Leme: não é possível atualizar políticas

1

Quando tento atualizar políticas em um agente, esse erro aparece:

Failed to canonicalise filename '/var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f/rules/cfengine-community/rudder_promises_generated' (realpath: No such file or directory)

Examinando os logs da conexão usando a depuração do servidor ( rudder server debug 10.222.111.38 ), descobri que o diretório que o Rudder cria para o agente é /var/rudder/share/6149530e-db36-49d3-81da-ed3c450ce692 not /var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f e essa é a causa do erro. Aqui estão os logs:

rudder  verbose:        Path: /var/rudder/share/6149530e-db36-49d3-81da-ed3c450ce692
rudder  verbose:                maproot user: rudder\-agent,
rudder  verbose:                maproot user: 10.222.111.38,
rudder  verbose:                admit: rudder\-agent
rudder  verbose:                admit: 10.222.111.38
rudder  verbose:        Path: /var/rudder/shared-files/6149530e-db36-49d3-81da-ed3c450ce692
rudder  verbose:                maproot user: rudder\-agent,
rudder  verbose:                maproot user: 10.222.111.38,
rudder  verbose:                admit: rudder\-agent
rudder  verbose:                admit: 10.222.111.38
rudder  verbose:        Path: /var/rudder/share/root
rudder  verbose:                maproot user: rudder\-server,
rudder  verbose:                maproot user: 127.0.0.1,
rudder  verbose:                admit: rudder\-server
rudder  verbose:                admit: 127.0.0.1
rudder  verbose:        Path: /var/rudder/shared-files/root
rudder  verbose:                maproot user: rudder\-server,
rudder  verbose:                maproot user: 127.0.0.1,
rudder  verbose:                admit: rudder\-server
rudder  verbose:                admit: 127.0.0.1
rudder  verbose:        Path: /opt/rudder/bin/rudder
rudder  verbose:                admit: 127\.0\.0\.1
rudder  verbose:                admit: 127.0.0.1
rudder  verbose:        Path: /var/rudder/configuration-repository/ncf/50_techniques
rudder  verbose:                deny: .*
rudder  verbose:  === END summary of access promises ===
rudder  verbose: Setting minimum acceptable TLS version: 1.0
rudder  verbose: Setting cipher list for incoming TLS connections to: AES256-GCM-SHA384:AES256-SHA
rudder  verbose: Listening for connections on socket descriptor 6 ...
  notice: Server is starting...
rudder  verbose: Obtained IP address of '10.222.111.38' on socket 7 from accept
rudder  verbose: New connection (from 10.222.111.38, sd 7), spawning new thread...
rudder     info: 10.222.111.38> Accepting connection
rudder  verbose: 10.222.111.38> Setting socket timeout to 600 seconds.
rudder  verbose: 10.222.111.38> Peeked nothing important in TCP stream, considering the protocol as TLS
rudder  verbose: 10.222.111.38> TLS version negotiated:  TLSv1.2; Cipher: AES256-GCM-SHA384,TLSv1/SSLv3
rudder  verbose: 10.222.111.38> TLS session established, checking trust...
rudder  verbose: 10.222.111.38> Setting IDENTITY: USERNAME=root
rudder  verbose: 10.222.111.38> Received public key compares equal to the one we have stored
rudder  verbose: 10.222.111.38> MD5=4351d487036501cf202cf4ecb594e50f: Client is TRUSTED, public key MATCHES stored one.
rudder     info: 10.222.111.38> Hostname (reverse looked up): rudder-agent
rudder  verbose: 10.222.111.38>      Received:    STAT /var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f/rules/cfengine-community/rudder_promises_generated
rudder     info: 10.222.111.38> Failed to canonicalise filename '/var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f/rules/cfengine-community/rudder_promises_generated' (realpath: No such file or directory)
rudder  verbose: 10.222.111.38> REFUSAL to user='root' of request: SYNCH 1492714371 STAT /var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f/rules/cfengine-community/rudder_promises_generated
rudder  verbose: 10.222.111.38>      Received:    STAT /var/rudder/tools/rudder_tools_updated
rudder  verbose: 10.222.111.38> Translated to:    STAT /var/rudder/tools/rudder_tools_updated
rudder  verbose: 10.222.111.38>      Received:     MD5 /var/rudder/tools/rudder_tools_updated
rudder  verbose: 10.222.111.38> Translated to:     MD5 /var/rudder/tools/rudder_tools_updated
rudder  verbose: 10.222.111.38> Remote peer terminated TLS session (SSL_read)
rudder     info: 10.222.111.38> Closing connection, terminating thread

Então, o que poderia estar causando esse comportamento?

Estou usando o Rudder 4.1 no Ubuntu 12.04.

Atenciosamente, Joaquín Silva

    
por Joaquín Silva 20.04.2017 / 21:40

1 resposta

1

Parece que o id do nó foi alterado (era 6149530e-db36-49d3-81da-ed3c450ce692 e agora é 0f546498-93eb-41fc-835e-111045a7971f ).

Você reinstalou o nó ou executou uma reinicialização do leme (o id do nó está localizado no arquivo /opt/rudder/etc/uuid.hive).

Duas maneiras de corrigir isso:

O mais fácil, Remova o Nó do Leme, execute rudder agent inventory no Nó e espere que o novo Nó apareça na página "Aceitar Novos Nós" e aceite-o. Você precisa fazer isso porque, para o leme, é um nó diferente e o antigo não existe mais.

A outra maneira é alterar o valor do arquivo uuid.hive para o antigo (assim, 6149530e-db36-49d3-81da-ed3c450ce692 ), mas isso pode não ser suficiente, porque a chave do agente pode ter alteração. Você não deve fazer isso, pensou, a menos que você alterou o conteúdo uuid.hive e é isso que causou o erro que você está vendo agora.

    
por 21.04.2017 / 11:40

Tags