[rudder-users] Node auto disable
Nicolas Charles
nicolas.charles at normation.com
Tue Jun 10 12:15:15 CEST 2014
Hi Ben,
> Hi Nicolas,
>
>> Hi Benoit,
>>
>> Sorry for your problem. Deleting the node in Rudder to reboostrap it
>> should not be done.
>>
>> There are numerous causes for this very issue, so we created a FAQ entry
>> for this:
>> https://www.rudder-project.org/site/documentation/faq/some-reports-are-in-no-answer-for-a-node/
>>
>>
>> Usually, it's a DNS issue. Since bootstraping works and then it fails, i
>> suppose this is a resolution problem on client side; could you see if
>> unticking the "Use reverse DNS lookups on nodes to reinforce
>> authentication to policy server"
>> on the Adminsitration/Settings page in the Web Interface solves the
>> issue ?
>
> I have already unticking "Use reverse DNS lookups on nodes to reinforce
> > authentication to policy server"
>
That's good.
> I see DNS FAQ and I correct /etc/hosts with good hostname/ip, and I
> re-bootstrap my node, I have update policy server and rudder-agent to
> last version ( 2.10.1 ).
That's good also.
>
> I have re-bootstraped my node ( apt-get remove --purge rudder agent &&
> apt-get install rudder-agent ).
You should never have to do that. When you purge the package, the node
will change its Rudder ID and will need to be accepted again.
> I re-accept my nex node in rudder but the problem is not solved. When
> I execute cf-agent -K, I have no notice about (rudder-agent could not
> get an updated configuration from the policy server) but cf-agent not
> updated policies,
The promises are fetched every 5 minutes, and the only way to force the
agent to update its promises is to run:
cf-agent -Kf failsafe.cf
> Logs:
> root at sup:/var/rudder/cfengine-community# cf-agent -K
> 2014-06-09T22:42:53+0200 notice: R:
> @@Common@@log_info@@hasPolicyServer-root@@common-root@@00@@common@@StartRun@@2014-06-09
> 22:42:53+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#Start execution
> 2014-06-09T22:42:53+0200 notice: R:
> @@Common@@result_success@@hasPolicyServer-root@@common-root@@00@@Security
> parameters@@None@@2014-06-09
> 22:42:53+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#The internal
> environment security is acceptable
> 2014-06-09T22:42:53+0200 notice: R:
> @@Common@@result_success@@hasPolicyServer-root@@common-root@@00@@Process
> checking@@None@@2014-06-09
> 22:42:53+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#There is an
> acceptable number of cf-execd processes (between 0 and 2) and cf-agent
> processes (between 0 and 5)
> 2014-06-09T22:42:53+0200 notice: R:
> @@Common@@result_success@@hasPolicyServer-root@@common-root@@00@@CRON
> Daemon@@None@@2014-06-09
> 22:42:53+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#The CRON daemon
> is running
> 2014-06-09T22:42:53+0200 notice: R:
> @@Common@@result_success@@hasPolicyServer-root@@common-root@@00@@Binaries
> update@@None@@2014-06-09
> 22:42:53+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#The CFengine
> binaries in /var/rudder/cfengine-community/bin are up to date
> 2014-06-09T22:42:53+0200 notice: R:
> @@Inventory@@log_info@@inventory-all@@inventory-all@@00@@inventory@@None@@2014-06-09
> 22:42:53+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#An inventory was
> already sent less than 8 hours ago
> 2014-06-09T22:42:53+0200 notice: R:
> @@Inventory@@result_success@@inventory-all@@inventory-all@@00@@inventory@@None@@2014-06-09
> 22:42:53+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#Next inventory
> scheduled between 00:00 and 06:00
> 2014-06-09T22:42:53+0200 notice: R:
> @@Common@@log_info@@hasPolicyServer-root@@common-root@@00@@common@@EndRun@@2014-06-09
> 22:42:53+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#End execution
> root at sup:/var/rudder/cfengine-community#
>
> And if I force classe update:
> root at sup:/var/rudder/cfengine-community#
> /var/rudder/cfengine-community/bin/cf-agent -KD update
> 2014-06-09T22:44:06+0200 notice: R:
> @@Common@@log_info@@hasPolicyServer-root@@common-root@@00@@common@@StartRun@@2014-06-09
> 22:44:06+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#Start execution
> 2014-06-09T22:44:06+0200 notice: R:
> @@Common@@result_success@@hasPolicyServer-root@@common-root@@00@@Security
> parameters@@None@@2014-06-09
> 22:44:06+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#The internal
> environment security is acceptable
> 2014-06-09T22:44:06+0200 notice: R:
