do you have recent logs in
/var/log/rudder/webapp/${TODAY}.log about the server's inventory?
the command rudder agent inventory didn’t show any error but the log says :
[2021-03-24 11:12:17+0100] ERROR inventory-processing - Rejecting Inventory 'debian-2gb-' for Node 'root' because the Inventory signature is not valid: the Inventory was not signed with the same agent key as the one saved within Rudder for that Node. If you updated the agent key on this node, you can update the key stored within Rudder with the https://docs.rudder.io/api/#api-Nodes-updateNodeapi (look for 'agentKey' property). The key path depends of your OS, on linux it's: '/var/rudder/cfengine-community/ppkeys/localhost.pub'. It is also contained in the <AGENT_CERT> value of inventory (you can extract public key with
[2021-03-24 11:12:17+0100] ERROR inventory-processing - Rejecting Inventory 'debian-2gb-' for Node 'root' because the Inventory signature is not valid: the Inventory was not signed with the same agent key as the one saved within Rudder for that Node. If you updated the agent key on this node, you can update the key stored within Rudder with the https://docs.rudder.io/api/#api-Nodes-updateNodeapi (look for 'agentKey' property). The key path depends of your OS, on linux it's: '/var/rudder/cfengine-community/ppkeys/localhost.pub'. It is also contained in the <AGENT_CERT> value of inventory (you can extract public key with
openssl x509 -pubkey -noout -in - << EOF -----BEGIN CERTIFICATE----- .... -----END CERTIFICATE----- EOF). If you did not change the key, please ensure that the node sending that inventory is actually the node registered within Rudder
run
curl -k -H "X-API-Token: $(cat /var/rudder/run/api-token)" -H "Content-Type: application/json" -X POST 'https://localhost/rudder/api/latest/nodes/root' -d '{"agentKey":{"status":"undefined"}}'
on the root server
the page is not found
<li>A non-existing URL.</li>
<li>An essential component (LDAP or PostgreSQL) that is not accessible.</li>
<li>The web application being unable to load.</li>
<li>A non initialised Rudder installation. Please run /opt/rudder/bin/rudder-init to set it up.</li>
<li>Not space left on disk, Rudder may have been stopped to prevent data corruption. Please check that you have available space.</li>
But webapp is working
Ok, so you need to use
rudder agent server-keys-reset; rudder agent reset to allow the update to work
change nothing
Here is an extract of my daemon.log :
Mar 25 14:59:42 my-rudder-server systemd[1]: rudder-cf-serverd.service: Service hold-off time over, scheduling restart.
Mar 25 14:59:42 my-rudder-server systemd[1]: Stopped CFEngine file server.
Mar 25 14:59:42 my-rudder-server systemd[1]: Started CFEngine file server.
Mar 25 14:59:43 my-rudder-server systemd[1]: Reloading CFEngine file server.
Mar 25 14:59:43 my-rudder-server systemd[1]: Reloaded CFEngine file server.
Mar 25 14:59:53 my-rudder-server systemd[1]: rudder-cf-serverd.service: Service hold-off time over, scheduling restart.
Mar 25 14:59:53 my-rudder-server systemd[1]: Stopped CFEngine file server.
Mar 25 14:59:53 my-rudder-server systemd[1]: Started CFEngine file server.
Mar 25 14:59:54 my-rudder-server cf-serverd[215876]: rudder info: Failed to canonicalise filename '/var/rudder/configuration-repository/ncf/50_techniques' (realpath: No such file or directory)
Mar 25 14:59:54 my-rudder-server cf-serverd[215876]: rudder info: Path does not exist, it's added as-is in access rules: /var/rudder/configuration-repository/ncf/50_techniques
Mar 25 14:59:54 my-rudder-server cf-serverd[215876]: rudder info: WARNING: this means that (not) having a trailing slash defines if it's (not) a directory!
Mar 25 14:59:54 my-rudder-server cf-serverd[215876]: rudder info: Failed to canonicalise filename '/var/rudder/shared-files/host-id/' (realpath: No such file or directory)
Mar 25 14:59:54 my-rudder-server cf-serverd[215876]: rudder info: Path does not exist, it's added as-is in access rules: /var/rudder/shared-files/host-id/
Mar 25 14:59:54 my-rudder-server cf-serverd[215876]: rudder info: WARNING: this means that (not) having a trailing slash defines if it's (not) a directory!
...
Mar 25 14:59:54 my-rudder-server cf-serverd[215876]: notice: Server is starting...
Mar 25 15:00:00 my-rudder-server systemd[1]: Reloading CFEngine file server.
Mar 25 15:00:00 my-rudder-server cf-serverd[215876]: rudder info: Doing a Graceful restart
Mar 25 15:00:00 my-rudder-server cf-serverd[215876]: notice: Cleaning up and exiting...
Mar 25 15:00:00 my-rudder-server cf-serverd[215876]: notice: Stopping gracefully
Mar 25 15:00:00 my-rudder-server systemd[1]: Reloaded CFEngine file server.
