<div dir="ltr">Francois,<div><br></div><div>I'll absolutely let you know how I get on. And if I get anything working well, I will publish an article on my blog.</div><div><br></div><div>Rob</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><font color="#351c75"><br></font></div><div><div style="font-size:small"><span style="color:rgb(53,28,117)">--</span><br></div><div style="font-size:small"><font color="#000000"><b>Rob Pomeroy</b>, </font><a href="https://www.isc2.org/cissp" style="color:rgb(11,83,148)" target="_blank"><font color="#0b5394">CISSP</font></a><font color="#0b5394" style="color:rgb(11,83,148)">, <a href="http://solicitors.lawsociety.org.uk/person/250541/robert-john-pomeroy" target="_blank"><font color="#0b5394">Solicitor</font></a> </font><b><font color="#000000">| </font></b><font color="#0b5394" style="color:rgb(11,83,148)"><a href="mailto:rob@pomeroy.me" style="color:rgb(11,83,148)" target="_blank">rob@pomeroy.me</a></font></div><div style="font-size:small"><a href="https://www.smashwords.com/books/view/78386" style="color:rgb(11,83,148)" target="_blank"><font color="#0b5394">My novel</font></a><font color="#0b5394"> | </font><font color="#0b5394"><a href="http://www.linkedin.com/in/robpomeroy" target="_blank"><font color="#0b5394">LinkedIn</font></a> | </font><a href="http://pomeroy.me/" style="color:rgb(11,83,148)" target="_blank"><font color="#0b5394">Personal blog</font></a><font color="#000000"> | </font><a href="http://geekanddummy.com/" style="color:rgb(11,83,148)" target="_blank"><font color="#0b5394">Geek & Dummy</font></a></div></div></div></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On 30 March 2018 at 10:58, Francois Armand <span dir="ltr"><<a href="mailto:francois.armand@normation.com" target="_blank">francois.armand@normation.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div class="m_8906814887648655182moz-cite-prefix">Hey, we would love to know more about
your integration with check_mk, and why not help you build a
Rudder plugin for that. Nowadays, we are trying to expend the
number of integration plugins, and along with CMDB like iTop,
monitoring software are the main proponent (we have a working
plugin for Centreon for ex). <br>
In particular, we would love to know if you are missing things in
Rudder integration api to reach your goal - and a compliance hook
will most likelly be one that list (see
<a class="m_8906814887648655182moz-txt-link-freetext" href="https://www.rudder-project.org/redmine/issues/11221" target="_blank">https://www.rudder-project.<wbr>org/redmine/issues/11221</a> or perhaps
even a full fledge event notification system). <br>
<br>
Cheers, <br><div><div class="h5">
<br>
On 30/03/2018 11:44, Rob Pomeroy wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">Hi Francois,
<div><br>
</div>
<div>Thank you for your very complete answers! Yes, I see what
you mean about the semantic/race condition on compliance
state.</div>
<div><br>
</div>
<div>I'll think about how best to express my change request for
an improved search interface.</div>
<div><br>
</div>
<div>In the meantime I need to stop being lazy and just take the
plunge with the API! My ultimate aim is to bring Rudder status
into Check_MK, so I have a single pane of glass for monitoring
and alerting. (We then integrate Check_MK with PagerDuty so we
can have the delight of being woken up in the middle of the
night when a disk fills.) I may also send events into Graylog.</div>
<div><br>
</div>
<div>Merci beaucoup!</div>
<div><br>
</div>
<div>Rob</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="m_8906814887648655182gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div><font color="#351c75"><br>
</font></div>
<div>
<div style="font-size:small"><span style="color:rgb(53,28,117)">--</span><br>
</div>
