Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Domagoj Bazina
    @dbazina-dev

    Hello guys !
    I wonder, are there any defined variables in rudder server, that can be used in technique-s?
    e.g. Every node has defined Hostname, Node_ID. So can I create technique, that as parameter uses e.g. $(hostname) and on execution for each node it will use hostname or Node_ID defined on Node summary page?

    I know how to define parameter in technique, and then declare it in Directive, but insted of declearing I want to forward that "global variable" defined for each node.

    Nicolas Charles
    @ncharles
    Hello
    This message was deleted
    you have the ${node.inventory[xxx]} values
    Domagoj Bazina
    @dbazina-dev

    @ncharles I've question about adding aditional sources to APT repository.

    Let's say I want to install Docker or some random package, in order to do that I have to complete 2 steps:
    1) Get and add repository GPG key
    2) Add repository to /etc/apt/sources.list.d/

    And on the next update, I can install the package.

    In rudder, I saw two built-in directives:
    1) Directive Package repository keys (RPM/APT)
    2) Package sources and settings (APT)

    The second directive is clear to use, all I have to definre URL of repository, pick distribution and ETC.
    But the first one is kind a tricky.

    I choose to import GPG key, and then there is field "Long hash of the GPG Key". I tought this would be similar directive to the first one, define url of the key, and add it to the trusted.gpg directory.
    But it doesn't work like that.
    It seems to me that I've to manually download the gpg key on the node, then add it to the trusted.gpg directory using output of command "gpg --list-keys --keyid-format=long". When I try that command I get no output.

    So what am I doing wrong here, is there any other way to manage repository GPG keys? Thanks in advance :)

    Nicolas Charles
    @ncharles
    actually you put the gpg key in the directive, and it will automatically accept this key
    Domagoj Bazina
    @dbazina-dev
    In the Package sources and settings (APT) directive? Which field?
    Nicolas Charles
    @ncharles
    no, in Directive Package repository keys (RPM/APT)
    Nicolas E
    @necar_gitlab

    Hello. Today no issue, just a question, so feel free to have a lunch break, relax :)

    I witnessed that some of our newest VMs are now provisioned in a way that sets up /etc/resolv.conf with :

    [legit things...]
    search mydomain1.lan. mydomain2.lan.

    So far so good, but pay attention to the trailing period of each domain.
    So far, I don't remember having ever seen a trailing period at the end of the domains in the search field.
    (please spare your time explaining to me what this period means and how it's use, I'm OK)

    But the link with Rudder is this : I'm witnessing that the inventory process ends up naming this node :
    myserver.mydomain1.lan. <- please note the trailing period
    Our previous nodes did not have a trailing period in their names.

    It happens to ruin some of my groups regexps, which I will fix easily, but I'm curious to learn about how the Rudder node name is built and if this behavior is legit?

    Thanks

    Fdall
    @Fdall

    Hi @necar_gitlab, if I understand well you have some nodes that show an incorrect hostname in their inventory.
    Can you check in the raw inventory of the node (you can find it under the /var/rudder/inventories/received on your root server) the value of the HOSTNAME under the RUDDER section. It should be the hostname of your node with fqdn. As displayed by the output of hostname -f

    Does it seems correct?

    Nicolas Charles
    @ncharles
    HOSTNAME tag in the inventory is the output of hostname --fqdn on linux systems
    Nicolas E
    @necar_gitlab
    OK @ncharles & @Fdall , I'm checking these points to see if all is correct. Thank you.
    Domagoj Bazina
    @dbazina-dev

    Hello everyone :)

    A month ago, I've asked a question about installing packages that are not in standard APT (or some other repository). I've found 2 in-built directives for fetching repository keys, and for creating list in /etc/apt/sources.list.d/

    I was hoping that those directives will execute "apt-update" after adding new repo, but that doesn't happen, they also relay on those global parameters.
    This is not problem for packages that are not defined in standard repository, it will take 10-15 minutes before they get installed (after time defined in global parmater expires and apt-update gets executed).

