[rudder-users] Migration from Rudder 4.2 to 4.3

Nicolas Charles nicolas.charles at normation.com
Wed Jul 18 08:02:47 UTC 2018 

Le 13/07/2018 à 11:30, GALLET Tristan a écrit :
>
> Hello everybody,
>
> I’ve just migrated from Rudder 4.2 to 4.3.2. (not 4.3.3, Debian has 
> not yet this version in the repository).
>
> Server and client are on Debian 8.11, all updates from today.
>
> After upgrade, clients can not update their policies :
>
> From a client :
>
> *rudder agent update*
>
> *R: 
> **********************************************************************************
>
> ** rudder-agent could not get an updated configuration from the policy 
> server.   **
>
> ** This can be caused 
> by:                                                        **
>
> **   * an agent key that has been 
> changed                                        **
>
> **   * if this node is not accepted or deleted node on the Rudder root 
> server    **
>
> **   * if this node has changed policy server without sending a new 
> inventory    **
>
> ** Any existing configuration policy will continue to be applied 
> without change. **
>
> ***********************************************************************************
>
> *ok: Rudder agent promises were updated.*
>
> From the serveur :
>
> rudder server debug 10.X.X.X
>
> Logs from server :
>
> *rudder  verbose: 10.X.X.X> Setting IDENTITY: USERNAME=root*
>
> *rudder  verbose: 10.X.X.X> Received public key compares equal to the 
> one we have stored*
>
> *rudder  verbose: 10.X.X.X> MD5=70b5b4d90fa8c1176cd2c1a00deb9884: 
> Client is TRUSTED, public key MATCHES stored one.*
>
> *rudder  verbose: 10.X.X.X> Received:    STAT 
> /var/rudder/share/02dfe0b6-fee5-491a-96bb-95ecf27b07bb/rules/cfengine-community/rudder_promises_generated*
>
> *rudder  verbose: 10.X.X.X> Translated to:    STAT 
> /var/rudder/share/02dfe0b6-fee5-491a-96bb-95ecf27b07bb/rules/cfengine-community/rudder_promises_generated*
>
> *rudder     info: 10.X.X.X> access denied to STAT: 
> /var/rudder/share/02dfe0b6-fee5-491a-96bb-95ecf27b07bb/rules/cfengine-community/rudder_promises_generated*
>
> *rudder  verbose: 10.X.X.X> REFUSAL to user='root' of request: SYNCH 
> 1531473776 STAT 
> /var/rudder/share/02dfe0b6-fee5-491a-96bb-95ecf27b07bb/rules/cfengine-community/rudder_promises_generated*
>
> *rudder  verbose: 10.X.X.X> Received:    STAT 
> /usr/share/ncf/tree/ncf_hash_file*
>
> *rudder  verbose: 10.X.X.X> Translated to:    STAT 
> /usr/share/ncf/tree/ncf_hash_file*
>
> *rudder  verbose: 10.X.X.X> Received:     MD5 
> /usr/share/ncf/tree/ncf_hash_file*
>
> *rudder  verbose: 10.X.X.X> Translated to:     MD5 
> /usr/share/ncf/tree/ncf_hash_file*
>
> *rudder  verbose: 10.X.X.X> Received:    STAT 
> /var/rudder/configuration-repository/ncf/ncf_hash_file*
>
> *rudder  verbose: 10.X.X.X> Translated to:    STAT 
> /var/rudder/configuration-repository/ncf/ncf_hash_file*
>
> *rudder  verbose: 10.X.X.X> Received:     MD5 
> /var/rudder/configuration-repository/ncf/ncf_hash_file*
>
> *rudder  verbose: 10.X.X.X> Translated to:     MD5 
> /var/rudder/configuration-repository/ncf/ncf_hash_file*
>
> *rudder  verbose: 10.X.X.X> Received:    STAT 
> /var/rudder/tools/rudder_tools_updated*
>
> *rudder  verbose: 10.X.X.X> Translated to:    STAT 
> /var/rudder/tools/rudder_tools_updated*
>
> *rudder  verbose: 10.X.X.X> Received:     MD5 
> /var/rudder/tools/rudder_tools_updated*
>
> *rudder  verbose: 10.X.X.X> Translated to:     MD5 
> /var/rudder/tools/rudder_tools_updated*
>
> *rudder  verbose: 10.X.X.X> Remote peer terminated TLS session (SSL_read)*
>
> *rudder     info: 10.X.X.X> Closing connection, terminating thread*
>
> **
>
> DNS is ok, server and client resolve each other.
>
> Is there something to do after migration ?
>
> Regards
>
> Cordialement,
>
> Tristan
>

Hi Tristan,

Thank you very much for the detailed explanation and debug logs, it is 
very useful. I'm sorry for the delay in the answer, the mail was caught 
in a moderation zone :/

Normally, there shouldn't be anything to do after an upgrade, so you are 
hitting a bug.
We've encountered a very rare bug where inventories or keys could be 
lost during an upgrade, due to cache issue - it may be related to that. 
Can you do the following:

  * On the failing node, can you run

rudder agent inventory

  * then, on the server Rudder, run:

rudder agent inventory && rudder agent run
to be sure that the Rudder server inventory is there and up to date.

  * trigger a full policies generation, by clicking on "Status" in the
    menu bar of Rudder, then "Regenerate all policies"


  * then, on the node, once the policy generation is finished, run

rudder agent run -u

If it doesn't work, we'll have to investigate further: did you have any 
error during the upgrade ? Do you have any "ERROR" in you 
/var/log/rudder/webapp folder, post-upgrade ?
Does the file 
/var/rudder/share/02dfe0b6-fee5-491a-96bb-95ecf27b07bb/rules/cfengine-community/rudder_promises_generated 
exist on the server ?

Thank you,
Nicolas


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.rudder-project.org/pipermail/rudder-users/attachments/20180718/125478b5/attachment.html>

More information about the rudder-users mailing list