> @@Common@@result_success@@hasPolicyServer-root@@common-root@@00@@Process
> checking@@None@@2014-06-09
> 22:44:06+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#There is an
> acceptable number of cf-execd processes (between 0 and 2) and cf-agent
> processes (between 0 and 5)
> 2014-06-09T22:44:06+0200 notice: R:
> @@Common@@result_success@@hasPolicyServer-root@@common-root@@00@@CRON
> Daemon@@None@@2014-06-09
> 22:44:06+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#The CRON daemon
> is running
> 2014-06-09T22:44:06+0200 notice: R:
> @@Common@@result_success@@hasPolicyServer-root@@common-root@@00@@Binaries
> update@@None@@2014-06-09
> 22:44:06+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#The CFengine
> binaries in /var/rudder/cfengine-community/bin are up to date
> 2014-06-09T22:44:06+0200 notice: R:
> @@Inventory@@log_info@@inventory-all@@inventory-all@@00@@inventory@@None@@2014-06-09
> 22:44:06+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#An inventory was
> already sent less than 8 hours ago
> 2014-06-09T22:44:06+0200 notice: R:
> @@Inventory@@result_success@@inventory-all@@inventory-all@@00@@inventory@@None@@2014-06-09
> 22:44:06+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#Next inventory
> scheduled between 00:00 and 06:00
> 2014-06-09T22:44:06+0200 notice: R:
> @@Common@@log_info@@hasPolicyServer-root@@common-root@@00@@common@@EndRun@@2014-06-09
> 22:44:06+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#End execution
> root at sup:/var/rudder/cfengine-community#
> /var/rudder/cfengine-community/bin/cf-agent -KID update
> 2014-06-09T22:46:05+0200 info: insert_lines promise uses the same
> select_line_matching anchor '.*<DEVICEID>.*' as another promise. This
> will lead to non-convergent behaviour unless
> 'empty_file_before_editing' is set
> 2014-06-09T22:46:05+0200 info: Promise belongs to bundle
> 'add_information_to_inventory' in file
> '/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf'
> near line 519
> 2014-06-09T22:46:05+0200 info: Comment is 'Add the UUID and CFKEY
> tags in the inventory file'
> 2014-06-09T22:46:05+0200 info: insert_lines promise uses the same
> select_line_matching anchor '.*<CONTENT>.*' as another promise. This
> will lead to non-convergent behaviour unless
> 'empty_file_before_editing' is set
> 2014-06-09T22:46:05+0200 info: Promise belongs to bundle
> 'add_information_to_inventory' in file
> '/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf'
> near line 525
> 2014-06-09T22:46:05+0200 info: insert_lines promise uses the same
> select_line_matching anchor '.*<AGENTSNAME>.*' as another promise.
> This will lead to non-convergent behaviour unless
> 'empty_file_before_editing' is set
> 2014-06-09T22:46:05+0200 info: Promise belongs to bundle
> 'add_information_to_inventory' in file
> '/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf'
> near line 542
> 2014-06-09T22:46:05+0200 info: Comment is 'Adding the agent data
> in the inventory file'
> 2014-06-09T22:46:05+0200 info: insert_lines promise uses the same
> select_line_matching anchor '.*<USERSLIST>.*' as another promise. This
> will lead to non-convergent behaviour unless
> 'empty_file_before_editing' is set
> 2014-06-09T22:46:05+0200 info: Promise belongs to bundle
> 'add_users_information_to_inventory' in file
> '/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf'
> near line 586
> 2014-06-09T22:46:05+0200 info: Comment is 'Add the UUID and CFKEY
> tags in the inventory file'
> 2014-06-09T22:46:05+0200 info: insert_lines promise uses the same
> select_line_matching anchor '.*<DEVICEID>.*' as another promise. This
> will lead to non-convergent behaviour unless
> 'empty_file_before_editing' is set
> 2014-06-09T22:46:05+0200 info: Promise belongs to bundle
> 'add_information_to_inventory' in file
> '/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf'
> near line 519
> 2014-06-09T22:46:05+0200 info: Comment is 'Add the UUID and CFKEY
> tags in the inventory file'
> 2014-06-09T22:46:05+0200 info: insert_lines promise uses the same
> select_line_matching anchor '.*<CONTENT>.*' as another promise. This
> will lead to non-convergent behaviour unless
> 'empty_file_before_editing' is set
> 2014-06-09T22:46:05+0200 info: Promise belongs to bundle
> 'add_information_to_inventory' in file
> '/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf'
> near line 525
> 2014-06-09T22:46:05+0200 info: insert_lines promise uses the same
> select_line_matching anchor '.*<AGENTSNAME>.*' as another promise.
