Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Suvi
    @Suvi8

    the update doesn't happen.

    As workaround i need to execute the command : yum clean all , then rudder agent run -u, does the job

    Nicolas Charles
    @ncharles
    do you happen to have any error messages when you run "rudder agent run -I" ?
    18 replies
    also, why a yum clean all ?
    Tanguy PELADO
    @tpelado

    Bonjour Everyone.

    I'm trying to do some templating with mustache and rudder. Basic stuff : custom nftables rules based off a json object in the node properties.

    I'm, however, stuck on one part :

    {{#vars.node.properties.ports_tcp}}
    add rule ip filter INPUT tcp dport {{{.}}} ip daddr {{{vars.sys.ipv4[ens18]}}} accept # {{{@}}} CUSTOM
    {{/vars.node.properties.ports_tcp}}
    ########UDP
    {{#vars.node.properties.ports_udp}}
    add rule ip filter INPUT udp dport {{{.}}} ip daddr {{{vars.sys.ipv4[{{{vars.sys.interfaces}}}]}}} accept # {{{@}}} CUSTOM
    {{/vars.node.properties.ports_udp}}
    #########

    This iterates over the list of ports defined in the json, but I haven't managed to make it work dynamically (see the UDP part). Is there a way to get the interface name dynamically?

    Cheers

    Tanguy PELADO
    @tpelado
    On the same subject, is there a way in a directive to loop over interfaces? The idea would be to deploy firewall rules for each interface.
    Alexis Mousset
    @amousset:matrix.org
    [m]
    Hi @tpelado you have a sys.interfaces_data variable (available with vars.sys.interfaces_data containing the interfaces, with some statistics about them:
    {
        "enp4s0": {
          "device": "enp4s0",
          "receive_bytes": "446377831179",
          "receive_compressed": "0",
          "receive_drop": "0",
          "receive_errors": "0",
          "receive_fifo": "0",
          "receive_frame": "0",
          "receive_multicast": "0",
          "receive_packets": "492136556",
          "transmit_bytes": "428200856331",
          "transmit_compressed": "0",
          "transmit_drop": "0",
          "transmit_errors": "0",
          "transmit_fifo": "0",
          "transmit_frame": "0",
          "transmit_multicast": "0",
          "transmit_packets": "499195545"
        },
        "lo": {
          "device": "lo",
          "receive_bytes": "1210580426",
          "receive_compressed": "0",
          "receive_drop": "0",
          "receive_errors": "0",
          "receive_fifo": "0",
    Tanguy PELADO
    @tpelado
    I had seen this variable. Sadly, I can't find a way to use it with the firewall.
    Alexis Mousset
    @amousset:matrix.org
    [m]
    it is not iterable as is in mustache (as it is not an array but an object), but it should be possible with jinja. The other option is to use a "variable from command" and "variable iterator" to define the list from a command
    1 reply
    Suvi
    @Suvi8
    image.png
    Tanguy PELADO
    @tpelado

    So, I've tried using jinja, but I don't understand something.

    This is the template :

    {#######TCP #}
    {% for interface in vars.sys.interfaces %}
        {% for port_tcp in vars.node.properties['ports_tcp'] %}
        add rule ip filter INPUT tcp dport {{ port_tcp }} meta iifname {{interface}} accept # {{ port_tcp.key }}  CUSTOM 
        {% endfor %}
    {% endfor %}

    This is the "ports_tcp" property :

    {
      "http": 80,
      "https": 443
    }

    Why is it that "port_tcp", my iterator item, is a str (http) and not the value (80) ?

    Stephen Horvath
    @workshopit:matrix.org
    [m]
    Good morning guys.
    Am faced with this issue this morning.
    in ldap.log - mdb_entry_decode: attribute index 909456690 not recognized
    in webapp.log - Error is: Could not get node information from database; cause
    Exception: Error during search cn=rudder-configuration SUB: internal error in mdb_id2edata; cause was: com.unboundid.ldap.sdk.LDAPSearchException: internal error in mdb_id2edata
    -> com.normation.ldap.sdk.RoLDAPConnection.$anonfun$search$1(LDAPConnection.scala:321)
    1 reply
    Alexis Mousset
    @amousset:matrix.org
    [m]
    Hi Stephen Horvath did you recently upgrade your Rudder server? Could be an interrupted post-inst script that was stopped during a reindexing
    1 reply
    @tpelado: by default jinja (python actually) iterates on keys, you need something like this to access both key and value:
    {% for port_name, port_tcp in vars.node.properties['ports_tcp'] %}
    5 replies
    fanf42
    @fanf42:matrix.org
    [m]
    @tpelado: docs here https://docs.rudder.io/reference/6.2/usage/variables.html#_property_syntax agrees, but misses the case for items(). I will see how we can add it
    but if I understand correctly, it's incorrect in the jinja2 section here: https://docs.rudder.io/reference/6.2/usage/variables.html#_file_content_templates_and_edition ?
    Tanguy PELADO
    @tpelado

    Not really incorrect, but as you said, there is no mention of the .items().
    I'd say that this section needs more examples, at least for me, its easier to understand with a given exemple than with a generic explanation.

