search

Azure / nxtools

Azure Automanage Machine Configuration Linux DSC resources
Other
13 stars 11 forks source link

nxFile - Fails to complete compliance check for 'Ensure = Absent' mode #34

Open eehret opened 12 months ago

eehret commented 12 months ago

Details of the scenario you tried and the problem that is occurring

I have an nxFile resource in which I'm trying to ensure a specific file does not exist.
It's crashing on my test system and the node fails to report compliance for any of the items in the same configuration.

Verbose logs showing the problem

         Message : [vm-azam-rhel7-b]: LCM:  [ Start  Test     ]  [[nxFile]cron_deny_absent]
[2023-09-13 03:31:55.721] [PID 24182] [TID 24184] [PSPROVIDER] [INFO] [00000000-0000-0000-0000-000000000000] getPSModulePath(). psModulePath:/var/lib/GuestConfig/Configuration/RHEL7-CISv311-section5-0_0_3@pidb27e7axrepx4a/Modules/:/var/lib/waagent/Microsoft.GuestConfiguration.ConfigurationforLinux-1.26.50/GCAgent/GC/..//GC/Modules
[2023-09-13 03:31:56.322] [PID 24182] [TID 24184] [DSCEngine] [INFO] [00000000-0000-0000-0000-000000000000] Job 867356e5-6878-42f4-8899-6b32733970bc : Activity Loading default keywords
CurrentOperation [vm-azam-rhel7-b] Get-DscResource
StatusDescription Processing
 PercentComplete 0
 SecondsRemaining 0
[2023-09-13 03:31:56.821] [PID 24182] [TID 24184] [DSCEngine] [INFO] [00000000-0000-0000-0000-000000000000] Job 867356e5-6878-42f4-8899-6b32733970bc : Activity Getting module list
CurrentOperation [vm-azam-rhel7-b] Get-DscResource
StatusDescription Processing
 PercentComplete 0
 SecondsRemaining 0
[2023-09-13 03:32:03.022] [PID 24182] [TID 24184] [DSCEngine] [INFO] [00000000-0000-0000-0000-000000000000] Job 867356e5-6878-42f4-8899-6b32733970bc : Activity Creating resource list
CurrentOperation [vm-azam-rhel7-b] Get-DscResource
StatusDescription Processing
 PercentComplete 0
 SecondsRemaining 0
[2023-09-13 03:32:03.825] [PID 24182] [TID 24184] [DSCEngine] [INFO] [00000000-0000-0000-0000-000000000000] Job 867356e5-6878-42f4-8899-6b32733970bc : Activity Loading default keywords
CurrentOperation [vm-azam-rhel7-b] Get-DscResource
StatusDescription Processing
 PercentComplete 0
 SecondsRemaining 0
[2023-09-13 03:32:05.621] [PID 24182] [TID 24184] [DSCEngine] [INFO] [00000000-0000-0000-0000-000000000000] Job 867356e5-6878-42f4-8899-6b32733970bc : Activity Getting module list
CurrentOperation [vm-azam-rhel7-b] Get-DscResource
StatusDescription Processing
 PercentComplete 0
 SecondsRemaining 0
[2023-09-13 03:32:09.424] [PID 24182] [TID 24184] [DSCEngine] [INFO] [00000000-0000-0000-0000-000000000000] Job 867356e5-6878-42f4-8899-6b32733970bc : Activity Creating resource list
CurrentOperation [vm-azam-rhel7-b] Get-DscResource
StatusDescription Processing
 PercentComplete 0
 SecondsRemaining 0
[2023-09-13 03:32:15.425] [PID 24182] [TID 24184] [DSCEngine] [ERROR] [00000000-0000-0000-0000-000000000000] [/__w/1/s/src/dsc/gc_diagnostics/dsc_logger.cpp:157] [/__w/1/s/src/dsc/engine/ConfigurationManager/LocalConfigManagerHelper.c:5991] Job 867356e5-6878-42f4-8899-6b32733970bc : MIResult: 1
Error Message: Cannot validate argument on parameter 'AccessRight'. The "$_ -as [nxFileSystemAccessRight] -or $_ -as [nxFileSystemSpecialMode]" validation script for the argument with value "None" did not return a result of True. Determine why the validation script failed, and then try the command again.
Message ID: OMI:MI_Result:1
Error Category: 0
Error Code: 1
Error Type:
[2023-09-13 03:32:15.522] [PID 24182] [TID 24184] [DSCEngine] [ERROR] [00000000-0000-0000-0000-000000000000] [/__w/1/s/src/dsc/gc_diagnostics/dsc_logger.cpp:157] [/__w/1/s/src/dsc/engine/ConfigurationManager/LocalConfigManagerHelper.c:5991] Job 867356e5-6878-42f4-8899-6b32733970bc : MIResult: 1
Error Message: Cannot validate argument on parameter 'AccessRight'. The "$_ -as [nxFileSystemAccessRight] -or $_ -as [nxFileSystemSpecialMode]" validation script for the argument with value "None" did not return a result of True. Determine why the validation script failed, and then try the command again.
Message ID: OMI:MI_Result:1
Error Category: 0
Error Code: 1
Error Type:

Suggested solution to the issue

Unsure, I don't have the luxury of time to trace through the source code to find the problem. It seems to be running code related to determining its access mode / file attributes, so maybe there's a problem there. Note that I am not setting the Mode attribute on the nxFile resource because it's irrelevant. The file should not exist, regardless of any mode it might have had.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

    nxFile cron_deny_absent
    {
      Ensure = "Absent"
      Destinationpath = "/etc/cron.deny"
      Type = "File"
    }

The operating system the target node is running

[root@vm-azam-rhel7-b azops.eric.ehret]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.9 (Maipo) [root@vm-azam-rhel7-b azops.eric.ehret]# uname -r 3.10.0-1160.88.1.el7.x86_64

Version and build of PowerShell the target node is running

7.3.6

Version of the DSC module that was used

1.2.0

eehret commented 12 months ago

I had to revise the description above because I realized I wasn't correctly framing the issue; the file in question actually does exist at the time of compliance check

gaelcolas commented 11 months ago

Hi @eehret, could you share with us the properties of that file as well please?

eehret commented 11 months ago

@gaelcolas Here you go... happy to provide this a different way if needed:

[azops.eric.ehret@022gc.onmicrosoft.com@vm-azam-rhel7-b ~]$ ls -la /etc/cron.deny
-rw-------. 1 root root 0 Nov 30  2021 /etc/cron.deny

Thanks for your help!

jodi-boone commented 11 months ago

Hi @eehret, we are looking into the root cause of this issue. Will get back to you.