> This will lead to non-convergent behaviour unless
> 'empty_file_before_editing' is set
> 2014-06-09T22:46:05+0200 info: Promise belongs to bundle
> 'add_information_to_inventory' in file
> '/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf'
> near line 542
> 2014-06-09T22:46:05+0200 info: Comment is 'Adding the agent data
> in the inventory file'
> 2014-06-09T22:46:05+0200 info: insert_lines promise uses the same
> select_line_matching anchor '.*<USERSLIST>.*' as another promise. This
> will lead to non-convergent behaviour unless
> 'empty_file_before_editing' is set
> 2014-06-09T22:46:05+0200 info: Promise belongs to bundle
> 'add_users_information_to_inventory' in file
> '/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf'
> near line 586
> 2014-06-09T22:46:05+0200 info: Comment is 'Add the UUID and CFKEY
> tags in the inventory file'
> 2014-06-09T22:46:05+0200 info: insert_lines promise uses the same
> select_line_matching anchor '.*<DEVICEID>.*' as another promise. This
> will lead to non-convergent behaviour unless
> 'empty_file_before_editing' is set
> 2014-06-09T22:46:05+0200 info: Promise belongs to bundle
> 'add_information_to_inventory' in file
> '/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf'
> near line 519
> 2014-06-09T22:46:05+0200 info: Comment is 'Add the UUID and CFKEY
> tags in the inventory file'
> 2014-06-09T22:46:05+0200 info: insert_lines promise uses the same
> select_line_matching anchor '.*<CONTENT>.*' as another promise. This
> will lead to non-convergent behaviour unless
> 'empty_file_before_editing' is set
> 2014-06-09T22:46:05+0200 info: Promise belongs to bundle
> 'add_information_to_inventory' in file
> '/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf'
> near line 525
> 2014-06-09T22:46:05+0200 info: insert_lines promise uses the same
> select_line_matching anchor '.*<AGENTSNAME>.*' as another promise.
> This will lead to non-convergent behaviour unless
> 'empty_file_before_editing' is set
> 2014-06-09T22:46:05+0200 info: Promise belongs to bundle
> 'add_information_to_inventory' in file
> '/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf'
> near line 542
> 2014-06-09T22:46:05+0200 info: Comment is 'Adding the agent data
> in the inventory file'
> 2014-06-09T22:46:05+0200 info: insert_lines promise uses the same
> select_line_matching anchor '.*<USERSLIST>.*' as another promise. This
> will lead to non-convergent behaviour unless
> 'empty_file_before_editing' is set
> 2014-06-09T22:46:05+0200 info: Promise belongs to bundle
> 'add_users_information_to_inventory' in file
> '/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf'
> near line 586
> 2014-06-09T22:46:05+0200 info: Comment is 'Add the UUID and CFKEY
> tags in the inventory file'
> 2014-06-09T22:46:05+0200 info: insert_lines promise uses the same
> select_line_matching anchor '.*<DEVICEID>.*' as another promise. This
> will lead to non-convergent behaviour unless
> 'empty_file_before_editing' is set
> 2014-06-09T22:46:05+0200 info: Promise belongs to bundle
> 'add_information_to_inventory' in file
> '/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf'
> near line 519
> 2014-06-09T22:46:05+0200 info: Comment is 'Add the UUID and CFKEY
> tags in the inventory file'
> 2014-06-09T22:46:05+0200 info: insert_lines promise uses the same
> select_line_matching anchor '.*<CONTENT>.*' as another promise. This
> will lead to non-convergent behaviour unless
> 'empty_file_before_editing' is set
> 2014-06-09T22:46:05+0200 info: Promise belongs to bundle
> 'add_information_to_inventory' in file
> '/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf'
> near line 525
> 2014-06-09T22:46:05+0200 info: insert_lines promise uses the same
> select_line_matching anchor '.*<AGENTSNAME>.*' as another promise.
