Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Eric Renfro
    @erenfro
    (and can you actually use ${resources_dir} in the source in the technique?
    Alexis Mousset
    @amousset
    yes you can use it directly
    it's /var/rudder/cfengine-community/inputs/TECHNIQUE_ID/resources on the nodes
    Eric Renfro
    @erenfro
    Ahhhh, nice
    Eric Renfro
    @erenfro
    Huh, interesting. As a curiosity, I found the File key-value in INI section. And so I created three items to generate an INI from static KV pairs. But, it only created the Section, not the key=value items at all.
    2020-10-30T16:12:59+00:00    error: The promised column edit '#+\s*config\s*=.*' could not select an edit region in '/var/lib/cfssl/server/multiroot-profile.ini'
    2020-10-30T16:12:59+00:00    error: The promised column edit 'config\s*=.*' could not select an edit region in '/var/lib/cfssl/server/multiroot-profile.ini'
    2020-10-30T16:12:59+00:00    error: The promised line insertion 'config=/var/lib/cfssl/certs/config.json' could not select an edit region in '/var/lib/cfssl/server/multiroot-profile.ini'
    2020-10-30T16:12:59+00:00    error: The promised column edit '#+\s*config\s*=.*' could not select an edit region in '/var/lib/cfssl/server/multiroot-profile.ini'
    2020-10-30T16:12:59+00:00    error: The promised column edit 'config\s*=.*' could not select an edit region in '/var/lib/cfssl/server/multiroot-profile.ini'
    2020-10-30T16:12:59+00:00    error: The promised line insertion 'config=/var/lib/cfssl/certs/config.json' could not select an edit region in '/var/lib/cfssl/server/multiroot-profile.ini'
    2020-10-30T16:12:59+00:00    error: The promised column edit '#+\s*config\s*=.*' could not select an edit region in '/var/lib/cfssl/server/multiroot-profile.ini'
    2020-10-30T16:12:59+00:00    error: The promised column edit 'config\s*=.*' could not select an edit region in '/var/lib/cfssl/server/multiroot-profile.ini'
    2020-10-30T16:12:59+00:00    error: The promised line insertion 'config=/var/lib/cfssl/certs/config.json' could not select an edit region in '/var/lib/cfssl/server/multiroot-profile.ini'
    E| compliant     CFSSL                     File key-value in INI se| /var/lib/cfssl/se| Set line key=value in section default into /var/lib/cfssl/server/multiroot-profile.ini was correct
    Alexis Mousset
    @amousset
    cc @Fdall I think you worked on something similar lately, may be a known bug that will be fixed soon
    Eric Renfro
    @erenfro
    heh, finding bugs again. :)
    Nicolas Charles
    @ncharles
    @erenfro PR is there Normation/rudder-techniques#1642
    Eric Renfro
    @erenfro
    Heh, wow that's a lot of little changes for one thing. :)
    Eric Renfro
    @erenfro
    I don't suppose it would be possible to have rudder actually do a command, which makes a file, and take that file that was created and put it into the rudder resource files for that technique, or something to that effect?
    Eric Renfro
    @erenfro
    Hmmm... I suppose it's likely possible because this particular thing is being setup on the same server as rudder server is running on. heh
    Eric Renfro
    @erenfro
    @ncharles Hmmm... How do I test that manually? I tried simply replacing the files (with taking a backup of them prior), but it still gives the same errors, so far.
    Ahhhh, there we go.
    I had to remove it from the rule and re-add it, saving between to force it to update.
    But, then, somehow, it doesn't again..
    Alexis Mousset
    @amousset

    @erenfro When editing policy files in /var/rudder/cfengine-community/inputs/ they are replaced at the next policy update. To fix the problem you need to modify the source file in:

    /var/rudder/configuration/repository/techniques

    Then commit and reload with:

    cd /var/rudder/configuration-repository
    git add <CHANGED FILES>
    git commit -m "MYCHANGES"
    rudder server reload-techniques
    Eric Renfro
    @erenfro
    Trying that now, thank you!
    I don't suppose there's a way to have rudder interactively run things on agents, or are they more on a agent-poll basis?
    Like, with salt, just as an example, you can use salt 'targets' cmd.run 'command to run' and do so immediately on matching targeted hosts.
    Eric Renfro
    @erenfro
    Well, there we go! Now I'm almost at 100% compliance, except with one of my custom techniques to install cfssl stuff for internal certificate authority. For some reason..... when two techniques try to insure a package is installed, one of them fails.
    Eric Renfro
    @erenfro
    Well suddenly all my hosts have triangles with exclaimation marks, and show 100% red non-compliance (missing reports 100%).
    Eric Renfro
    @erenfro
    Hmmmm.
    I am trying to come up with a mustache template to generate a json file, for cfssl specifically, containing a list of all host IP's on the node, and also get the hostname itself. for a json object: { "hosts": [ ...hostnames..., ...ips... ] }
    Alexis Mousset
    @amousset
    hostname should be accessible with {{{vars.sys.host}}}, IP addresses with something like this loop:
    {{#vars.sys.ip_addresses}}
    {{{.}}}
    {{/vars.sys.ip_addresses}}
    About doing things interactively it is not possible to execute arbitrary commands interactively but you can trigger the agent on any node (if you have authorized the required network flow, tcp/5309 from servers to nodes)
    Alexis Mousset
    @amousset
    It's accessible with the "Trigger agent" button in node details for individual nodes, and you have a dedicated API with finer controls (sync or async run, on specific nodes or all nodes, etc.) https://docs.rudder.io/api/#operation/applyNode

    Well suddenly all my hosts have triangles with exclaimation marks, and show 100% red non-compliance (missing reports 100%).

    This looks like a problem on the server if all nodes are broken, you can check for full partitions, and if the apache and rudder-relayd services are correctly running.

    Eric Renfro
    @erenfro
    It self corrected. Seems to have had something to do with inventory and my time between running agents is one hour, splay 30 minutes.
    Within an hour all hosts had become compliant again.
    Eric Renfro
    @erenfro
    Ahhaaaa... I was looking for that sys.ip_addresses, and didn't see anything about it in the rudder docs.
    Eric Renfro
    @erenfro
    Hmmm... seems like sys.host would just be the hostname, while sys.fqhost would be the full hostname with domain.
    Eric Renfro
    @erenfro
    That's important for the consul stuff because I can use {{{var.sys.host}}}.node.dc1.consul, for the consul-specific address. :)
    Eric Renfro
    @erenfro
    Hmmm now I’m trying to figure out how to do a conditional thing. If the node parameter, consul is defined and set to server, do this. Else do nothing.
    Mustache template
    Eric Renfro
    @erenfro
    Hmmm... ${node.properties[consul]} -- But.. hmmm..
    Alexis Mousset
    @amousset
    in a template it will be vars.node.properties.consul
    Eric Renfro
    @erenfro
    Aha.. Yes, I was just finding that. :)
    So I could use {{#vars.node.properties.consul_server}}, to check if that's defined, and thus make the block below render. At the very least.
    Alexis Mousset
    @amousset
    It should work indeed.
    Eric Renfro
    @erenfro
    I do have a question regarding global vs node properties. If I have a global property, consul, with a couple nodes that specifically have their own, (is that possible?) Will it override, or merge?
    Trying to come up with a kine of similar-ish approach to my saltstack setup with consul using dynamic pillar data for configurations.
    Hmmm, and then there's the issue, how do I stop the loop from entering a comma on the last itteration...
    {{{#vars.sys.ip_addresses}}}
        "{{{.}}}",
    {{/vars.sys.ip_addresses}}
    Eric Renfro
    @erenfro
    I can always get around that by putting "localhost", at the end of it all, though.
    Hmmm..
    Alexis Mousset
    @amousset
    It will merge whenever possible and override identical keys https://docs.rudder.io/reference/6.1/usage/variables.html#_inheritance_and_overriding
    I'm not sure there is a straightforward way to handle the trailing comma in Mustache, it is (voluntarily) very limited. You could use jinja2 which is also supported and has more data transformation features.
    Eric Renfro
    @erenfro
    Heh yeah. I'm familiar with jinja2, from saltstack. And all my hosts already has the python component for it, but, I wanted to learn the native ways, and mustache, which is simple and fast.
    It doesn't matter, in this case, what the ordering of the values are. It's a TLS cert CSR Json for cfssl. LOL