normation/rudder

Continuous Auditing & Configuration - please speak english and be nice ;)

Matthew Frost

@mattronix

E-Mail Alerting based on compliance by group or rule (Department Reports for companies with multiple operations teams and a central SEcurity Team)

Adding Rules to Nodes without a Group

Rudder Chatbot

@rudderbot

itacos Hi, a way to undo or invert a directive (when it's possible), without having to create a directive which undo the first one

itacos for temporary actions

itacos Multi tenancy

necarnot

@necarnot

Hi, How can I create a group to segregate LXC containers?
I tried to use the search features, but I find no relevant fields in the dropdowns.

Alexis Mousset

@amousset

I'm not sure this information is part of the inventory. As a workaround you can use inventory extension to add it.

necarnot

@necarnot

@amousset OK, I'm looking at it. Thx.

Alexis Mousset

@amousset

We have exemples in our repos, and we welcome contributions to this repo.

Vincent Membré

@VinceMacBuche

Thanks @mattronix and itacos! I'll add them to our pre-roadmap to discuss about it!

Adding Rules to Nodes without a Group

I think that's already possible using the Rest API, We have the backend and the target to do that, but we don't display it ( may need some little work to do this)

About the technique builder, you would like to see a more visual representation of the technique ? so you better understand the flow of the technique ?

About authentication, that could be added to auth-backends, I think

Vincent Membré

@VinceMacBuche

We already have a 'notify' plugin https://github.com/Normation/rudder-plugins/tree/master/notify that allows to send a mail when there is a 'non compliance' I don't remember how much it can be configured, but it may fullfills your need, nevertheless I think it would be an interesting addition

Vincent Membré

@VinceMacBuche

itacos Hi, a way to undo or invert a directive (when it's possible), without having to create a directive which undo the first one

Interesting, quite afraid of the quantity of work though !! I think we could also provide a way to restore old files (the agent keeps an hsitory of modified ine /var/rudder/modified-files)

Rudder Chatbot

@rudderbot

itacos yes it can be done from modified-files if we are sure that the old file was a backup of a specific directive action

Matthew Frost

@mattronix

itacos Hi, a way to undo or invert a directive (when it's possible), without having to create a directive which undo the first one (This is something we miss too!) :)

Rudder Chatbot

@rudderbot

itacos @VinceMacBuche : A little button "Copy as curl" on the search page to copy the search criteria as a curl request

itacos in order to use with the API

itacos and/or "copy as payload" to use it in python or curl too

itacos when you deal with json properties and jsonpath escaping all the specials characters is a nightmare for me

Rudder Chatbot

@rudderbot

itacos Statistics on node registration how many new/deleted nodes on a time period

itacos Server metrics for monitoring and metrology

Alexis Mousset

@amousset

About server metrics, which format/protocol/etc would you prefer?

Rudder Chatbot

@rudderbot

itacos json or influxdb line protocol over http

itacos http/https

itacos i will ask that point

Alexis Mousset

@amousset

Would a prometheus endpoint work too?

Francois Armand

@fanf

Statistics on node registration how many new/deleted nodes on a time period <- this is registered in 6.1 and a plugin will expose stats/graph

Rudder Chatbot

@rudderbot

itacos cool :)

itacos No prometheus here at the moment

Romain Brucker

@romainrbr

Hi guys, we have a db growing and growing (even though we are vacuuming from time to time), any idea if thats normal ?
here are our current tablesizes

 public             | ruddersysevents                          | 45 GB      | 48836206592
 repack             | log_16388                                | 12 GB      | 12549922816
 public             | composite_node_execution_idx             | 11 GB      | 11571240960
 public             | ruleid_idx                               | 9264 MB    |  9713623040
 public             | keyvalue_idx                             | 7334 MB    |  7690051584

We currently have around ~500 nodes,
with the current cleaner conf :

rudder.batch.reportscleaner.archive.TTL=3
rudder.batch.reportscleaner.delete.TTL=10
rudder.batch.reportscleaner.compliancelevels.delete.TTL=3
rudder.batch.reportscleaner.frequency=daily

