Issue Tracker: Nicolas CHARLEShttps://issues.rudder.io/https://issues.rudder.io/themes/rudder7/favicon/favicon.ico?17096450182024-03-25T09:52:36ZIssue Tracker
Redmine Rudder - Bug #24589: SELinux error for downloading fileshttps://issues.rudder.io/issues/24589#change-1834822024-03-25T09:52:36ZNicolas CHARLESnicolas.charles@rudder.io
<p>audit.log says<br /><pre>
type=SYSCALL msg=audit(1711355425.344:31295): arch=c000003e syscall=332 success=yes exit=0 a0=19 a1=55934ef5b83c a2=1000 a3=fff items=0 ppid=1 pid=622100 auid=4294967295
uid=995 gid=994 euid=995 suid=995 fsuid=995 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="tokio-runtime-w" exe="/opt/rudder/bin/rudder-relayd" subj=system
_u:system_r:rudder_relayd_t:s0 key=(null)^]ARCH=x86_64 SYSCALL=statx AUID="unset" UID="rudder-relayd" GID="rudder" EUID="rudder-relayd" SUID="rudder-relayd" FSUID="rudde
r-relayd" EGID="rudder" SGID="rudder" FSGID="rudder"
type=PROCTITLE msg=audit(1711355425.344:31295): proctitle="/opt/rudder/bin/rudder-relayd"
type=AVC msg=audit(1711356024.886:31296): avc: denied { search } for pid=622100 comm="tokio-runtime-w" name="shared-files" dev="dm-0" ino=8321775 scontext=system_u:sy
stem_r:rudder_relayd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=dir permissive=1
type=SYSCALL msg=audit(1711356024.886:31296): arch=c000003e syscall=257 success=yes exit=25 a0=ffffff9c a1=7f03cfffe600 a2=80000 a3=0 items=1 ppid=1 pid=622100 auid=4294
967295 uid=995 gid=994 euid=995 suid=995 fsuid=995 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="tokio-runtime-w" exe="/opt/rudder/bin/rudder-relayd" subj=
system_u:system_r:rudder_relayd_t:s0 key=(null)^]ARCH=x86_64 SYSCALL=openat AUID="unset" UID="rudder-relayd" GID="rudder" EUID="rudder-relayd" SUID="rudder-relayd" FSUID
="rudder-relayd" EGID="rudder" SGID="rudder" FSGID="rudder"
type=CWD msg=audit(1711356024.886:31296): cwd="/"
type=PATH msg=audit(1711356024.886:31296): item=0 name="/var/rudder/configuration-repository/shared-files/zabbix/conf/zabbix_agentd.win.conf" inode=34565955 dev=fd:00 mo
de=0100644 ouid=0 ogid=994 rdev=00:00 obj=unconfined_u:object_r:public_content_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0^]OUID="root" OGID
="rudder"
type=PROCTITLE msg=audit(1711356024.886:31296): proctitle="/opt/rudder/bin/rudder-relayd"
type=AVC msg=audit(1711356624.862:31297): avc: denied { read } for pid=622100 comm="tokio-runtime-w" name="zabbix_agentd.win.conf" dev="dm-0" ino=34565955 scontext=sy
stem_u:system_r:rudder_relayd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=file permissive=1
type=AVC msg=audit(1711356624.862:31297): avc: denied { open } for pid=622100 comm="tokio-runtime-w" path="/var/rudder/configuration-repository/shared-files/zabbix/co
nf/zabbix_agentd.win.conf" dev="dm-0" ino=34565955 scontext=system_u:system_r:rudder_relayd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=file permissiv
e=1
type=SYSCALL msg=audit(1711356624.862:31297): arch=c000003e syscall=257 success=yes exit=25 a0=ffffff9c a1=7f03ec736600 a2=80000 a3=0 items=0 ppid=1 pid=622100 auid=4294
967295 uid=995 gid=994 euid=995 suid=995 fsuid=995 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="tokio-runtime-w" exe="/opt/rudder/bin/rudder-relayd" subj=
system_u:system_r:rudder_relayd_t:s0 key=(null)^]ARCH=x86_64 SYSCALL=openat AUID="unset" UID="rudder-relayd" GID="rudder" EUID="rudder-relayd" SUID="rudder-relayd" FSUID
="rudder-relayd" EGID="rudder" SGID="rudder" FSGID="rudder"
type=PROCTITLE msg=audit(1711356624.862:31297): proctitle="/opt/rudder/bin/rudder-relayd"
type=AVC msg=audit(1711356624.862:31298): avc: denied { getattr } for pid=622100 comm="tokio-runtime-w" path="/var/rudder/configuration-repository/shared-files/zabbix
