normation/rudder

Continuous Auditing & Configuration - please speak english and be nice ;)

Suvi

@Suvi8

@Suvi8 Yes it is safe to upgrade to 6.2, it is even recommanded as 6.1 is not supported anymore

thanks

Alexis Mousset

@amousset:matrix.org

[m]

@DidierMetral it is currently not possible

Norberto Aquino

@norbertoaquino

HI! Is it normal for the file size /var/rudder/ldap/openldap-data/data.mdb to be around 19G? I'm using version 6.1.3 and managing 1200 servers. Thanks!!

Nicolas Charles

@ncharles

This is a sparse files, so it's probably not effectively using this size

# ls -sk  /var/rudder/ldap/openldap-data/
total 5176356
5176352 data.mdb        4 lock.mdb

ls -alh /var/rudder/ldap/openldap-data/
total 5,0G
drwxr-xr-x. 2 rudder-slapd rudder-slapd 38 23 sept. 08:07 .
drwxr-xr-x. 4 rudder-slapd rudder-slapd 41 2 sept. 2019 ..
-rw-------. 1 rudder-slapd rudder-slapd 100G 23 sept. 13:16 data.mdb
-rw-------. 1 rudder-slapd rudder-slapd 17K 23 sept. 13:16 lock.mdb

Norberto Aquino

@norbertoaquino

@ncharles my commands:

ls -sk /var/rudder/ldap/openldap-data/
total 18921452
18921444 data.mdb 8 lock.mdb

ls -alh /var/rudder/ldap/openldap-data/
total 19G
drwxr-xr-x 2 rudder-slapd rudder-slapd 38 Sep 23 10:02 .
drwxr-xr-x 3 rudder-slapd rudder-slapd 27 Sep 24 2020 ..
-rw------- 1 rudder-slapd rudder-slapd 19G Sep 23 10:37 data.mdb
-rw------- 1 rudder-slapd rudder-slapd 8.0K Sep 23 10:37 lock.mdb

Nicolas Charles

@ncharles

that's surprising

with 5000 nodes (fairly similar to be honest) & 300 or 400 directives/groups, I have only 5GB used

Nicolas Charles

@ncharles

maybe you have a lot of different systems and that's why - we deduplicate softwares to save disk space, and maybe our test platform is not representative for that

Alexis Mousset

@amousset:matrix.org

[m]

@ncharles: isn't 6.1.3 affected by duplicated software?

Nicolas Charles

@ncharles

@amousset:matrix.org good point - i'm searching when it did happen

i can't find back the issue :/

but anyway, your version of Rudder is not maintained anymore @norbertoaquino - you should upgrade, at least to latest patch version, idealy to 6.2

Nicolas Charles

@ncharles

@amousset:matrix.org this was a 6.2 issue

Alexis Mousset

@amousset:matrix.org

[m]

⚠️ 🔒️ On September 30 2021 (next Thursday), the old root certificate previously used by Let’s Encrypt (DST Root CA X3), now replaced by ISRG Root X1 (which is now widely trusted) will expire. See the official announcement for details.

As the whole Rudder infrastructure uses Let’s Encrypt certificates, you may be affected by this change. It is very unlikely to be a problem for our websites, but may be for older operating systems interacting with our servers, which happens for:

Our package and plugin repositories (if you use https URLs), especially if you don't use a local mirror
Our public API (used by the CVE plugin, connecting from the Rudder root server)

In case you see a certificate verification error you have several options:

If the operating system is still maintained, update the root certificates (ca-certificates package on most Linux distributions) to get the correct root certificate.
Manually add the new root ISRG Root X1 in your system's certificates store
Use plain http URLs for repositories, as both packages and plugins are signed, and system repositories already usually use http by default on older Linux distributions

Please contact us if you have questions or issues regarding this change.

Alexis Mousset

@amousset:matrix.org

[m]

In order to prepare a configuration change that will help us make sure the certificate expiration affects Rudder users as little as possible, we are doing an upgrade on our repository server. This may lead to a few minutes of unavailability.

Domagoj Bazina

@dbazina-dev

Hello everyone.

I need help with replacing the lines in exact file.
So I have to comment out the exact line in the /etc/fstab, but the thing is that I don't know how that line looks like, all I know is that the line containes certain keyword.

I've made my own directive, that includes several different generic methods, but now I see that there is in built directive "File content", that offers option of replacing lines using REGEX. The first line defines the Regex that will match the line, and in the second line we have to define the "replacment line". As I said before I don't know the content of the line, all I have to do is to "fetch" the line and replace it with the same exacit line, but commented (#).

But I don't see that this is possible using inbuilt directives? I would like to avoid using command execution methods and capturing their variables.

Domagoj Bazina

@dbazina-dev

Also I would like to know, do these generic method allow usage of Regex.

eg. "File line present", can i put the regex instead of the exact line?

peckpeck

@peckpeck

how would rudder guess the exact line to put if it is not present ?

Domagoj Bazina

@dbazina-dev

I've found the solutions.
It is explained here: https://docs.rudder.io/rudder-by-example/current/files/edition-replace-line.html

There is option to capture the line that is matching the regex, and that capture is "stored to variable"

lkoenen

@lkoenen

Hey, the docs show Ubuntu 14, 16, 18 and 20 in Community support https://docs.rudder.io/reference/6.2/installation/operating_systems.html but the repo only contains 16, 18, and 20 http://repository.rudder.io/apt/latest/pool/main/r/rudder-agent/ . Which of the two is correct now?

Alexis Mousset

@amousset:matrix.org

[m]

the repo is correct and the doc is outdated, I'm fixing it

Eric Renfro

@erenfro

Okay, so, weird issue I have today. rudder-cf-serverd fails to stay running on one of my hosts. Just a constant repeat of this, until the start-limit-hit is reached:

Oct 03 12:52:02 hv1 systemd[1]: Started CFEngine file server.                                                                                                                                  
Oct 03 12:52:02 hv1 systemd[1]: rudder-cf-serverd.service: Succeeded.                                                                                                                          
Oct 03 12:52:02 hv1 systemd[1]: rudder-cf-serverd.service: Service RestartSec=100ms expired, scheduling restart.                                                                               
Oct 03 12:52:02 hv1 systemd[1]: rudder-cf-serverd.service: Scheduled restart job, restart counter is at 4.                                                                                     
Oct 03 12:52:02 hv1 systemd[1]: Stopped CFEngine file server.

Nicolas Charles

@ncharles

Hi @erenfro - do you have more details in journalctl or /var/log/messages ?

Stephen Horvath

@workshopit:matrix.org

[m]

Hi Guys, I like the new website and colour scheme

is this for version 7?

Stephen Horvath

@workshopit:matrix.org

[m]

am I able to tell my rudder agent to use a different port to look up the server/relay in policy_server.dat? I want to run rudder relay in a docker container and 443 is already used on the docker host

Eric Renfro

@erenfro

@ncharles The bad thing is, no, That's literally all I had. However, I see now that it's running after a reboot from last night, however I'd do so many times in the process of upgrading that server from Debian 10 to 11, (yes I know, no current 11 repos for Rudder), but, it literally just would not start without erroring out as shown above, and no log output. Now, miraculously, it's working like nothing was wrong.

I also noticed something interesting too. When I was looking into this, I had gone to Rudder.io and noticed, there's no downloads anymore?

Nicolas Charles

@ncharles

ha, this is surprising indeed - documentation says how to donwload it, but an easy info on the website would help

Nicolas Charles

@ncharles

Hi @workshopit:matrix.org - yes, new colour is for Rudder 7

yes you may change the port: https://docs.rudder.io/reference/6.2/administration/port.html

Stephen Horvath

@workshopit:matrix.org

[m]

will rudder 7 still provide access to compile rudder-relays as before?

Nicolas Charles

@ncharles

Nothing should change there

Alexis Mousset

@amousset:matrix.org

[m]

ℹ️ we are upgrading the server hosting the docs and the bugtracker, causing a few minutes of unavailability in the next hour.

sr57

@sr57

Hi All,
I used the "process directive" to check if a process is stopped.
It's stopped but I get a compliant error with the msg "the process could't be stopped"
How can we explain this?

Psi-Jack

@psi-jack:matrix.org

[m]

So, hmmm... I try to go into the Rudder WebUI to Techniques, and I get an error occurred: Could not get generic methods metadata <- An error occured. Cause was: ConcurrentRefUpdateException: Could not lock HEAD. RefUpdate return code was: LOCK_FAILURE

Psi-Jack

@psi-jack:matrix.org

[m]

That.... looks like a git specific error... WHich is odd..

Alexis Mousset

@amousset:matrix.org

[m]

Psi-Jack: does it happen if you reload the page or did it just happen once?

Psi-Jack

@psi-jack:matrix.org

[m]

It's constantly happening,.

Alexis Mousset

@amousset:matrix.org

[m]

so you configuration git repo seems broken. It is located in /var/rudder/configuration-repository. What does a git status show?

sr57

@sr57

Hi All, nb has an answer to my previous question? I used the "process directive" to check if a process is stopped.
It's stopped but I get a compliant error with the msg "the process could't be stopped"
How can we explain this?

Nicolas Charles

@ncharles

can you paste the output of the agent ?

sr57

@sr57

@ncharles Thanks for your reply. No more pb today, don't understand cause I posted mys msg the day after having started this new directive, I though it was enough ...

For your information my agent run every 6 hours.

wjterveld

@wjterveld

Hi i'm pretty new to Rudder.. I'm trying to get some information into a script. I was trying this with a mustashe file but I'm unable to get it to work..
I have a template with vars inplace.. But still I do not get the info in the file?
the template looks like this:

export OS_PROJECT_ID={{OS_PROJECT_ID}}
echo "Removing old snapshots" &>>/opt/beheer/logs/{{klantnaam}}-date +%A.log
echo "."&>>/opt/beheer/logs/{{klantnaam}}-date +%A.log
echo "."&>>/opt/beheer/logs/{{klantnaam}}-date +%A.log
{{#volumes}}
openstack volume snapshot delete {{volume}}-date +%A &>>/opt/beheer/logs/{{klantnaam}}-date +%A.log
sleep 2
{{/volumes}}

echo "Creating snapshots" &>>/opt/beheer/logs/{{klantnaam}}-date +%A.log
echo "."&>>/opt/beheer/logs/{{klantnaam}}-date +%A.log
echo "."&>>/opt/beheer/logs/{{klantnaam}}-date +%A.log

{{#volumes}}
openstack volume snapshot create --volume {{volume}} --force BCK-{{volume}}-date +%A &>>/opt/beheer/logs/{{klantnaam}}-date +%A.log
sleep 2
{{/volumes}}

Then I try go get that filled with this TXT paramter.
{
"klantnaam": "capitar",
"OS_PROJECT_ID":"9417c7f023714f5f86a010dac76b9a93",
"volumes": [
{"volume": "idv01-vol01"},
{"volume": "idv01-vol02"},
{"volume": "idv02-vol01"}
]

but nothing happens.. What am I doing wrong?

Alexis Mousset

@amousset:matrix.org

[m]

Hi @wjterveld, you need to first load the data into a variable with a "Variable dict" or "Variable dict from files" method, then you can call the "File from a mustache template" method. To access it in you template, you need to use the {{vars.var_prefix.var_name}} base (replace var_prefix and var_name by the value used in the method defining the variable ).

So in your case if you load the data into prefix: snapshot, name: data, you can use for example {{vars.snapshots.data.OS_PROJECT_ID}}.

In short: you currently can't load a specific data file for a template, the template is always evaluated against the global variable space.

Where communities thrive

People

Repo info

Activity

ls -alh /var/rudder/ldap/openldap-data/