Merge pull request #952 from peckpeck/bug_7091/the_uuid_in_the_promis…

…es_and_the_uuid_in_opt_rudder_etc_uuid_hive_may_be_out_of_sync_and_chaos_and_sadness_follows Fixes #7091: The uuid in the promises and the uuid in /opt/rudder/etc/uuid.hive may be out of sync, and chaos and sadness follows
Normation · May 27, 2016 · cb2499d · cb2499d
2 parents d5db27d + 89f25f9
commit cb2499d
Show file tree

Hide file tree

Showing 6 changed files with 38 additions and 45 deletions.
diff --git a/initial-promises/node-server/common/1.0/update.cf b/initial-promises/node-server/common/1.0/update.cf
@@ -340,6 +340,20 @@ bundle agent update_reports
 
 }
 
+#######################################################
+# UUID file checking
+
+bundle agent check_uuid
+{
+  classes:
+    # Abort if no uuid is defined
+    "should_not_continue" expression => "no_uuid";
+    "no_uuid" not => fileexists("${g.uuid_file}");
+
+  reports:
+    no_uuid::
+      "FATAL: The UUID file ${g.uuid_file} is missing. Please run check-rudder-agent to generate a new one or restore it from a backup.";
+}
 
 ############################################
 body classes outcome(x)

diff --git a/initial-promises/node-server/failsafe.cf b/initial-promises/node-server/failsafe.cf
@@ -23,7 +23,7 @@
 body common control
 
 {
-        bundlesequence => { "init_files", "update" };
+        bundlesequence => { "check_uuid", "init_files", "update" };
 
         inputs => { "common/1.0/update.cf" };
         output_prefix => "rudder";
@@ -95,8 +95,6 @@ bundle common rudder_roles
 {
 
   classes:
-        # Abort if no uuid is defined
-      "should_not_continue" not => fileexists("${g.uuid_file}");
         # Policy Server is a machine which delivers promises
       "policy_server" expression => strcmp("root","${g.uuid}");
         # Root Server is the top policy server machine

diff --git a/initial-promises/node-server/promises.cf b/initial-promises/node-server/promises.cf
@@ -39,10 +39,6 @@ bundle common rudder_roles
 
     any::
       "uuid" string => readfile("${uuid_file}", 60);
-
-  classes:
-        # Abort if no uuid is defined
-      "should_not_continue" not => fileexists("${uuid_file}");
 }
 
 body common control
@@ -78,7 +74,7 @@ bundle common va
      };
 
     !policy_server::
-      "bs" slist => { "startExecution", "check_disable_agent", "update", "internal_security", "process_matching", "check_cf_processes", "check_cron_daemon", "garbage_collection", "check_binaries_freshness"
+      "bs" slist => { "startExecution", "check_disable_agent", "update", "internal_security", "process_matching", "check_cf_processes", "check_uuid", "check_cron_daemon", "garbage_collection", "check_binaries_freshness"
      };
 
       "inputs_list" slist => {
@@ -349,21 +345,6 @@ bundle agent check_cf_processes
 
 }
 
-#######################################################
-# UUID file enforcing
-
-bundle agent check_uuid
-{
-  files:
-      "${g.uuid_file}"
-        create    => "true",
-        edit_line => enforce_content("${g.uuid}"),
-        edit_defaults => noempty_backup,
-        perms => m("644"),
-        comment => "Setting the uuid variable in a machine";
-
-}
-
 #######################################################
 # Check if the cron daemon is running
 # This only works with unix flavoured systems too

diff --git a/techniques/system/common/1.0/failsafe.st b/techniques/system/common/1.0/failsafe.st
@@ -22,7 +22,7 @@
 
 body common control
 {
-        bundlesequence     => { "init_files", "update" };
+        bundlesequence     => { "check_uuid", "init_files", "update" };
 
         inputs             => { "common/1.0/update.cf" };
         output_prefix      => "rudder";
@@ -54,6 +54,7 @@ bundle common g
       "rudder_base_sbin"         string => "${rudder_base}/sbin"; #folder where tools are installed
       "rudder_tools"             string => "${rudder_var}/tools";
       "rudder_ncf"               string => "${rudder_var}/ncf";
+      "uuid_file"                string => "${rudder_base}/etc/uuid.hive";
 
