Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Matthew Frost
    @mattronix
    @ncharles thanks :)
    namen3645
    @namen3645
    rudder info: Failed to connect to server: Connection refused
    rudder info: No server is responding on port: 5309
    rudder info: Unable to establish connection to '34.69.72.245'
    error: No suitable server found
    rudder info: Promise belongs to bundle 'update' in file '/var/rudder/cfengine-community/inputs/promises.cf' near line 73
    rudder info: Failed to connect to server: Connection refused
    rudder info: No server is responding on port: 5309
    rudder info: Unable to establish connection to '34.69.72.245'
    error: No suitable server found
    rudder info: Promise belongs to bundle 'update' in file '/var/rudder/cfengine-community/inputs/promises.cf' near line 81
    R: Initial policies have been successfully downloaded from the policy server
    error Rudder agent was interrupted during execution by a fatal error
    PORT STATE SERVICE
    5309/tcp open unknown
    Nmap done: 1 IP address (1 host up) scanned in 0.39 seconds
    Matthew Frost
    @mattronix
    @namen3645 did you whitelist your hosts
    in the settings of the rudder portal
    image.png
    for example i did this
    but
    0.0.0.0 i would not recommend if your new to rudder always use what you need and ours work over the internet
    norbertoaquino
    @norbertoaquino
    hi ! It's possible change default interval of 8 hours for inventory?
    Eric Renfro
    @erenfro
    Gooooood evening.
    I just started being curious about Rudder, and looking at it.
    First thing I did was created a Technique to manage a user. But, then I added a Directive for managing a ssh-key for the same user, but I get errors on that as if the user doesn't exist (but they do)
    Matya
    @matya_gitlab
    Since it is running multiple times, it will converge the a stable state. It might run the key management before it creates the usee2, but at the next run it will follow up on the key as long as the user was managed successfully in the first run.
    Eric Renfro
    @erenfro
    But, it doesn't. It just repeatedly throws the same error on repeat runs.
    The user exists... But, that technique always fails claiming the user doesn't exist, yet it does.
    E| compliant     Common                    ncf Initialization                           Configuration library initialization was correct                                                       
    E| repaired      Common                    Update                                       Policy or configuration library were updated                                                           
    E| compliant     Common                    Security parameters                          The internal environment security is acceptable                                                        
    E| compliant     Common                    CRON Daemon                                  Cron daemon status was correct                                                                         
    E| compliant     Common                    Log system for reports                       Reports forwarding to policy server was correct                                                        
    E| compliant     Inventory                 inventory                                    Next inventory scheduled between 00:00 and 06:00                                                       
    E| error         sshKeyDistribution        SSH key                   Primary Key        The user psi-jack does NOT exist on this machine, not adding SSH key                                   
    E| error         sshKeyDistribution        SSH key                   Primary Key        The user psi-jack does NOT exist on this machine, and the SSH key format is wrong                      
    E| compliant     userGroupManagement       Users                     psi-jack           The user psi-jack ( Eric Renfro ) is already present on the system                                     
    E| compliant     userGroupManagement       Password                  psi-jack           The user psi-jack ( Eric Renfro ) password change is not required                                      
    E| n/a           userGroupManagement       Home directory            psi-jack           The user psi-jack doesn't need to have its home directory checked                                      
    E| error         sshKeyDistribution        Flush SSH file            Primary Key        The user psi-jack does not exists on this system, impossible to flush keys
    E| error         sshKeyDistribution        Flush SSH file            Primary Key        The user psi-jack does not exists on this system
    A| non-compliant sshKeyDistribution        Flush SSH file            Primary Key        The user psi-jack does not exists on this system
    E| error         sshKeyDistribution        Flush SSH file            Primary Key        The user psi-jack does not have a defined home dir
    A| non-compliant sshKeyDistribution        Flush SSH file            Primary Key        The user psi-jack does not have a defined home dir
    E| n/a           Common                    Monitoring                                   No Rudder monitoring information to share with the server
    norbertoaquino
    @norbertoaquino
    @erenfro use rudder agent run -i and put results here please
    Eric Renfro
    @erenfro
    Okay./
    So it seems to not like the dash (-) in the username. LOL
    Eric Renfro
    @erenfro
    Soooo, would that be a bug...? Seems like one to me. :)
    norbertoaquino
    @norbertoaquino
    @erenfro User name is converting in a variable and variables in rudder nor permit "-" @amousset this is a bug? The variable need canonification?
