@ncharles I've question about adding aditional sources to APT repository.
Let's say I want to install Docker or some random package, in order to do that I have to complete 2 steps:
1) Get and add repository GPG key
2) Add repository to /etc/apt/sources.list.d/
And on the next update, I can install the package.
In rudder, I saw two built-in directives:
1) Directive Package repository keys (RPM/APT)
2) Package sources and settings (APT)
The second directive is clear to use, all I have to definre URL of repository, pick distribution and ETC.
But the first one is kind a tricky.
I choose to import GPG key, and then there is field "Long hash of the GPG Key". I tought this would be similar directive to the first one, define url of the key, and add it to the trusted.gpg directory.
But it doesn't work like that.
It seems to me that I've to manually download the gpg key on the node, then add it to the trusted.gpg directory using output of command "gpg --list-keys --keyid-format=long". When I try that command I get no output.
So what am I doing wrong here, is there any other way to manage repository GPG keys? Thanks in advance :)
Hello. Today no issue, just a question, so feel free to have a lunch break, relax :)
I witnessed that some of our newest VMs are now provisioned in a way that sets up /etc/resolv.conf with :
search mydomain1.lan. mydomain2.lan.
So far so good, but pay attention to the trailing period of each domain.
So far, I don't remember having ever seen a trailing period at the end of the domains in the search field.
(please spare your time explaining to me what this period means and how it's use, I'm OK)
But the link with Rudder is this : I'm witnessing that the inventory process ends up naming this node :
myserver.mydomain1.lan. <- please note the trailing period
Our previous nodes did not have a trailing period in their names.
It happens to ruin some of my groups regexps, which I will fix easily, but I'm curious to learn about how the Rudder node name is built and if this behavior is legit?
Hi @necar_gitlab, if I understand well you have some nodes that show an incorrect hostname in their inventory.
Can you check in the raw inventory of the node (you can find it under the
/var/rudder/inventories/received on your root server) the value of the HOSTNAME under the RUDDER section. It should be the hostname of your node with fqdn. As displayed by the output of
Does it seems correct?
Hello everyone :)
A month ago, I've asked a question about installing packages that are not in standard APT (or some other repository). I've found 2 in-built directives for fetching repository keys, and for creating list in /etc/apt/sources.list.d/
I was hoping that those directives will execute "apt-update" after adding new repo, but that doesn't happen, they also relay on those global parameters.
This is not problem for packages that are not defined in standard repository, it will take 10-15 minutes before they get installed (after time defined in global parmater expires and apt-update gets executed).
But the problem is with the packages that exists in standard repository but in older version.
e.g. I want to install zabbix-agent, version in APT repository is 5.0, but I want to use 5.4 version.
I've added repository gpg key, and source file to /etc/apt/sources.list.d/ and If I add "package present directive" for zabbix agent, it will install the older version defined in APT, because apt-updated didn't execute after the key and repo were imported.
Is there any way to handle this situation? I don't want to set global parameter for apt-update to be executed every 2-3 minutes, and even so the proper version of package won't be installed.
Hello @ncharles, I m going to check mentioned drawback once more before opening ticket.
I have two other questions.
What does "missing report" mean ? I saw 2 results of this report. First one when directive did its taks, and I got missing report, and second time directive didn't do its taks, and I also got missing report.
Is there directive or any solution to check if directory is mounted? I'have added a line in the /etc/fstab file, but is there option to mount it, or check if it is mounted? There is in-built directive Filesystem mount points, but I'm not sure about what it does.
variable from command execution. But if you just want to have the output accessible from the interface, I think that by default, a log info level report is generated .
Hello everyone :)
I have 3 potential issues with inbuilt directive "Technique Package sources and settings (APT)"
1) As I mentioned above, after adding new repository, apt update is not executed, rather directive relays on global parameter "updates_cache_expire"
2) It is not possible to have more than one "Technique Package sources and settings (APT)" in the same Rule, because it overwrites content of the first one. This directive creates rudder-apt.list file in the /ect/apt/sources.list.d directory, and if there are 2 directives, the content of this file will be overwritten. There is option to add more repositories in the same directive, but the thing is that I don't want to have unnecessary repositories added, if the package won't be installed.
3) This directive may corrupt apt, as It doesn't check if the desired repository already exists on the machine, if it does, it will create a list file with the same content that will cause apt to output warnings.
# ls -sk /var/rudder/ldap/openldap-data/ total 5176356 5176352 data.mdb 4 lock.mdb
ls -alh /var/rudder/ldap/openldap-data/total 5,0G
drwxr-xr-x. 2 rudder-slapd rudder-slapd 38 23 sept. 08:07 .
drwxr-xr-x. 4 rudder-slapd rudder-slapd 41 2 sept. 2019 ..
-rw-------. 1 rudder-slapd rudder-slapd 100G 23 sept. 13:16 data.mdb
-rw-------. 1 rudder-slapd rudder-slapd 17K 23 sept. 13:16 lock.mdb
@ncharles my commands:
ls -sk /var/rudder/ldap/openldap-data/
18921444 data.mdb 8 lock.mdb
ls -alh /var/rudder/ldap/openldap-data/
drwxr-xr-x 2 rudder-slapd rudder-slapd 38 Sep 23 10:02 .
drwxr-xr-x 3 rudder-slapd rudder-slapd 27 Sep 24 2020 ..
-rw------- 1 rudder-slapd rudder-slapd 19G Sep 23 10:37 data.mdb
-rw------- 1 rudder-slapd rudder-slapd 8.0K Sep 23 10:37 lock.mdb
⚠️ 🔒️ On September 30 2021 (next Thursday), the old root certificate previously used by Let’s Encrypt (DST Root CA X3), now replaced by ISRG Root X1 (which is now widely trusted) will expire. See the official announcement for details.
As the whole Rudder infrastructure uses Let’s Encrypt certificates, you may be affected by this change. It is very unlikely to be a problem for our websites, but may be for older operating systems interacting with our servers, which happens for:
In case you see a certificate verification error you have several options:
ca-certificatespackage on most Linux distributions) to get the correct root certificate.
Please contact us if you have questions or issues regarding this change.