Project

General

Profile

Bug #7288

Policy does not get deleted when changing relays

Added by Janos Mattyasovszky over 2 years ago. Updated about 1 month ago.

Status:
New
Priority:
N/A
Assignee:
-
Category:
Server components
Target version:
Target version (plugin):
Severity:
Minor - inconvenience | misleading | easy workaround
User visibility:
Infrequent - complex configurations | third party integrations
Effort required:
Pull Request:
Priority:
18

Description

Sometimes we re-balance and change the policy server (relay) a node is connected to.
I have noticed the old relay's policy for the nodes do not get removed then.

rudder-root:/var/rudder/share # ls -d /var/rudder/share/*/share/* | gawk -F/ '{print $NF}' | sort | uniq -c | grep -c -w 2
604

=> not a unique issue.

The date is also showing this:

drwx------ 3 root root 18 Sep 22 23:25 /var/rudder/share/9ee3f1c5-d83c-4daa-9465-2555476521fb/share/00208aa8-f4d1-11e4-b6d9-11cb081228de
drwxrwx--- 3 root root 18 Oct 17 22:38 /var/rudder/share/c49a0a1c-1100-11e5-9959-76b2081228de/share/00208aa8-f4d1-11e4-b6d9-11cb081228de
...
drwx------ 3 root root 18 Sep 23 00:00 /var/rudder/share/9ee3f1c5-d83c-4daa-9465-2555476521fb/share/0013855c-f377-11e4-b4af-33e8081228de
drwxrwx--- 3 root root 18 Oct 17 22:38 /var/rudder/share/78169036-10f9-11e5-b8f7-afb7081228de/share/0013855c-f377-11e4-b4af-33e8081228de

When a node changes the policy server, that policy server should get the node's folder removed.


Related issues

Related to Rudder - Bug #7751: When we delete a relay, all system groups and directive related to this relay are not deletedNew
Related to Rudder - Bug #8046: Change of Policy Server does not trigger a PolicyupdateRejected2016-03-08
Related to Rudder - Bug #9719: Node deletes are not properly cleaned upNew

History

#1 Updated by Janos Mattyasovszky over 2 years ago

  • Description updated (diff)

#2 Updated by Vincent MEMBRÉ over 2 years ago

  • Assignee set to Nicolas CHARLES

Thanks for reproting Janos!

You are right, the content of shared promises should only contains promises for nodes that are managed by this relay

Nicolas, what would be the easiest way to do this ?

#3 Updated by Jonathan CLARKE over 2 years ago

  • Assignee changed from Nicolas CHARLES to François ARMAND

François, I'm sure you have an idea about this? :)

#4 Updated by Janos Mattyasovszky over 2 years ago

How about detecting during the inventory processing, if it reports to a different policy server then known until now, and after a successful policy generation remove the old dir-tree below the old policy server?

I will work around it by a cronjob, some LDAP query, and checking all directory below the policy servers, if it's still valid.

Additional question: do the policies get deleted when I remove a node over GUI / API?

#5 Updated by François ARMAND over 2 years ago

I think we should "just" add the list of node managed by the relay in some accessible way on the relay, and a post-hook after promise transfert which will diff the managed node / actual directories present. The garbage collecting can be done asynchronously to avoid long processing time.

The proposed solution may imply more work to always calculate the list of nodes for a relay, not sure we have that information at all time.

Some more context information: we are not able to just remove all directories not updated on last promise transfert, because valid nodes may not have gotten updated policies on last round.

#6 Updated by François ARMAND about 2 years ago

  • Related to Bug #7751: When we delete a relay, all system groups and directive related to this relay are not deleted added

#7 Updated by François ARMAND about 2 years ago

  • Related to Bug #4709: When a node is deleted, its generated promises are not removed added

#8 Updated by François ARMAND about 2 years ago

OK, so it seems I misunderstood the root cause, and it should be in fact much easier than thought to correct.

