Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    tim-oak
    @tim-oak
    ... afterwards it's all so clear and plain ;-)
    take care be safe and good
    Matthew Frost
    @mattronix
    is it possible radius plugin caches password for a bit
    seems when i enter my new otp token it sends my old one for a bit
    Francois Armand
    @fanf
    @mattronix honestly, I don't know. We rely on a lib (jradius) and I don't know much about how radius works
    (nor the lib actually)
    Matthew Frost
    @mattronix
    ah right can help if you like know quite a bit
    seems like it does not do access-challage which is a 2fa implementation for radius
    but thats not a problem
    as you can send your pin+token as password
    but from what i see the library is somehow caching my first entered password for a bit
    as the password the radius server gets is my opt token of about 1 minute ago
    Francois Armand
    @fanf
    yes, of course - but now is time for sleep for me. There's code in the lib for access-challenge, so it at least know about it. Perhaps there's some property to configure, I don't know
    Matthew Frost
    @mattronix
    sure :)
    sleep well
    Francois Armand
    @fanf
    thanks! Bye!
    Nicolas Charles
    @ncharles
    Hi
    Now that we have parameters in Technique, it make totally sense to have condition from string @fanf @tim-oak
    tim-oak
    @tim-oak
    yepp, I'm just on it, with not much success so far ... let me have another coffee - will report back, or maybe send the exported technique - maybe I'm doing something utterly wrong?
    Francois Armand
    @fanf
    @ncharles ok. It's certainly simpler than condition from var match for that use case, and given it should be very easy, we should just add it.
    tim-oak
    @tim-oak

    okay it works.
    Like this:

    • technique has a parameter, e.g. "(true|false)"
    • technique has a variable. with arbitrary prefix (but MUST NOT BE technique ID!),
      arbitrary name and the value of the parameter as in ${parameter_name}
    • in a "Condition from variable match" an arbitrary prefix (MUST NOT BE the same than the prefix above though, neither the technique ID!)
      the full variable name and the expected match ("true")
    • and than I can use the var_prefix_true condition to decide on action (copy or not)

    yepp it could be easier - but at least for now it's working
    keep the "condition from parameter" a regex match though ;-)

    Francois Armand
    @fanf
    @tim-oak ok, it seems to be my solution from 00:02. Then, I was able to avoid the variable string (ie, IIUC, your second point), by using in Condition from variable matchthe full parameter name: ${techniqueid.parametername}.
    tim-oak
    @tim-oak
    rechecked ... your right, that works
    necarnot
    @necarnot
    Hello confined guys, I'm trying to understand how Rudder sets up the time sync client : is it pure ntp client, or is the directive aware of systemd-timesyncd?
    Francois Armand
    @fanf
    @Fdall or @amousset perhaps? ntp / systemd for the time sync technique?
    Alexis Mousset
    @amousset
    This technique configures NTP and is outdated and not compatible with systems with systemd.
    necarnot
    @necarnot
    OK. As I'm new to Rudder (though ol cfengine admin), I don't know if I'll have to create my own custom technique to set this up, of if there is a library of community-made techniques?
    Francois Armand
    @fanf
    @necarnot infortunatly, technique (not the one built with the technique editor) are rather hard to write today. We are working (hard) on making that (much, much) simpler, but it won't be before rudder 7.0. On the other hand, that's a clear missing point in our techniques. Would you mind open a issue and let us know what you would like to have? In the meantime, you can of course use technique editor and command execution
    tim-oak
    @tim-oak
    on the documentation page --> Reference manual --> Plugins --> Vault
    the images "CreateSecret[1-3]" and "CreateMethod" aren't displayed/missing.
    Francois Armand
    @fanf
    hey @tim-oak ! We are in the middle of writing a post on vault, with a new version that works better
    @ikramBej may tell more it (and even, perhaps, give you access to a draft article in preview)
    still, we need to correct the doc problem too cc @ikramBej
    tim-oak
    @tim-oak
    :+1:
    Alexis Mousset
    @amousset
    The problem is my fault actually! We in the middle of moving the path of plugin doc images and I did not see the first part got merged. I'm working on the second one to get everything back in place.
    necarnot
    @necarnot
    Francois Armand
    @fanf
    :ok_hand: @necarnot , thanks!
    tim-oak
    @tim-oak
    I have trouble using jinja2 templates.
    cfengine template is working.
    I looked through the "file from junjia2 template" docu and saw the reference
    to jinja2_custom.py.
    Not only that file is missing, but I even don't have a folder "10_ncf_internals".
    Is that not included in the community version or am I missing something?
    Fdall
    @Fdall
    Hi @tim-oak the jinja2 templating require the python module python-jinja2 to be installed on your nodes, that is the first thing to check
    necarnot
    @necarnot
    Hello guys, easy question today : in the Rudder web GUI, is it possible to search for nodes NOT belonging to nodeGroup1542 ?
    Alexis Mousset
    @amousset
    Hi @necarnot it (surprisingly) does not seem possible, maybe @fanf has an idea about that?
    Francois Armand
    @fanf
    you can exlude node belonging to groups in a rule
    (and the reason why it's not posible directly is IIRC because it would broke idempotency in combination of cyclic groups, or we need to track group dependenncy, and it would force to rewrite most of the way we compute groups - what we would do at some point, likely)
    necarnot
    @necarnot
    @fanf I meant : "in the search node page"
    Francois Armand
    @fanf
    no
    tim-oak
    @tim-oak

    @Fdall : sorry for late reply, got distracted yesterday.
    yes python-jinja2 is installed everywhere.
    Fixed it temporary by falling back to cfengine template style but would like to use jinja2 in general.
    If I remember the rudder agent run -v output it seemed
    that rudder(well underlying cf3) tried to open the template - which here ends on the name .json !!! as json data - resulting in "no data received" or so.
    And while computing prefix and varname it moaned that destination would not be empty resulting in a failed condition (could try to recreate to be more precise)
    What I want is to read the data via parameter from the technique and replace
    {{ vars.my_prefix.varname }} in the .json template.

    Could it be that tempalte (which is downloaded to sys.workdir/templates and shall be expanded into a file somewhere else) and target file need different names? need the template to end in .jinja2 to be recognized by some lib? (late toughts from yesterday eve ;-)

    necarnot
    @necarnot
    Hello. After having successfully added and managed ~20 debian+ubuntu nodes, I'm adding my first CentOS node. One directive is set to install or upgrade the 'vim' package, and on this only centOS node, rudder agent run is telling me :
    "Presence of package vim in any version could not be repaired". Vim is already installed on this node, but in the yum framework, it is called vim-common or vim-enhanced (there is no package called only "vim"). When uninstalling it, the rudder agent re-installs it correctly, but still complains with the error above. Could this be because "vim" is (maybe) a virtual package?
    Alexis Mousset
    @amousset
    Indeed. The agent checks if it is installed by looking for it in the installed packages. The easy fix is to give the name of the actual package.
    necarnot
    @necarnot
    @amousset OK. What is the recommended way to do when a package is not named the same across distros, but you still wants it installed on all nodes?
    Alexis Mousset
    @amousset
    In the technique editor you can use OS conditions to have different cases for the different operating systems
    necarnot
    @necarnot
    OK. Thank you.
    tim-oak
    @tim-oak

    Any hint where to keep looking for this jinja template question?

    @Fdall : sorry for late reply, got distracted yesterday.
    yes python-jinja2 is installed everywhere.
    Fixed it temporary by falling back to cfengine template style but would like to use jinja2 in general.
    If I remember the rudder agent run -v output it seemed
    that rudder(well underlying cf3) tried to open the template - which here ends on the name .json !!! as json data - resulting in "no data received" or so.
    And while computing prefix and varname it moaned that destination would not be empty resulting in a failed condition (could try to recreate to be more precise)
    What I want is to read the data via parameter from the technique and replace
    {{ vars.my_prefix.varname }} in the .json template.

    Could it be that tempalte (which is downloaded to sys.workdir/templates and shall be expanded into a file somewhere else) and target file need different names? need the template to end in .jinja2 to be recognized by some lib? (late toughts from yesterday eve ;-)