Project

General

Profile

Bug #11168

Search believe that CFEngine agents with "dsc" in their keys are also DSC agent

Added by François ARMAND about 1 year ago. Updated 10 months ago.

Status:
Released
Priority:
N/A
Category:
Web - Config management
Target version:
Target version (plugin):
Severity:
Major - prevents use of part of Rudder | no simple workaround
User visibility:
Operational - other Techniques | Technique editor | Rudder settings
Effort required:
Priority:
50

Description

Create an CFEngine agent with a key containing DSC, for ex. one with the following content for 'agentName' attribute:

{"agentType":"cfengine-community","version":"4.2.0.beta2-1.EL.7","securityToken":{"value":"-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEAyXUx8lDOtFca/aDLME1EAtvu9NhLWR74Q5jxnyUii8JujMKqv7Xk\nnsTAa2ivfopbzhNRMLsUPRkYSJEi3w0gBe2iQ9S39oXiiUUTozbV2GpOXQNLOERy\nWMol3ozsJXOuA5/2FtkvW3UxxMCfq2OPEF8Qqg3vfzBRZga5QtKGmSHMpFEDbOxn\nOUzSzN+MFSv9EGY18X61K2/+eicwCvAX9bhLapJcZf/4aIitsYKSsnQEmmR3Ae78\n6SMhDCtvJCjnt/6Pw2MI6F/0tC3xi1dQyXVcGlM8AoPKvHLv7Xmp8wrr0WEyuJlF\nYE6NrACm2kLui+FWDn0xhfm6PXGJYdSCqwIDAQAB\n-----END RSA PUBLIC KEY-----","type":"publicKey"}}

That agent will be found when looking for "agent -> DSC"

{"select":"nodeAndPolicyServer","composition":"And","where":[{"objectType":"node","attribute":"agentName","comparator":"eq","value":"dsc"}]}

Obviously, the search need to only look for the value for key agentType. This is certainly a problem with the JSON search, so referencing #10599 and more specially #10570


Add

Subtasks

Bug #11634: CFEngine agent are not more matched after parent-ticket correctionReleasedFrançois ARMAND
Bug #11646: Query to search Only Rudder-agent or cfengine-community only does not matchReleasedFrançois ARMAND

Add

Related issues

Related to Rudder - Bug #10599: Impossible to search or build groups based on JSON values in node propertiesReleasedDelete relation
Related to Rudder - Bug #11583: Rudder creates DSC based group and rules and breaks policy generationReleasedDelete relation

Associated revisions

Revision bd64dbe2 (diff)
Added by Vincent MEMBRÉ 10 months ago

Fixes #11168: Search believe that CFEngine agents with \"dsc\" in their keys are also DSC agent

Revision 3addcddc (diff)
Added by Vincent MEMBRÉ 10 months ago

Fixes #11168: Search believe that CFEngine agents with \"dsc\" in their keys are also DSC agent

History

#1 Updated by François ARMAND about 1 year ago

The proposed criticity is because it can put nodes in incorrect groups, and the user can't do anything about it. This is very bad. And it can happen in the first demo without chance.

#2 Updated by Benoît PECCATTE about 1 year ago

  • Severity set to Major - prevents use of part of Rudder | no simple workaround
  • User visibility set to Operational - other Techniques | Technique editor | Rudder settings
  • Priority changed from 0 to 52

#3 Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 3.1.22 to 3.1.23

#4 Updated by Vincent MEMBRÉ 12 months ago

  • Target version changed from 3.1.23 to 3.1.24
  • Priority changed from 52 to 51

#5 Updated by François ARMAND 11 months ago

  • Related to Bug #10599: Impossible to search or build groups based on JSON values in node properties added

#6 Updated by Vincent MEMBRÉ 11 months ago

  • Status changed from New to In progress
  • Assignee changed from François ARMAND to Vincent MEMBRÉ

#7 Updated by Vincent MEMBRÉ 11 months ago

  • Target version changed from 3.1.24 to 4.2.1

#8 Updated by Vincent MEMBRÉ 11 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Vincent MEMBRÉ to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/1752

#9 Updated by François ARMAND 11 months ago

  • Related to Bug #11583: Rudder creates DSC based group and rules and breaks policy generation added

#10 Updated by François ARMAND 11 months ago

  • Priority changed from 51 to 50

If you don't have any windows node and you hit #11583 because of that problem, you can execute that command on the Rudder server - note that you will need to execute it again after each Rudder restart:

ldapmodify -xc -H ldap://localhost:389 -D "cn=manager, cn=rudder-configuration" -w $(cat /opt/rudder/etc/rudder-passwords.conf | grep BIND_PASS | cut -d':' -f2) << EOF
dn: nodeGroupId=all-nodes-with-dsc-agent,groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration
changetype: modify
replace: isDynamic
isDynamic: FALSE
-
delete: nodeId
-
EOF

#11 Updated by Vincent MEMBRÉ 10 months ago

  • Status changed from Pending technical review to Pending release

#12 Updated by Vincent MEMBRÉ 10 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.2.1 which was released today.

Also available in: Atom PDF