Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Francois Armand
    @fanf
    my best guess for now is that something want horribly wrong during update, technique deleted from editor but not from fs/git had their metadata.xml corrupted, Ragnarök ensues. But I would prefer to let north gods out of that and understand what the root cause is.
    (but for now, between that and #17917, it's north gods)
    Francois Armand
    @fanf
    OK: for #17917, I have a working workaround (which will likely becomes the patch, too). It's added in description: https://issues.rudder.io/issues/17917
    pilyon3
    @pilyon3
    Hi everybody. We're using Rudder and Apereo CAS in our envrionment and we would like to kown if it's possible to authenticate Rudder's users via CAS. Any clue ?
    Francois Armand
    @fanf
    @pilyon3 we don't support CAS out of the box, but it could be done (under the houd, we rely on spring security, and I remember having implemented a CAS support for it 15 years ago or so...)
    (I think my brain totally erased details of that in a kind of post-traumatic self preservation stands, but now CAS is integrated in spring security, IIRC - so likely doable)
    pilyon3
    @pilyon3
    ok thanks for the notice
    pilyon3
    @pilyon3
    But delegating authentication to the web server could have been a simpler solution, isn't it ? Maybe not compatible with Rudder's design ?
    Waccabac
    @Waccabac_twitter
    Hi !
    I have a problem before upgrade to 6.1 version
    all agent don't connect to the rudder server, and on the general options on the server, I have this error :
    An error occured when trying to get the list of existing allowed networks
    Error message was: Error when saving new allowed networks for policy server ${policyServerId.value}
    No allowed networks are displayed, and I have this error when I try to add it
    Waccabac
    @Waccabac_twitter
    Anyone can help me ?
    Nicolas Charles
    @ncharles
    Hi - could you try to rerun /opt/rudder/bin/rudder-upgrade (in case of?)
    (this is a bank holiday in france)
    Waccabac
    @Waccabac_twitter
    @ncharles I have the same problem

    ``` # /opt/rudder/bin/rudder-upgrade
    INFO: Checking if rudder-web.properties database access credentials are all right... LDAP OK, SQL OK
    Overriding existing techniques
    INFO: Correcting permissions on /var/rudder/configuration-repository... Done
    Sur la branche master
    rien à valider, la copie de travail est propre
    Techniques have been updated, and update branch set to current state of the Techniques
    INFO: Checking PostgreSQL service status... OK
    INFO: Checking LDAP service status... OK

    INFO: The migration has completed successfully. ```

    Francois Armand
    @fanf
    @Waccabac_twitter did you upgraded scale-out-relay plugin?
    Waccabac
    @Waccabac_twitter
    I don't have plugin
    Francois Armand
    @fanf
    ok. Can you send me /var/log/rudder/webapp/2020_07_15.stderrout.log ? I will have a look.
    @Waccabac_twitter by email if anything private, or pastbin/etc if ok
    Waccabac
    @Waccabac_twitter
    yes
    Waccabac
    @Waccabac_twitter
    Francois Armand
    @fanf
    @Waccabac_twitter ok, I see: Inconsistency: Error when retrieving system directive with ID common-root' which is mandatory for allowed networks configuration.
    so it seems that there is a problem with your LDAP server content. Did something want wrong during first update ? It looks like some system directive are missing. Other idea: did you try to restore an archice ?
    @Waccabac_twitter can you post also the result of following command on root server?
    ldapsearch -o ldif-wrap=no -h localhost -p 389 -x -D "cn=Manager,cn=rudder-configuration" -w PASS_FROM_/opt/rudder/etc/rudder-passwords -b "techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration" -s sub
    Francois Armand
    @fanf
    @Waccabac_twitter did you have ipv6 addresses in authorized network ? @ncharles pointed me to that ticket, it might be an alternative version (we will know with the LDAP request) : https://issues.rudder.io/issues/16498
    Waccabac
    @Waccabac_twitter
    I test the command
    ldap_bind: Invalid credentials (49)
    I have IPv6 on machine, but no IPv6 on allowed network
    necarnot
    @necarnot

    I will try to reproduce, we really need to go to the end of it. @necarnot is it on debian 10 ? (not sure it's important, but still)

    @fanf yes it's on debian 10.
    I replied on #17939.

    @fanf About #17917, can you tell me on which line number do you add the option please?
    tim-oak
    @tim-oak
    hi,
    I deleted a host in the webgui and reinstelled it.
    ran inventory and accepted the new host in the webgui
    now the newly installed host complains it can't get no policy update.
    this is rudder 6.1 on debian buster
    any hints?
    TIA
    Nicolas Charles
    @ncharles
    @Waccabac_twitter in the ldapsearch command, you need to replace PASS_FROM_/opt/rudder/etc/rudder-passwords by the content of the RUDDER_OPENLDAP_BIND_PASSWORD entry in /opt/rudder/etc/rudder-passwords.conf
    @tim-oak did the policy generation finished successfully ?
    tim-oak
    @tim-oak
    ah thnx!
    it showed a green status and I thought it was okay.
    I triggered "regenerate all policies"
    and now the agent is happily updating/running
    so: regenerate policies after removal/ before reinstall?
    on a second host same thing, after accepting the new node
    I had to trigger regenerate all policies manually
    Francois Armand
    @fanf
    @tim-oak hum, that should not be necessary, accepting a node should force a regeneration
    (not force, but notice that a generation is needed)
    were they deleted node in both cases? Perhaps we have a pb regarding that
    @necarnot sorry I added these info in description part, but I don't have the line number at hand right now
    tim-oak
    @tim-oak
    @fanf: That was my impression to, so I wondered ...
    yes both where deleted and reinstalled with the same name/IP.
    I will install a brand new one and than reinstall it again - just to check.
    Waccabac
    @Waccabac_twitter
    Ok sorry
    Nicolas Charles
    @ncharles
    dn: activeTechniqueId=server-roles,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration is not ENABLED
    else everything looks correct
    Waccabac
    @Waccabac_twitter
    ok
    howto enable this ?
    Nicolas Charles
    @ncharles
    it should not cause any issue. I'm suspecting an index issue