/conf/zabbix_agentd.win.conf" dev="dm-0" ino=34565955 scontext=system_u:system_r:rudder_relayd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=file permis
sive=1
type=SYSCALL msg=audit(1711356624.862:31298): arch=c000003e syscall=332 success=yes exit=0 a0=19 a1=55934ef5b83c a2=1000 a3=fff items=0 ppid=1 pid=622100 auid=4294967295
uid=995 gid=994 euid=995 suid=995 fsuid=995 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="tokio-runtime-w" exe="/opt/rudder/bin/rudder-relayd" subj=system
_u:system_r:rudder_relayd_t:s0 key=(null)^]ARCH=x86_64 SYSCALL=statx AUID="unset" UID="rudder-relayd" GID="rudder" EUID="rudder-relayd" SUID="rudder-relayd" FSUID="rudde
r-relayd" EGID="rudder" SGID="rudder" FSGID="rudder"
type=PROCTITLE msg=audit(1711356624.862:31298): proctitle="/opt/rudder/bin/rudder-relayd"
type=AVC msg=audit(1711356925.344:31299): avc: denied { search } for pid=622100 comm="tokio-runtime-w" name="shared-files" dev="dm-0" ino=8321775 scontext=system_u:sy
stem_r:rudder_relayd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=dir permissive=1
type=SYSCALL msg=audit(1711356925.344:31299): arch=c000003e syscall=257 success=yes exit=25 a0=ffffff9c a1=7f03ecf3a600 a2=80000 a3=0 items=1 ppid=1 pid=622100 auid=4294967295 uid=995 gid=994 euid=995 suid=995 fsuid=995 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="tokio-runtime-w" exe="/opt/rudder/bin/rudder-relayd" subj=system_u:system_r:rudder_relayd_t:s0 key=(null)^]ARCH=x86_64 SYSCALL=openat AUID="unset" UID="rudder-relayd" GID="rudder" EUID="rudder-relayd" SUID="rudder-relayd" FSUID="rudder-relayd" EGID="rudder" SGID="rudder" FSGID="rudder"
type=CWD msg=audit(1711356925.344:31299): cwd="/"
type=PATH msg=audit(1711356925.344:31299): item=0 name="/var/rudder/configuration-repository/shared-files/zabbix/conf/zabbix_agentd.win.conf" inode=34565955 dev=fd:00 mode=0100644 ouid=0 ogid=994 rdev=00:00 obj=unconfined_u:object_r:public_content_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0^]OUID="root" OGID="rudder"
type=PROCTITLE msg=audit(1711356925.344:31299): proctitle="/opt/rudder/bin/rudder-relayd"
type=SERVICE_START msg=audit(1711357383.470:31300): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dnf-makecache comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1711357383.470:31301): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dnf-makecache comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset"
type=AVC msg=audit(1711357526.091:31302): avc: denied { read } for pid=622100 comm="tokio-runtime-w" name="zabbix_agentd.win.conf" dev="dm-0" ino=34565955 scontext=system_u:system_r:rudder_relayd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=file permissive=1
type=AVC msg=audit(1711357526.091:31302): avc: denied { open } for pid=622100 comm="tokio-runtime-w" path="/var/rudder/configuration-repository/shared-files/zabbix/conf/zabbix_agentd.win.conf" dev="dm-0" ino=34565955 scontext=system_u:system_r:rudder_relayd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1711357526.091:31302): arch=c000003e syscall=257 success=yes exit=25 a0=ffffff9c a1=7f03ec535600 a2=80000 a3=0 items=0 ppid=1 pid=622100 auid=4294967295 uid=995 gid=994 euid=995 suid=995 fsuid=995 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="tokio-runtime-w" exe="/opt/rudder/bin/rudder-relayd" subj=system_u:system_r:rudder_relayd_t:s0 key=(null)^]ARCH=x86_64 SYSCALL=openat AUID="unset" UID="rudder-relayd" GID="rudder" EUID="rudder-relayd" SUID="rudder-relayd" FSUID="rudder-relayd" EGID="rudder" SGID="rudder" FSGID="rudder"
type=PROCTITLE msg=audit(1711357526.091:31302): proctitle="/opt/rudder/bin/rudder-relayd"
