Configuration Policies are not correctly downloaded on the node

Policy updates issues include:

• You get an error when running "rudder agent update", or it is does not finish
• The compliance tab of a node says it is sending reports with on old Configuration Id

How to fix it?

• You should begin by checking network connectivity to the destination port on the policy server from the node (for example with nc -v IP_OR_HOST 5309)
• If connectivity is correct, run rudder server debug IP_OR_HOSTNAME_OF_THE_NODE on the policy server of the node, and then rudder agent update -v on the node. You can then interrupt the debug server with a Ctrl+C. The output on the server should contain the cause of the problem.
  
  • If you see the error: Failed to establish TLS connection: socket closed message on the node, it probably means that your host is not in the allowed networks and get refused just after connection. Add a subnet containing its IP to the allowed networks and it should be able to connect.
  • If rudder server debug does not display anything while trying the update, it probably means your node does not use
    the IP you passed as parameter to talk to your server (maybe it uses
    another interface or a NATed address)

• If a node you just added cannot update its promises and you see an error about a missing file, check that policy generation has finished successfully. If it is good, this may be an issue while reloading cf-serverd configuration (the policies server). You can check if this is the case by restarting it manually with "service rudder-agent restart" on the policy server.

• If the node has been cloned from another Rudder node, ensure it has a different UUID and key. If not, run rudder agent factory-reset to make it seen like a new node.