舵:不能更新策略

Question

当我试图更新代理中的策略时，会弹出以下错误：

Failed to canonicalise filename '/var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f/rules/cfengine-community/rudder_promises_generated' (realpath: No such file or directory)

通过使用服务器调试(rudder server debug 10.222.111.38)查看连接的日志，我发现舵为代理创建的目录是/var/rudder/share/6149530e-db36-49d3-81da-ed3c450ce692而不是/var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f，这是错误的原因。以下是日志：

rudder  verbose:        Path: /var/rudder/share/6149530e-db36-49d3-81da-ed3c450ce692
rudder  verbose:                maproot user: rudder\-agent,
rudder  verbose:                maproot user: 10.222.111.38,
rudder  verbose:                admit: rudder\-agent
rudder  verbose:                admit: 10.222.111.38
rudder  verbose:        Path: /var/rudder/shared-files/6149530e-db36-49d3-81da-ed3c450ce692
rudder  verbose:                maproot user: rudder\-agent,
rudder  verbose:                maproot user: 10.222.111.38,
rudder  verbose:                admit: rudder\-agent
rudder  verbose:                admit: 10.222.111.38
rudder  verbose:        Path: /var/rudder/share/root
rudder  verbose:                maproot user: rudder\-server,
rudder  verbose:                maproot user: 127.0.0.1,
rudder  verbose:                admit: rudder\-server
rudder  verbose:                admit: 127.0.0.1
rudder  verbose:        Path: /var/rudder/shared-files/root
rudder  verbose:                maproot user: rudder\-server,
rudder  verbose:                maproot user: 127.0.0.1,
rudder  verbose:                admit: rudder\-server
rudder  verbose:                admit: 127.0.0.1
rudder  verbose:        Path: /opt/rudder/bin/rudder
rudder  verbose:                admit: 127\.0\.0\.1
rudder  verbose:                admit: 127.0.0.1
rudder  verbose:        Path: /var/rudder/configuration-repository/ncf/50_techniques
rudder  verbose:                deny: .*
rudder  verbose:  === END summary of access promises ===
rudder  verbose: Setting minimum acceptable TLS version: 1.0
rudder  verbose: Setting cipher list for incoming TLS connections to: AES256-GCM-SHA384:AES256-SHA
rudder  verbose: Listening for connections on socket descriptor 6 ...
  notice: Server is starting...
rudder  verbose: Obtained IP address of '10.222.111.38' on socket 7 from accept
rudder  verbose: New connection (from 10.222.111.38, sd 7), spawning new thread...
rudder     info: 10.222.111.38> Accepting connection
rudder  verbose: 10.222.111.38> Setting socket timeout to 600 seconds.
rudder  verbose: 10.222.111.38> Peeked nothing important in TCP stream, considering the protocol as TLS
rudder  verbose: 10.222.111.38> TLS version negotiated:  TLSv1.2; Cipher: AES256-GCM-SHA384,TLSv1/SSLv3
rudder  verbose: 10.222.111.38> TLS session established, checking trust...
rudder  verbose: 10.222.111.38> Setting IDENTITY: USERNAME=root
rudder  verbose: 10.222.111.38> Received public key compares equal to the one we have stored
rudder  verbose: 10.222.111.38> MD5=4351d487036501cf202cf4ecb594e50f: Client is TRUSTED, public key MATCHES stored one.
rudder     info: 10.222.111.38> Hostname (reverse looked up): rudder-agent
rudder  verbose: 10.222.111.38>      Received:    STAT /var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f/rules/cfengine-community/rudder_promises_generated
rudder     info: 10.222.111.38> Failed to canonicalise filename '/var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f/rules/cfengine-community/rudder_promises_generated' (realpath: No such file or directory)
rudder  verbose: 10.222.111.38> REFUSAL to user='root' of request: SYNCH 1492714371 STAT /var/rudder/share/0f546498-93eb-41fc-835e-111045a7971f/rules/cfengine-community/rudder_promises_generated
rudder  verbose: 10.222.111.38>      Received:    STAT /var/rudder/tools/rudder_tools_updated
rudder  verbose: 10.222.111.38> Translated to:    STAT /var/rudder/tools/rudder_tools_updated
rudder  verbose: 10.222.111.38>      Received:     MD5 /var/rudder/tools/rudder_tools_updated
rudder  verbose: 10.222.111.38> Translated to:     MD5 /var/rudder/tools/rudder_tools_updated
rudder  verbose: 10.222.111.38> Remote peer terminated TLS session (SSL_read)
rudder     info: 10.222.111.38> Closing connection, terminating thread

那么，是什么导致了这种行为呢？

我正在Ubuntu12.04上运行舵4.1。

你好，华金·席尔瓦

Answer 1

看起来节点的id已经更改(曾经是6149530e-db36-49d3-81da-ed3c450ce692，现在是0f546498-93eb-41fc-835e-111045a7971f)。

要么重新安装节点，要么运行一个舵恢复(节点的id位于文件/opt/舵/etc/uid.hive中)。

解决这一问题的方法有两种：

最简单的方法是从舵上删除节点，在节点上运行rudder agent inventory，然后等待新节点出现在“接受新节点”页面中并接受它。您需要这样做，因为对于舵来说，它是一个不同的节点，旧节点已经不存在了。

另一种方法是将uuid.hive文件中的值更改为旧的值(所以是6149530e-db36-49d3-81da-ed3c450ce692)，但这可能还不够，因为代理密钥可能有更改。您不应该这样做，思想，除非您更改了uuid.hive内容，这是导致您现在看到的错误。