Subnet discovery match by dbus-id on vsphere infra

 
1
0
-1

Hello,

Sorry for my bad english (sad)

We are evaluating open-audit (community-version 1.12.8.1) on a vmWare iinfrastructure. We use the VM cloning feature very often...

When we use the "Discovy device" with a "device IP" as a subnet format (ie 192.16.1.1-10, by example), we don't see all the relative devices. In "Debug mode", we have the following logs :

First device

...
LOG   - SSH command 'timeout 5m sshpass ssh -oStrictHostKeyChecking=no -oConnectTimeout=10 -oUserKnownHostsFile=/dev/null 'visadmin'@192.168.0.1 'cat /var/lib/dbus/machine-id'' on 192.168.0.1 succeeded
...
DEBUG - dbus_identifier: 3bd894e3dfbd9912428e28b95630b59d
...
LOG   - SSH insert for 192.168.0.1
LOG   - System insert start for 192.168.0.1 (pro-umvroutr-01)
LOG   - System insert end for 192.168.0.1 (pro-umvroutr-01) (System ID 1304)

  ==> It's OK (smile)

But, next, a second device is processing, and we see :

...
LOG   - SSH command 'timeout 5m sshpass ssh -oStrictHostKeyChecking=no -oConnectTimeout=10 -oUserKnownHostsFile=/dev/null 'visadmin'@192.168.0.4 'cat /var/lib/dbus/machine-id'' on 192.168.0.4 succeeded
...
DEBUG - dbus_identifier: 3bd894e3dfbd9912428e28b95630b59d
...
DEBUG - Command Output:
Array
(
    [0] => 3bd894e3dfbd9912428e28b95630b59d
)


LOG   - Start DNS checking for 192.168.0.4
LOG   - Finish DNS checking for 192.168.0.4
LOG   - HIT on dbus_identifier for 192.168.0.4 (System ID 1304)
LOG   - Returning System ID 1304 for 192.168.0.4

So, the script update the device with System ID 1304 (instead of inserting it in DB), because this device "HIT on dbus-identifer" (sad)

As far that we know, it's not recomended to change this dbus-identifier (see https://dbus.freedesktop.org/doc/dbus-uuidgen.1.html) :

If you try to change an existing machine-id on a running system, it will probably result in bad things happening

So, is it possible to deactivate this matching on dbus identifier somewhere ? In the config page, we don't have seen anything about that...

Thank you...


Regards
Padou 

    CommentAdd your comment...

    1 answer

    1.  
      2
      1
      0

      Hello Padou,

      We have seen the DBUS_ID issue for VMware Clones with the latest release.  You have two options, you can either simply change the way Open Audit matches devices or you could upgrade versions.  It is discussed in this Wiki Article:

      Information about how Open-AudIT processes and stores data

      Particularly in this section:

      Information about how Open-AudIT processes and stores data#AudITprocessesandstoresdata-Howdowedeterminedeviceuniqueness?

      Change it over to matching MAC and IP address if that suits your needs

      OR

      The DBUS_ID matching was a recent version introduction which we changed away from again for the exact reason of cloning in VMWare.  So if you were to upgrade past 1.12.8.1 you will also avoid the issue.

      Hope this helps.

      Happy Auditing.

      Nick

      1. padouciel

        Hi Nick

        Thanks for your quick answer and for pointing me in the right ressource (wink)

        Regards

        Padou

      CommentAdd your comment...