0

I've installed Rudder-server on a debian buster container, the software works fine : every services rudder-* have active status without error and I can access the web interface. The debug rudder script show no error. The problem is my Rudder-server never receive pending Nodes request. I've installed Rudder-agent on a different container, the service works fine but every time I try to update this agent I have the folowing messages :

root@test-pour-rudder:~# rudder agent info
Hostname: test-pour-rudder.domain.lan
UUID: 2faXXXXXXXXXXXXXXXXXXXXXXXX
Key hash:
Certificate creation: May 19 12:51:30 2021 GMT
Certificate expiration: May 17 12:51:30 2031 GMT
Certificate fingerprint: XX:XX:XX:XX:XX:XX:XX:XX
Policy server: 192.168.0.35
Roles: rudder-agent
Run interval: 5 min
Agent is enabled
Agent is not forced in audit mode
Policy updated: Not yet updated
Inventory sent: Not yet sent
Version: Rudder agent 6.2.7-debian10
root@test-pour-rudder:~# rudder agent update
   error: There is no readable input file at '/var/rudder/cfengine-community/inputs/failsafe.cf'. (stat: No such file or directory)
   error: Error reading CFEngine policy. Exiting...

error: Rudder agent policies could not be updated.

Also, the rudder-agent of the rudder-server works fine, I receive its report and it is visible in the "Nodes" Section. There isn't firewall rules on this server, every port is open.

I did a lot of research for this error and it seems to appear when your agent is not yet accepted by the rudder-server, which is normal. But absolutely no server appears in my "pending node" page in the web interface, I can't accept any Nodes. Also, the following folders are empty :

/var/rudder/inventories/failed/
/var/rudder/inventories/incoming/
/var/rudder/inventories/debug/

which confirm the fact that the rudder-server doesn't receive any information from other rudder-agent.

My configuration :

  • Debian 10 Proxmox Server 6.3-3
  • 192.168.0.35 : Rudder-Server-root in a container : Debian 10, priviledge container and nesting option enable
  • 192.168.2.88 : Rudder-agent in another container : Debian 10, priviledge container

The allowed subnets in rudder web interface (general configuration) :

  • 192.168.0.42/23
  • 192.168.2.0/24
  • 192.168.1.0/24
  • 192.168.0.0/24

I've already tried to change the subnet or ip adress of the instance with rudder-agent, still not working.

Also, this proxmox server is a test server we often use at work, there is several containers on it for other purpose and they work fine.

Any idea to what could cause this problem ? Or do you know other tests I could do to find the problem ?

Matias V
  • 41
  • 6

2 Answers2

2

Before being able to update the policies you indeed need to get the first inventory on the server. The first step to check is if the inventory actually works locally on your node with:

# -i will give more information in case it doesn't work
rudder agent inventory -i

If the inventory creation works but upload fails (with a curl error) then you can check the apache logs on your Rudder server (in /var/log/rudder/apache2).

Alexis Mousset
  • 81
  • 3
  • Thank for your answer, the inventory doesn't show more information than what I've listed before, the inventory fail with the same two error messages. I've looked in the apache logs and I have only one message : ```AH01906: rudder-v3.XXXdomain.lan:443:0 server certificate is a CA certificate (BasicConstrainCA == TRUE !?)``` I'm going to try to update or change the certificate. Thanks for the advice ! – Matias V Jun 07 '21 at 13:43
0

The problem seems to have resolved itself, after three month with this server shutdown, I've started it and everything worked fine. I haven't done any update nor change any parameters, guess I needed to be patient.

Matias V
  • 41
  • 6