Hello,
I am replying to this old thread (two monthes old only, actually) that I
found via Googling. I also have this problem and it is 100% reproducible in
my case.
I am using Gentoo on both the server and the client, with version 3.0.2. The
version of OpenSSL is identical in both cases, 0.9.8l (note that it also
failed using 0.9.8l on the server and 0.9.8k on the client).
This is my promises.cf:
bundle agent setupPhase
{
files:
"/srv/demo-phpbb/" copy_from =>
fastCopyFromRemote("${global.OVERMIND_HOST}",
"${global.UNISON_REPOSITORY_PATH}demo-phpbb/"), depth_search => recurse,
perms => apache;
}
body copy_from fastCopyFromRemote(server, path)
{
servers => {"${server}"};
encrypt => "true";
trustkey => "true";
source => "${path}";
compare => "digest";
preserve => "false";
purge => "true";
copy_backup => "false";
}
body depth_search recurse
{
depth => "inf";
}
I am linking the demo-phpbb/ directory for you to reproduce the bug, as I
think it is somehow important (on other directories I am not hit by this
problem, so it is something strange in this directory that is causing the
bug, although I checked and everything seems normal...). It is available at
http://test.elvanor.net/bugs/demo-phpbb.zip
I hope you can debug and fix this problem as it is quite critical IMHO (not
only it does not copy correctly the directory, it completely hangs the
cf-agent process while encountering garbage).
Jean-Noel
Mark,
>
> On the Ubuntu server I have OpenSSL 0.9.8g
> On the Cygwin client I have OpenSSL 0.9.8k
> And on the Fedora client, I have OpenSSL 0.9.8k-fips
>
> So yes, it's more than likely that it is a OpenSSL issue since both
> clients fails the same way,
>
> Regards,
> Nicolas
>
> Mark Burgess a écrit :
> > Nicholas,
> >
> > I have been trying hard to reproduce this error but I have not been able to.
> > The problem is that encryption fails in the final transmission causing file
> > data
> > to be apparent garbage.
> >
> > I will try a few more things before giving up. May I ask what kind of
> > systems
> > are running this? Do they have the same versions of OpenSSL?
> >
> > M
> >
> >
> > Nicolas Charles wrote:
> >
> >> Hi,
> >>
> >> I'm having a nasty behavior with the updating of promises when having a
> >> subfolder.
> >> Here is my update.cf :
> >>
> >>
> >> #
> >> # Define what an agent has to do when it updates
> >> # its promises
> >> #
> >>
> >> #simple copy method
> >> body copy_from remote(server, path) {
> >>
> >> servers => {
> >> "${server}"
> >> };
> >> encrypt => "true";
> >> trustkey => "true";
> >> source => "${path}";
> >> compare => "digest";
> >> preserve => "false"; #preserver permissions
> >> verify => "true";
> >> purge => "true";
> >> owners => {"slave"};
> >> }
> >>
> >> #simple recurse method
> >>
> >>
> >> bundle agent update {
> >> vars:
> >> any::
> >> "cfserved" string => "192.168.56.101"; #server IP
> >> "policy_files" string => "/srv/cf-served"; #directory where to look for
> >> promises in the server for that client
> >> "server_inputs" string => "${policy_files}/inputs"; #actual directory
> >> with promises, just to show the use of variables
> >> "client_inputs" string => "${sys.workdir}/inputs"; #where to put the
> >> files on the client when downloaded
> >>
> >> files:
> >> any::
> >> "${client_inputs}" #that's a loop on each files in client_inputs
> >> copy_from => remote("${cfserved}","${server_inputs}"),
> >> depth_search => recurse_visible("inf");
> >> }
> >>
> >>
> >>
> >> On my server, I have
> >> /srv/cf-served/inputs : the promises
> >> /srv/cf-served/inputs/resources : variables, resources, etc
> >> If resources folder is empty (or better, doesn't exist), it is great
> >> If there is one empty file, it works great
> >>
> >> But if /srv/cf-served/inputs/resources contains a file (let's call it
> >> simple_its.txt) containing "foo baz" (or whatever), here is the update
> >> behavior :
> >> cf3 =========================================================
> >> cf3 files in bundle update (1)
> >> cf3 =========================================================
> >> cf3
> >> cf3 Verifying SQL table promises is only available with Cfengine Nova or
> >> above
> >> cf3
> >> cf3 .........................................................
> >> cf3 Promise handle:
> >> cf3 Promise made by: /var/cfengine/inputs
> >> cf3 .........................................................
> >> cf3
> >> cf3 -> Handling file existence constraints on /var/cfengine/inputs
> >> cf3 -> Copy file /var/cfengine/inputs from /srv/cf-served/inputs check
> >> cf3 Found address (192.168.56.101) for host 192.168.56.101
> >> cf3 Found address (192.168.56.101) for host 192.168.56.101
> >> cf3 No existing connection to 192.168.56.101 is established...