 &if(NOVA)&
     windows::
@@ -63,10 +64,11 @@ bundle common g
       "rudder_sbin"              string => "${rudder_base}\sbin";
       "rudder_tools"             string => "${rudder_sbin}";
       "rudder_ncf"               string => "${rudder_var}\ncf";
+      "uuid_file"                string => "${rudder_base}\etc\uuid.hive";
 &endif&
 
     any::
-      "uuid"                     string => "&UUID&";
+      "uuid"                     string => readfile("${g.uuid_file}", 60);
       "excludedreps"             slist  => { "\.X11", ".*kde.*", "\.svn", "perl" };
       "rudder_tools_origin"      string => "/var/rudder/tools";
       "rudder_ncf_origin_common" string => "/usr/share/ncf/tree";
@@ -93,8 +95,6 @@ bundle common g
 bundle common rudder_roles
 {
   classes:
-      # Abort if no uuid is defined
-      "should_not_continue" not        => fileexists("${g.uuid_file}");
       # Policy Server is a machine which delivers promises
       "policy_server"       expression => strcmp("root","${g.uuid}");
       # Root Server is the top policy server machine

diff --git a/techniques/system/common/1.0/promises.st b/techniques/system/common/1.0/promises.st
@@ -168,9 +168,6 @@ bundle common rudder_roles
 {
 
   classes:
-      # Abort if no uuid is defined
-      "should_not_continue" not => fileexists("${g.uuid_file}");
-
       # Policy Server is a machine which delivers promises
       "policy_server" expression => strcmp("root","${g.uuid}");
       # Root Server is the top policy server machine
@@ -428,20 +425,6 @@ bundle agent check_cf_processes
 
 }
 
-#######################################################
-# UUID file enforcing
-
-bundle agent check_uuid
-{
-  files:
-      "${g.uuid_file}"
-        create        => "true",
-        edit_line     => enforce_content("${g.uuid}"),
-        edit_defaults => noempty_backup,
-        perms         => m("644"),
-        comment       => "Setting the uuid variable in a machine";
-}
-
 
 #######################################################
 # Check the log system, and configure it accordingly

diff --git a/techniques/system/common/1.0/update.st b/techniques/system/common/1.0/update.st
@@ -98,7 +98,7 @@ bundle common server_info
 {
   vars:
     any::
-      "policy_files" string => "/var/rudder/share/&UUID&";   #directory where to look for promises in the server for that client
+      "policy_files" string => "/var/rudder/share/${g.uuid}";   #directory where to look for promises in the server for that client
 
       "policy_server_file"
         string  => translatepath("${sys.workdir}/policy_server.dat"),
@@ -349,6 +349,23 @@ bundle agent update_reports
 
 }
 
+#######################################################
+# UUID file checking
+
+bundle agent check_uuid
+{
+  classes:
+    # Abort if no uuid is defined
+    "should_not_continue" expression => "wrong_uuid|no_uuid";
+    "wrong_uuid" not => strcmp("&UUID&", "${g.uuid}");
+    "no_uuid" not => fileexists("${g.uuid_file}");
+
+  reports:
+    wrong_uuid::
+      "FATAL: The UUID in ${g.uuid_file} (${g.uuid}) doesn't match the UUID recorded for this node in your Rudder server (&UUID&)";
+    no_uuid::
+      "FATAL: The UUID file ${g.uuid_file} is missing. Please run check-rudder-agent to generate a new one or restore it from a backup.";
+}
 
 ############################################
 body classes outcome(x)