<div dir="ltr">Hi Francois,<div><br></div><div>Thank you for your very complete answers! Yes, I see what you mean about the semantic/race condition on compliance state.</div><div><br></div><div>I'll think about how best to express my change request for an improved search interface.</div><div><br></div><div>In the meantime I need to stop being lazy and just take the plunge with the API! My ultimate aim is to bring Rudder status into Check_MK, so I have a single pane of glass for monitoring and alerting. (We then integrate Check_MK with PagerDuty so we can have the delight of being woken up in the middle of the night when a disk fills.) I may also send events into Graylog.</div><div><br></div><div>Merci beaucoup!</div><div><br></div><div>Rob</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><font color="#351c75"><br></font></div><div><div style="font-size:small"><span style="color:rgb(53,28,117)">--</span><br></div><div style="font-size:small"><font color="#000000"><b>Rob Pomeroy</b>, </font><a href="https://www.isc2.org/cissp" style="color:rgb(11,83,148)" target="_blank"><font color="#0b5394">CISSP</font></a><font color="#0b5394" style="color:rgb(11,83,148)">, <a href="http://solicitors.lawsociety.org.uk/person/250541/robert-john-pomeroy" target="_blank"><font color="#0b5394">Solicitor</font></a> </font><b><font color="#000000">| </font></b><font color="#0b5394" style="color:rgb(11,83,148)"><a href="mailto:rob@pomeroy.me" style="color:rgb(11,83,148)" target="_blank">rob@pomeroy.me</a></font></div><div style="font-size:small"><a href="https://www.smashwords.com/books/view/78386" style="color:rgb(11,83,148)" target="_blank"><font color="#0b5394">My novel</font></a><font color="#0b5394"> | </font><font color="#0b5394"><a href="http://www.linkedin.com/in/robpomeroy" target="_blank"><font color="#0b5394">LinkedIn</font></a> | </font><a href="http://pomeroy.me/" style="color:rgb(11,83,148)" target="_blank"><font color="#0b5394">Personal blog</font></a><font color="#000000"> | </font><a href="http://geekanddummy.com/" style="color:rgb(11,83,148)" target="_blank"><font color="#0b5394">Geek & Dummy</font></a></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On 30 March 2018 at 10:26, Francois Armand <span dir="ltr"><<a href="mailto:francois.armand@normation.com" target="_blank">francois.armand@normation.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span class="">
<div class="m_2317477001855274966moz-cite-prefix">On 29/03/2018 15:59, Rob Pomeroy wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>This probably should be raised as a feature request/issue -
but I wanted the views of those on this list first? (Also when
I looked in the issue log, there are many pages of issues
there, so no point adding another one if it wouldn't be a
priority.) :-)</div>
<div><br>
</div>
<div>I'd really like to be able to search by the compliant state
of nodes. It'd be handy to be able to pull out just those
nodes that require attention. I have dozens and dozens of
managed nodes now and it's getting harder to find those that
need to be fixed.</div>
<div><br>
</div>
<div>So two things I'd be interested in:</div>
<div><br>
</div>
<div>
<ol>
<li>A search/dynamic group based on whether a not a node is
in a compliant state.</li>
<li>A way of finding nodes based on a period between today's
date and the last inventory received. You can of course
search based on a fixed date, but I'm not sure what, if
any, functions can be used in the search box. Something
like last inventory date > now() - 1 day.</li>
</ol>
<div><br>
</div>
<div>I couldn't find anything like this in the online
documentation or the interface. <span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">But
perhaps I've overlooked something that already exists?</span></div>
<div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br>
</span></div>
<div>Cheers,</div>
<div><br>
</div>
<div>Rob</div>
<div>
<div class="m_2317477001855274966gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div><font color="#351c75"><br>
</font></div>
<div>
<div style="font-size:small"><span style="color:rgb(53,28,117)">-</span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br></span>
Hello Rob, <br>
<br>
Firstly, just to be sure you didn't miss that: you can sort nodes in
the "all node" list by compliance (click on the "Compliance" column
header to do so), so that help put the one with red on top. <br>
<br>
Now, for your requests: <br>
<br>
1/ This one is interesting, but it's hard to get right in the
"group" workflow. First, there is the semantic problem about what is
the "compliance" number you want to match on. Global compliance ?