    Eric Renfro
    @erenfro
    Heh. finding a bug my first day using a new application. :)
    Nicolas Charles
    @ncharles
    Hi ! It's most likely that the - is not accepted indeed
    the variable does indeed need canonification
    when writing the technique, we (actually I) had the weird assumption that - were not allowed in login
    Nicolas Charles
    @ncharles
    Eric Renfro
    @erenfro
    Hehe. That, sadly, is a common misunderstanding. - is very much an acceptable character in logins. Has been since the dawn of UNIX time. :)
    And that's slated for next point release? Very nice. :)
    Just waking up. :)
    Eric Renfro
    @erenfro
    One thing I'm totally daunted by about Rudder is that, ultimately, it boils down to using cfengine3, which, to me, is freaking unusual. I had the nightmares of using cfengine1 and 2, and those, were... Not fun.. To put it lightly. LOL
    Eric Renfro
    @erenfro
    Hmmm. I really am entranced by the idea of rudder though. Like even the ability to continue to operate even if the rudder server is down for whatever reason.
    norbertoaquino
    @norbertoaquino
    I worked with cfengine2 and cfengine3 for almost 10 years. cfengine and very complex. Rudder facilitates administration and maintains the desired state. The best tool in my opinion !!!
    Eric Renfro
    @erenfro
    It definitely is interesting to see cfengine used in such a different way than I had. :)
    I'm coming from having knowledge with cfengine1/2, puppet, saltstack, chef, ansible, and now, looking at rudder to replace my current saltstack implementation.
    And, my first task, to begin making this possible, is to create techniques/directives to setup a usable CFSSL Certificate Authority that will be used to generate and maintain an internal CA for things like Consul & Vault LOL
    Which saltstack's x509 module has been completely broken of this for going on 2 years now. :/
    Alexis Mousset
    @amousset
    We really only use CFEngine as an agent platform for the configuration we generate, and Rudder has very different workflows and configuration modelization so the CFEngine layer should be pretty transparent for the users. For the next major release (7.0) we're working on our own DSL that will make this even more visible: we'll have a high-level configuration language that will be compiled/transpiled for different configuration backends (for now, CFEngine and Windows DSC). This way we'll continue to benefit from CFEngine strengths (lightweight and portable) while providing a flexible and consistent interface, with improved static checks for reliability.
    Eric Renfro
    @erenfro
    Hmmmm.. What I'm trying to figure out now is how to simply... create a file, like at the moment, a static systemd service unit file, then after that a configuration file that's templated. And I notice in Techniques, File from template with type, needs a source file on the target node?!?
    Yeah, Alexis. It's pretty ingenious really, Utilize what's viable and available, while making your own interfacing to make a standard construct, mostly similar and sane.
    I hated cfengine, but it has/had its place in the world as pretty much the first config management system in Unix & Linux.
    Alexis Mousset
    @amousset
    Methods are low-level building blocks, and templating indeed takes a local source file that you have to deploy somehow. There is one built-in way for files belonging to a technique: technique resources. Any file added as a resource is deployed on all nodes where it is applied to, and the resource has a special variable containing its local path, that you can use in the technique.
    Eric Renfro
    @erenfro
    Hmmmm...
    Alexis Mousset
    @amousset
    For simple static file deployment you could:
    • Use File content method and provide the content directly
    • Use a technique resource and upload the file
    • Use the global shared-files directory and use a File from Rudder server method to copy it
    Eric Renfro
    @erenfro
    Ahhh that makes sense. Little different. But that’s expected.
    I’m creating a Technique to install, configure, and deploy cfssl, service unit to run the multirootca service, and create and check the root CA and Intermediate CA for use in cfssl automation.
    Which will be used to have the Consul certificates on every server maintained and updated appropriately.
    If I can get all that to work, AND get at least Consul similarly installed and working with templated automated configurations, then I will be pretty well sold on Rudder. :)
    Eric Renfro
    @erenfro
    So template Files would ultimately be either deployed by the shared-files method which all nodes get, or provided to individual nodes as static, then processed as a template by another step?