Webdav is used for uploading inventories

 

 

In site.st on a client or the node policy directories you'll find the configured user and password 

 

 

But in the actual system techniques you'll find a variable in that place

&DAVPASSWORD&.

 

Where does it come from?

 

scala source gives a hint:

SystemVariableService.scala

 

namely the system variable

webdavPassword

 

grepping for this points us to the this file:

rudder-web/src/main/resources/configuration.properties.sample

 

Has this comment:

##
# Default configuration file for the application.
# You can define the location of the file by
# setting "rudder.configFile" JVM property,
# for example:
# java .... -Drudder.configFile=/opt/rudder/etc/rudder-web.conf
##

 

And further below you'll find

rudder.webdav.user=rudder
rudder.webdav.password=rudder

 

Looking at the running rudder process

root      8960     1 26 00:05 pts/1    00:01:30 /usr/lib64/jvm/java/bin/java -server -Xms1024m -Xmx1024m -XX:PermSize=128m 
-XX:MaxPermSize=256m -XX:+CMSClassUnloadingEnabled -XX:+UseConcMarkSweepGC -Dfile.encoding=UTF-8 
-Drudder.configFile=/opt/rudder/etc/rudder-web.properties 
-Drudder.authFile=/opt/rudder/etc/rudder-users.xml 
-Dinventoryweb.configFile=/opt/rudder/etc/inventory-web.properties 
-Dlogback.configurationFile=/opt/rudder/etc/logback.xml 
-Drun.mode=production 
-Djetty.state=/opt/rudder/jetty7/jetty.state 
-Djetty.logs=/var/log/rudder/webapp/ 
-Djetty.home=/opt/rudder/jetty7 -Djava.io.tmpdir=/tmp 
-jar /opt/rudder/jetty7/start.jar OPTIONS=Server etc/jetty-logging.xml etc/jetty-started.xml

Shows this setting:

-Drudder.configFile=/opt/rudder/etc/rudder-web.properties

 

Note that the other file included here ( rudder.authFile=/opt/rudder/etc/rudder-users.xml ) also has a webdav password, but this it is not the same...

 

Now, going to we find the same rudder.webdav.password field which equals the webdavPassword from the scala file, which is the one used with the DAVPASSWORD variable.

#####################
# Webdav properties #################################################################
#####################

#
# Authentication information for the webdav server used to
# receive Inventory Reports from nodes
#
rudder.webdav.user=rudder
rudder.webdav.password=the_stronger_password_i_generated

 

Once you updated the file, you need to have it re-read. I'm no JAVA guru, and while I know those property files are sometimes just read on the fly, I've restarted my rudder-jetty main process.

Like so many times, it told me it failed to restart, but ps clearly shows it is running.

root@rudder /opt/rudder/etc # /etc/init.d/rudder-jetty restart
Stopping Jetty: OK
Setting umask to 0007
Starting Jetty: . 2015-04-16 00:05:21.345:INFO::Redirecting stderr/stdout to /var/log/rudder/webapp/2015_04_16.stderrout.log
. . . . . . . . . . . . . FAILED Thu Apr 16 00:06:12 UTC 2015
root@rudder /opt/rudder/etc # pgrep java
8960

 

After this, we need to see if it actually worked!

On the server, I trigger an agent run:

root@rudder /tmp # rudder agent run
[...]
R: @@Common@@log_info@@hasPolicyServer-root@@common-root@@63@@common@@EndRun@@
2015-04-16 00:18:12+00:00##root@#End execution with config [-978587781]

 

Then I checked the web ui isn't still showing a policy compile.

 

On a client, I'll go and pull config, run the agent and push my inventory.

It worked.

 

Double checking shows the pw is still "rudder" on both ends...:

root@pi3 /tmp # grep davpw /var/rudder/cfengine-community/inputs/common/1.0/site.cf 
      "davpw"                       string => "rudder";

 

Very sad now!

 

 

Update 10 minutes later:

Triggered a policy generation on the server

Ran rudder agent update, rudder agent run on the server

 

Got this!

R: @@Common@@log_info@@hasPolicyServer-root@@common-root@@64@@common@@StartRun@@2015-04-16 00:24:35+00:00
##root@#Start execution with config [2095473546]
R: @@server-roles@@result_repaired@@server-roles@@server-roles-directive@@62@@
Check WebDAV credentials@@None@@2015-04-16 00:24:35+00:00##root@
#The Rudder WebDAV user and password were updated

 

Checking on the client again we see that the system policies have now been updated:

root@pi3 /tmp # rudder agent update && rudder agent run 
R: @@Common@@log_info@@hasPolicyServer-root@@common-root@@64@@common@@StartRun@@
2015-04-16 00:26:09+00:00##e49d9c95-b5b9-48a8-b6c4-654bcdd13b9b@#Start execution with config [2125483574]
R: @@Common@@log_repaired@@hasPolicyServer-root@@common-root@@64@@Update@@None@@
2015-04-16 00:26:09+00:00##e49d9c95-b5b9-48a8-b6c4-654bcdd13b9b@#Node's policy (CFEngine promises) updated
R: @@Common@@result_repaired@@hasPolicyServer-root@@common-root@@64@@Update@@None@@
2015-04-16 00:26:09+00:00##e49d9c95-b5b9-48a8-b6c4-654bcdd13b9b@#Rudder policy, tools or ncf instance were updated or CFEngine service restarted
[...]

Now the grep shows the new password

root@pi3 /tmp # grep davpw /var/rudder/cfengine-community/inputs/common/1.0/site.cf 
      "davpw"                       string => "the_stronger_password_i_generated";

 

We only need the final test now: Webdav upload, now in the verbose version :)

root@pi3 /tmp # /opt/rudder/bin/cf-agent -KI -Dforce_inventory
[...bla...bla...]
2015-04-16T02:30:39+0200     info: /default/doInventory/methods/'any'/default/sendInventory/files/'/var/rudder/inventories'[0]: Transformer
'/var/rudder/inventories/pi3-e49d9c95-b5b-uuid.ocs' => '/usr/bin/curl -f -s --proxy '' --user rudder:the_stronger_password_i_generated 
-T /var/rudder/inventories/pi3-e49d9c95-b5b-uuid.ocs http://server/inventory-updates/' seemed to work ok
[....party....party...dance...]

 

Hamster dance anyone?