Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-2779

palimpsest effect in cf-agent verbose mode

    XMLWordPrintable

    Details

    • Platform:
      RHEL or CentOS
    • Steps to reproduce:
      Manual steps provided
    • Complexity:
      S

      Description

      pal·imp·sest
      noun
      a manuscript or piece of writing material on which the original writing has been effaced to make room for later writing but of which traces remain.

      https://www.google.com/search?q=define+palimpsest

      Summary: When looking in cf-agent -v output, we see traces of prior bundles. This is confusing - and concerning, seems it seems there is some kind of data leakage .

      We observed this on 3.7.3, and it is still present in 3.10.3.

      How to reproduce:

      Create a simple policy with two bundles, the first is parameterized and the second not:

      bundle agent main {

methods:

  "any" usebundle => one("apple");
  "any" usebundle => two;

}

bundle agent one (x) {

reports:
  "$(x)";

}

bundle agent two {

reports:

"II";

}

      Now run it, and you will see that the parameter is reported for the first AND SECOND bundle – even thought the second bundle was NOT parameterized!

      verbose: END Discovered hard classes
 verbose: ----------------------------------------------------------------
 verbose: ----------------------------------------------------------------
 verbose:  Preliminary variable/class-context convergence 
 verbose: ----------------------------------------------------------------
 verbose: Setting minimum acceptable TLS version: 1.0
 verbose: ----------------------------------------------------------------
 verbose:  Begin policy/promise evaluation 
 verbose: ----------------------------------------------------------------
 verbose: Using bundlesequence =>  {"main"}
 verbose: B: *****************************************************************
 verbose: B: BEGIN bundle main
 verbose: B: *****************************************************************
 verbose: P: .........................................................
 verbose: P: BEGIN promise 'promise_example_cf_5' of type "methods" (pass 1)
 verbose: P:    Promiser/affected object: 'any'
 verbose: P:    From parameterized bundle: main( {"apple"})
 verbose: P:    Base context class: any
 verbose: P:    Stack path: /default/main/methods/'any'[1]
 verbose: B: *****************************************************************
 verbose: B: BEGIN bundle one( {"apple"})
 verbose: B: *****************************************************************
 verbose: V:     +  Private parameter: 'x' in scope 'one' (type: s) in pass 1
 verbose: P: .........................................................
 verbose: P: BEGIN promise 'promise_example_cf_13' of type "reports" (pass 1)
 verbose: P:    Promiser/affected object: 'apple'
 verbose: P:    From parameterized bundle: one( {"apple"})
 verbose: P:    Base context class: any
 verbose: P:    Stack path: /default/main/methods/'any'/default/one/reports/'apple'[1]
R: apple
 verbose: A: Promise was KEPT
 verbose: P: END reports promise (apple)
 verbose: A: ...................................................
 verbose: A: Bundle Accounting Summary for 'one' in namespace default
 verbose: A: Promises kept in 'one' = 1
 verbose: A: Promises not kept in 'one' = 0
 verbose: A: Promises repaired in 'one' = 0
 verbose: A: Aggregate compliance (promises kept/repaired) for bundle 'one' = 100.0%
 verbose: A: ...................................................
 verbose: Additional promise info: source path '/tmp/example.cf' at line 5
 verbose: Method 'one' verified
 verbose: B: *****************************************************************
 verbose: B: END bundle one
 verbose: B: *****************************************************************
 verbose: A: Promise was KEPT
 verbose: P: END methods promise (any)
 verbose: P: .........................................................
 verbose: P: BEGIN promise 'promise_example_cf_6' of type "methods" (pass 1)
 verbose: P:    Promiser/affected object: 'any'
 verbose: P:    From parameterized bundle: main( {"apple"})
 verbose: P:    Base context class: any
 verbose: P:    Stack path: /default/main/methods/'any'[1]
 verbose: B: *****************************************************************
 verbose: B: BEGIN bundle two
 verbose: B: *****************************************************************
 verbose: P: .........................................................
 verbose: P: BEGIN promise 'promise_example_cf_21' of type "reports" (pass 1)
 verbose: P:    Promiser/affected object: 'II'
 verbose: P:    From parameterized bundle: two( {"apple"})
 verbose: P:    Base context class: any
 verbose: P:    Stack path: /default/main/methods/'any'/default/two/reports/'II'[1]
R: II
 verbose: A: Promise was KEPT
 verbose: P: END reports promise (II)
 verbose: A: ...................................................
 verbose: A: Bundle Accounting Summary for 'two' in namespace default
 verbose: A: Promises kept in 'two' = 1
 verbose: A: Promises not kept in 'two' = 0
 verbose: A: Promises repaired in 'two' = 0
 verbose: A: Aggregate compliance (promises kept/repaired) for bundle 'two' = 100.0%
 verbose: A: ...................................................
 verbose: Additional promise info: source path '/tmp/example.cf' at line 6
 verbose: Method 'two' verified
 verbose: B: *****************************************************************
 verbose: B: END bundle two
 verbose: B: *****************************************************************
 verbose: A: Promise was KEPT
 verbose: P: END methods promise (any)
 verbose: A: ...................................................
 verbose: A: Bundle Accounting Summary for 'main' in namespace default
 verbose: A: Promises kept in 'main' = 4
 verbose: A: Promises not kept in 'main' = 0
 verbose: A: Promises repaired in 'main' = 0
 verbose: A: Aggregate compliance (promises kept/repaired) for bundle 'main' = 100.0%
 verbose: A: ...................................................
 verbose: B: *****************************************************************
 verbose: B: END bundle main
 verbose: B: *****************************************************************
 verbose: Generate diff state reports for policy '/tmp/example.cf' SKIPPED
 verbose: No lock purging scheduled
 verbose: Outcome of version (not specified) (agent-0): Promises observed - Total promise compliance: 100% kept, 0% repaired, 0% not kept (out of 4 events). User promise compliance: 100% kept, 0% repaired, 0% not kept (out of 4 events). CFEngine system compliance: 0% kept, 0% repaired, 0% not kept (out of 0 events).

      Specifically:

       verbose: P:    From parameterized bundle: two( {"apple"})

      The bundle two was not parameterized.

        Attachments

          Activity

            People

            • Assignee:
              vpodzime Vratislav Podzimek
              Reporter:
              atsaloli Aleksey Tsalolikhin
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Summary Panel