Package: cfengine3
Version: 3.12.1-2
Severity: normal
Dear cfengine3 Maintainer,
The cfengine3 package should create the /var/lib/cfengine3/plugins
directory during installation.
Without this directory, the /var/log/cfengine3/promise_summary.log
log file records update.cf never completing successfully:
Outcome of version update.cf 3.12.1 (agent-0): Promises observed to be kept
93.55%, Promises repaired 0.00%, Promises not repaired 6.45%
And the output files in /var/lib/cfengine3/outputs record that there
were failed repairs during each run (once every 5 minutes):
error: Method 'cfe_internal_update_policy_cpv' failed in some repairs
Running cf-agent in verbose mode, I found the following:
verbose: P: .........................................................
verbose: P: BEGIN promise 'cfe_internal_update_policy_files_update_plugins' of
type "files" (pass 1)
verbose: P: Promiser/affected object: '/var/lib/cfengine3/plugins'
verbose: P: Part of bundle: cfe_internal_update_policy_cpv
verbose: P: Base context class: !am_policy_hub.!windows
verbose: P: Stack path: /default/cfe_internal_update_policy/methods/'Stock
policy
update'/default/cfe_internal_update_policy_cpv/files/'/var/lib/cfengine3/plugins'[1]
verbose: P:
verbose: P: Comment: Always update plugins files on client side
verbose: File '/var/lib/cfengine3/plugins' copy_from
'/var/lib/cfengine3/plugins'
verbose: FindIdle: found connection to 'X.X.X.X' already open and ready.
verbose: Server returned error: Unspecified server refusal (see verbose server
output)
info: Can't stat file '/var/lib/cfengine3/plugins' on 'X.X.X.X' in
files.copy_from promise
verbose: A: Promise NOT KEPT!
verbose: P: END files promise (/var/lib/cfengine3/plugins)
verbose: Connection to X.X.X.X is closed
verbose: V: .........................................................
While cfengine3 is open-source, the code is checking the plugins
directory for the commercial cfengine-enterprise plugins that
can be deployed from an enterprise master policy server.
How to resolve the issue:
Creating an empty /var/lib/cfengine3/plugins directory resolves this issue.
'cfe_internal_update_policy_cpv' then completes successfully and results
in the expected "... Promises repaired 0.00%, Promises not repaired 0.00%".
For any end-users encountering this issue before the fix is incorporated
into the cfengine3 package, just `mkdir /var/lib/cfengine3/plugins`
on your master policy servers (the emply plugin directory will be
downloaded to all of the subscribing client systems).
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages cfengine3 depends on:
ii e2fsprogs 1.45.5-2
ii libacl1 2.2.53-6
ii libc6 2.29-10
ii liblmdb0 0.9.22-1
ii libpam0g 1.3.1-5
ii libpcre3 2:8.39-12+b1
ii libpromises3 3.12.1-2
ii libssl1.1 1.1.1d-2
ii libvirt0 5.6.0-3
ii libxml2 2.9.10+dfsg-4
ii lsb-base 11.1.0
Versions of packages cfengine3 recommends:
pn python <none>
cfengine3 suggests no packages.
-- Configuration Files:
/etc/default/cfengine3 changed [not included]
-- no debconf information
