Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Matthew Frost
    @mattronix
    :(
    any ideas on how i could fix this one
    Alexis Mousset
    @amousset
    Could you send me a failing update log? (rudder agent update -v)? (at amo@rudder.io)
    FYI the ncf/50_techniques folder should not be downloaded, and there should be an exclusion, which seems to fail for some reason. We say it happen on 5.1 (still in dev), but though it was due to changes we were making.
    Matthew Frost
    @mattronix
    ah ok
    feri1919
    @feri1919
    Hi,
    is there any way to check keyfiles /var/rudder/cfengine-community/ppkeys/localhost.{pub,priv}
    ?
    e.g.: whether they are valid and matching
    Francois Armand
    @fanf
    hello @feri1919
    you mean if the public key matches the private one ? Or do you mean if the couple one an agent agree with the known public key on the server ?
    feri1919
    @feri1919

    i'm getting the following error message from rudder master:

    Error when trying to check inventory
    signature <- Key '-----BEGIN RSA PUBLIC KEY-----
    ...
    -----END RSA PUBLIC KEY-----' cannot be parsed as a public key

    Francois Armand
    @fanf
    @feri1919 ok, rudder seems to be lying. Is this on Rudder 4.1.7? Is this for all nodes, and if so, since when? Or just a new node ?
    feri1919
    @feri1919
    yes this is 4.1.7
    this was for a specific node on prev. weekend
    the host was re-installed to sles12sp2(from sles11) and the old cf-keys(that were used for agent v2.11.13) were re-used on rudder-agent 4.1.10
    could this be a problem to re-use the old keys?
    feri1919
    @feri1919
    *that the old keys were re-used?
    Francois Armand
    @fanf
    I don't think so
    well, in all cases, rudder shouldn't report that the PEM is invalid if it was previously
    node uuid and hostname didn't change?
    feri1919
    @feri1919
    the node uuid and hostname did not change at all
    however, the node was connecting to the old master(version 3.1.17) and added to the new master(version 4.1.7) after reinstalled to sles12sp2
    peckpeck
    @peckpeck
    where does this error happen ? in the webapp logs ? during an agent run ?
    feri1919
    @feri1919
    [2019-07-26 22:52:07] ERROR com.normation.rudder.domain.nodes.NodeInfo - Error when trying to get the CFEngine-MD5 digest of CFEngine public key for node ... <- problem extracting key: java.lang.IllegalArgumentException: failed to construct sequence from byte[]: corrupted stream - out of bounds length found
    yes in the webapp log
    peckpeck
    @peckpeck
    does the data between the ----BEGIN RSA PUBLIC KEY----- look like usual base64 to you ?
    feri1919
    @feri1919
    yes
    peckpeck
    @peckpeck
    the keys in the agent are standard openssl keys, so you may be able to check them using openssl, for example https://kb.wisc.edu/page.php?id=4064
    feri1919
    @feri1919
    i don't know the passphrase of it
    openssl rsa -noout -text -in localhost.priv
    Enter pass phrase for localhost.priv:
    peckpeck
    @peckpeck
    the passphrase is "Cfengine passphrase" without the quotes
    feri1919
    @feri1919
    thanks :)
    the private key seems to be ok
    but i get another public key using comand
    openssl rsa -in localhost.priv -pubout
    Enter pass phrase for localhost.priv:
    peckpeck
    @peckpeck
    ok, so it seems that the keys are messed up
    i'd say replace the public one and re run an incentory
    feri1919
    @feri1919
    ok, thanks
    peckpeck
    @peckpeck
    did you fix your problem or are you waiting ?
    feri1919
    @feri1919
    i'm waiting for you to analyze the keys/inventories in ticket 10928
    Waccabac
    @Waccabac_twitter
    Hi !
    Alexis Mousset
    @amousset
    Hi @Waccabac_twitter !
    Waccabac
    @Waccabac_twitter
    :)
    I have a problem with a node
    I rename his hostname
    and rudder agent update, failed
    I have remove the node from rudder and reinit the node agent
    Fdall
    @Fdall
    How did you change the hostname ?
    Waccabac
    @Waccabac_twitter
    Ok, the iptable on the rudder server apply with delayed time
    it solve
    :)
    Waccabac
    @Waccabac_twitter
    Je viens de mettre rudder dans mon nouveau boulot, les modifications pour les clefs SSH c'est top !