Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Eric Renfro
    @erenfro
    If I can get all that to work, AND get at least Consul similarly installed and working with templated automated configurations, then I will be pretty well sold on Rudder. :)
    Eric Renfro
    @erenfro
    So template Files would ultimately be either deployed by the shared-files method which all nodes get, or provided to individual nodes as static, then processed as a template by another step?
    So templated Files would either be deployed by one of the methods?
    • Static file direct to node, then processed as template.
    • shared-files (all servers get) and processed as template.
      Something like that?
    Alexis Mousset
    @amousset
    Template files can be:
    • A technique resource that is automatically deployed everywhere the technique is applied. You can directly use the templating method with the ${resources_dir}/RESOURCE_NAME as source
    • A file in the global shared-files, in this case you nee to use a File from Rudder server method to download it to a tmp location in the technique before appplying the templating method with the tmp path as source
    • If it's very short and simple, you could even use the File content method that allows specifying the file content directly in the Web interface, in the method form. Then you can use the templating method over the target file of the File content method
    Eric Renfro
    @erenfro
    Well, this is a good start. Partly thanks to the fact cfssl is actually in debian repos, but, just the sheer simplicity of creating this Technique so far. :)
    Of course, the next viable question is. How does one... Actually develop and maintain this not just via the webUI, but versioned in one's own git repo, or at least... backed up in some way.
    Eric Renfro
    @erenfro
    I see the backup docs. Hehe
    Alexis Mousset
    @amousset
    Yes, all config is actually stored in a very standard git repo
    Eric Renfro
    @erenfro
    Oh, snap!
    Yeah, in the /var/rudder/configuration-repository. Very nice!
    So, yeah, I can easily automate the process of backing this up too, to my borgbackup repostory on a regular basis.
    Eric Renfro
    @erenfro
    So, I added a file as a resource to the Technique. Where is the ${resources_dir} on Linux generally?
    (and can you actually use ${resources_dir} in the source in the technique?
    Alexis Mousset
    @amousset
    yes you can use it directly
    it's /var/rudder/cfengine-community/inputs/TECHNIQUE_ID/resources on the nodes
    Eric Renfro
    @erenfro
    Ahhhh, nice
    Eric Renfro
    @erenfro
    Huh, interesting. As a curiosity, I found the File key-value in INI section. And so I created three items to generate an INI from static KV pairs. But, it only created the Section, not the key=value items at all.
    2020-10-30T16:12:59+00:00    error: The promised column edit '#+\s*config\s*=.*' could not select an edit region in '/var/lib/cfssl/server/multiroot-profile.ini'
    2020-10-30T16:12:59+00:00    error: The promised column edit 'config\s*=.*' could not select an edit region in '/var/lib/cfssl/server/multiroot-profile.ini'
    2020-10-30T16:12:59+00:00    error: The promised line insertion 'config=/var/lib/cfssl/certs/config.json' could not select an edit region in '/var/lib/cfssl/server/multiroot-profile.ini'
    2020-10-30T16:12:59+00:00    error: The promised column edit '#+\s*config\s*=.*' could not select an edit region in '/var/lib/cfssl/server/multiroot-profile.ini'
    2020-10-30T16:12:59+00:00    error: The promised column edit 'config\s*=.*' could not select an edit region in '/var/lib/cfssl/server/multiroot-profile.ini'
    2020-10-30T16:12:59+00:00    error: The promised line insertion 'config=/var/lib/cfssl/certs/config.json' could not select an edit region in '/var/lib/cfssl/server/multiroot-profile.ini'
    2020-10-30T16:12:59+00:00    error: The promised column edit '#+\s*config\s*=.*' could not select an edit region in '/var/lib/cfssl/server/multiroot-profile.ini'
    2020-10-30T16:12:59+00:00    error: The promised column edit 'config\s*=.*' could not select an edit region in '/var/lib/cfssl/server/multiroot-profile.ini'
    2020-10-30T16:12:59+00:00    error: The promised line insertion 'config=/var/lib/cfssl/certs/config.json' could not select an edit region in '/var/lib/cfssl/server/multiroot-profile.ini'
    E| compliant     CFSSL                     File key-value in INI se| /var/lib/cfssl/se| Set line key=value in section default into /var/lib/cfssl/server/multiroot-profile.ini was correct
    Alexis Mousset
    @amousset
    cc @Fdall I think you worked on something similar lately, may be a known bug that will be fixed soon
    Eric Renfro
    @erenfro
    heh, finding bugs again. :)
    Nicolas Charles
    @ncharles
    @erenfro PR is there Normation/rudder-techniques#1642
    Eric Renfro
    @erenfro
    Heh, wow that's a lot of little changes for one thing. :)
    Eric Renfro
    @erenfro
    I don't suppose it would be possible to have rudder actually do a command, which makes a file, and take that file that was created and put it into the rudder resource files for that technique, or something to that effect?
    Eric Renfro
    @erenfro
    Hmmm... I suppose it's likely possible because this particular thing is being setup on the same server as rudder server is running on. heh
    Eric Renfro
    @erenfro
    @ncharles Hmmm... How do I test that manually? I tried simply replacing the files (with taking a backup of them prior), but it still gives the same errors, so far.
    Ahhhh, there we go.
    I had to remove it from the rule and re-add it, saving between to force it to update.
    But, then, somehow, it doesn't again..
    Alexis Mousset
    @amousset