    I can provide the code I made for a dynamic firewall for NFtables based off a simple json entry in the node property if you feel it might be useful for future reference

    also, I've used https://ttl255.com/jinja2-tutorial-part-2-loops-and-conditionals/ for reference, and its been great so far
    do tell me if you need anything
    (in english, or french)
    fanf42
    @fanf42:matrix.org
    [m]
    I've added the items() part and reference to jinja doc (see https://jinja.palletsprojects.com/en/2.11.x/templates/#list-of-control-structures). Also, we have that entry, I should add it too: https://docs.rudder.io/rudder-by-example/current/files/advanced-file-templating.html
    Tanguy PELADO
    @tpelado
    thanks for your quick reply, appreciate it
    JulianWeis
    @JulianWeis

    Hey there i've got a little problem getting reports from my clients. As far as I see I get following errormassage on my server:
    error: HailServer: ERROR, could not resolve '**'
    error: Rudder agent was interrupted during execution by a fatal error Run with -i to see log messages.
    I already tried:
    checking firewall, running with -i ->nor results or errors

    Have you got any suggestions?

    Fdall
    @Fdall
    Hi @JulianWeis did you check that your policy server name was correctly resolved? If you replace the policy server name by it IP, does it fix the communication issue?
    Rana Masud
    @mrana_dev_gitlab
    Hi,
    I'm new on Rudder.
    I've installed Rudder-Server and Rudder-Agent (on 4 servers). I want to execute simple yum ('yum update -y') command on Agents from Rudder-Server. Please suggest me any documentation or the steps need to follow.
    Thanks in advance.
    Fdall
    @Fdall
    @mrana_dev_gitlab You can try to follow the "getting started guide" to setup your first policies. https://docs.rudder.io/get-started/current/configuration-policies/index.html You will most likely want to create a technique using the same steps than described in the guide, and use an "execution_command_result"
    Rana Masud
    @mrana_dev_gitlab
    @Fdall Thanks a lot. I'll follow that.
    JulianWeis
    @JulianWeis
    @Fdall the policy server is reached and resolved.
    Fdall
    @Fdall
    @JulianWeis Great!
    JulianWeis
    @JulianWeis
    @Fdall But still there is no report showing up!
    JulianWeis
    @JulianWeis
    @Fdall thanx for your help. I checked the DNS-Server - there was no entry for the missing node.
    Rana Masud
    @mrana_dev_gitlab
    Is there anyone can teach me Rudder? I really want to learn and willing to pay for your time. Thank you
    Alexis Mousset
    @amousset:matrix.org
    [m]
    Hi @mrana_dev_gitlab, sure, we do Rudder training sessions (on-site or remote). You can contact us through https://www.rudder.io/contact/ to get more information.
    Rana Masud
    @mrana_dev_gitlab
    Thanks @amousset:matrix.org , remote will work for me.
    @amousset:matrix.org I submitted my request, don't know how soon I'll get response.
    Elenui
    @Elenui
    Hello rudder's team !
    I currently trying to use the templating technique to push on my client snmpd.conf. Nonetheless my agent failed to deploy it with message : " Jinja templating failed with the following error: "
    Except that there is no error :'(
    I tried to have the simplest file with no jinja. And the verbose mode is not really helping me :'(
    Fdall
    @Fdall
    Hi @Elenui does running it in "info" mode using rudder agent run -i help?
    If not, verify that the template is well deployed to your node and that jinja2 is installed. If you want to be sure that your template is deployed on the agent, the best way is to create a technique via the technique editor, and attach the template as a resource to it.
    Elenui
    @Elenui
    Hum... I'm a fool Jinja2 wasn't here
    Now it work like a charm. But isn't strange that rudder didn't tell me ?
    Thanks Fdall for your help :)
    Elenui
    @Elenui
    I may need another advice. I'm trying to do something only if a package is installed. I used the package check installed. And if the package is present my file is copy to my server. Nonetheless if the package is not installed I get an error. The job works but on my display I have some "non" error. Any idea?
    Fdall
    @Fdall
    Currently Rudder does not offer a pretty way to use a method as an audit condition, which means you won't easily be able to do that. You have 2 solutions here:
    • use the package_check_install method in the technique editor, but I am pretty sure that it is based on our old package lib which is not super reliable and will soon be deprecated.
    • The other solution is to define a group based on the presence of the package on the nodes, and use a dedicated rule to apply the configuration to this group. The drawback is that the groups are based on the inventories which is only run one time per day. So this will induce a potential initial delay in your config deployment if you do not force an inventory after the installation of this pakcage.
    Elenui
    @Elenui

    I see. Is it possible to use a property from my node as a condition to deploy or not the file ? The idea is to configure all my snmpd's conf. So create a d├ędicated rule for each type of server seem pretty overkill and a pain to maintain.

    So far the package_check_install works like a charm except the error if the package is not present. Note that it does what I want but the dashboard is not clean XD.

    Thanks again @Fdall for your help. And thanks the team for this absolute gem :)
    Fdall
    @Fdall
    You can define properties on a global/group/node basis. There is a hierarchical inheritance between the elements at generation time.
    If you want to define conditions usable anywhere in a technique (and not just in a template), to prevent the execution of some methods in it for instance, you can try to use the condition_from_variable_* methods. They are a bit tricky but they are well documented.
    Try to use those and a set of templates if the configuration is pretty complex. Let me know if you find a pretty way configure it.
    Elenui
    @Elenui
    ohh interesting. Didn't see this one. I'll try Monday. Forgot to take pro laptop.