[rudder-users] Migration from Rudder 4.2 to 4.3
GALLET Tristan
tristan.gallet at forem.be
Mon Aug 6 08:46:16 UTC 2018
Hello, sorry for being late, i was on hollidays J
* On the failing node, can you run
rudder agent inventory :
rudder agent inventory
Rudder agent 4.2.7-jessie0 (CFEngine Core 3.10.4)
Node uuid: 87407dab-2bbb-4741-8b3e-434ed8c08aa0
Start execution with config [20180614-130034-6de86a82]
M| State Technique Component Key
Message
E| compliant Inventory inventory
The inventory has been successfully sent
## Summary
#####################################################################
Not all components were displayed because we are not in full compliance
mode. Please run with -g to force full compliance mode.
=> 1 components in Enforce mode
-> 1 compliant
execution time: 6.05s
############################################################################
####
* then, on the server Rudder, run:
rudder agent inventory && rudder agent run
to be sure that the Rudder server inventory is there and up to date.
Server:
## Summary
#####################################################################
Not all components were displayed because we are not in full compliance
mode. Please run with -g to force full compliance mode.
=> 105 components in Enforce mode
-> 98 compliant
-> 2 repaired
-> 5 not-applicable
Execution time: 575.47s
############################################################################
####
Execution time is awfull !!!
* trigger a full policies generation, by clicking on "Status" in the
menu bar of Rudder, then "Regenerate all policies"
è ok, it was fast as usual
* then, on the node, once the policy generation is finished, run
rudder agent run u
udder agent run -u
Rudder agent 4.2.7-jessie0 (CFEngine Core 3.10.4)
Node uuid: 87407dab-2bbb-4741-8b3e-434ed8c08aa0
error: No suitable server found
error: No suitable server found
error: No suitable server found
error: No suitable server found
R:
****************************************************************************
*****
* rudder-agent could not get an updated configuration from the policy
server. *
* This can be caused by:
*
* * a networking issue
*
* * an unavailable server
*
* * if the node's IP in not if the allowed networks of its policy server.
*
* Any existing configuration policy will continue to be applied without
change. *
****************************************************************************
*****
ok: Rudder agent promises were updated.
Start execution with config [20180614-130034-6de86a82]
M| State Technique Component Key
Message
E| error Common Update
Cannot update tools (update flag file)
E| error Common Update
Cannot update common configuration library (update flag file)
E| error Common Update
Cannot update configuration policy
E| compliant Common ncf Initialization
Configuration library initialization was correct
.
Does the file
/var/rudder/share/02dfe0b6-fee5-491a-96bb-95ecf27b07bb/rules/cfengine-commun
ity/rudder_promises_generated exist on the server ? -> YES
If it doesn't work, we'll have to investigate further: did you have any
error during the upgrade ? Do you have any "ERROR" in you
/var/log/rudder/webapp folder, post-upgrade ? -> NO
Server is now with 4.3.3 version but no change.
On the client, ive upgraded from version 4.2.7 to 4.3.3, and tested a
rudder agent reinit but its the same :
rudder agent update
error: No suitable server found
error: No suitable server found
Any idea ?
Regards,
Tristan.
De : Nicolas Charles <nicolas.charles at normation.com>
Envoyé : mercredi 18 juillet 2018 10:03
À : GALLET Tristan <tristan.gallet at forem.be>;
rudder-users at lists.rudder-project.org
Objet : Re: [rudder-users] Migration from Rudder 4.2 to 4.3
Le 13/07/2018 à 11:30, GALLET Tristan a écrit :
Hello everybody,
Ive just migrated from Rudder 4.2 to 4.3.2. (not 4.3.3, Debian has not yet
this version in the repository).
Server and client are on Debian 8.11, all updates from today.
After upgrade, clients can not update their policies :
>From a client :
rudder agent update
R:
****************************************************************************
*****
* rudder-agent could not get an updated configuration from the policy
server. *
* This can be caused by:
*
* * an agent key that has been changed
*
* * if this node is not accepted or deleted node on the Rudder root server
*
* * if this node has changed policy server without sending a new inventory
*
* Any existing configuration policy will continue to be applied without
change. *
****************************************************************************
*****
ok: Rudder agent promises were updated.