<div style="font-size:small"><font color="#000000"><b>Rob Pomeroy</b>, </font><a href="https://www.isc2.org/cissp" style="color:rgb(11,83,148)" target="_blank"><font color="#0b5394">CISSP</font></a><font style="color:rgb(11,83,148)" color="#0b5394">, <a href="http://solicitors.lawsociety.org.uk/person/250541/robert-john-pomeroy" target="_blank"><font color="#0b5394">Solicitor</font></a>
</font><b><font color="#000000">| </font></b><font style="color:rgb(11,83,148)" color="#0b5394"><a href="mailto:rob@pomeroy.me" style="color:rgb(11,83,148)" target="_blank">rob@pomeroy.me</a></font></div>
<div style="font-size:small"><a href="https://www.smashwords.com/books/view/78386" style="color:rgb(11,83,148)" target="_blank"><font color="#0b5394">My novel</font></a><font color="#0b5394"> | </font><font color="#0b5394"><a href="http://www.linkedin.com/in/robpomeroy" target="_blank"><font color="#0b5394">LinkedIn</font></a> | </font><a href="http://pomeroy.me/" style="color:rgb(11,83,148)" target="_blank"><font color="#0b5394">Personal blog</font></a><font color="#000000"> | </font><a href="http://geekanddummy.com/" style="color:rgb(11,83,148)" target="_blank"><font color="#0b5394">Geek & Dummy</font></a></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On 30 March 2018 at 10:26, Francois
Armand <span dir="ltr"><<a href="mailto:francois.armand@normation.com" target="_blank">francois.armand@normation.com</a><wbr>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span>
<div class="m_8906814887648655182m_2317477001855274966moz-cite-prefix">On
29/03/2018 15:59, Rob Pomeroy wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>This probably should be raised as a feature
request/issue - but I wanted the views of those on
this list first? (Also when I looked in the issue
log, there are many pages of issues there, so no
point adding another one if it wouldn't be a
priority.) :-)</div>
<div><br>
</div>
<div>I'd really like to be able to search by the
compliant state of nodes. It'd be handy to be able
to pull out just those nodes that require
attention. I have dozens and dozens of managed
nodes now and it's getting harder to find those
that need to be fixed.</div>
<div><br>
</div>
<div>So two things I'd be interested in:</div>
<div><br>
</div>
<div>
<ol>
<li>A search/dynamic group based on whether a
not a node is in a compliant state.</li>
<li>A way of finding nodes based on a period
between today's date and the last inventory
received. You can of course search based on a
fixed date, but I'm not sure what, if any,
functions can be used in the search box.
Something like last inventory date > now()
- 1 day.</li>
</ol>
<div><br>
</div>
<div>I couldn't find anything like this in the
online documentation or the interface. <span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">But
perhaps I've overlooked something that already
exists?</span></div>
<div><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br>
</span></div>
<div>Cheers,</div>
<div><br>
</div>
<div>Rob</div>
<div>
<div class="m_8906814887648655182m_2317477001855274966gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div><font color="#351c75"><br>
</font></div>
<div>
<div style="font-size:small"><span style="color:rgb(53,28,117)">-</span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</span> Hello Rob, <br>
<br>
Firstly, just to be sure you didn't miss that: you can
sort nodes in the "all node" list by compliance (click on
the "Compliance" column header to do so), so that help put
the one with red on top. <br>
<br>
Now, for your requests: <br>
<br>
1/ This one is interesting, but it's hard to get right in
the "group" workflow. First, there is the semantic problem
about what is the "compliance" number you want to match
on. Global compliance ? One state in particular ? It can
be sorted out, but with the current group search UI, our
tests make it cumbersome. <br>
But then, the real problem is in the feedback loop and
hysteris/instabilities it may introduce in your system.
Imagine you build such a group and make a rule on them.
