Rudder:无法更新政策

tag-icon tag-icon rudder
Rudder:无法更新政策

当我尝试更新代理中的策略时,弹出此错误:

Failed to canonicalise filename '/var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f/rules/cfengine-community/rudder_promises_generated' (realpath: No such file or directory)

使用服务器调试 () 查看连接的日志rudder server debug 10.222.111.38,我发现 Rudder 为代理创建的目录不是/var/rudder/share/6149530e-db36-49d3-81da-ed3c450ce692/var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f这就是错误的原因。以下是日志:

rudder  verbose:        Path: /var/rudder/share/6149530e-db36-49d3-81da-ed3c450ce692
rudder  verbose:                maproot user: rudder\-agent,
rudder  verbose:                maproot user: 10.222.111.38,
rudder  verbose:                admit: rudder\-agent
rudder  verbose:                admit: 10.222.111.38
rudder  verbose:        Path: /var/rudder/shared-files/6149530e-db36-49d3-81da-ed3c450ce692
rudder  verbose:                maproot user: rudder\-agent,
rudder  verbose:                maproot user: 10.222.111.38,
rudder  verbose:                admit: rudder\-agent
rudder  verbose:                admit: 10.222.111.38
rudder  verbose:        Path: /var/rudder/share/root
rudder  verbose:                maproot user: rudder\-server,
rudder  verbose:                maproot user: 127.0.0.1,
rudder  verbose:                admit: rudder\-server
rudder  verbose:                admit: 127.0.0.1
rudder  verbose:        Path: /var/rudder/shared-files/root
rudder  verbose:                maproot user: rudder\-server,
rudder  verbose:                maproot user: 127.0.0.1,
rudder  verbose:                admit: rudder\-server
rudder  verbose:                admit: 127.0.0.1
rudder  verbose:        Path: /opt/rudder/bin/rudder
rudder  verbose:                admit: 127\.0\.0\.1
rudder  verbose:                admit: 127.0.0.1
rudder  verbose:        Path: /var/rudder/configuration-repository/ncf/50_techniques
rudder  verbose:                deny: .*
rudder  verbose:  === END summary of access promises ===
rudder  verbose: Setting minimum acceptable TLS version: 1.0
rudder  verbose: Setting cipher list for incoming TLS connections to: AES256-GCM-SHA384:AES256-SHA
rudder  verbose: Listening for connections on socket descriptor 6 ...
  notice: Server is starting...
rudder  verbose: Obtained IP address of '10.222.111.38' on socket 7 from accept
rudder  verbose: New connection (from 10.222.111.38, sd 7), spawning new thread...
rudder     info: 10.222.111.38> Accepting connection
rudder  verbose: 10.222.111.38> Setting socket timeout to 600 seconds.
rudder  verbose: 10.222.111.38> Peeked nothing important in TCP stream, considering the protocol as TLS
rudder  verbose: 10.222.111.38> TLS version negotiated:  TLSv1.2; Cipher: AES256-GCM-SHA384,TLSv1/SSLv3
rudder  verbose: 10.222.111.38> TLS session established, checking trust...
rudder  verbose: 10.222.111.38> Setting IDENTITY: USERNAME=root
rudder  verbose: 10.222.111.38> Received public key compares equal to the one we have stored
rudder  verbose: 10.222.111.38> MD5=4351d487036501cf202cf4ecb594e50f: Client is TRUSTED, public key MATCHES stored one.
rudder     info: 10.222.111.38> Hostname (reverse looked up): rudder-agent
rudder  verbose: 10.222.111.38>      Received:    STAT /var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f/rules/cfengine-community/rudder_promises_generated
rudder     info: 10.222.111.38> Failed to canonicalise filename '/var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f/rules/cfengine-community/rudder_promises_generated' (realpath: No such file or directory)
rudder  verbose: 10.222.111.38> REFUSAL to user='root' of request: SYNCH 1492714371 STAT /var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f/rules/cfengine-community/rudder_promises_generated
rudder  verbose: 10.222.111.38>      Received:    STAT /var/rudder/tools/rudder_tools_updated
rudder  verbose: 10.222.111.38> Translated to:    STAT /var/rudder/tools/rudder_tools_updated
rudder  verbose: 10.222.111.38>      Received:     MD5 /var/rudder/tools/rudder_tools_updated
rudder  verbose: 10.222.111.38> Translated to:     MD5 /var/rudder/tools/rudder_tools_updated
rudder  verbose: 10.222.111.38> Remote peer terminated TLS session (SSL_read)
rudder     info: 10.222.111.38> Closing connection, terminating thread

那么,是什么原因导致了这种行为?

我在 Ubuntu 12.04 上运行 Rudder 4.1。

问候, Joaquín Silva

答案1

看起来节点的 id 已经改变(过去6149530e-db36-49d3-81da-ed3c450ce692和现在0f546498-93eb-41fc-835e-111045a7971f)。

您可以重新安装该节点或者运行 rudder reinit(节点的 id 位于文件 /opt/rudder/etc/uuid.hive 中)。

有两种方法可以解决此问题:

最简单的方法是从 Rudder 中移除节点,rudder agent inventory在节点上运行,然后等待新节点出现在“接受新节点”页面中并接受它。您需要这样做,因为对于 Rudder 来说,它是一个不同的节点,旧节点不再存在。

另一种方法是将 uuid.hive 文件中的值更改为旧值 (so 6149530e-db36-49d3-81da-ed3c450ce692),但这可能还不够,因为代理密钥可能已更改。但您不应该这样做,除非您更改了 uuid.hive 内容,而这正是导致您现在看到的错误的原因。

相关内容