One state in particular ? It can be sorted out, but with the current
group search UI, our tests make it cumbersome. <br>
But then, the real problem is in the feedback loop and
hysteris/instabilities it may introduce in your system. Imagine you
build such a group and make a rule on them. Now, the rule depends on
its outcome, with a propagation travel time to take in account. Node
may enter and get out fast ("fast" as in "not many tickes",
considering a "tick" at rudder scale to be 5min). So that will
multiply policy generation, but the time they reach the nodes,
perhaps the dyn group already change again...<br>
<br>
So. To sum up, it is a not obvious problem to sort out cleanly, and
we are not yet at the point where we can go there. <br>
<br>
So, in the meantime, we are solving the much more easier problem of
getting nice custom reports on compliance (read-only, no feedback
loop, nice graphs :). It will be through a "compliance report"
plugin that allows to build custom reports with history of
compliance evolution on selected nodes/groups/rules/etc. It will be
ready in the very short term (coming weeks) and part of a commercial
offer for Rudder. If you are interested to learn more, I can put you
in touch with the relevant person. <br>
<br>
And in a hacky-already-work way of doing things, you can use API +
jq (<a class="m_2317477001855274966moz-txt-link-freetext" href="https://stedolan.github.io/jq" target="_blank">https://stedolan.github.io/jq</a><wbr>) to do what you want. For example,
to get all nodes with global compliance < 80%, you can do:<br>
<br>
<blockquote><font size="-2">% curl -k -H "X-API-Token: xxxx" -H
"Content-Type: application/json" -X GET
'<a class="m_2317477001855274966moz-txt-link-freetext" href="https://....rudder/api/latest/compliance/nodes?level=1" target="_blank">https://....rudder/api/<wbr>latest/compliance/nodes?level=<wbr>1</a>' |<b> jq
'.data.nodes | sort_by(.compliance) | map(select(.compliance
< 80))' </b><br>
[<br>
{<br>
"id": "717b63d1-01fe-4d4f-a7e5-<wbr>cfb7c0d47b4f",<br>
"name": "<a href="http://debian-8-64.labo.normation.com" target="_blank">debian-8-64.labo.normation.<wbr>com</a>",<br>
"compliance": 0,<br>
"mode": "full-compliance",<br>
"complianceDetails": {<br>
"unexpectedMissingComponent": 49.14,<br>
"unexpectedUnknownComponent": 50.86<br>
}<br>
}<br>
{<br>
"id": "0c846655-cb06-486f-ace4-<wbr>eaeb11372097",<br>
"name": "<a href="http://centos-7-64.labo.normation.com" target="_blank">centos-7-64.labo.normation.<wbr>com</a>",<br>
"compliance": 69.57,<br>
"mode": "full-compliance",<br>
"complianceDetails": {<br>
"successAlreadyOK": 30.43,<br>
"successNotApplicable": 34.78,<br>
"error": 30.43,<br>
"successRepaired": 4.35<br>
}<br>
}<br>
...<br>
]</font></blockquote>
<br>
2/ There is no particular function in the search box appart from
"is:" (for rule, node, group, parameter, directive, rule) and "in:"
(for attributes), as explained in the doc here:
<a class="m_2317477001855274966moz-txt-link-freetext" href="https://orchestrateur-4.labo.normation.com/rudder-doc/search-nodes.html" target="_blank">https://orchestrateur-4.labo.<wbr>normation.com/rudder-doc/<wbr>search-nodes.html</a>
. Having a more complexe search language for the quick search would
be nice. Perhaps could you mind opening an user story for that?<br>
<br>
In the meantime, you can again rely on APIs (yeah, that's our swiss
army knife ;). It will fullfill what I understand of your need, more
or less. <br>
More or less because medling with date format and date difference is