Now, the rule depends on its outcome, with a propagation
travel time to take in account. Node may enter and get out
fast ("fast" as in "not many tickes", considering a "tick"
at rudder scale to be 5min). So that will multiply policy
generation, but the time they reach the nodes, perhaps the
dyn group already change again...<br>
<br>
So. To sum up, it is a not obvious problem to sort out
cleanly, and we are not yet at the point where we can go
there. <br>
<br>
So, in the meantime, we are solving the much more easier
problem of getting nice custom reports on compliance
(read-only, no feedback loop, nice graphs :). It will be
through a "compliance report" plugin that allows to build
custom reports with history of compliance evolution on
selected nodes/groups/rules/etc. It will be ready in the
very short term (coming weeks) and part of a commercial
offer for Rudder. If you are interested to learn more, I
can put you in touch with the relevant person. <br>
<br>
And in a hacky-already-work way of doing things, you can
use API + jq (<a class="m_8906814887648655182m_2317477001855274966moz-txt-link-freetext" href="https://stedolan.github.io/jq" target="_blank">https://stedolan.github.io/jq</a><wbr>)
to do what you want. For example, to get all nodes with
global compliance < 80%, you can do:<br>
<br>
<blockquote><font size="-2">% curl -k -H "X-API-Token:
xxxx" -H "Content-Type: application/json" -X GET '<a class="m_8906814887648655182m_2317477001855274966moz-txt-link-freetext" href="https://....rudder/api/latest/compliance/nodes?level=1" target="_blank">https://....rudder/api/latest<wbr>/compliance/nodes?level=1</a>'
|<b> jq '.data.nodes | sort_by(.compliance) |
map(select(.compliance < 80))' </b><br>
[<br>
{<br>
"id": "717b63d1-01fe-4d4f-a7e5-cfb7c<wbr>0d47b4f",<br>
"name": "<a href="http://debian-8-64.labo.normation.com" target="_blank">debian-8-64.labo.normation.co<wbr>m</a>",<br>
"compliance": 0,<br>
"mode": "full-compliance",<br>
"complianceDetails": {<br>
"unexpectedMissingComponent": 49.14,<br>
"unexpectedUnknownComponent": 50.86<br>
}<br>
}<br>
{<br>
"id": "0c846655-cb06-486f-ace4-eaeb1<wbr>1372097",<br>
"name": "<a href="http://centos-7-64.labo.normation.com" target="_blank">centos-7-64.labo.normation.co<wbr>m</a>",<br>
"compliance": 69.57,<br>
"mode": "full-compliance",<br>
"complianceDetails": {<br>
"successAlreadyOK": 30.43,<br>
"successNotApplicable": 34.78,<br>
"error": 30.43,<br>
"successRepaired": 4.35<br>
}<br>
}<br>
...<br>
]</font></blockquote>
<br>
2/ There is no particular function in the search box
appart from "is:" (for rule, node, group, parameter,
directive, rule) and "in:" (for attributes), as explained
in the doc here: <a class="m_8906814887648655182m_2317477001855274966moz-txt-link-freetext" href="https://orchestrateur-4.labo.normation.com/rudder-doc/search-nodes.html" target="_blank">https://orchestrateur-4.labo.n<wbr>ormation.com/rudder-doc/search<wbr>-nodes.html</a>
. Having a more complexe search language for the quick
search would be nice. Perhaps could you mind opening an
user story for that?<br>
<br>
In the meantime, you can again rely on APIs (yeah, that's
our swiss army knife ;). It will fullfill what I
understand of your need, more or less. <br>
More or less because medling with date format and date
difference is a nightmare in any language, put it's even
worse in the middle of a jq directive. So in place of
"selected range date", I give you "sorted, and select a
subsection of the resulting array". <br>
<br>
This command will give you the 3 nodes with the oldest
last inventory date (you can choose any slice in the
resulting array, of course): <br>
<blockquote><tt>% curl -k -H "X-API-Token:
dTxvl4eL8p3YqvwefVbaJLdy8DyEt7<wbr>Vw" -H
"Content-Type: application/json" -X GET
'<a class="m_8906814887648655182m_2317477001855274966moz-txt-link-freetext" href="https://orchestrateur-4.labo.normation.com/rudder/api/latest/nodes?include=minimal,lastInventoryDate" target="_blank">https://orchestrateur-4.labo.<wbr>normation.com/rudder/api/lates<wbr>t/nodes?include=minimal,lastIn<wbr>ventoryDate</a>'
| <b>jq '.data.nodes | sort_by(.lastInventoryDate) |
.[0:3]'</b></tt><tt><br>
</tt><tt><br>
</tt><tt>[</tt><tt><br>
</tt><tt> {</tt><tt><br>