type=AVC msg=audit(1711357526.092:31303): avc: denied { getattr } for pid=622100 comm="tokio-runtime-w" path="/var/rudder/configuration-repository/shared-files/zabbix/conf/zabbix_agentd.win.conf" dev="dm-0" ino=34565955 scontext=system_u:system_r:rudder_relayd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1711357526.092:31303): arch=c000003e syscall=332 success=yes exit=0 a0=19 a1=55934ef5b83c a2=1000 a3=fff items=0 ppid=1 pid=622100 auid=4294967295 uid=995 gid=994 euid=995 suid=995 fsuid=995 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="tokio-runtime-w" exe="/opt/rudder/bin/rudder-relayd" subj=system_u:system_r:rudder_relayd_t:s0 key=(null)^]ARCH=x86_64 SYSCALL=statx AUID="unset" UID="rudder-relayd" GID="rudder" EUID="rudder-relayd" SUID="rudder-relayd" FSUID="rudder-relayd" EGID="rudder" SGID="rudder" FSGID="rudder"
type=PROCTITLE msg=audit(1711357526.092:31303): proctitle="/opt/rudder/bin/rudder-relayd"
type=AVC msg=audit(1711357824.826:31304): avc: denied { search } for pid=622100 comm="tokio-runtime-w" name="shared-files" dev="dm-0" ino=8321775 scontext=system_u:system_r:rudder_relayd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1711357824.826:31304): avc: denied { read } for pid=622100 comm="tokio-runtime-w" name="zabbix_agentd.win.conf" dev="dm-0" ino=34565955 scontext=system_u:system_r:rudder_relayd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=file permissive=1
type=AVC msg=audit(1711357824.826:31304): avc: denied { open } for pid=622100 comm="tokio-runtime-w" path="/var/rudder/configuration-repository/shared-files/zabbix/conf/zabbix_agentd.win.conf" dev="dm-0" ino=34565955 scontext=system_u:system_r:rudder_relayd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1711357824.826:31304): arch=c000003e syscall=257 success=yes exit=25 a0=ffffff9c a1=7f03ecb38600 a2=80000 a3=0 items=1 ppid=1 pid=622100 auid=4294967295 uid=995 gid=994 euid=995 suid=995 fsuid=995 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="tokio-runtime-w" exe="/opt/rudder/bin/rudder-relayd" subj=system_u:system_r:rudder_relayd_t:s0 key=(null)^]ARCH=x86_64 SYSCALL=openat AUID="unset" UID="rudder-relayd" GID="rudder" EUID="rudder-relayd" SUID="rudder-relayd" FSUID="rudder-relayd" EGID="rudder" SGID="rudder" FSGID="rudder"
type=CWD msg=audit(1711357824.826:31304): cwd="/"
type=PATH msg=audit(1711357824.826:31304): item=0 name="/var/rudder/configuration-repository/shared-files/zabbix/conf/zabbix_agentd.win.conf" inode=34565955 dev=fd:00 mode=0100644 ouid=0 ogid=994 rdev=00:00 obj=unconfined_u:object_r:public_content_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0^]OUID="root" OGID="rudder"
type=PROCTITLE msg=audit(1711357824.826:31304): proctitle="/opt/rudder/bin/rudder-relayd"
type=AVC msg=audit(1711357824.826:31305): avc: denied { getattr } for pid=622100 comm="tokio-runtime-w" path="/var/rudder/configuration-repository/shared-files/zabbix/conf/zabbix_agentd.win.conf" dev="dm-0" ino=34565955 scontext=system_u:system_r:rudder_relayd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1711357824.826:31305): arch=c000003e syscall=332 success=yes exit=0 a0=19 a1=55934ef5b83c a2=1000 a3=fff items=0 ppid=1 pid=622100 auid=4294967295 uid=995 gid=994 euid=995 suid=995 fsuid=995 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="tokio-runtime-w" exe="/opt/rudder/bin/rudder-relayd" subj=system_u:system_r:rudder_relayd_t:s0 key=(null)^]ARCH=x86_64 SYSCALL=statx AUID="unset" UID="rudder-relayd" GID="rudder" EUID="rudder-relayd" SUID="rudder-relayd" FSUID="rudder-relayd" EGID="rudder" SGID="rudder" FSGID="rudder"
type=PROCTITLE msg=audit(1711357824.826:31305): proctitle="/opt/rudder/bin/rudder-relayd"
type=AVC msg=audit(1711358424.737:31306): avc: denied { search } for pid=622100 comm="tokio-runtime-w" name="shared-files" dev="dm-0" ino=8321775 scontext=system_u:system_r:rudder_relayd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=dir permissive=1
