Rudder: cannot update policies

Question

When I try to update policies in an agent, this error pops up:

Failed to canonicalise filename '/var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f/rules/cfengine-community/rudder_promises_generated' (realpath: No such file or directory)

Looking into the logs of the conection using the server debug (rudder server debug 10.222.111.38), I figured out that the directory that Rudder creates for the agent is /var/rudder/share/6149530e-db36-49d3-81da-ed3c450ce692 not /var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f, and that is the cause of the error. Here are the logs:

rudder  verbose:        Path: /var/rudder/share/6149530e-db36-49d3-81da-ed3c450ce692
rudder  verbose:                maproot user: rudder\-agent,
rudder  verbose:                maproot user: 10.222.111.38,
rudder  verbose:                admit: rudder\-agent
rudder  verbose:                admit: 10.222.111.38
rudder  verbose:        Path: /var/rudder/shared-files/6149530e-db36-49d3-81da-ed3c450ce692
rudder  verbose:                maproot user: rudder\-agent,
rudder  verbose:                maproot user: 10.222.111.38,
rudder  verbose:                admit: rudder\-agent
rudder  verbose:                admit: 10.222.111.38
rudder  verbose:        Path: /var/rudder/share/root
rudder  verbose:                maproot user: rudder\-server,
rudder  verbose:                maproot user: 127.0.0.1,
rudder  verbose:                admit: rudder\-server
rudder  verbose:                admit: 127.0.0.1
rudder  verbose:        Path: /var/rudder/shared-files/root
rudder  verbose:                maproot user: rudder\-server,
rudder  verbose:                maproot user: 127.0.0.1,
rudder  verbose:                admit: rudder\-server
rudder  verbose:                admit: 127.0.0.1
rudder  verbose:        Path: /opt/rudder/bin/rudder
rudder  verbose:                admit: 127\.0\.0\.1
rudder  verbose:                admit: 127.0.0.1
rudder  verbose:        Path: /var/rudder/configuration-repository/ncf/50_techniques
rudder  verbose:                deny: .*
rudder  verbose:  === END summary of access promises ===
rudder  verbose: Setting minimum acceptable TLS version: 1.0
rudder  verbose: Setting cipher list for incoming TLS connections to: AES256-GCM-SHA384:AES256-SHA
rudder  verbose: Listening for connections on socket descriptor 6 ...
  notice: Server is starting...
rudder  verbose: Obtained IP address of '10.222.111.38' on socket 7 from accept
rudder  verbose: New connection (from 10.222.111.38, sd 7), spawning new thread...
rudder     info: 10.222.111.38> Accepting connection
rudder  verbose: 10.222.111.38> Setting socket timeout to 600 seconds.
rudder  verbose: 10.222.111.38> Peeked nothing important in TCP stream, considering the protocol as TLS
rudder  verbose: 10.222.111.38> TLS version negotiated:  TLSv1.2; Cipher: AES256-GCM-SHA384,TLSv1/SSLv3
rudder  verbose: 10.222.111.38> TLS session established, checking trust...
rudder  verbose: 10.222.111.38> Setting IDENTITY: USERNAME=root
rudder  verbose: 10.222.111.38> Received public key compares equal to the one we have stored
rudder  verbose: 10.222.111.38> MD5=4351d487036501cf202cf4ecb594e50f: Client is TRUSTED, public key MATCHES stored one.
rudder     info: 10.222.111.38> Hostname (reverse looked up): rudder-agent
rudder  verbose: 10.222.111.38>      Received:    STAT /var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f/rules/cfengine-community/rudder_promises_generated
rudder     info: 10.222.111.38> Failed to canonicalise filename '/var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f/rules/cfengine-community/rudder_promises_generated' (realpath: No such file or directory)
rudder  verbose: 10.222.111.38> REFUSAL to user='root' of request: SYNCH 1492714371 STAT /var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f/rules/cfengine-community/rudder_promises_generated
rudder  verbose: 10.222.111.38>      Received:    STAT /var/rudder/tools/rudder_tools_updated
rudder  verbose: 10.222.111.38> Translated to:    STAT /var/rudder/tools/rudder_tools_updated
rudder  verbose: 10.222.111.38>      Received:     MD5 /var/rudder/tools/rudder_tools_updated
rudder  verbose: 10.222.111.38> Translated to:     MD5 /var/rudder/tools/rudder_tools_updated
rudder  verbose: 10.222.111.38> Remote peer terminated TLS session (SSL_read)
rudder     info: 10.222.111.38> Closing connection, terminating thread

So, what could be causing this behaivor?.

I'm running Rudder 4.1 on Ubuntu 12.04.

Regards, Joaquín Silva

score 1 · Accepted Answer · edited Apr 21 '17 at 12:30

It looks like the id of the node has changed (was 6149530e-db36-49d3-81da-ed3c450ce692 and is now 0f546498-93eb-41fc-835e-111045a7971f).

Either you reinstalled the node or run a rudder reinit (the id of the node is located in file /opt/rudder/etc/uuid.hive).

Two ways to fix this:

The easiest one, Remove the Node from Rudder, run rudder agent inventory on the Node then wait for the new Node to appear in "Accept new Nodes" page and accept it. You need to do that because for rudder, it is a different node and the old one doesn't exist anymore.

The other way is to change the value in uuid.hive file to the old one (so 6149530e-db36-49d3-81da-ed3c450ce692) but that may not be enough because the agent key may have change. You should not do that, thought, unless you changed the uuid.hive content and this is what caused the error you are now seing.

Rudder: cannot update policies

1 Answers1