script, not one tied to your scenario, and one that should not leads
to what you see. It should lead to "bad file format" in Event Log
screen and if you try to restore that archive. <br>
<br>
<blockquote cite="mid:1565664.ixSq8sTaWe@hgis96" type="cite">
<pre wrap="">
and also in LDAP:
dn: nodeGroupId=db7463eb-
c5ac-432d-9749-39e9503ef7cb,groupCategoryId=GroupRoot
,ou=Rudder,cn=rudder-configuration
nodeGroupId: db7463eb-c5ac-432d-9749-39e9503ef7cb
objectClass: nodeGroup
objectClass: top
cn: linux
description: All GNU/Linux hosts.
isEnabled: TRUE
isSystem: FALSE
isDynamic: TRUE
jsonNodeGroupQuery: {"select":"node","composition":"And","where":
[{"objectType
":"node","attribute":"OS","comparator":"eq","value":"Linux"}]}
structuralObjectClass: nodeGroup
entryUUID: ac7cf584-62f0-1031-9c67-1508ccbe5302
creatorsName: cn=manager,cn=rudder-configuration
createTimestamp: 20120715174555Z
nodeId: f958c6d2-1cad-45a8-9579-4ff397592880
nodeId: 456601f4-0a41-4d63-898e-51a965fd5f1f
nodeId: adc79f12-633e-4338-94ca-681bf09c066e
nodeId: 546de2a2-9631-423b-b8d4-987318e9baf8
nodeId: e472f66e-9001-465e-a83e-82fb1101e8c0
entryCSN: 20120816130628.925149Z#000000#000#000000
modifiersName: cn=manager,cn=rudder-configuration
modifyTimestamp: 20120816130628Z
</pre>
</blockquote>
<br>
<br>
Some more random ideas : <br>
<br>
<ul>
<li>could you check that you don't have duplicated names (cn) for
groups, directives and rules ? That is not allowed (to not lead
to confusion in reports). That should not lead to what you see,
but at that point, that could be interesting to check !</li>
<li>the fact that you don't see any directives nor techniques nor
categories in the Directive screen seems du to the fact that all
root categories are not found by Rudder in the LDAP, as
displayed in the logs in your first email. Could you check that
they are actually here, and that their DN look like: <b>techniqueCategoryId=XXX,
techn</b><b>iqueCategoryId=Active Techniques, ou=Rudder,
cn=rudder-configuration</b></li>
<ul>
<li>with XXX being exactly one the missing categories you see in
logs (<b>applications, fileDistribution, etc) <br>
</b></li>
</ul>
</ul>
Well... And I don't know what to ask you anymore for now, so that
should be the end of that mail !<br>
<br>
Michael, thanks again for time you are taking to report these
information, they are very much valuable for us (and hopefully, we
will be able to help you). <br>
<br>
Cheers, <br>
<br>
<div class="moz-signature">-- <br>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<style type="text/css"><!--
a.redlink:link { color: #962322; text-decoration: none; }
a.redlink:visited { color: #962322; text-decoration: none; }
.sig { font-family: sans-serif; font-size: small; }
.sigsmall { font-family: sans-serif; font-size: x-small; }
--></style>
<table width="380" border="0" cellpadding="0" cellspacing="2">
<tbody>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><b><img alt=""
src="cid:part1.03070307.03010408@normation.com"
align="left" height="50" hspace="10" width="50"> <span
class="sig">François ARMAND</span></b><br>
<span class="sig"><i>Directeur de la R&D</i></span><br>
<span class="sig"><a class="redlink"
href="http://www.normation.com">Normation</a></span> </td>
</tr>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><span class="sigsmall"><b>87 rue de Turbigo,
75003 Paris, France</b></span></td>
</tr>
<tr>
<td><span class="sigsmall">Telephone:</span></td>
<td><span class="sigsmall">+33 (0)1 83 62 99 23</span></td>
</tr>
<tr>
<td><span class="sigsmall">Mobile:</span></td>
<td><span class="sigsmall">+33 (0)6 63 37 60 55</span></td>
</tr>
<tr>
<td colspan="2">
<hr></td>
</tr>
</tbody>
</table>
</div>
</body>
</html>