type=SYSCALL msg=audit(1711358424.737:31306): arch=c000003e syscall=257 success=yes exit=25 a0=ffffff9c a1=7f03ecf3a600 a2=80000 a3=0 items=1 ppid=1 pid=622100 auid=4294967295 uid=995 gid=994 euid=995 suid=995 fsuid=995 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="tokio-runtime-w" exe="/opt/rudder/bin/rudder-relayd" subj=system_u:system_r:rudder_relayd_t:s0 key=(null)^]ARCH=x86_64 SYSCALL=openat AUID="unset" UID="rudder-relayd" GID="rudder" EUID="rudder-relayd" SUID="rudder-relayd" FSUID="rudder-relayd" EGID="rudder" SGID="rudder" FSGID="rudder"
type=CWD msg=audit(1711358424.737:31306): cwd="/"
type=PATH msg=audit(1711358424.737:31306): item=0 name="/var/rudder/configuration-repository/shared-files/zabbix/conf/zabbix_agentd.win.conf" inode=34565955 dev=fd:00 mode=0100644 ouid=0 ogid=994 rdev=00:00 obj=unconfined_u:object_r:public_content_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0^]OUID="root" OGID="rudder"
type=PROCTITLE msg=audit(1711358424.737:31306): proctitle="/opt/rudder/bin/rudder-relayd"
type=AVC msg=audit(1711359031.729:31307): avc: denied { read } for pid=622100 comm="tokio-runtime-w" name="zabbix_agentd.win.conf" dev="dm-0" ino=34565955 scontext=system_u:system_r:rudder_relayd_t:s0 tcontext=unconfined_u:object_r:public_content_t:s0 tclass=file permissive=1
</pre></p> Rudder - Bug #24589 (Pending release): SELinux error for downloading fileshttps://issues.rudder.io/issues/245892024-03-25T09:45:05ZNicolas CHARLESnicolas.charles@rudder.io
<p>At least on rhel related system, it's not possible to download files from the shared folders, with an SELinux error<br /><pre>
ERROR rudder_relayd::api::shared_folder::handlers: Permission denied (os error 13)
</pre></p> Rudder - Bug #24567 (Pending release): when sorting by targeted compliance, the No data available...https://issues.rudder.io/issues/245672024-03-22T08:27:49ZNicolas CHARLESnicolas.charles@rudder.io
<p>sorting show <br /><img src="https://issues.rudder.io/attachments/download/2939/clipboard-202403220927-pagus.png" alt="" loading="lazy" /></p>
<p>so i don't have the worst offender first, but those that are not targeted</p> Rudder - Bug #24561 (New): when we have a lot of properties, editing them is complexhttps://issues.rudder.io/issues/245612024-03-21T12:51:49ZNicolas CHARLESnicolas.charles@rudder.io
<p>in 8.1, when the properties is long in 8.1, then editing them is really hard<br />any change scrolls back the focus on top, se we don't see where we are anymore<br />before removing a character<br /><img src="https://issues.rudder.io/attachments/download/2936/clipboard-202403211351-j91z2.png" alt="" loading="lazy" /></p>
<p>after removing the character<br /><img src="https://issues.rudder.io/attachments/download/2937/clipboard-202403211351-ipshd.png" alt="" loading="lazy" /></p> Rudder - Bug #24559: When upgrading from 8.0 to 8.1 on Ubuntu 22, the webapp doesn't starthttps://issues.rudder.io/issues/24559#change-1830662024-03-21T12:21:16ZNicolas CHARLESnicolas.charles@rudder.io
<p>reenabling the plugins do work</p> Rudder - Bug #24559 (New): When upgrading from 8.0 to 8.1 on Ubuntu 22, the webapp doesn't starthttps://issues.rudder.io/issues/245592024-03-21T12:19:05ZNicolas CHARLESnicolas.charles@rudder.io
<p>I had a 8.0.4 with Rudder 8.0.4, system-updates & cve plugins<br />I tried upgraded Rudder to only find it not starting<br />Install procedure mostly worked<br /><pre>
t# apt install rudder-server
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
rudder-agent rudder-api-client rudder-relay
The following packages will be upgraded:
rudder-agent rudder-api-client rudder-relay rudder-server
4 upgraded, 0 newly installed, 0 to remove and 67 not upgraded.
