Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Raphael Gauthier
    @RaphaelGauthier
    setup-2.png
    setup-1.png

    Hi all, we are adding a feature in Rudder 7.0 to help new users to set up their Rudder correctly. This form will allow users to link their Rudder accounts (to download and update their plugins automatically), define the level of metrics sharing, and provide some useful links (doc, getting started...). We would like to add more configurations such as "allowed networks" and many others, to get a well configured and ready to use Rudder once the setup is complete.

    This form appears the first time a root user logs in. The user can skip it, or restart it at any time from the "Settings" menu.

    Here is an overview, keep in mind that this is still in development. We need to work on texts and animations to make it easy tu use, but early feedbacks are welcome :)
    What do you think about it? Which setting(s) should we add?

    Nicolas Charles
    @ncharles
    Awesome ! I think it is missing tooltip or info about what is what - espacially the Rudder Account which can be confusing
    pmg
    @pmg7557_twitter
    Hi All, I wrote a technique "ipv6" that returns True/False whether IP ipv6 is present or not. It works well in my config policies. Now I want to create a dynamic group based on this but I did not found how to do ... Thanks in advance for any advice.
    pmg
    @pmg7557_twitter
    Found, I just created a property.
    Nicolas Charles
    @ncharles
    Great idea !
    pmg
    @pmg7557_twitter
    Hello. I don't understand, in the directive "File content" there are the checkbox "Create the file if it doesn't exist" and "Create only" (If true, the file will be created if it doesn't exist, and only then. If the file already exists, it will be left untouched.) . What's the difference ?
    Alexis Mousset
    @amousset:matrix.org
    [m]
    • Create the file if it doesn't exist => if not checked and the file does not exist, it will not be created
    • Create only : if the file already exist, do not edit it.
    pmg
    @pmg7557_twitter
    ... do not edit it ? via the next directives (Section : File content , ... ) Yes?
    Alexis Mousset
    @amousset:matrix.org
    [m]
    Yes it skips the file completely afaik
    pmg
    @pmg7557_twitter
    Thanks @amousset
    Steev Hise
    @steevhise
    hi question about the debian package install/update technique - i thought i remembered post hooks command options for that but now don't see them... was that removed at some point?
    Steev Hise
    @steevhise
    i'm trying to come up with a strategy to make rudder keep a package held except when it wants to upgrade the package. to stop other tools or humans from accidentally upgrading on certain nodes. i thought if there were pre and post hook commands for package update technique, it would be easy. but now i see there's not so wondering what would be another way.... thanks for any advice...
    Francois Armand
    @fanf
    hello @steevhise , I'm not sure about what you want to do - how do you want to prevent other tools to update packages ? Do a apt-mark hold/unhold around rudder checks ? I think you can do that with you own technique from the editor (with exec command apt-mark unhold, then package method, then exec command apt-mark hold). What would be the logic for rudder to update a package ? You would give it the target version to use?
    Steev Hise
    @steevhise
    yes exactly
    just like the existing debian package technique, but with unhold and hold before and after....
    so maybe i should clone that and try adding to it...?
    peckpeck
    @peckpeck
    you must create a new technique to do that, since we currently don't have pre-hooks in the package technique
    you cannot clone the existing one because it has not been created with the technique editor
    but a new one is not very hard to create since it is mostly a wrapper around the call to package_present
    Matt
    @little-bear-creator
    Hello everyone, I'm seeking help for a rudder-agent error. I'm not very familiar with Gitter so I supose I can ask for help here ? I've posted my problem here : https://serverfault.com/questions/1065407/rudder-server-cant-receive-pending-nodes-there-is-no-readable-input-file-at
    peckpeck
    @peckpeck
    that's surprising that /var/rudder/cfengine-community/inputs/failsafe.cf doesn't exist, but the command rudder agent reset should be able to re create it
    Matt
    @little-bear-creator
    I still have the same error output after the command. I found an error in apache2's log and it seems that my rudder-server has a bad ssl certificate :[ssl:warn] [pid 335:tid 140230402913408] AH01906: rudder-v3.nx-domain.lan:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    Alexis Mousset
    @amousset
    @little-bear-creator this warning is harmless and not the cause of the problem
    could you post the rudder agent check output?
    :warning: :lock: Rudder 6.1.13 and 6.2.7 releases contain a fix for a vulnerability to brute-force attacks on local user authentication. If you are using the file authentication provider (i.e. not an LDAP/AD/radius server) with bcrypt password storage (introduced by default since 6.1), you should upgrade your Rudder server to one of these versions.
    Suvi
    @Suvi8

    hello guys

    can someone tell me how to use the group properties in the technique as a condition?