a nightmare in any language, put it's even worse in the middle of a
jq directive. So in place of "selected range date", I give you
"sorted, and select a subsection of the resulting array". <br>
<br>
This command will give you the 3 nodes with the oldest last
inventory date (you can choose any slice in the resulting array, of
course): <br>
<blockquote><tt>% curl -k -H "X-API-Token:
dTxvl4eL8p3YqvwefVbaJLdy8DyEt7<wbr>Vw" -H "Content-Type:
application/json" -X GET
'<a class="m_2317477001855274966moz-txt-link-freetext" href="https://orchestrateur-4.labo.normation.com/rudder/api/latest/nodes?include=minimal,lastInventoryDate" target="_blank">https://orchestrateur-4.labo.<wbr>normation.com/rudder/api/<wbr>latest/nodes?include=minimal,<wbr>lastInventoryDate</a>'
| <b>jq '.data.nodes | sort_by(.lastInventoryDate) | .[0:3]'</b></tt><tt><br>
</tt><tt><br>
</tt><tt>[</tt><tt><br>
</tt><tt> {</tt><tt><br>
</tt><tt> "id": "fc846655-cb06-486f-ace4-<wbr>eaeb11372097",</tt><tt><br>
</tt><tt> "hostname": "sovma136",</tt><tt><br>
</tt><tt> "status": "accepted",</tt><tt><br>
</tt><tt> "lastInventoryDate": "2016-12-05 15:12"</tt><tt><br>
</tt><tt> },</tt><tt><br>
</tt><tt> {</tt><tt><br>
</tt><tt> "id": "8b168194-c0b4-41ab-b2b5-<wbr>9571a8906d59",</tt><tt><br>
</tt><tt> "hostname": "<a href="http://debian-5-64.labo.normation.com" target="_blank">debian-5-64.labo.normation.<wbr>com</a>",</tt><tt><br>
</tt><tt> "status": "accepted",</tt><tt><br>
</tt><tt> "lastInventoryDate": "2017-02-01 17:06"</tt><tt><br>
</tt><tt> },</tt><tt><br>
</tt><tt> {</tt><tt><br>
</tt><tt> "id": "94b6d33d-a23e-46b9-b5f8-<wbr>971751bebcbb",</tt><tt><br>
</tt><tt> "hostname": "ubuntu-16-04-64",</tt><tt><br>
</tt><tt> "status": "accepted",</tt><tt><br>
</tt><tt> "lastInventoryDate": "2018-03-30 02:02"</tt><tt><br>
</tt><tt> }</tt><tt><br>
</tt><tt>]</tt><br>
</blockquote>
<br>
And here come the link toward jq manual:
<a class="m_2317477001855274966moz-txt-link-freetext" href="https://stedolan.github.io/jq/manual" target="_blank">https://stedolan.github.io/jq/<wbr>manual</a><br>
jq is globally hard, but you can get a lots of things done with it.
<br>
<br>
Hope it helps, <br>
<br>
<div class="m_2317477001855274966moz-signature">-- <br>
<br>
<br>
<table width="380" cellspacing="2" cellpadding="0" border="0">
<tbody>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><b><img alt="" src="cid:part1.807EE64B.7C2D9DF2@normation.com" width="50" align="left" height="50" hspace="10"> <span class="m_2317477001855274966sig">François ARMAND</span></b><br>
<span class="m_2317477001855274966sig"><i>Co-founder & CTO</i></span><br>
<span class="m_2317477001855274966sig"><a class="m_2317477001855274966redlink" href="http://www.normation.com" target="_blank">Normation</a></span> </td>
</tr>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><span class="m_2317477001855274966sigsmall"><b>87 rue de Turbigo,
75003 Paris, France</b></span></td>
</tr>
<tr>
<td><span class="m_2317477001855274966sigsmall">Telephone:</span></td>
<td><span class="m_2317477001855274966sigsmall"><a href="tel:+33%201%2083%2062%2099%2023" value="+33183629923" target="_blank">+33 (0)1 83 62 99 23</a></span></td>
</tr>
<tr>
<td><span class="m_2317477001855274966sigsmall">Mobile:</span></td>
<td><span class="m_2317477001855274966sigsmall"><a href="tel:+33%206%2063%2037%2060%2055" value="+33663376055" target="_blank">+33 (0)6 63 37 60 55</a></span></td>
</tr>
<tr>
<td colspan="2">
<hr></td>
</tr>
</tbody>
</table>
</div>
</div>
</blockquote></div><br></div>