Need to get 209 MB of archives.
After this operation, 22.3 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 https://download.rudder.io/rtf/apt/8.1-nightly jammy/main amd64 rudder-server amd64 8.1.0~beta2~git202403210219-ubuntu22.04 [200 MB]
Get:2 https://download.rudder.io/rtf/apt/8.1-nightly jammy/main amd64 rudder-api-client amd64 8.1.0~beta2~git202403210219-ubuntu22.04 [9728 B]
Get:3 https://download.rudder.io/rtf/apt/8.1-nightly jammy/main amd64 rudder-relay amd64 8.1.0~beta2~git202403210219-ubuntu22.04 [5890 kB]
Get:4 https://download.rudder.io/rtf/apt/8.1-nightly jammy/main amd64 rudder-agent amd64 8.1.0~beta2~git202403210219-ubuntu22.04 [3216 kB]
Fetched 209 MB in 3s (64.2 MB/s)
Preconfiguring packages ...
(Reading database ... 104946 files and directories currently installed.)
Preparing to unpack .../rudder-server_8.1.0~beta2~git202403210219-ubuntu22.04_amd64.deb ...
********************************************************************************
INFO: dpkg may ask you if you want to replace rudder-web.properties or
INFO: slapd.conf with the maintainer version.
INFO:
INFO: If you accept, please keep in mind that you will lose any manual
INFO: modifications in this file, like batchs configuration, or LDAP
INFO: authentication. It will also reset passwords to default values and break
INFO: upgrade scripts.
INFO:
INFO: We strongly advise you to respond NO to this question
INFO: ('keep your currently-installed version'). Rudder's upgrade script will
INFO: take care of upgrading these file automatically.
INFO:
********************************************************************************
Unpacking rudder-server (8.1.0~beta2~git202403210219-ubuntu22.04) over (8.0.4-ubuntu22.04) ...
Preparing to unpack .../rudder-api-client_8.1.0~beta2~git202403210219-ubuntu22.04_amd64.deb ...
Unpacking rudder-api-client (8.1.0~beta2~git202403210219-ubuntu22.04) over (8.0.4-ubuntu22.04) ...
Preparing to unpack .../rudder-relay_8.1.0~beta2~git202403210219-ubuntu22.04_amd64.deb ...
Unpacking rudder-relay (8.1.0~beta2~git202403210219-ubuntu22.04) over (8.0.4-ubuntu22.04) ...
Preparing to unpack .../rudder-agent_8.1.0~beta2~git202403210219-ubuntu22.04_amd64.deb ...
Unpacking rudder-agent (8.1.0~beta2~git202403210219-ubuntu22.04) over (8.0.4-ubuntu22.04) ...
Setting up rudder-agent (8.1.0~beta2~git202403210219-ubuntu22.04) ...
Setting up rudder-api-client (8.1.0~beta2~git202403210219-ubuntu22.04) ...
Setting up rudder-relay (8.1.0~beta2~git202403210219-ubuntu22.04) ...
Job for apache2.service canceled.
Setting up rudder-server (8.1.0~beta2~git202403210219-ubuntu22.04) ...
Configuration file '/opt/rudder/etc/rudder-web.properties'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** rudder-web.properties (Y/I/N/O/D/Z) [default=N] ?
Configuration file '/opt/rudder/etc/rudder-users.xml'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** rudder-users.xml (Y/I/N/O/D/Z) [default=N] ?
Already on 'master'
INFO rudder_package: Index and licenses successfully updated
INFO rudder_package::database: Installing rudder-plugin-cve
INFO rudder_package::database: Plugin cve already installed, upgrading
INFO rudder_package::archive: Installing rpkg '/var/rudder/tmp/plugins/rudder-plugin-cve-8.1.0~beta2-2.10-nightly.rpkg'...
INFO rudder_package::archive: Plugin cve was successfully installed
INFO rudder_package::database: Installing rudder-plugin-system-updates
INFO rudder_package::database: Plugin system-updates already installed, upgrading
INFO rudder_package::archive: Installing rpkg '/var/rudder/tmp/plugins/rudder-plugin-system-updates-8.1.0~beta2-1.15-nightly.rpkg'...