    But the problem is with the packages that exists in standard repository but in older version.
    e.g. I want to install zabbix-agent, version in APT repository is 5.0, but I want to use 5.4 version.
    I've added repository gpg key, and source file to /etc/apt/sources.list.d/ and If I add "package present directive" for zabbix agent, it will install the older version defined in APT, because apt-updated didn't execute after the key and repo were imported.

    Is there any way to handle this situation? I don't want to set global parameter for apt-update to be executed every 2-3 minutes, and even so the proper version of package won't be installed.

    Thanks

    Nicolas Charles
    @ncharles
    ha - that's a very good point
    the technique that manages the repository ought to do an apt update when repository changes
    could you open a ticket on https://issues.rudder.io/ for this one ?
    Domagoj Bazina
    @dbazina-dev
    Yea, I'm going to open it :)
    Nicolas Charles
    @ncharles
    thank you !
    Domagoj Bazina
    @dbazina-dev

    Hello @ncharles, I m going to check mentioned drawback once more before opening ticket.

    I have two other questions.
    What does "missing report" mean ? I saw 2 results of this report. First one when directive did its taks, and I got missing report, and second time directive didn't do its taks, and I also got missing report.

    Is there directive or any solution to check if directory is mounted? I'have added a line in the /etc/fstab file, but is there option to mount it, or check if it is mounted? There is in-built directive Filesystem mount points, but I'm not sure about what it does.

    Nicolas Charles
    @ncharles
    Missing reports means that's there's a bug somewhere: you should have received a report, but didn't - directive has most likely a bug
    There isn't a directive to check if a directory is mounted, but you can use a generic method and do a command execution (or maybe os-query?)
    Domagoj Bazina
    @dbazina-dev
    Yea, I m doing that. Thanks :)
    Domagoj Bazina
    @dbazina-dev
    @ncharles is there option to execute command, and capture the output?
    e.g. ls -la and to get output of the function?
    Fdall
    @Fdall
    @dbazina-dev It depends on why you want to capture the output. You can define a rudder variable at execution time from the output of the command, using variable from command execution. But if you just want to have the output accessible from the interface, I think that by default, a log info level report is generated .
    You should be able to see it in your node compliance reports tab, when clicking under the Show Logs button
    Domagoj Bazina
    @dbazina-dev
    Thanks :) !
    Domagoj Bazina
    @dbazina-dev

    Hello everyone :)

    I have 3 potential issues with inbuilt directive "Technique Package sources and settings (APT)"

    1) As I mentioned above, after adding new repository, apt update is not executed, rather directive relays on global parameter "updates_cache_expire"

    2) It is not possible to have more than one "Technique Package sources and settings (APT)" in the same Rule, because it overwrites content of the first one. This directive creates rudder-apt.list file in the /ect/apt/sources.list.d directory, and if there are 2 directives, the content of this file will be overwritten. There is option to add more repositories in the same directive, but the thing is that I don't want to have unnecessary repositories added, if the package won't be installed.

    3) This directive may corrupt apt, as It doesn't check if the desired repository already exists on the machine, if it does, it will create a list file with the same content that will cause apt to output warnings.

    Thanks :)

