for issue https://issues.rudder.io/issues/20614
@lkoenen: thanks, @ncharles identified the problem. We will look how it can be corrected tomorrow. Thanks for reporting
@fanf42:matrix.org Hello, it seems that the workaround for LDAPS and RSA 1024 is not working :/
I tried to connect and I had the error message
I have 4 domain controllers so I think the test was OK with a DC with a good cert (with RSA 2048)
I tried to connect and I had the error message
... Algorithm constraints check failed on keysize limits: RSA 1024 bit key used with certificate ... . 7 minutes later I tried again and was able to login (same login and password)I have 4 domain controllers so I think the test was OK with a DC with a good cert (with RSA 2048)
(I'm wondering if there is not a default on size somewhere hardcoded, and that it would be overriden with that)
Hello all, Do you know when de 7.0 release will be available in the latest debian repo ?
1 reply
I just upgraded my dev server to 7.0 and I'm having trouble with rule categories.
I still can see the categories but i can't delete/rename it.
@binibitobi_gitlab hello, the "rules with missing/deleted category" is a virtual one to handle cases were a rule get orphaned for some (bug) reason. You should just have to move rules in that sub tree elsewhere in an existing category and they will disapear once there's no rule left in them
the error message is perhaps another thing. Can you look in
/var/log/rudder/webapp/2022_01_17_stderrout.log to see if there's more information about what went wrong ?
Jérémy CHAMPEL: If you are talking about the
/apt/latest repo URL we usually wait for X.0.1 or X.0.2 to switch it to the next major release
I just upgraded our test server to 7.0 and I have an issue on rudder agent run
curl: (90) SSL: public key does not match pinned public key!
Hi everyone, we've got an issue with our cert to after upgrade, we want to follow the doc but there are no files here /opt/rudder/etc/rudder.key
when we run the agent (on the server node). (first lines only):
root@rudder:~# rudder agent run -u
Rudder agent 7.0.0
Node uuid: root
ok: Rudder agent policies were updated.
Start execution with config [20220128-113543-e4483828]
M| State Technique Component Key Message
E| compliant Common ncf Initialization Configuration library initialization was correct
E| compliant Common Update Configuration library already up to date on this root server. No action required.
E| compliant Common Security parameters The internal environment security is acceptable
E| compliant Common CRON Daemon CRON is correctly running
E| compliant Common Log system for reports Reports forwarding to policy server was correct
E| compliant Inventory Inventory Next inventory scheduled between 00:00 and 06:00
E| error rudder-service-apache Configure apache certifi| Apache certificate Copying /var/rudder/lib/ssl/nodescerts.pem from /opt/rudder/etc/ssl/agent.cert could not be repaired
E| error rudder-service-apache Configure apache certifi| Permissions Ensure permissions mode 640, owner root and group rudder on /var/rudder/lib/ssl/nodescerts.pem could not be repaired
E| compliant rudder-service-apache Apache configuration Allowed networks | Ensure permissions mode 600, owner root and group 0 on /opt/rudder/etc/rudder-networks-24.conf was correct
E| compliant rudder-service-apache Apache configuration Allowed networks | Insert content into /opt/rudder/etc/rudder-networks-24.conf was correct
E| compliant rudder-service-apache Apache configuration Remote run config| Insert content into /opt/rudder/etc/rudder-networks-policy-server-24.conf was correct
E| compliant rudder-service-apache Apache configuration Remote run permis| Ensure permissions mode 600, owner root and group 0 on /opt/rudder/etc/rudder-networks-policy-server-24.conf was correct
E| compliant rudder-service-apache Apache configuration Webdav permissions Ensure permissions mode 640, owner root and group www-data on /opt/rudder/etc/htpasswd-webdav was correct
E| compliant rudder-service-apache Apache configuration Webdav configurat| Setting Apache webdav password was correct
E| compliant rudder-service-apache Apache configuration Logrotate Build file /etc/logrotate.d/rudder-apache from mustache template /var/rudder/cfengine-community/inputs/rudder-service-apache/1.0/apache/apache-logrotate.mustache was correct
E| compliant rudder-service-apache Apache service Started Ensure that service apache2 is running was correct
We also have this now
curl: (90) SSL: public key does not match pinned public key!
warning: Could not send /var/rudder/reports/ready//2022-01-28T15:06:26+00:00@root.log.gz (error 90), it will be retried later
The easiest way to get things back in place is to replace the
/etc/apache2/sites-enabled/rudder.conffile with a new one based on https://raw.githubusercontent.com/Normation/rudder/master/relay/sources/apache/rudder-vhost.conf (the new 7.0 default). You need to :
- comment the default vhost for port 443
- uncomment the commented part, and configure your certificate and server name in the last vhost
@gchagneau:tec6.im This should work for you too
4 replies
Okay, i don't know why but there was an issue with our cert
which is strange beacuase we didn't touch it
we still have this issue though :
E| error Common Log system for reports Reports forwarding to policy server could not be repaired
...
curl: (90) SSL: public key does not match pinned public key!
warning: Could not send /var/rudder/reports/ready//2022-01-28T17:32:33+00:00@root.log.gz (error 90), it will be retried later
on the rudder server
and on node
E| error Common Log system for reports Reports forwarding to policy server could not be repaired
...
warning: Could not send /var/rudder/reports/ready//2022-01-28T17:43:17+00:00@1760bc52-855a-495f-8726-522dcb3ac09c.log.gz (error 22), it will be retried later
could you send me your
/etc/apache2/sites-enabled/rudder.conf file (here or at amo@rudder.io)?