>From the serveur :
rudder server debug 10.X.X.X
Logs from server :
rudder verbose: 10.X.X.X> Setting IDENTITY: USERNAME=root
rudder verbose: 10.X.X.X> Received public key compares equal to the one we
have stored
rudder verbose: 10.X.X.X> MD5=70b5b4d90fa8c1176cd2c1a00deb9884: Client is
TRUSTED, public key MATCHES stored one.
rudder verbose: 10.X.X.X> Received: STAT
/var/rudder/share/02dfe0b6-fee5-491a-96bb-95ecf27b07bb/rules/cfengine-commun
ity/rudder_promises_generated
rudder verbose: 10.X.X.X> Translated to: STAT
/var/rudder/share/02dfe0b6-fee5-491a-96bb-95ecf27b07bb/rules/cfengine-commun
ity/rudder_promises_generated
rudder info: 10.X.X.X> access denied to STAT:
/var/rudder/share/02dfe0b6-fee5-491a-96bb-95ecf27b07bb/rules/cfengine-commun
ity/rudder_promises_generated
rudder verbose: 10.X.X.X> REFUSAL to user='root' of request: SYNCH
1531473776 STAT
/var/rudder/share/02dfe0b6-fee5-491a-96bb-95ecf27b07bb/rules/cfengine-commun
ity/rudder_promises_generated
rudder verbose: 10.X.X.X> Received: STAT
/usr/share/ncf/tree/ncf_hash_file
rudder verbose: 10.X.X.X> Translated to: STAT
/usr/share/ncf/tree/ncf_hash_file
rudder verbose: 10.X.X.X> Received: MD5
/usr/share/ncf/tree/ncf_hash_file
rudder verbose: 10.X.X.X> Translated to: MD5
/usr/share/ncf/tree/ncf_hash_file
rudder verbose: 10.X.X.X> Received: STAT
/var/rudder/configuration-repository/ncf/ncf_hash_file
rudder verbose: 10.X.X.X> Translated to: STAT
/var/rudder/configuration-repository/ncf/ncf_hash_file
rudder verbose: 10.X.X.X> Received: MD5
/var/rudder/configuration-repository/ncf/ncf_hash_file
rudder verbose: 10.X.X.X> Translated to: MD5
/var/rudder/configuration-repository/ncf/ncf_hash_file
rudder verbose: 10.X.X.X> Received: STAT
/var/rudder/tools/rudder_tools_updated
rudder verbose: 10.X.X.X> Translated to: STAT
/var/rudder/tools/rudder_tools_updated
rudder verbose: 10.X.X.X> Received: MD5
/var/rudder/tools/rudder_tools_updated
rudder verbose: 10.X.X.X> Translated to: MD5
/var/rudder/tools/rudder_tools_updated
rudder verbose: 10.X.X.X> Remote peer terminated TLS session (SSL_read)
rudder info: 10.X.X.X> Closing connection, terminating thread
DNS is ok, server and client resolve each other.
Is there something to do after migration ?
Regards
Cordialement,
Tristan
Hi Tristan,
Thank you very much for the detailed explanation and debug logs, it is very
useful. I'm sorry for the delay in the answer, the mail was caught in a
moderation zone :/
Normally, there shouldn't be anything to do after an upgrade, so you are
hitting a bug.
We've encountered a very rare bug where inventories or keys could be lost
during an upgrade, due to cache issue - it may be related to that. Can you
do the following:
* On the failing node, can you run
rudder agent inventory
* then, on the server Rudder, run:
rudder agent inventory && rudder agent run
to be sure that the Rudder server inventory is there and up to date.
* trigger a full policies generation, by clicking on "Status" in the
menu bar of Rudder, then "Regenerate all policies"
* then, on the node, once the policy generation is finished, run
rudder agent run -u
If it doesn't work, we'll have to investigate further: did you have any
error during the upgrade ? Do you have any "ERROR" in you
/var/log/rudder/webapp folder, post-upgrade ?
Does the file
/var/rudder/share/02dfe0b6-fee5-491a-96bb-95ecf27b07bb/rules/cfengine-commun
ity/rudder_promises_generated exist on the server ?
Thank you,
Nicolas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.rudder-project.org/pipermail/rudder-users/attachments/20180806/2aafd463/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4563 bytes
Desc: not available
URL: <http://www.rudder-project.org/pipermail/rudder-users/attachments/20180806/2aafd463/attachment-0001.bin>
More information about the rudder-users
mailing list