Rudder Chatbot

@rudderbot

darkfaded rudderbot: @Vince my main gripe over the last year is that I need to maintain Rudder and Ansible to cover Alpine/FreeBSD and that I know too much to think that porting the policies will be fun.

darkfaded rudderbot: @Vince but I think that's more a 7.x topic and I recently had a little revelation about how to reduce the effort for cleaning up the existing techs

darkfaded rudderbot: @Vince otherwise the 6.x experience has been pretty smooth

darkfaded rudderbot: @Vince i'd prefer if the turnover from bug report to fix improves till the median is 1 month, from the current wait 3 years after triage and then there's a special day coming. that the fix is finished within less than a day

Jyoti D

@jyotid1815_gitlab

Hello, how will I compare changes done on node machines with its previous state?

Nicolas Charles

@ncharles

@romainrbr rule of thumb for ruddersysevents is between 500 and 900kb/node/day/directive. If you have around 40-50 directives, it's kind of expected, but it ought to be stable over time

Note that vacuum doesn't reclaim space, but prevent it from growing more - it flags removed row as usable space.

But if you find that your disk space is growing, even though you don't add nodes or directives, the automated maintenance every night might be failing

there are logs regarding the maintenance in /var/log/rudder/core - and this maintenance (cleaning, vacuuming) need unfortunately some extra space on disk

tim-oak

@tim-oak

hi all,
not sure if it has mentioned anyone already,
but "all of a sudden" ;-/ (probably since last upgrade to 6.0.6)
lines in the "technique editor" get wrapped, when not in editing mode ...
that looks quite wrong ;-)

Alexis Mousset

@amousset

Hi @tim-oak, which lines?

tim-oak

@tim-oak

Well for instance in a file promise the line from the destination path.
when I click the pen to edit the line all is nice and "normal", when I click again to "close" the editing the line get's wrapped ...
looks funny, can I send you a small screenshot?

tim-oak

@tim-oak

well send it to your normation.com address

Matthew Frost

@mattronix

command_execution_apt_get_update_repaired||command_execution_apt_get_update_kept||command_execution_once_rpm__Uvh_https___repo_zabbix_com_zabbix_4_0_rhel_6_x86_64_zabbix_release_4_0_2_el6_noarch_rpm_repaired||command_execution_once_rpm__Uvh_https___repo_zabbix_com_zabbix_4_0_rhel_6_x86_64_zabbix_release_4_0_2_el6_noarch_rpm_kept||command_execution_once_rpm__Uvh_https___repo_zabbix_com_zabbix_4_2_rhel_7_x86_64_zabbix_release_4_2_2_el7_noarch_rpm_repaired||command_execution_once_rpm__Uvh_https___repo_zabbix_com_zabbix_4_2_rhel_7_x86_64_zabbix_release_4_2_2_el7_noarch_rpm_kept|command_execution_once_rpm__Uvh_https___repo_zabbix_com_zabbix_4_2_rhel_7_x86_64_zabbix_release_4_2_2_el7_noarch_rpm_kept|command_execution_once_rpm__Uvh_https___repo_zabbix_com_zabbix_4_2_rhel_7_x86_64_zabbix_release_4_2_2_el7_noarch_rpm_repaired

is there a nicer way to write that?

Alexis Mousset

@amousset

@tim-oak seems it was fixed yesterday https://issues.rudder.io/issues/17392

Nicolas Charles

@ncharles

@mattronix if you need _kept and _repaired, you can replace it with _ok. So it could be:

command_execution_apt_get_update_ok|command_execution_once_rpm__Uvh_https___repo_zabbix_com_zabbix_4_0_rhel_6_x86_64_zabbix_release_4_0_2_el6_noarch_rpm_ok

but it seems to me you are trying to install packages using command, rather than packages methods. Is there any reason for that?

Where communities thrive

People

Repo info

Activity