</tt><tt> "id": "fc846655-cb06-486f-ace4-eaeb1<wbr>1372097",</tt><tt><br>
</tt><tt> "hostname": "sovma136",</tt><tt><br>
</tt><tt> "status": "accepted",</tt><tt><br>
</tt><tt> "lastInventoryDate": "2016-12-05 15:12"</tt><tt><br>
</tt><tt> },</tt><tt><br>
</tt><tt> {</tt><tt><br>
</tt><tt> "id": "8b168194-c0b4-41ab-b2b5-9571a<wbr>8906d59",</tt><tt><br>
</tt><tt> "hostname": "<a href="http://debian-5-64.labo.normation.com" target="_blank">debian-5-64.labo.normation.co<wbr>m</a>",</tt><tt><br>
</tt><tt> "status": "accepted",</tt><tt><br>
</tt><tt> "lastInventoryDate": "2017-02-01 17:06"</tt><tt><br>
</tt><tt> },</tt><tt><br>
</tt><tt> {</tt><tt><br>
</tt><tt> "id": "94b6d33d-a23e-46b9-b5f8-97175<wbr>1bebcbb",</tt><tt><br>
</tt><tt> "hostname": "ubuntu-16-04-64",</tt><tt><br>
</tt><tt> "status": "accepted",</tt><tt><br>
</tt><tt> "lastInventoryDate": "2018-03-30 02:02"</tt><tt><br>
</tt><tt> }</tt><tt><br>
</tt><tt>]</tt><br>
</blockquote>
<br>
And here come the link toward jq manual: <a class="m_8906814887648655182m_2317477001855274966moz-txt-link-freetext" href="https://stedolan.github.io/jq/manual" target="_blank">https://stedolan.github.io/jq/<wbr>manual</a><br>
jq is globally hard, but you can get a lots of things done
with it. <br>
<br>
Hope it helps, <br>
<br>
<div class="m_8906814887648655182m_2317477001855274966moz-signature">-- <br>
<br>
<br>
<table width="380" cellspacing="2" cellpadding="0" border="0">
<tbody>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><b><img alt="" src="cid:part17.618D4B2A.631BDBC2@normation.com" width="50" align="left" height="50" hspace="10"> <span class="m_8906814887648655182m_2317477001855274966sig">François
ARMAND</span></b><br>
<span class="m_8906814887648655182m_2317477001855274966sig"><i>Co-founder
& CTO</i></span><br>
<span class="m_8906814887648655182m_2317477001855274966sig"><a class="m_8906814887648655182m_2317477001855274966redlink" href="http://www.normation.com" target="_blank">Normation</a></span>
</td>
</tr>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><span class="m_8906814887648655182m_2317477001855274966sigsmall"><b>87
rue de Turbigo, 75003 Paris, France</b></span></td>
</tr>
<tr>
<td><span class="m_8906814887648655182m_2317477001855274966sigsmall">Telephone:</span></td>
<td><span class="m_8906814887648655182m_2317477001855274966sigsmall"><a href="tel:+33%201%2083%2062%2099%2023" value="+33183629923" target="_blank">+33 (0)1 83 62 99 23</a></span></td>
</tr>
<tr>
<td><span class="m_8906814887648655182m_2317477001855274966sigsmall">Mobile:</span></td>
<td><span class="m_8906814887648655182m_2317477001855274966sigsmall"><a href="tel:+33%206%2063%2037%2060%2055" value="+33663376055" target="_blank">+33 (0)6 63 37 60 55</a></span></td>
</tr>
<tr>
<td colspan="2">
<hr></td>
</tr>
</tbody>
</table>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<p><br>
</p>
<div class="m_8906814887648655182moz-signature">-- <br>
<br>
<br>
<table width="380" cellspacing="2" cellpadding="0" border="0">
<tbody>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><b><img alt="" src="cid:part17.618D4B2A.631BDBC2@normation.com" width="50" align="left" height="50" hspace="10"> <span class="m_8906814887648655182sig">François ARMAND</span></b><br>
<span class="m_8906814887648655182sig"><i>Co-founder & CTO</i></span><br>
<span class="m_8906814887648655182sig"><a class="m_8906814887648655182redlink" href="http://www.normation.com" target="_blank">Normation</a></span> </td>
</tr>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><span class="m_8906814887648655182sigsmall"><b>87 rue de Turbigo,
75003 Paris, France</b></span></td>
</tr>
<tr>
<td><span class="m_8906814887648655182sigsmall">Telephone:</span></td>
<td><span class="m_8906814887648655182sigsmall"><a href="tel:+33%201%2083%2062%2099%2023" value="+33183629923" target="_blank">+33 (0)1 83 62 99 23</a></span></td>
</tr>
<tr>
<td><span class="m_8906814887648655182sigsmall">Mobile:</span></td>
<td><span class="m_8906814887648655182sigsmall"><a href="tel:+33%206%2063%2037%2060%2055" value="+33663376055" target="_blank">+33 (0)6 63 37 60 55</a></span></td>
</tr>
<tr>
<td colspan="2">
<hr></td>
</tr>
</tbody>
</table>
</div>
</div></div></div>
</blockquote></div><br></div>