    Matt
    @little-bear-creator

    @amousset okay, my rudder-server and my rudder agent have the 6.2.7 rudder version, the output of rudder agent checkout is :

     rudder agent check
    INFO: Policies absent, restoring initial version, and updating ...R: Initial policies have been successfully downloaded from the policy server
    ok: Rudder agent policies were updated.
    ok: Rudder agent state has been reset.
     Done
    WARNING: Policies invalid, reseting to initial policies and updating...R: Initial policies have been successfully downloaded from the policy server
    ok: Rudder agent policies were updated.
    ok: Rudder agent state has been reset.
     Done
    INFO: Inventory older than 3 days, resending ...Rudder agent 6.2.7-debian10
    Node uuid: 2fa23f96-6918-49e0-8e4b-a10eb73f3954
       error: There is no readable input file at '/var/rudder/cfengine-community/inputs/promises.cf'. (stat: No such file or directory)
       error: Error reading CFEngine policy. Exiting...
    info     Rudder agent was run on a subset of policies - not all policies were checked
    
    ## Summary #####################################################################
    0 components verified in 1 directives
    Execution time: 0.00s
    ################################################################################

    I found an issue with the rudder-server certificate, I'm going to investigate it. Thank you for your time I will keep you updated if I find anything !

    Suvi
    @Suvi8

    Hello guys,

    I have installed the Agent in a VM and want to reset the Agent-ID before this VM is converted into a template.

    rudder agent factory-reset, does not this job, because it will auto create new ID, instead i need to only to delete the Agent-ID without creating new ID.

    Nicolas Charles
    @ncharles
    You can manually remove all informations:
    rudder agent reset
    rm -f /var/rudder/cfengine-community/ppkeys/*
    rm -f /opt/rudder/etc/ssl/agent.cert
    rm -f /opt/rudder/etc/uuid.hive
    rm -rf /opt/rudder/var/fusioninventory/*
    rm -rf /var/rudder/tmp/inventory/*
    Suvi
    @Suvi8
    @ncharles thanks

    @ncharles

    Can you tell me pls, how to use the group properties in the technique as a condition?

    Nicolas Charles
    @ncharles
    Hi @Suvi8 . Group properties are key-values, they cannot be used directly as a condition
    however, you can use "Condition from variable match" generic method to check if the group proporty as a specific value (or even exists)
    Norberto Aquino
    @norbertoaquino
    Hi! I'am using version 6.1.3 in rudder server. There are any routine/configuration for delete files in folder /var/rudder/reports/failed?
    Alexis Mousset
    @amousset:matrix.org
    [m]
    Hi, it does not seem so! How many files do you have in this folder?
    Norberto Aquino
    @norbertoaquino
    @amousset:matrix.org A lot of files... the size this folder: 7GB. Files since 2021-06-01.
    Alexis Mousset
    @amousset:matrix.org
    [m]
    This is really unexpected. Is the compliance ok on you server?
    do you have recent files in the folder?
    if so, do you have errors in journalctl -u rudder-relayd output?
    Alexis Mousset
    @amousset:matrix.org
    [m]
    A cleanup will be done automatically in the next patch release Normation/rudder#3677
    Norberto Aquino
    @norbertoaquino
    @amousset:matrix.org I has a script that update properties for all nodes along the day (i have more than 1000 nodes in my server). For each update, rudder-relayd service reload and this is cause failed on reports. I fixed script to update properties only if the properties is changed. Solved!!!
    Nicolas Charles
    @ncharles
    rudder-relayd should reload only if policy generation changed something, so only if a property changed - else it's a bug
    xlbt
    @xlbt
    Hello,
    Sorry if the question is too obvious, but is it possible in a condition of a method to say "redhat 7 or redhat 8" or "all redhat version except redhat 6"?
    Thanks
    Alexis Mousset
    @amousset:matrix.org
    [m]
    Hello, it's possible but you can' do it with the OS selection drop-down interface, you need to write the condition manually in the "Other conditions" field. In your example it would be redhat_7|redhat_8 and redhat.!redhat_6
    you can get the system conditions (which include the OS conditions defined on a node with rudder agent info -v (last section)
    the logical operators are . for and, | for or, ! for not and parenthesis for grouping
    you can find a summary of this in the conditions section of the cheatsheet https://docs.rudder.io/files/rudder-cheatsheet-advanced.pdf
    pmg
    @pmg7557_twitter
    Hi all. I have a small config (25 hosts) and use rudder to alert me, let say for example to the free disk memory available on each host. To do thiis, I setup a property with this value. What is the best way to retrieve an historic of this values and/or best tool to directly display the historic on a graphic.