[rudder-users] permlist in readfile to max limit 4000

Matthieu CERDA matthieu.cerda at normation.com
Tue Feb 12 14:27:53 CET 2013 

Le 12/02/2013 09:43, Le Haies Cyrille a écrit :
>
> Tanks for your help,
>
> I modified my directives to override this « bug »
>
>  
>
> Cyrille
>
>  
>
> *De :*Matthieu CERDA [mailto:matthieu.cerda at normation.com]
> *Envoyé :* lundi 11 février 2013 18:34
> *À :* Le Haies Cyrille
> *Cc :* rudder-users at lists.rudder-project.org
> *Objet :* Re: [rudder-users] permlist in readfile to max limit 4000
>
>  
>
> Le 11/02/2013 17:59, Le Haies Cyrille a écrit :
>
> Hello,
>
> In my log i have this message :
>
> Truncating long file
> /var/rudder/cfengine-community/inputs/filesPermissions/permlist in
> readfile to max limit 4000
>
> !! Duplicate selection of value for variable "execRun" in scope g
>
> !! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf
> at/before line 58
>
> Truncating long file
> /var/rudder/cfengine-community/inputs/filesPermissions/permlist in
> readfile to max limit 4000
>
> Truncating long file
> /var/rudder/cfengine-community/inputs/filesPermissions/permlist in
> readfile to max limit 4000
>
> Truncating long file
> /var/rudder/cfengine-community/inputs/filesPermissions/permlist in
> readfile to max limit 4000
>
> !! Duplicate selection of value for variable "execRun" in scope g
>
> !! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf
> at/before line 58
>
> Truncating long file
> /var/rudder/cfengine-community/inputs/filesPermissions/permlist in
> readfile to max limit 4000
>
> Truncating long file
> /var/rudder/cfengine-community/inputs/filesPermissions/permlist in
> readfile to max limit 4000
>
> !! Duplicate selection of value for variable "execRun" in scope g
>
> !! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf
> at/before line 58
>
> Truncating long file
> /var/rudder/cfengine-community/inputs/filesPermissions/permlist in
> readfile to max limit 4000
>
> Truncating long file
> /var/rudder/cfengine-community/inputs/filesPermissions/permlist in
> readfile to max limit 4000
>
> !! Duplicate selection of value for variable "execRun" in scope g
>
> !! Rule from /var/rudder/cfengine-community/inputs/common/1.0/site.cf
> at/before line 58
>
> Truncating long file
> /var/rudder/cfengine-community/inputs/filesPermissions/permlist in
> readfile to max limit 4000
>
> Truncating long file
> /var/rudder/cfengine-community/inputs/filesPermissions/permlist in
> readfile to max limit 4000
>
> Truncating long file
> /var/rudder/cfengine-community/inputs/filesPermissions/permlist in
> readfile to max limit 4000
>
> !! Duplicate selection of value for variable "execRun" in scope g
>
> Fatal cfengine error: Too many errors
>
>  
>
> Why ???
>
> Too many variable ?
>
>  
>
> My permlist file :
>
>  
>
> b9872eff-e4f8-44cc-a91b-f6f9918fad7a@@6dc24839-163a-41dd-a821-8922dffb528e@@120:/$(generic_variable_definition.env)_$(generic_variable_definition.projet)/data/sites.d:$(generic_variable_definition.expuser)_$(generic_variable_definition.projet):$(generic_variable_definition.expuser)_$(generic_variable_definition.projet):660:true:true:true:false
>
> b9872eff-e4f8-44cc-a91b-f6f9918fad7a@@6dc24839-163a-41dd-a821-8922dffb528e@@120:/$(generic_variable_definition.env)_$(generic_variable_definition.projet)/soft/apache2:$(generic_variable_definition.expuser)_$(generic_variable_definition.projet):$(generic_variable_definition.expuser)_$(generic_variable_definition.projet):750:true:true:true:true
>
> 0044b0a8-a32a-4b30-be92-3d7e6c1b640e@@18fe8a74-f3d2-4898-86bf-b65d5bebe522@@66:/$(generic_variable_definition.env)_$(generic_variable_definition.projet)/soft/php:php-fpm:$(generic_variable_definition.expuser)_$(generic_variable_definition.projet):750:true:true:true:true
>
> dabe309b-49aa-4360-93c4-aff9c414b21d@@f5cdc4aa-be71-4cd7-b944-34b576ad4647@@30:/$(generic_variable_definition.env)_$(generic_variable_definition.projet)/soft/libmemcached:$(generic_variable_definition.expuser)_$(generic_variable_definition.projet):$(generic_variable_definition.expuser)_$(generic_variable_definition.projet):750:true:true:true:true
>
> b893538c-8886-45ed-ae83-6e21be7c5269@@c2b74cf7-6c05-48a4-907b-aeb4185b18db@@88:/$(generic_variable_definition.env)_$(generic_variable_definition.projet)/soft/mariadb:my_$(generic_variable_definition.projet):$(generic_variable_definition.expuser)_$(generic_variable_definition.projet):770:true:true:true:true
>
> d9a88dbf-3bb3-43f1-a1cb-b4e954a9c843@@fbc02be5-b72f-4499-a351-c1b8ffe0b562@@34:/$(generic_variable_definition.env)_$(generic_variable_definition.projet)/soft/drush:$(generic_variable_definition.expuser)_$(generic_variable_definition.projet):$(generic_variable_definition.expuser)_$(generic_variable_definition.projet):750:true:true:true:true
>
> 8a89fe81-e343-44df-b747-fac306683cbd@@d8f72a76-1c2a-424f-8010-39001b4ee236@@55:/$(generic_variable_definition.env)_$(generic_variable_definition.projet)/soft/memcached:memcached:$(generic_variable_definition.expuser)_$(generic_variable_definition.projet):750:true:true:true:false
>
> 43d513fc-c528-4e08-91d4-9f9718d20482@@95a15d7b-c548-491c-9f60-37e693f463d2@@67:/$(generic_variable_definition.env)_$(generic_variable_definition.projet)/:$(generic_variable_definition.expuser)_$(generic_variable_definition.projet):$(generic_variable_definition.expuser)_$(generic_variable_definition.projet):755:true:true:true:false
>
> 43d513fc-c528-4e08-91d4-9f9718d20482@@95a15d7b-c548-491c-9f60-37e693f463d2@@67:/$(generic_variable_definition.env)_$(generic_variable_definition.projet)/soft:$(generic_variable_definition.expuser)_$(generic_variable_definition.projet):$(generic_variable_definition.expuser)_$(generic_variable_definition.projet):755:true:true:true:false
>
> 43d513fc-c528-4e08-91d4-9f9718d20482@@95a15d7b-c548-491c-9f60-37e693f463d2@@67:/$(generic_variable_definition.env)_$(generic_variable_definition.projet)/data:$(generic_variable_definition.expuser)_$(generic_variable_definition.projet):$(generic_variable_definition.expuser)_$(generic_variable_definition.projet):755:true:true:true:false
>
>  
>
>  
>
> Can you help me ??
>
>
> Well, it seems we were a bit too restrictive in the filePermissions
> Technique while loading the permlist file, we allowed only a 4000
> bytes as seen in this snippet (extracted from the Technique):
>
> "dim_array" int => 
> readstringarrayidx("file","${sys.workdir}/inputs/filesPermissions/permlist","#[^\n]*",":",15,4000);
>
> We should certainly bump it to a more reasonable value, like 8192 or
> 16384.
>
> Would you please open a bug about this ? We're on it.
>