The problem is that on the root server, we don't clean the deleted nodes, and so it is more linked to #4709 (kind of an amplificated version of it).

Nicolas, you had concerned about the following proposed solution. Does that still hold for relays ?

I put them back here:

- trigger a rm -rf ${nodeid} or something alike from rudder UI when a node is deleted;
- on each promise generation, delete all unknown files in /var/rudder/share to keep only existing nodes;
- have a cfengine (sytem) promise making the cleaning for us based on the list of all "currently valide node" (accepting that ${node_id_of_relay}/${node_id} is a valid one)

#9 Updated by François ARMAND about 2 years ago

  • Tags set to Next minor release

#10 Updated by Janos Mattyasovszky about 2 years ago

  • Related to Bug #8046: Change of Policy Server does not trigger a Policyupdate added

#11 Updated by Janos Mattyasovszky about 2 years ago

  • Related to deleted (Bug #8046: Change of Policy Server does not trigger a Policyupdate)

#12 Updated by François ARMAND about 2 years ago

  • Related to Bug #8046: Change of Policy Server does not trigger a Policyupdate added

#13 Updated by Benoît PECCATTE about 2 years ago

  • Target version set to 2.11.21

#14 Updated by Jonathan CLARKE about 2 years ago

  • Tags deleted (Next minor release)

#15 Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 2.11.21 to 2.11.22

#16 Updated by Vincent MEMBRÉ about 2 years ago

  • Target version changed from 2.11.22 to 2.11.23

#17 Updated by Vincent MEMBRÉ almost 2 years ago

  • Target version changed from 2.11.23 to 2.11.24

#18 Updated by Vincent MEMBRÉ almost 2 years ago

  • Target version changed from 2.11.24 to 308

#19 Updated by Vincent MEMBRÉ almost 2 years ago

  • Target version changed from 308 to 3.1.14

#20 Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 3.1.14 to 3.1.15

#21 Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 3.1.15 to 3.1.16

#22 Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 3.1.16 to 3.1.17

#23 Updated by Janos Mattyasovszky over 1 year ago

  • Related to Bug #9719: Node deletes are not properly cleaned up added

#24 Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 3.1.17 to 3.1.18

#25 Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 3.1.18 to 3.1.19

#26 Updated by Jonathan CLARKE over 1 year ago

  • Severity set to Minor - inconvenience | misleading | easy workaround
  • User visibility set to Infrequent - complex configurations | third party integrations

#27 Updated by Benoît PECCATTE about 1 year ago

  • Priority set to 5

#28 Updated by François ARMAND about 1 year ago

  • Related to deleted (Bug #4709: When a node is deleted, its generated promises are not removed)

#29 Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 3.1.19 to 3.1.20

#30 Updated by Jonathan CLARKE about 1 year ago

  • Assignee deleted (François ARMAND)

#31 Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 3.1.20 to 3.1.21

#32 Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 3.1.21 to 3.1.22

#33 Updated by Benoît PECCATTE 12 months ago

  • Priority changed from 5 to 18

#34 Updated by Vincent MEMBRÉ 11 months ago

  • Target version changed from 3.1.22 to 3.1.23

#35 Updated by Vincent MEMBRÉ 10 months ago

  • Target version changed from 3.1.23 to 3.1.24

#36 Updated by Vincent MEMBRÉ 8 months ago

  • Target version changed from 3.1.24 to 3.1.25

#37 Updated by Vincent MEMBRÉ 7 months ago

  • Target version changed from 3.1.25 to 387

#38 Updated by Vincent MEMBRÉ 6 months ago

  • Target version changed from 387 to 4.1.10

#39 Updated by Vincent MEMBRÉ 4 months ago

  • Target version changed from 4.1.10 to 4.1.11

#40 Updated by Vincent MEMBRÉ 2 months ago

  • Target version changed from 4.1.11 to 4.1.12

#41 Updated by Vincent MEMBRÉ about 1 month ago

  • Target version changed from 4.1.12 to 4.1.13

Also available in: Atom PDF