> >> cf3 Set cfengine port number to 5308 = 5308
> >> cf3 Connect to 192.168.56.101 = 192.168.56.101, port = (5308=5308)
> >> cf3 LastSaw host 192.168.56.101 now
> >> cf3 Found address (192.168.56.101) for host 192.168.56.101
> >> cf3 Loaded /var/cfengine/ppkeys/root-192.168.56.101.pub
> >> cf3 .....................[.h.a.i.l.].................................
> >> cf3 Strong authentication of server=192.168.56.101 connection confirmed
> >> cf3 Found address (192.168.56.101) for host 192.168.56.101
> >> cf3 !! (Destination purging enabled)
> >> cf3 ->> Entering /srv/cf-served/inputs
> >> (snip)
> >> cf3 -> Destination file /var/cfengine/inputs/site.cf already exists
> >> cf3 -> File permissions on /var/cfengine/inputs/site.cf as promised
> >> cf3 -> File /var/cfengine/inputs/site.cf is an up to date copy of source
> >> cf3 -> /var/cfengine/inputs/update.cf~ wasn't at destination (copying)
> >> cf3 -> Copying from 192.168.56.101:/srv/cf-served/inputs/update.cf~
> >> cf3 -> Copy of regular file succeeded /srv/cf-served/inputs/update.cf~
> >> to /var/cfengine/inputs/update.cf~.cfnew
> >> cf3 ?? Final verification of transmission ...
> >> cf3 -> New file /var/cfengine/inputs/update.cf~.cfnew transmitted
> >> correctly - verified
> >> cf3 -> Group of /var/cfengine/inputs/update.cf~ was 513, setting to 0
> >> cf3 -> File permissions on /var/cfengine/inputs/update.cf~ as promised
> >> cf3 -> Updated file from 192.168.56.101:/srv/cf-served/inputs/update.cf~
> >> cf3 ->> Entering /var/cfengine/inputs/resources
> >> cf3 -> File permissions on /var/cfengine/inputs/resources as promised
> >> cf3 -> Destination file /var/cfengine/inputs/resources/simple_ips.txt~
> >> already exists
> >> cf3 -> File permissions on
> >> /var/cfengine/inputs/resources/simple_ips.txt~ as promised
> >> cf3 -> File /var/cfengine/inputs/resources/simple_ips.txt~ is an up to
> >> date copy of source
> >> cf3 -> /var/cfengine/inputs/resources/simple_ips.txt wasn't at
> >> destination (copying)
> >> cf3 -> Copying from
> >> 192.168.56.101:/srv/cf-served/inputs/resources/simple_ips.txt
> >> cf3 !! Copy from
> >> 192.168.56.101:/srv/cf-served/inputs/resources/simple_ips.txt failed
> >> cf3 !! Purging /var/cfengine/inputs/resources/simple_ips.txt.cfnew in
> >> copy dest directory
> >> cf3 Transmission refused or failed statting
> >> /srv/cf-served/inputs/ocsi-agent.cf
> >> Got: ÉòÞ¡Íäí
> >> cf3 !! (Can't stat /srv/cf-served/inputs/ocsi-agent.cf)
> >> cf3 !!! System error for cf_stat: "Operation not permitted"
> >> cf3 -> Destination file /var/cfengine/inputs/promises.cf already exists
> >> cf3 !! Image file /var/cfengine/inputs/promises.cf has a wrong MD5
> >> checksum (should be copy of /srv/cf-served/inputs/promises.cf)
> >> cf3 -> Updated /var/cfengine/inputs/promises.cf from source
> >> /srv/cf-served/inputs/promises.cf on 192.168.56.101
> >> cf3 Was not able to copy /srv/cf-served/inputs/promises.cf to
> >> /var/cfengine/inputs/promises.cf
> >> cf3 I: Report relates to a promise with handle ""
> >> cf3 I: Made in version 'not specified' of
> >> '/var/cfengine/inputs/update.cf' near line 37
> >> cf3 -> Destination file /var/cfengine/inputs/library.cf already exists
> >> cf3 !! Image file /var/cfengine/inputs/library.cf has a wrong MD5
> >> checksum (should be copy of /srv/cf-served/inputs/library.cf)
> >> cf3 -> Updated /var/cfengine/inputs/library.cf from source
> >> /srv/cf-served/inputs/library.cf on 192.168.56.101
> >> cf3 -> Copy of regular file succeeded /srv/cf-served/inputs/library.cf
> >> to /var/cfengine/inputs/library.cf.cfnew
> >> cf3 !! New file /var/cfengine/inputs/library.cf.cfnew seems to have been
> >> corrupted in transit (sizes 1304 and 0), aborting!
