Project

General

Profile

Bug #11168

Search believe that CFEngine agents with "dsc" in their keys are also DSC agent

Added by François ARMAND 5 months ago. Updated about 1 month ago.

Status:
Released
Priority:
N/A
Category:
Web - Config management
Target version:
Target version (plugin):
Severity:
Major - prevents use of part of Rudder | no simple workaround
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
50

Description

Create an CFEngine agent with a key containing DSC, for ex. one with the following content for 'agentName' attribute:

{"agentType":"cfengine-community","version":"4.2.0.beta2-1.EL.7","securityToken":{"value":"-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEAyXUx8lDOtFca/aDLME1EAtvu9NhLWR74Q5jxnyUii8JujMKqv7Xk\nnsTAa2ivfopbzhNRMLsUPRkYSJEi3w0gBe2iQ9S39oXiiUUTozbV2GpOXQNLOERy\nWMol3ozsJXOuA5/2FtkvW3UxxMCfq2OPEF8Qqg3vfzBRZga5QtKGmSHMpFEDbOxn\nOUzSzN+MFSv9EGY18X61K2/+eicwCvAX9bhLapJcZf/4aIitsYKSsnQEmmR3Ae78\n6SMhDCtvJCjnt/6Pw2MI6F/0tC3xi1dQyXVcGlM8AoPKvHLv7Xmp8wrr0WEyuJlF\nYE6NrACm2kLui+FWDn0xhfm6PXGJYdSCqwIDAQAB\n-----END RSA PUBLIC KEY-----","type":"publicKey"}}

That agent will be found when looking for "agent -> DSC"

{"select":"nodeAndPolicyServer","composition":"And","where":[{"objectType":"node","attribute":"agentName","comparator":"eq","value":"dsc"}]}

Obviously, the search need to only look for the value for key agentType. This is certainly a problem with the JSON search, so referencing #10599 and more specially #10570


Subtasks

Bug #11634: CFEngine agent are not more matched after parent-ticket correctionReleasedFrançois ARMAND

Bug #11646: Query to search Only Rudder-agent or cfengine-community only does not matchReleasedFrançois ARMAND


Related issues

Related to Rudder - Bug #10599: Impossible to search or build groups based on JSON values in node properties Released
Related to Rudder - Bug #11583: Rudder creates DSC based group and rules and breaks policy generation Released

Associated revisions

Revision bd64dbe2
Added by Vincent MEMBRÉ 2 months ago

Fixes #11168: Search believe that CFEngine agents with \"dsc\" in their keys are also DSC agent

History

#1 Updated by François ARMAND 5 months ago

The proposed criticity is because it can put nodes in incorrect groups, and the user can't do anything about it. This is very bad. And it can happen in the first demo without chance.

#2 Updated by Benoît PECCATTE 4 months ago

  • Severity set to Major - prevents use of part of Rudder | no simple workaround
  • User visibility set to Operational - other Techniques | Technique editor | Rudder settings
  • Priority changed from 0 to 52

#3 Updated by Vincent MEMBRÉ 4 months ago

  • Target version changed from 3.1.22 to 3.1.23

#4 Updated by Vincent MEMBRÉ 3 months ago

  • Target version changed from 3.1.23 to 3.1.24
  • Priority changed from 52 to 51

#5 Updated by François ARMAND 2 months ago

  • Related to Bug #10599: Impossible to search or build groups based on JSON values in node properties added

#6 Updated by Vincent MEMBRÉ 2 months ago

  • Status changed from New to In progress
  • Assignee changed from François ARMAND to Vincent MEMBRÉ

#7 Updated by Vincent MEMBRÉ 2 months ago

  • Target version changed from 3.1.24 to 4.2.1

#8 Updated by Vincent MEMBRÉ 2 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Vincent MEMBRÉ to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/1752

#9 Updated by François ARMAND 2 months ago

  • Related to Bug #11583: Rudder creates DSC based group and rules and breaks policy generation added

#10 Updated by François ARMAND 2 months ago

  • Priority changed from 51 to 50

If you don't have any windows node and you hit #11583 because of that problem, you can execute that command on the Rudder server - note that you will need to execute it again after each Rudder restart:

ldapmodify -xc -H ldap://localhost:389 -D "cn=manager, cn=rudder-configuration" -w $(cat /opt/rudder/etc/rudder-passwords.conf | grep BIND_PASS | cut -d':' -f2) << EOF
dn: nodeGroupId=all-nodes-with-dsc-agent,groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration
changetype: modify
replace: isDynamic
isDynamic: FALSE
-
delete: nodeId
-
EOF

#11 Updated by Vincent MEMBRÉ 2 months ago

  • Status changed from Pending technical review to Pending release

#12 Updated by Vincent MEMBRÉ about 1 month ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.2.1 which was released today.

Also available in: Atom PDF