Module not work #585
Comments
|
I found that this commit broke a lot more than it seems, I suggest to git revert |
|
in addition, the wrong regexp was added in this commit e7addfb#r86807409 |
|
You can rollback this commit ? |
No |
|
Why, this makes the module not working ? |
I am not a member of puppet/modules |
|
Maybe @david22swan could help |
|
@GSPatton help please |
|
Hey @BaronMsk |
|
@pmcmaw tnx |
|
Hi @BaronMsk, we have been investigating this issue. Upon inspection of our original codebase hardening PR, we have been able to spot a few issue with our previous implementation and implement appropriate fixes recently. However, we are currently having issues investigating as we cannot replicate on our end. |
|
@LukasAud I can test your branch on my servers |
|
Hi @BaronMsk, thanks for offering to test this. The current latest build we have in here in GitHub already has the patch I mentioned earlier. If you could update to our latest push and let me know if there is any visible impact in comparison to the failing version, that would be great. |
|
not work |
|
swapoff - not work |
|
Thats interesting. I think I know what might the failure point for both of these errors. Both seem to be caused by my modification of the 'unless' commands. It seems wrapping unbreakable commands in arrays (and later, "fixed" by nesting those arrays) might have been counterproductive. It seems I will have to revert some of my updates. I still cannot be sure if this will help with the original issue but I will keep this thread updated as I work on the module. |
|
Unfortunately, this commit is important to our modules health and we cannot fully revert it. Our ideal scenario is to revert only whatever code is breaking the normal module behaviour and leave the rest. I will discuss this issue with a senior engineer in our team and see whats the best approach to fixing this. |
|
@LukasAud What problem did you want to solve with this commit? |
|
@BaronMsk This commit was part of a larger project that was set to address concerns about code vulnerabilities in some of our modules. Unfortunately, some modules are giving us a harder time than others during this work. However, we consider this to be essential for the health of our modules and for establishing appropriate coding standards in the future. |
|
@LukasAud Where can I find these vulnerabilities ? |
|
@BaronMsk This article we wrote should be able to explain the security issue better than me. More precisely, during our security update project, we have been targeting executable commands that contained interpolated user input. That involved examining 'command', 'onlyif' and 'unless' parameters and breaking them down where possible (this is not possible in certain scenarios, such as when a pipe | is present). |
|
Hey @BaronMsk, we have merged this bugfix which should address some of the latest issues. However, I cannot assure that this will fix the original problem. Right now, it looks like our team will have to take some time to dig deeper into the module and, most likely, do some maintenance before we can properly investigate the failure. Our forge build should still be a stable version of the module, so I would recommend sticking to that one for now. Sorry for the inconvenience. |
|
@LukasAud it doesn't seem to work there can only be a string, otherwise, the expression is treated as different commands |
|
+1 to the above - clusters seem to be spinning up from the HEAD of main. |
|
@BaronMsk Thanks for raising this one, seems this issue has been resolved. |
|
@jordanbreen28 hi, i can check it in a few days. |
|
Nice one @BaronMsk - if you could then update the thread here that'd be great! |
|
Hey @BaronMsk, can we assume that this issue was resolved? If so, we would like to close it. |
|
@LukasAud Yes, you can close it |
Describe the Bug
After commit: e7addfb not work modules
log join node
Notice: /Stage[main]/Main/Exec[kubeadm join]/returns: unknown flag: --config '/etc/confi.yaml' --ignore-preflight-errors 'Service-Docker'
Notice: /Stage[main]/Main/Exec[kubeadm join]/returns: To see the stack trace of this error execute with --v=5 or higher
Error: '["kubeadm", "join", "--config '/etc/confi.yaml' --ignore-preflight-errors 'Service-Docker'"]' returned 1 instead of one of [0]
Error: /Stage[main]/Main/Exec[kubeadm join]/returns: change from 'notrun' to ['0'] failed: '["kubeadm", "join", "--config '/etc/confi.yaml' --ignore-preflight-errors 'Service-Docker'"]' returned 1 instead of one of [0]
Expected Behavior
Should be like this
Debug: Execkubeadm join: Executing 'kubeadm join --config '/etc/kubernetes/config.yaml' --ignore-preflight-errors 'Service-Docker''
Debug: Executing: 'kubeadm join --config '/etc/kubernetes/config.yaml' --ignore-preflight-errors 'Service-Docker''
Steps to Reproduce
Steps to reproduce the behavior:
install or join new nodes
Environment
puppet-agent 6.28.0
puppet-server 6.20.0
Ubuntu focal
Additional Context
Someone tested this commit e7addfb ?
Why tests have been broken for more than two months ?
Broken build docker image tooling.
I'm trying to fix it all in my PR #583
The text was updated successfully, but these errors were encountered: