normation/rudder

Continuous Auditing & Configuration - please speak english and be nice ;)

Fdall

@Fdall

Currently Rudder does not offer a pretty way to use a method as an audit condition, which means you won't easily be able to do that. You have 2 solutions here:

use the package_check_install method in the technique editor, but I am pretty sure that it is based on our old package lib which is not super reliable and will soon be deprecated.
The other solution is to define a group based on the presence of the package on the nodes, and use a dedicated rule to apply the configuration to this group. The drawback is that the groups are based on the inventories which is only run one time per day. So this will induce a potential initial delay in your config deployment if you do not force an inventory after the installation of this pakcage.

Elenui

@Elenui

I see. Is it possible to use a property from my node as a condition to deploy or not the file ? The idea is to configure all my snmpd's conf. So create a dédicated rule for each type of server seem pretty overkill and a pain to maintain.

So far the package_check_install works like a charm except the error if the package is not present. Note that it does what I want but the dashboard is not clean XD.

Thanks again @Fdall for your help. And thanks the team for this absolute gem :)

Fdall

@Fdall

You can define properties on a global/group/node basis. There is a hierarchical inheritance between the elements at generation time.
If you want to define conditions usable anywhere in a technique (and not just in a template), to prevent the execution of some methods in it for instance, you can try to use the condition_from_variable_* methods. They are a bit tricky but they are well documented.
Try to use those and a set of templates if the configuration is pretty complex. Let me know if you find a pretty way configure it.

Elenui

@Elenui

ohh interesting. Didn't see this one. I'll try Monday. Forgot to take pro laptop.

Thanks again @Fdall :)

Elenui

@Elenui

Hello, so I tried with condition from variable and check path exist. If the path / var match it's ok. But if not it trow a error

I'll keep that way. It's not pretty but it work.

Fdall

@Fdall

Great :thumbsup: the error should only be thrown if the variable does not exist at all. It is avoidable but quite tricky and ugly. In 7.0 you will be able to disable the reporting of specific method calls so do not worry too much, it should be easily fixable in the near future.

Elenui

@Elenui

Noice :p

In the version 7, will be a way to upload a file from the agent to the rudder ? I know there is a method with uid. But I think it wont work for my purpose. The idea is to get all ssl certificate create by letsencrypt and upload it to the agent to be deploy on each haproxy node ^^"

Fdall

@Fdall

No idea there, maybe @amousset:matrix.org might be more familiar with this subject

Elenui

@Elenui

ah :o

lpwevers

@lpwevers

Hi,

I'm not sure if this is the right place to ask, but as of today I found that there seems to be an issue with the SLES15 repository for installing the rudder agent. When trying to install I get this error message:

Retrieving repository 'Rudder' metadata ...................................................................[error]
Repository 'Rudder' is invalid.
[Rudder|http://repository.rudder.io/rpm/latest/SLES_15/] Valid metadata not found at specified URL
History:

File './repodata/14905c9aca00db9cada7f0ba89e8d9f3dd3a670f1e1e02e67bc0fbab0ab49583-primary.xml.gz' not found on medium 'http://repository.rudder.io/rpm/latest/SLES_15/'
Can't provide ./repodata/14905c9aca00db9cada7f0ba89e8d9f3dd3a670f1e1e02e67bc0fbab0ab49583-primary.xml.gz

It looks like the primary.xml.gz was replaced with c558b0dc22b12134408b6e1baf7e2c369b45c3dd23e1247fe4c533a11467e4e0-primary.xml.gz.

Can this please be fixed?

Vincent Membré

@VinceMacBuche

Hello @lpwevers You're definitely in the right place (or at least, one of them) !

Can you run zypper refresh before installing ? does the repository was installed more than a week ago ?

14905c9aca00db9cada7f0ba89e8d9f3dd3a670f1e1e02e67bc0fbab0ab49583-primary.xml.gz was made for 6.2.10 release of Rudder

we released a 6.2.11 last week and thus, the metadata has chanegd (latest repository is updated with the latest available version )

lpwevers

@lpwevers

Hi, @VinceMacBuche. Thanks for your prompt reply. This was a new and fresh installation. For some reason it's working now. I have a feeling the proxy server on our side used a cached value for the old repository. The repository is working for 6.2.11 now as it should.

Vincent Membré

@VinceMacBuche

Great! you're welcome! Yes probably a cached value somewhere ...

Benjamin Dupalut

@binibitobi_gitlab

Hi everyone,

I am coming to ask you for help. I don't know how to verify that a file has a specific string. I can check if an entire line exists but not just a string.

Elenui

@Elenui

Hello, not an expert, but maybe u can use a command execution

with a little script

If string exit 0 ; else exit 2

Maybe with this instruction ?

Elenui

@Elenui

but maybe there is another way to do it cleaner ^^"

Nicolas Charles

@ncharles

Hi @binibitobi_gitlab . Is it a specific string as in a key=value to check a value, or something else ?

if the format is normalized, you may want to have a look at augeas method

if it's in a key=value type of context, you can check all the file key value methods (there are multiple variations)

Benjamin Dupalut

@binibitobi_gitlab

Hello @ncharles ,

Thanks for your feedback.

Currently, I am trying to verify that our rsyslog server is configured correctly in our clients' /etc/rsyslog.conf file. So I need to make sure that the @ syslog.xxxxxx.xxx: 514 string is present in the file.

I tried using the augeas method but whether the string is present or not, it shows me "Compliant".

Elenui

@Elenui

why are you not using the template for your rsyslog ?

that way you will be sure that your file is setup the right way.

Elenui

@Elenui

And it'll enforce your string no matter what it happen

Benjamin Dupalut

@binibitobi_gitlab

Hello @Elenui ,

I'm not sure I understand. If you propose to use a single template for the rsyslog.conf file on all my servers, this is not possible because the configuration should not be the same depending on the services running on the server.

Elenui

@Elenui

Yes

You can set up some properties like : servertype : Front

and inside your jinja template create a condition that will generate the perfect configuration file for you server

I use the copy from remote template to do this for all my snmpd.conf

For doing this I use the local properties. I created a small script that scan the server and create a properties files

when snmpd conf jobs runs it'll use the local properties and generate the snmpd.conf that fit the server


{%- if vars.node.properties.role.useSSL %}
extend check_ssl /usr/bin/sudo /opt/snmp/check_ssl_validity.sh
{%- endif %}

for exemple

And with this way you have one template to manage with your git repo and if you make change it'll be deploy on all server

Benjamin Dupalut

@binibitobi_gitlab

Thank you for the explanations. I can use it for other files but the rsyslog.conf is different from one server to another because the services running and logging are not the same.

Elenui

@Elenui

The all file is different ? `

all server are different *

Benjamin Dupalut

@binibitobi_gitlab

Each server does not have a different rsyslog.conf file configuration. Two DNS servers will have the same configuration, for example. But a DHCP server and a DNS server will not have the same configuration for example.

Elenui

@Elenui

understand ^^

Where communities thrive

People

Repo info

Activity