    @erenfro When editing policy files in /var/rudder/cfengine-community/inputs/ they are replaced at the next policy update. To fix the problem you need to modify the source file in:

    /var/rudder/configuration/repository/techniques

    Then commit and reload with:

    cd /var/rudder/configuration-repository
    git add <CHANGED FILES>
    git commit -m "MYCHANGES"
    rudder server reload-techniques
    Eric Renfro
    @erenfro
    Trying that now, thank you!
    I don't suppose there's a way to have rudder interactively run things on agents, or are they more on a agent-poll basis?
    Like, with salt, just as an example, you can use salt 'targets' cmd.run 'command to run' and do so immediately on matching targeted hosts.
    Eric Renfro
    @erenfro
    Well, there we go! Now I'm almost at 100% compliance, except with one of my custom techniques to install cfssl stuff for internal certificate authority. For some reason..... when two techniques try to insure a package is installed, one of them fails.
    Eric Renfro
    @erenfro
    Well suddenly all my hosts have triangles with exclaimation marks, and show 100% red non-compliance (missing reports 100%).
    Eric Renfro
    @erenfro
    Hmmmm.
    I am trying to come up with a mustache template to generate a json file, for cfssl specifically, containing a list of all host IP's on the node, and also get the hostname itself. for a json object: { "hosts": [ ...hostnames..., ...ips... ] }
    Alexis Mousset
    @amousset
    hostname should be accessible with {{{vars.sys.host}}}, IP addresses with something like this loop:
    {{#vars.sys.ip_addresses}}
    {{{.}}}
    {{/vars.sys.ip_addresses}}
    About doing things interactively it is not possible to execute arbitrary commands interactively but you can trigger the agent on any node (if you have authorized the required network flow, tcp/5309 from servers to nodes)
    Alexis Mousset
    @amousset
    It's accessible with the "Trigger agent" button in node details for individual nodes, and you have a dedicated API with finer controls (sync or async run, on specific nodes or all nodes, etc.) https://docs.rudder.io/api/#operation/applyNode

    Well suddenly all my hosts have triangles with exclaimation marks, and show 100% red non-compliance (missing reports 100%).

    This looks like a problem on the server if all nodes are broken, you can check for full partitions, and if the apache and rudder-relayd services are correctly running.

    Eric Renfro
    @erenfro
    It self corrected. Seems to have had something to do with inventory and my time between running agents is one hour, splay 30 minutes.
    Within an hour all hosts had become compliant again.
    Eric Renfro
    @erenfro
    Ahhaaaa... I was looking for that sys.ip_addresses, and didn't see anything about it in the rudder docs.
    Eric Renfro
    @erenfro
    Hmmm... seems like sys.host would just be the hostname, while sys.fqhost would be the full hostname with domain.
    Eric Renfro
    @erenfro
    That's important for the consul stuff because I can use {{{var.sys.host}}}.node.dc1.consul, for the consul-specific address. :)
    Eric Renfro
    @erenfro
    Hmmm now I’m trying to figure out how to do a conditional thing. If the node parameter, consul is defined and set to server, do this. Else do nothing.
    Mustache template
    Eric Renfro
    @erenfro
    Hmmm... ${node.properties[consul]} -- But.. hmmm..
    Alexis Mousset
    @amousset
    in a template it will be vars.node.properties.consul