> >> cf3 Was not able to copy /srv/cf-served/inputs/library.cf to
> >> /var/cfengine/inputs/library.cf
> >> cf3 I: Report relates to a promise with handle ""
> >> cf3 I: Made in version 'not specified' of
> >> '/var/cfengine/inputs/update.cf' near line 37
> >> cf3 -> Destination file /var/cfengine/inputs/update.cf already exists
> >> cf3 !! Image file /var/cfengine/inputs/update.cf has a wrong MD5
> >> checksum (should be copy of /srv/cf-served/inputs/update.cf)
> >> cf3 -> Updated /var/cfengine/inputs/update.cf from source
> >> /srv/cf-served/inputs/update.cf on 192.168.56.101
> >> cf3 -> Copy of regular file succeeded /srv/cf-served/inputs/update.cf to
> >> /var/cfengine/inputs/update.cf.cfnew
> >> cf3 ?? Final verification of transmission ...
> >> cf3 -> New file /var/cfengine/inputs/update.cf.cfnew transmitted
> >> correctly - verified
> >> cf3 -> Group of /var/cfengine/inputs/update.cf was 513, setting to 0
> >> cf3 -> Object /var/cfengine/inputs/update.cf had permission 600, changed
> >> it to 644
> >> cf3 -> Destination file /var/cfengine/inputs/failsafe.cf already exists
> >> cf3 !! Image file /var/cfengine/inputs/failsafe.cf has a wrong MD5
> >> checksum (should be copy of /srv/cf-served/inputs/failsafe.cf)
> >> cf3 -> Updated /var/cfengine/inputs/failsafe.cf from source
> >> /srv/cf-served/inputs/failsafe.cf on 192.168.56.101
> >> cf3 Was not able to copy /srv/cf-served/inputs/failsafe.cf to
> >> /var/cfengine/inputs/failsafe.cf
> >> cf3 I: Report relates to a promise with handle ""
> >> cf3 I: Made in version 'not specified' of
> >> '/var/cfengine/inputs/update.cf' near line 37
> >> cf3 Transmission refused or failed statting
> >> /srv/cf-served/inputs/cf-served.cf
> >> Got: CFD_TRUE
> >> cf3 !! (Can't stat /srv/cf-served/inputs/cf-served.cf)
> >> cf3 !!! System error for cf_stat: "Operation not permitted"
> >> cf3 -> Destination file /var/cfengine/inputs/yum.cf already exists
> >> cf3 -> File permissions on /var/cfengine/inputs/yum.cf as promised
> >> cf3 -> File /var/cfengine/inputs/yum.cf is an up to date copy of source
> >> cf3 Transmission refused or failed statting
> >> /srv/cf-served/inputs/virtual-machines.cf
> >> Got: ŒFÚðQCa
> >> cf3 !! (Can't stat /srv/cf-served/inputs/virtual-machines.cf)
> >> cf3 !!! System error for cf_stat: "Operation not permitted"
> >> cf3 -> Destination file /var/cfengine/inputs/exim4.cf already exists
> >> cf3 !! Image file /var/cfengine/inputs/exim4.cf has a wrong MD5 checksum
> >> (should be copy of /srv/cf-served/inputs/exim4.cf)
> >> cf3 -> Updated /var/cfengine/inputs/exim4.cf from source
> >> /srv/cf-served/inputs/exim4.cf on 192.168.56.101
> >> cf3 Was not able to copy /srv/cf-served/inputs/exim4.cf to
> >> /var/cfengine/inputs/exim4.cf
> >> cf3 I: Report relates to a promise with handle ""
> >> cf3 I: Made in version 'not specified' of
> >> '/var/cfengine/inputs/update.cf' near line 37
> >> cf3 !! Purging /var/cfengine/inputs/exim4.cf.cfnew in copy dest directory
> >> cf3 !! Purging /var/cfengine/inputs/failsafe.cf.cfnew in copy dest
> >> directory
> >> cf3 !! Purging /var/cfengine/inputs/library.cf.cfnew in copy dest directory
> >> cf3 !! Purging /var/cfengine/inputs/promises.cf.cfnew in copy dest
> >> directory
> >> cf3 !! Purging /var/cfengine/inputs/update.cf.cfsaved in copy dest
> >> directory
> >> cf3 Performance(Copy(192.168.56.101:/srv/cf-served/inputs >
> >> /var/cfengine/inputs)): time=2.0000 secs, av=2.6912 +/- 0.8668
> >> cf3 Existing connection just became free...
> >>
> >> Then files content are messed up (ending with content from one file in
> >> another one)
> >>
> >> Both client and server are the 3.0.2 release
> >>
> >> Regards,
> >> Nicolas
>
>
_______________________________________________
Bug-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/bug-cfengine