    fanf42
    @fanf42:matrix.org
    [m]
    hello @dbazina-dev . For 1/, you're right, we should reset cache on change. Would you mind open a ticket for that? Same for 3/, it is a bug. For 2, I think it's a design pb with that technique, and it would need a big rewrite.
    What you can as a workaround is to create your own apt management technique, with a cache reset on change (see https://docs.rudder.io/rudder-by-example/current/system/update-rudder-agent-package.html#_delete_rpm_list_cache_when_repository_change for example about how to reset cache)
    fanf42
    @fanf42:matrix.org
    [m]
    so you could have a template copied with your technique, and a command exec to remove cache
    AlexanderT
    @ati_ito_twitter
    good morning everyone :-) i have a question about inventory hooks. Is there a technical limit or best practice for the number of property fields? iIdon't want to burden the system unnecessarily, but there are some important values ​​for us that should be saved.
    fanf42
    @fanf42:matrix.org
    [m]
    there is no technical limits, but node properties merging during policy generation (ie the part where we compute overrides) can be impacting in policy generation time. It's aften better to have fewer properties with bigger json associated than more. That being said, we have users with tens (or hundreds) of properties per node
    Suvi
    @Suvi8
    Hello guys, currently I'm using rudder 6.1, is it safe to use now 6.2?
    DidierMetral
    @DidierMetral
    Hello, before installing Rudder in my company, i have some questions ;) We have an SSO with 2FA. Is it possible to use it for user authentification in Rudder web interface ?
    AlexanderT
    @ati_ito_twitter
    @fanf42:matrix.org thanks for your answer
    Nicolas Charles
    @ncharles
    @Suvi8 Yes it is safe to upgrade to 6.2, it is even recommanded as 6.1 is not supported anymore
    Suvi
    @Suvi8

    @Suvi8 Yes it is safe to upgrade to 6.2, it is even recommanded as 6.1 is not supported anymore

    thanks

    Alexis Mousset
    @amousset:matrix.org
    [m]
    @DidierMetral it is currently not possible
    Norberto Aquino
    @norbertoaquino
    HI! Is it normal for the file size /var/rudder/ldap/openldap-data/data.mdb to be around 19G? I'm using version 6.1.3 and managing 1200 servers. Thanks!!
    Nicolas Charles
    @ncharles
    This is a sparse files, so it's probably not effectively using this size
    # ls -sk /var/rudder/ldap/openldap-data/ total 5176356 5176352 data.mdb 4 lock.mdb

    ls -alh /var/rudder/ldap/openldap-data/

    total 5,0G
    drwxr-xr-x. 2 rudder-slapd rudder-slapd 38 23 sept. 08:07 .
    drwxr-xr-x. 4 rudder-slapd rudder-slapd 41 2 sept. 2019 ..
    -rw-------. 1 rudder-slapd rudder-slapd 100G 23 sept. 13:16 data.mdb
    -rw-------. 1 rudder-slapd rudder-slapd 17K 23 sept. 13:16 lock.mdb
    Norberto Aquino
    @norbertoaquino

    @ncharles my commands:

    ls -sk /var/rudder/ldap/openldap-data/
    total 18921452
    18921444 data.mdb 8 lock.mdb

    ls -alh /var/rudder/ldap/openldap-data/
    total 19G
    drwxr-xr-x 2 rudder-slapd rudder-slapd 38 Sep 23 10:02 .
    drwxr-xr-x 3 rudder-slapd rudder-slapd 27 Sep 24 2020 ..
    -rw------- 1 rudder-slapd rudder-slapd 19G Sep 23 10:37 data.mdb
    -rw------- 1 rudder-slapd rudder-slapd 8.0K Sep 23 10:37 lock.mdb

    Nicolas Charles
    @ncharles
    that's surprising
    with 5000 nodes (fairly similar to be honest) & 300 or 400 directives/groups, I have only 5GB used
    Nicolas Charles
    @ncharles
    maybe you have a lot of different systems and that's why - we deduplicate softwares to save disk space, and maybe our test platform is not representative for that
    Alexis Mousset
    @amousset:matrix.org
    [m]
    @ncharles: isn't 6.1.3 affected by duplicated software?
    Nicolas Charles
    @ncharles
    @amousset:matrix.org good point - i'm searching when it did happen
    i can't find back the issue :/
    but anyway, your version of Rudder is not maintained anymore @norbertoaquino - you should upgrade, at least to latest patch version, idealy to 6.2
    Nicolas Charles
    @ncharles
    @amousset:matrix.org this was a 6.2 issue