Hello again,

The bug you reported is now corrected in the 2.3, 2.4 and 2.5 versions
of Rudder, in the version 1.0 and 1.1 of the filePermissions Technique
(Actually, it means it is corrected everywhere in the code repositories).

A new bake of nighlies for the rudder-techniques package has been
launched to address this bug, which have been completed just now.

You can get them now to correct this issue, using the following URLs,
depending on your operating system version:

  * For Debian based OSes, use this one:
    http://www.rudder-project.org/apt-nightly/pool/main/r/rudder-techniques/
      o The OS flavor compatible with one package is specified as a
        codename in the package file name. You can find yours in either
        /etc/apt/sources.list or using the "lsb_release -a" command.
  * For RPM based OSes, use this one:
    http://www.rudder-project.org/rpm-nightly/<OS VERSION>/noarch/
      o The OS flavor compatible with one package is specified by the
        directory it is in: the names should be self explanatory (RHEL_6
        for example)


The package you will want to update is rudder-techniques, just download
the appropriate version for your OS, and install it using dpkg or rpm:

  * dpkg -i <package>.deb for Debian/Ubuntu
  * rpm -Uhv <package>.rpm for RPM based OSes

So. after the package has been installed, you will want to update you
technique tree, as only the system techniques are updated automatically
to prevent user editions from beeing overwritten.

The Technique you want to upgrade is filePermissions, in case you want
to completely replace your existing instances, just do this:

cd /var/rudder/configuration-repository/techniques/techniques/fileConfiguration/fileSecurity/filesPermissions
rsync -av /opt/rudder/share/techniques/fileConfiguration/fileSecurity/filesPermissions/ ./
git add .
git commit -m "Manual update of the filePermissions Technique to correct a permlist file loading error"


You then have to go in the Rudder web application and click "Reload" in
the "Administration -> Policy Server" part.

And... Rudder will automatically regenerate the promises and this bug
should not bother you again !

Please, tell us if you have any trouble while updating !

Have a nice day,

-- 
------------------------------------------------------------------------
*Matthieu CERDA*
/Administrateur - Systèmes et Réseaux/
Normation <http://www.normation.com>
------------------------------------------------------------------------
*87 rue de Turbigo, 75003 Paris, France*
Telephone: 	+33 (0)1 84 16 06 01
------------------------------------------------------------------------

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.rudder-project.org/pipermail/rudder-users/attachments/20130212/7a18e2ef/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo-square.png
Type: image/png
Size: 3503 bytes
Desc: not available
URL: <http://www.rudder-project.org/pipermail/rudder-users/attachments/20130212/7a18e2ef/attachment-0001.png>

More information about the rudder-users mailing list