Mar 25 14:59:42 my-rudder-server systemd[1]: Stopped CFEngine file server.
Mar 25 14:59:42 my-rudder-server systemd[1]: Started CFEngine file server.
Mar 25 14:59:43 my-rudder-server systemd[1]: Reloading CFEngine file server.
Mar 25 14:59:43 my-rudder-server systemd[1]: Reloaded CFEngine file server.
Mar 25 14:59:53 my-rudder-server systemd[1]: rudder-cf-serverd.service: Service hold-off time over, scheduling restart.
Mar 25 14:59:53 my-rudder-server systemd[1]: Stopped CFEngine file server.
Mar 25 14:59:53 my-rudder-server systemd[1]: Started CFEngine file server.
Mar 25 14:59:54 my-rudder-server cf-serverd[215876]: rudder info: Failed to canonicalise filename '/var/rudder/configuration-repository/ncf/50_techniques' (realpath: No such file or directory)
Mar 25 14:59:54 my-rudder-server cf-serverd[215876]: rudder info: Path does not exist, it's added as-is in access rules: /var/rudder/configuration-repository/ncf/50_techniques
Mar 25 14:59:54 my-rudder-server cf-serverd[215876]: rudder info: WARNING: this means that (not) having a trailing slash defines if it's (not) a directory!
Mar 25 14:59:54 my-rudder-server cf-serverd[215876]: rudder info: Failed to canonicalise filename '/var/rudder/shared-files/host-id/' (realpath: No such file or directory)
Mar 25 14:59:54 my-rudder-server cf-serverd[215876]: rudder info: Path does not exist, it's added as-is in access rules: /var/rudder/shared-files/host-id/
Mar 25 14:59:54 my-rudder-server cf-serverd[215876]: rudder info: WARNING: this means that (not) having a trailing slash defines if it's (not) a directory!
...
Mar 25 14:59:54 my-rudder-server cf-serverd[215876]: notice: Server is starting...
Mar 25 15:00:00 my-rudder-server systemd[1]: Reloading CFEngine file server.
Mar 25 15:00:00 my-rudder-server cf-serverd[215876]: rudder info: Doing a Graceful restart
Mar 25 15:00:00 my-rudder-server cf-serverd[215876]: notice: Cleaning up and exiting...
Mar 25 15:00:00 my-rudder-server cf-serverd[215876]: notice: Stopping gracefully
Mar 25 15:00:00 my-rudder-server systemd[1]: Reloaded CFEngine file server.
@Didier-M-work hello, we are discussing that pb right now. It is due to https://issues.rudder.io/issues/18893 correction. We are working on a better correction
This is a new behavior to fix an old bug (where the configuration was never reloaded), but the effects are more visible than expected.
you can remove the
RestartSec=10s line in /lib/systemd/system/rudder-cf-serverd.service, then run systemctl daemon-reload and systemctl restart rudder-cf-serverd on your server. This should lower the downtime at service reload. Could you test it and check if the proble; is still visible?
@Didier-M-work: Thanks for you feedbaclk, we are working on a fix for the remaining 2-3 seconds
It's possible to store the result of "File report content" to a Variable ?
I want to check a value in a configuration file on nodes
Technically
${file_report_content.content} should contain the output of the latest call to File report content but it's not a stable interface and may change at any time.
@jayakrishna.k_gitlab: To get an answer on community chat/bugtracker, you need to provide a precise description of the problem, how it happened and what you already tried to solve it. If you need more general support, you should contact the company on https://www.rudder.io/contact/ (as already explained twice on the bug tracker).
so in you case, which Rudder version did you install, what do you mean by "not able to see the rudder agent"? Did you install agents on other nodes?
Hello,
I'm new in Rudder, I try to use mustache template to set sshd config.
(I would like to avoid to use jinja2 as it ask for a package dependencie.)
I use {{{vars.sys.ipv4[eth0]}}} for the ipv4 address, but it seems {{{vars.sys.ipv6[eth0]}}} does not exist.
With {{{vars.sys.inet6.addresses.eth0.address}}}, I have an ipv6, but if the server does not have ipv6 set,
it gives ipv6 link-local addresse (with prefix fe80::).
What can I do to write the line "ListenAddress ..." only if the ipv6 is set on the server ?
I didn't success/anderstand to use of :
{{#vars....}}
{{/vars....}}
Thanks.
@xlbt: Hello, welcome! Mustache has very limited conditional capabilities. One option is to define a condition in the technique before calling the templating method, for example a
Condition from command(my_name, ip a | grep ..., 0, 1) with a command detecting if the system has a proper IPv6 address, and use the defined condition with {{#classes.my_name_true}} ListenAddress ... {{/classes.my_name_true}}.
hello @arjenandringa ! Yes it is. Just be aware that only
/var/rudder/configuration-repositor/techniques and ncf are a source of data, rules, directives etc are serialisation of the current corresponding object. If you modify these ones, you will need to do an "archive restauration - from last commit" to load them
(we are working on making the git content the source of truth for all data, should come in 7.0)