INFO rudder_package::archive: Plugin system-updates was successfully installed
INFO rudder_package: All plugins were upgraded successfully
🗸 Restarting the Web application to apply changes
ERROR rudder_package: No such file or directory (os error 2)
INFO rudder_package: Plugins successfully disabled
Job for rudder-jetty.service failed because the control process exited with error code.
See "systemctl status rudder-jetty.service" and "journalctl -xeu rudder-jetty.service" for details.
INFO rudder_package: All postinstall scripts ran successfully
Processing triggers for libc-bin (2.35-0ubuntu3.6) ...
Scanning processes...
Scanning linux images...
Running kernel seems to be up-to-date.
No services need to be restarted.
No containers need to be restarted.
No user sessions are running outdated binaries.
No VM guests are running outdated hypervisor (qemu) binaries on this host.
</pre><br />except for this part<br /><pre>
INFO rudder_package: All plugins were upgraded successfully
🗸 Restarting the Web application to apply changes
ERROR rudder_package: No such file or directory (os error 2)
INFO rudder_package: Plugins successfully disabled
Job for rudder-jetty.service failed because the control process exited with error code.
See "systemctl status rudder-jetty.service" and "journalctl -xeu rudder-jetty.service" for details.
</pre></p>
<p>no logs mention the No such file or directory</p>
<p>journalctl nor install log don't mention any of that, but rudder-jetty doesn't start<br />The logs of webapp are empty (0 bytes), and it fails quite quickly<br /><pre>
Mar 21 11:45:08 server rudder-jetty.sh[15881]: Stopping Jetty: OK
Mar 21 11:45:12 server systemd[1]: rudder-jetty.service: Main process exited, code=exited, status=129/n/a
Mar 21 11:45:12 server systemd[1]: rudder-jetty.service: Failed with result 'exit-code'.
</pre></p>
<p>plugins are upgraded<br /><pre>
# rudder package list
+----------------+--------------------------+------------+--------------+------------------+-----------------------------------------------------+
| Name | Installed | Latest | Web plugin | License | Description |
+----------------+--------------------------+------------+--------------+------------------+-----------------------------------------------------+
| cve | 8.1.0~beta2-2.10-nightly | up-to-date | yes: enabled | until 2024/04/20 | Manage known vulnerabilities in system components |
| system-updates | 8.1.0~beta2-1.15-nightly | up-to-date | yes: enabled | until 2024/04/20 | Available upgrades management and upgrade campaigns |
+----------------+--------------------------+------------+--------------+------------------+-----------------------------------------------------+
</pre></p>
<p>disabling them don't fix the issue</p>
<p>Finally, I got it to work when running<br /><pre>
/opt/rudder/bin/rudder-jetty-pre-check.sh
/opt/rudder/bin/rudder-jetty.sh start
</pre></p> CIS - Bug #24518 (Pending technical review): Add tests for section 3.4.1 (ubuntu 20, ufw firewall)https://issues.rudder.io/issues/24518#change-1828882024-03-18T12:14:56ZNicolas CHARLESnicolas.charles@rudder.io
<p>PR <a class="external" href="https://github.com/Normation/rudder-plugins-private/pull/534">https://github.com/Normation/rudder-plugins-private/pull/534</a></p> CIS - Bug #24518 (In progress): Add tests for section 3.4.1 (ubuntu 20, ufw firewall)https://issues.rudder.io/issues/24518#change-1828872024-03-18T12:13:18ZNicolas CHARLESnicolas.charles@rudder.ioCIS - Bug #24518 (Pending technical review): Add tests for section 3.4.1 (ubuntu 20, ufw firewall)https://issues.rudder.io/issues/245182024-03-18T08:19:02ZNicolas CHARLESnicolas.charles@rudder.ioRudder - Bug #24472: We should rework the targets rules page when we create a directivehttps://issues.rudder.io/issues/24472#change-1827922024-03-15T08:45:09ZNicolas CHARLESnicolas.charles@rudder.io
<p>I'd rather have the filter fixed rather than removed<br />It is sometimes difficult to find the right rule, and being able to filter them does help a lot</p> Rudder - Bug #24466 (Pending release): when we search for a group in the search engine, the group...https://issues.rudder.io/issues/244662024-03-14T17:21:31ZNicolas CHARLESnicolas.charles@rudder.io
