Project

General

Profile

Bug #10711

Improve generated inventory checks when inventory is missing

Added by Janos Mattyasovszky 7 months ago. Updated 5 months ago.

Status:
Released
Priority:
N/A
Category:
Techniques
Target version:
Target version (plugin):
Severity:
Major - prevents use of part of Rudder | no simple workaround
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Very Small
Priority:
54

Description

Version: 4.1.2.rc1.git201705040133 on CFEngine Core 3.10.0

In ./inventory/1.0/fusionAgent.cf there is:

    # guarding execresult to save a lot of time during policy validation
    !windows.(force_inventory|inventory_time)::
      "fusion_inventory_version" string => execresult("${g.rudder_base}/bin/run-inventory --version | ${paths.path[grep]} '[0-9]\.[0-9]' |
 ${paths.path[sed]} 's%.*(\([0-9]\+\)\.\([0-9]\+\).*).*%\1\2%'", "useshell");
      "inventory_path"           string => "${g.rudder_var_tmp}/inventory", policy => "overridable"; # Default value
      "inventory_path_edition"   string => "${g.rudder_var_tmp}/inventory/.*.ocs", policy => "overridable"; # Default value for editing th
e inventory files

=> the execution of "execresult" is guarded
=> it will only be executed if "!windows.(force_inventory|inventory_time)", and only then is "inventory_path" defined.

However, the actual inventory run does not follow this conditions, it is enough for the inventory directory to just be created, it does not depend on the variable of inventory_path actually being set:

  commands:
    !windows.inventoryfoldercreated::
      "${g.rudder_base}/bin/run-inventory --local=${inventory_path}" 
        classes => cf2_if_else("run_inventory", "inventory_failed"),
        comment => "Generating inventory, in the temporary folder";

This results in a File of ${inventory_path} being created in the / if the directory was just created:

rudder41n:~ # rmdir /var/rudder/tmp/inventory/
rudder41n:~ # rudder agent run -q
Rudder agent 4.1.2.rc1.git201705040133 (CFEngine Core 3.10.0)
Node uuid: root
#Start execution with config [20170505-095043-72de9bee]

M| State         Technique                 Component                 Key                Message
E| error         Inventory                 inventory                                    #Generated inventory has been detected as invalid

## Summary #####################################################################
32 components verified in 4 directives
   => 32 components in Enforce mode
      -> 29 compliant
      -> 2 not-applicable
      -> 1 error
execution time: 6.47s
################################################################################
rudder41n:~ #

rudder41n:~ # ll /\$\{inventory_path\}
-rw------- 1 root root 324182 May  5 12:31 /${inventory_path}
rudder41n:~ #

The very strange for this is, that the check should only run if the inventory_file_exist class is set, which is defined by using filesexist based on a findfiles, but that somehow returns true, even if you try to search a bunch of files "*.ocs" in an empty folder by using an intermediate array:

See child ticket #10712 for detailed description.


Subtasks

Bug #10712: cf-agent: filesexist returns true on empty slist New


Related issues

Related to Rudder - Bug #10753: No generation of inventory at installation Released

Associated revisions

Revision b9cd4340
Added by Nicolas CHARLES 6 months ago

Fixes #10711: Improve generated inventory checks when inventory is missing

History

#1 Updated by Janos Mattyasovszky 7 months ago

This could be "quickly" worked around if using length to check if it's zero and not define it then.

#2 Updated by Janos Mattyasovszky 7 months ago

This patch helped me (it would obviously needed to be patched in the .st not the .cf):

--- fusionAgent.cf.orig 2017-05-05 13:46:06.121623362 +0200
+++ fusionAgent.cf      2017-05-05 13:29:21.043705057 +0200
@@ -530,6 +530,7 @@
 {
   vars:
       "inventory_file" slist => findfiles("${g.rudder_var_tmp}/inventory/*.ocs");
+      "inventory_file_count" int => length("inventory_file");
     !windows.has_rudder_perl::
       "perl_command" string => "/opt/rudder/bin/perl -I /opt/rudder/lib/perl5";
     !windows.!has_rudder_perl::
@@ -538,7 +539,7 @@
       "perl_command" string => "C:\Program Files\FusionInventory-Agent\perl\bin\perl.exe";

   classes:
-      "inventory_file_exist" expression => filesexist("@{inventory_file}");
+      "inventory_file_exist" expression => isgreaterthan("${inventory_file_count}", "0");
       "has_rudder_perl" expression => fileexists("/opt/rudder/bin/perl");
     pass1.inventory_file_exist.!windows::
       "inventory_valid" expression => returnszero("${perl_command} ${this.promise_dirname}/test-inventory.pl ${inventory_file}", "noshell"),

#3 Updated by Janos Mattyasovszky 7 months ago

  • Description updated (diff)

#4 Updated by François ARMAND 6 months ago

  • Severity set to Major - prevents use of part of Rudder | no simple workaround
  • User visibility set to Getting started - demo | first install | level 1 Techniques
  • Effort required set to Very Small
  • Priority changed from 0 to 72

#5 Updated by Nicolas CHARLES 6 months ago

  • Related to Bug #10753: No generation of inventory at installation added

#6 Updated by Nicolas CHARLES 6 months ago

  • Assignee set to Nicolas CHARLES
  • Target version set to 4.0.6

#7 Updated by Nicolas CHARLES 6 months ago

  • Status changed from New to In progress

#8 Updated by Nicolas CHARLES 6 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/1146

#9 Updated by Nicolas CHARLES 6 months ago

  • Status changed from Pending technical review to New
  • Assignee deleted (Benoît PECCATTE)

Fix was not for the explained issue

#10 Updated by Vincent MEMBRÉ 6 months ago

  • Target version changed from 4.0.6 to 4.0.7

#11 Updated by Vincent MEMBRÉ 6 months ago

  • Subject changed from Inventory created even if inventory_path not defined to Improve generated inventory checks when inventory is missing

The fix provided in #10774 should prevent that bug to happen in most cases.

We decided to keep that issue to improve the way we check that the generated inventory is correct!

#12 Updated by Benoît PECCATTE 6 months ago

  • Assignee set to Nicolas CHARLES
  • User visibility changed from Getting started - demo | first install | level 1 Techniques to Operational - other Techniques | Technique editor | Rudder settings
  • Priority changed from 72 to 54

#13 Updated by Nicolas CHARLES 6 months ago

  • Status changed from New to In progress

#14 Updated by Nicolas CHARLES 6 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Benoît PECCATTE
  • Pull Request changed from https://github.com/Normation/rudder-techniques/pull/1146 to https://github.com/Normation/rudder-techniques/pull/1148

#15 Updated by Nicolas CHARLES 6 months ago

  • Status changed from Pending technical review to Pending release

#16 Updated by Alexis MOUSSET 5 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.0.7 which was released today.

Also available in: Atom PDF