Project

General

Profile

Actions

Bug #2783

closed

After a migration from 2.3 to 2.4.0~beta3, a dynamic group defined in Rudder 2.3 isn't updated automatically and doesn't add a new node accepted, even if this node correspond to this group

Added by Nicolas PERRON over 11 years ago. Updated over 11 years ago.

Status:
Rejected
Priority:
1
Category:
Web - Nodes & inventories
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

A dynamic group has been made and is generic (All linux) in Rudder server 2.3 but there is no way to it to be updated automatically. Indeed, Even if a node is accepted correspond to criteria of the group, it is not added. The only way to add a node in this group is to update it manually


Files

MigrationGroup.png (78 KB) MigrationGroup.png Nicolas PERRON, 2012-08-08 14:39
MigrationGroup2.png (83.9 KB) MigrationGroup2.png Nicolas PERRON, 2012-08-08 14:39
Rudder_Migration_2.3-2.4_Display.log (15.9 KB) Rudder_Migration_2.3-2.4_Display.log Nicolas PERRON, 2012-08-09 12:10
openldap-data-pre-upgrade-20120809145448.ldif (561 KB) openldap-data-pre-upgrade-20120809145448.ldif Nicolas PERRON, 2012-08-09 17:02

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #2798: Create a new group without clicking on "Update" button add an entry to LDAP base but without jsonNodeGroupQuery attribute which result in a none-functionnal group.ReleasedVincent MEMBRÉ2012-08-09Actions
Actions #1

Updated by Nicolas PERRON over 11 years ago

It seems that the LDAP migration is missing something:

Here is the dynamic group from 2.3 (All Linux):

version: 1

dn: nodeGroupId=732a7e64-27b6-4513-ae2a-33fbcc8a478f,groupCategoryId=GroupRo
 ot,ou=Rudder,cn=rudder-configuration
objectClass: nodeGroup
objectClass: top
cn: All Linux
isDynamic: TRUE
nodeGroupId: 732a7e64-27b6-4513-ae2a-33fbcc8a478f
isEnabled: TRUE
isSystem: FALSE

Here is the new dynamic group (only node2 not static):

version: 1

dn: nodeGroupId=a1e6f1b2-7ebb-41c7-bede-685900ed40c2,groupCategoryId=GroupRo
 ot,ou=Rudder,cn=rudder-configuration
objectClass: nodeGroup
objectClass: top
cn: Only node2 not static
isDynamic: TRUE
nodeGroupId: a1e6f1b2-7ebb-41c7-bede-685900ed40c2
isEnabled: TRUE
isSystem: FALSE
jsonNodeGroupQuery: {"select":"node","composition":"And","where":[{"objectTy
 pe":"networkInterfaceLogicalElement","attribute":"ipHostNumber","comparator
 ":"eq","value":"192.168.42.12"}]}

Actions #2

Updated by François ARMAND over 11 years ago

  • Assignee changed from François ARMAND to Nicolas PERRON

Clearly, if the jsonNodeGroupQuery element is missing, that just can't work (that's what allow to check if a node belongs to a group or not).

And there is absolutely no reason at all for that element to be missing - that's just not a valid group entry.

So, something in the migration seems to erase that. Something along with LDAP migration ? (I can't see anything else doing that ?)

Actions #3

Updated by Nicolas PERRON over 11 years ago

  • Status changed from New to Discussion

This is odds, the LDAP migration script doesn't modify anything about the groups.
I should try to reproduce it to be sure this is a bug.

Actions #4

Updated by Nicolas PERRON over 11 years ago

I have reproduce this bug with two dynamic groups which was missing jsonNodeGroupQuery.
This is a SLES 11 64 bits and here is the output from the update

Actions #5

Updated by Nicolas PERRON over 11 years ago

The log from /var/log/rudder/ldap/slapd.log doesn't seem to display anything useful for this issue:

2012-08-09T10:04:33.304015+00:00 server slapd[20858]: <= bdb_equality_candidates: (isSystem) not indexed
2012-08-09T10:06:29.223887+00:00 server slapd[22829]: [INFO] Using /etc/default/slapd for configuration
2012-08-09T10:06:29.230776+00:00 server slapd[22834]: [INFO] Halting OpenLDAP...
2012-08-09T10:06:29.232500+00:00 server slapd[20858]: daemon: shutdown requested and initiated.
2012-08-09T10:06:29.232518+00:00 server slapd[20858]: slapd shutdown: waiting for 0 operations/tasks to finish
2012-08-09T10:06:29.334344+00:00 server slapd[20858]: slapd stopped.
2012-08-09T10:06:30.254509+00:00 server slapd[22838]: [OK] OpenLDAP stopped after 1 seconds
2012-08-09T10:06:30.260644+00:00 server slapd[22839]: [INFO] Launching OpenLDAP database backup...
2012-08-09T10:06:30.330392+00:00 server slapd[22856]: [OK] data save in /var/rudder/ldap/backup/openldap-data-20120809100629.ldif
2012-08-09T10:06:30.332294+00:00 server slapd[22858]: [INFO] Halting OpenLDAP replication...
2012-08-09T10:06:30.333291+00:00 server slapd[22859]: [INFO] no replica found in configuration, aborting stopping slurpd
2012-08-09T10:06:30.334243+00:00 server slapd[22860]: [INFO] Launching OpenLDAP configuration test...
2012-08-09T10:06:30.346665+00:00 server slapd[22862]: [OK] OpenLDAP configuration test successful
2012-08-09T10:06:30.347649+00:00 server slapd[22863]: [INFO] Launching OpenLDAP replication...
2012-08-09T10:06:30.348537+00:00 server slapd[22864]: [INFO] no replica found in configuration, aborting lauching slurpd
2012-08-09T10:06:30.349954+00:00 server slapd[22865]: [INFO] no db_recover done
2012-08-09T10:06:30.350826+00:00 server slapd[22866]: [INFO] Launching OpenLDAP...
2012-08-09T10:06:30.351717+00:00 server slapd[22867]: [OK] file descriptor limit set to 1024
2012-08-09T10:06:30.353728+00:00 server slapd[22868]: @(#) $OpenLDAP: slapd 2.4.30 (Aug  9 2012 07:38:18) $
        root@sles-builder-11-64:/usr/src/packages/BUILD/openldap-source/servers/slapd
2012-08-09T10:06:30.368237+00:00 server slapd[22869]: slapd starting
2012-08-09T10:06:31.377845+00:00 server slapd[22874]: [OK] OpenLDAP started on port 389 and 636
2012-08-09T10:06:57.101617+00:00 server slapd[22869]: <= bdb_equality_candidates: (ipHostNumber) not indexed

How could this attribute be missing sometimes and not all the times ?

Actions #6

Updated by Nicolas PERRON over 11 years ago

In the backup file, jsonNodeGroupQuery is already missing:

[...]

dn: nodeGroupId=c1dcfe83-a545-45e3-8237-a57b5629d508,groupCategoryId=GroupRoot
 ,ou=Rudder,cn=rudder-configuration
nodeGroupId: c1dcfe83-a545-45e3-8237-a57b5629d508
objectClass: nodeGroup
objectClass: top
cn: Only 192.168.13.11
isActivated: TRUE
isSystem: FALSE
isDynamic: TRUE
structuralObjectClass: nodeGroup
entryUUID: 93399dd6-7653-1031-8b09-8b1fc31f3517
creatorsName: cn=manager,cn=rudder-configuration
createTimestamp: 20120809095145Z
entryCSN: 20120809095145.821193Z#000000#000#000000
modifiersName: cn=manager,cn=rudder-configuration
modifyTimestamp: 20120809095145

[...]

We should try to know if in rudder 2.3, the LDAP backup works correctly

Actions #7

Updated by Nicolas PERRON over 11 years ago

  • Status changed from Discussion to Pending technical review
  • % Done changed from 0 to 100

We don't know how this could happen, so we have decided to include a test which stop upgrade if the backup doesn't contain jsonNodeGroupQuery.

Actions #8

Updated by Nicolas PERRON over 11 years ago

I have reproduce it again. Here is the backup file with one jsonNodeGroupQuery missing:

Actions #9

Updated by Nicolas PERRON over 11 years ago

  • Assignee changed from Nicolas PERRON to François ARMAND

Bug spotted ! This is not due to LDAP migration or backup !

The LDAP entries in Rudder 2.3 was already with these jsonNodeGroupQuery missing.

How to do that ? Easy, create a Dynamic group and do not save.

Actions #10

Updated by Nicolas PERRON over 11 years ago

This is no more considered as a migration bug so I rejected it.

The real bug is here: #2798

Actions #11

Updated by Nicolas PERRON over 11 years ago

  • Status changed from In progress to Discussion

Could someone reject this bug, please ?

Actions #12

Updated by Nicolas PERRON over 11 years ago

  • Status changed from Discussion to New
Actions #13

Updated by Nicolas PERRON over 11 years ago

  • Status changed from New to Rejected

Ok, I can reject myself. Done.

Actions

Also available in: Atom PDF