<p>it takes a lot of time to load, and we have at top the list of all groups with compliance, then the group itself, and the nod elist<br /><img src="https://issues.rudder.io/attachments/download/2901/clipboard-202403141821-of6tv.png" alt="" loading="lazy" /></p> Rudder - Bug #24464 (Rejected): UI of technique editor parameters is not so greathttps://issues.rudder.io/issues/244642024-03-14T16:26:52ZNicolas CHARLESnicolas.charles@rudder.io
<p>Checkbox is too closed to the text<br /><img src="https://issues.rudder.io/attachments/download/2895/clipboard-202403141726-mahzf.png" alt="" loading="lazy" /></p>
<p>and the hover over required doesn't work</p> Rudder - Bug #24462 (Rejected): Parameter management in the technique doesn't workhttps://issues.rudder.io/issues/24462#change-1827662024-03-14T16:25:47ZNicolas CHARLESnicolas.charles@rudder.io
<p>duplicate of <a class="issue tracker-1 status-6 priority-16 priority-default closed" title="Bug: Selecting values from a list for technique parameters always selects the first one (Rejected)" href="https://issues.rudder.io/issues/24387">#24387</a></p> Rudder - Bug #24462 (Resolved): Parameter management in the technique doesn't workhttps://issues.rudder.io/issues/244622024-03-14T16:23:12ZNicolas CHARLESnicolas.charles@rudder.io
<p>If I have 2 parameters in a technique, the first one being a plain string, and want the second one to be a list, and click on "Select values from a list" on the SECOND parameter, the first one is ticked</p>
<p><img src="https://issues.rudder.io/attachments/download/2893/clipboard-202403141722-rgu5o.png" alt="" loading="lazy" /></p>
<p>I can't get the second one to become a select</p> Rudder - Bug #24460 (New): usersessions table creation may fail on postgresql 15 and morehttps://issues.rudder.io/issues/244602024-03-14T16:17:04ZNicolas CHARLESnicolas.charles@rudder.io
Since Postgresql 15, only the database owner can create table<br />However, it seems that some users (dating from 7.2.5) have the rudder database owned by "postgres" rather than "rudder" <br />I don't know how it happened, but as a consequence:
<ul>
<li>There is webapp error log<br /><pre>
2024-03-14 16:19:46.646:WARN :oejs.HttpChannel:qtp110992469-19: /rudder/j_spring_security_check
Exception in thread "zio-fiber-9917" com.normation.errors$SystemError: SystemError(Error when saving session 'node0i5jqqg1dc3kt10qq2y4gg97wk4' info for user 'a545913',org.postgresql.util.PSQLException: ERROR: relation "usersessions" does not exist| Position: 13)|?at zio.interop.ZioMonadError.raiseError.trace(cats.scala:545)|?at .onError(ApplicativeError.scala:241:0)|?at .guaranteeCase(MonadCancel.scala:375:0)|?at com.normation.rudder.db.Doobie.transactIOResult(Doobie.scala:92)|?at com.normation.rudder.users.JdbcUserRepository.logStartSession(UserRepository.scala:581)|?at com.normation.zio.ZioRuntime.unsafeRun(ZioCommons.scala:445)
at zio.interop.ZioMonadError.raiseError.trace(cats.scala:545)
at .onError(ApplicativeError.scala:241:0)
at .guaranteeCase(MonadCancel.scala:375:0)
at com.normation.rudder.db.Doobie.transactIOResult(Doobie.scala:92)
at com.normation.rudder.users.JdbcUserRepository.logStartSession(UserRepository.scala:581)
at com.normation.zio.ZioRuntime.unsafeRun(ZioCommons.scala:445)
</pre></li>
</ul>
<ul>
<li>when the webapp starts, there is the following message<br /><pre>
[2024-03-14 16:01:49+0100] ERROR bootchecks - Error when trying to create user tables: SystemError: Error with 'Users' table creation; cause was: org.postgresql.util.PSQLException: ERROR: permission denied for schema public
</pre></li>
</ul>
<ul>
<li>the postgresql information is <br /><pre>
rudder=# \l rudder
List of databases
Name | Owner | Encoding | Collate | Ctype | ICU Locale | Locale Provider | Access privileges
--------+----------+----------+-------------+-------------+------------+-----------------+-------------------
rudder | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | libc |
(1 row)
</pre></li>
</ul>
<p>we should ensure the ownership of the database to rudder</p>