Hello everyone :)
A month ago, I've asked a question about installing packages that are not in standard APT (or some other repository). I've found 2 in-built directives for fetching repository keys, and for creating list in /etc/apt/sources.list.d/
I was hoping that those directives will execute "apt-update" after adding new repo, but that doesn't happen, they also relay on those global parameters.
This is not problem for packages that are not defined in standard repository, it will take 10-15 minutes before they get installed (after time defined in global parmater expires and apt-update gets executed).
But the problem is with the packages that exists in standard repository but in older version.
e.g. I want to install zabbix-agent, version in APT repository is 5.0, but I want to use 5.4 version.
I've added repository gpg key, and source file to /etc/apt/sources.list.d/ and If I add "package present directive" for zabbix agent, it will install the older version defined in APT, because apt-updated didn't execute after the key and repo were imported.
Is there any way to handle this situation? I don't want to set global parameter for apt-update to be executed every 2-3 minutes, and even so the proper version of package won't be installed.
Hello @ncharles, I m going to check mentioned drawback once more before opening ticket.
I have two other questions.
What does "missing report" mean ? I saw 2 results of this report. First one when directive did its taks, and I got missing report, and second time directive didn't do its taks, and I also got missing report.
Is there directive or any solution to check if directory is mounted? I'have added a line in the /etc/fstab file, but is there option to mount it, or check if it is mounted? There is in-built directive Filesystem mount points, but I'm not sure about what it does.
variable from command execution. But if you just want to have the output accessible from the interface, I think that by default, a log info level report is generated .
Hello everyone :)
I have 3 potential issues with inbuilt directive "Technique Package sources and settings (APT)"
1) As I mentioned above, after adding new repository, apt update is not executed, rather directive relays on global parameter "updates_cache_expire"
2) It is not possible to have more than one "Technique Package sources and settings (APT)" in the same Rule, because it overwrites content of the first one. This directive creates rudder-apt.list file in the /ect/apt/sources.list.d directory, and if there are 2 directives, the content of this file will be overwritten. There is option to add more repositories in the same directive, but the thing is that I don't want to have unnecessary repositories added, if the package won't be installed.
3) This directive may corrupt apt, as It doesn't check if the desired repository already exists on the machine, if it does, it will create a list file with the same content that will cause apt to output warnings.
# ls -sk /var/rudder/ldap/openldap-data/ total 5176356 5176352 data.mdb 4 lock.mdb
ls -alh /var/rudder/ldap/openldap-data/total 5,0G
drwxr-xr-x. 2 rudder-slapd rudder-slapd 38 23 sept. 08:07 .
drwxr-xr-x. 4 rudder-slapd rudder-slapd 41 2 sept. 2019 ..
-rw-------. 1 rudder-slapd rudder-slapd 100G 23 sept. 13:16 data.mdb
-rw-------. 1 rudder-slapd rudder-slapd 17K 23 sept. 13:16 lock.mdb
@ncharles my commands:
ls -sk /var/rudder/ldap/openldap-data/
18921444 data.mdb 8 lock.mdb
ls -alh /var/rudder/ldap/openldap-data/
drwxr-xr-x 2 rudder-slapd rudder-slapd 38 Sep 23 10:02 .
drwxr-xr-x 3 rudder-slapd rudder-slapd 27 Sep 24 2020 ..
-rw------- 1 rudder-slapd rudder-slapd 19G Sep 23 10:37 data.mdb
-rw------- 1 rudder-slapd rudder-slapd 8.0K Sep 23 10:37 lock.mdb
⚠️ 🔒️ On September 30 2021 (next Thursday), the old root certificate previously used by Let’s Encrypt (DST Root CA X3), now replaced by ISRG Root X1 (which is now widely trusted) will expire. See the official announcement for details.
As the whole Rudder infrastructure uses Let’s Encrypt certificates, you may be affected by this change. It is very unlikely to be a problem for our websites, but may be for older operating systems interacting with our servers, which happens for:
In case you see a certificate verification error you have several options:
ca-certificatespackage on most Linux distributions) to get the correct root certificate.
Please contact us if you have questions or issues regarding this change.
I need help with replacing the lines in exact file.
So I have to comment out the exact line in the /etc/fstab, but the thing is that I don't know how that line looks like, all I know is that the line containes certain keyword.
I've made my own directive, that includes several different generic methods, but now I see that there is in built directive "File content", that offers option of replacing lines using REGEX. The first line defines the Regex that will match the line, and in the second line we have to define the "replacment line". As I said before I don't know the content of the line, all I have to do is to "fetch" the line and replace it with the same exacit line, but commented (#).
But I don't see that this is possible using inbuilt directives? I would like to avoid using command execution methods and capturing their variables.
I've found the solutions.
It is explained here: https://docs.rudder.io/rudder-by-example/current/files/edition-replace-line.html
There is option to capture the line that is matching the regex, and that capture is "stored to variable"
Oct 03 12:52:02 hv1 systemd: Started CFEngine file server. Oct 03 12:52:02 hv1 systemd: rudder-cf-serverd.service: Succeeded. Oct 03 12:52:02 hv1 systemd: rudder-cf-serverd.service: Service RestartSec=100ms expired, scheduling restart. Oct 03 12:52:02 hv1 systemd: rudder-cf-serverd.service: Scheduled restart job, restart counter is at 4. Oct 03 12:52:02 hv1 systemd: Stopped CFEngine file server.