> This will lead to non-convergent behaviour unless
> 'empty_file_before_editing' is set
> 2014-06-09T22:46:05+0200 info: Promise belongs to bundle
> 'add_information_to_inventory' in file
> '/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf'
> near line 542
> 2014-06-09T22:46:05+0200 info: Comment is 'Adding the agent data
> in the inventory file'
> 2014-06-09T22:46:05+0200 info: insert_lines promise uses the same
> select_line_matching anchor '.*<USERSLIST>.*' as another promise. This
> will lead to non-convergent behaviour unless
> 'empty_file_before_editing' is set
> 2014-06-09T22:46:05+0200 info: Promise belongs to bundle
> 'add_users_information_to_inventory' in file
> '/var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf'
> near line 586
> 2014-06-09T22:46:05+0200 info: Comment is 'Add the UUID and CFKEY
> tags in the inventory file'
> 2014-06-09T22:46:05+0200 notice: R:
> @@Common@@log_info@@hasPolicyServer-root@@common-root@@00@@common@@StartRun@@2014-06-09
> 22:46:05+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#Start execution
> 2014-06-09T22:46:05+0200 notice: R:
> @@Common@@result_success@@hasPolicyServer-root@@common-root@@00@@Security
> parameters@@None@@2014-06-09
> 22:46:05+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#The internal
> environment security is acceptable
> 2014-06-09T22:46:05+0200 notice: R:
> @@Common@@result_success@@hasPolicyServer-root@@common-root@@00@@Process
> checking@@None@@2014-06-09
> 22:46:05+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#There is an
> acceptable number of cf-execd processes (between 0 and 2) and cf-agent
> processes (between 0 and 5)
> 2014-06-09T22:46:05+0200 notice: R:
> @@Common@@result_success@@hasPolicyServer-root@@common-root@@00@@CRON
> Daemon@@None@@2014-06-09
> 22:46:05+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#The CRON daemon
> is running
> 2014-06-09T22:46:05+0200 notice: R:
> @@Common@@result_success@@hasPolicyServer-root@@common-root@@00@@Binaries
> update@@None@@2014-06-09
> 22:46:05+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#The CFengine
> binaries in /var/rudder/cfengine-community/bin are up to date
> 2014-06-09T22:46:05+0200 info: Executing 'no timeout' ...
> '/usr/bin/curl -s -f --proxy '' -o "/var/rudder/tmp/uuid.txt"
> http://XXXX.com/uuid'
> 2014-06-09T22:46:05+0200 info: Completed execution of
> '/usr/bin/curl -s -f --proxy '' -o "/var/rudder/tmp/uuid.txt"
> http://XXXX.com/uuid'
> 2014-06-09T22:46:05+0200 notice: R:
> @@Inventory@@log_info@@inventory-all@@inventory-all@@00@@inventory@@None@@2014-06-09
> 22:46:05+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#An inventory was
> already sent less than 8 hours ago
> 2014-06-09T22:46:05+0200 notice: R:
> @@Inventory@@result_success@@inventory-all@@inventory-all@@00@@inventory@@None@@2014-06-09
> 22:46:05+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#Next inventory
> scheduled between 00:00 and 06:00
> 2014-06-09T22:46:05+0200 notice: R:
> @@Common@@log_info@@hasPolicyServer-root@@common-root@@00@@common@@EndRun@@2014-06-09
> 22:46:05+02:00##e1adbc71-910f-44a1-9975-6d861d26d5ac@#End execution
> root at sup:/var/rudder/cfengine-community#
>
> It's does not work !
Indeed, the cf-agent -KDupdate does not do anything, the only way to
update is by cf-agent -Kf failsafe.cf
>
> I have try to reset policy in my node (rm rm -rf
> /var/rudder/cfengine-community/inputs/* ; cp -a
> /opt/rudder/share/initial-promises/*
> /var/rudder/cfengine-community/inputs/ but the problem continue.
>
> Where is the problem ? In my node or in the server ?
It's hard to tell ...
Could you send the output of the command, run on the node ?
cf-agent -KIf failsafe.cf
On which OS (for client and server) are you testing ?
Do you have reports for the Node, in the Node Management/Technical Logs
section on the Web Interface ?
It will help understand what is going on.
>
> Thanks for your help,
>
> Benoit
>
Sorry for the problems,
Nicolas
--
Nicolas CHARLES
More information about the rudder-users
mailing list