3

How can I make Rudder set a config dynamically depending on which node it is applying the directive?

For e.g. - Managing hundreds of nodes, each is supposed to have a file 'storage_password' which contains a 32-digit password, unique to each node.

Creating a unique tuple of [directive, rule, group] for every single node feels obviously wrong, and seems messy and unnecessary.

I thought about dynamic variables, in the sense of ($prefix_${variable_suffix}), where variable_suffix = "hostA", and there's a variable called prefix_hostA, which would contain the password. The variable_suffix would be the hostname of the node.

However, I'm not sure if this is possible, or even if it'd be the more recommended approach.

The variable dict method seems like it could be a way, but I'm not sure if it can be used in directives, and am currently having trouble getting it to work.

How best should I proceed?

I mentioned the password case, but there are other situations I'd need some behavior like that as well, like setting vpn configs for each node.

Background: The company is migrating from Puppet to Rudder, and I'm tasked with mirroring Rudder with the reasonably simple functionalities they've been using on Puppet. With Puppet, the above task is quite easy.

Vinícius M
  • 153
  • 7

1 Answers1

4

There is several ways to do that - and you are right that building a rule for each node is not the correct one :)

Depending of the more general context, follows a list of possibilities:

Node properties

The most common way to do that is to use node properties, i.e properties that are specific to each node and can be user in directives. The documentation is here: https://docs.rudder.io/reference/5.0/usage/advanced_configuration_management.html#_node_properties And you are an use case example in the getting started manual: definition https://docs.rudder.io/get-started/current/node-management/data.html and usage: https://docs.rudder.io/get-started/current/advanced-configuration/apply.html

A node can have "local override" for node properties, ie the property value that can be defined on the node file system, not in Rudder Node detail (also explained in https://docs.rudder.io/reference/5.0/usage/advanced_configuration_management.html#_node_properties)

You can sync node properties from external rest API with the "data sources" rudder plugin https://docs.rudder.io/reference/5.0/plugins/datasources.html

Variables from node environement

You can define variables from things on the node, like file content, command output, etc.

You can define such variable with Variable techniques (in "Miscellaneous" category) in standard library. For example, the Variable from JSON file (dict) allows to load a json file as variables that can be used in directive parameters with the syntaxe ${variable_prefix.variable_name[json-key][json-subkey]}. There is also variable from command, or variable (string).

You have the corresponding generic methods if you build a technique from the technique editor: look for methods in the "Variable" category, for example "variable from command" that allows (suspens) to create a variable from the result of a command ; or in the case of a json file content, as you told, "variable dict from prefix". These methods can be used in directive, too.

Be careful that when you use these directives, you need to define the variable before they are used, so check your policy order: https://docs.rudder.io/reference/5.0/usage/advanced_configuration_management.html#_directives_ordering

Templating

If you need more involved templating work, you can use jinja or mustache as explained here: https://docs.rudder.io/rudder-by-example/current/files/advanced-file-templating.html

Vault

In Rudder 5.0, we added a Vault plugin that allows to get secret from (suspens, again) a Vault installation: https://github.com/Normation/rudder-plugins/tree/master/vault

Older resources

You can find some information about how it used to be done in forgoten times without the : https://www.mauras.ch/rudder-fun-with-variables.html

One more thing

That's not directly related to your problem, but as it's the opposite one, it can be relevant. Sometime, you want to get inventory information from nodes that are not in the standard inventory data, and then use these data to build groups, you can extend inventory with "node inventory hook": https://docs.rudder.io/reference/5.0/usage/advanced_node_management.html#extend-nodes-inventory

Hope it helps!

fanf42
  • 251
  • 1
  • 9
  • I forgot that you can use JS in directive variables to have generation time parameter construction with JS as a prog language (for ex to concatenate, etc): https://docs.rudder.io/reference/5.0/usage/advanced_configuration_management.html#_javascript_evaluation_in_directives – fanf42 Oct 04 '18 at 15:03