Rudder is a new open source tool in the configuration management domain. Its aim is not to reinvent the technical wheel, but to provide a new way to drive our infrastructure.
Specifically aimed at drift assessment, it addresses automation, ongoing verification and repairs, centralizing information and knowledge about your infrastructure, compliance reporting... thus helping to keep drift from nominal behavior low. Built upon a standard CFEngine architecture (and other open source components).
This talk will show how Rudder's approach enables everyone in the IT department to benefit from the advantages of configuration management, without necessarily needing to learn a complex tool, or even get their hands dirty. We'll describe and demonstrate how this is possible, and dive into the technical architecture that makes it work.
In a nutshell, clearly separated tasks permit technical experts to create configuration templates for the tools they know best, thus letting non-experts leverage this power via a modern web interface, such as: architects or security officers who implement policy, junior sysadmins who use and reuse such policies to setup services, and pretty much anyone who digs into real-time compliance reports and error logs.
See http://www.rudder-project.org for more info.
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Rudder - Configuration management benefits for everyone (FOSDEM 2012)
1. FOSDEM 2012 @ Brussels, Belgium 05/02/2012
Configuration management benefits
for everyone
Nicolas Charles <nch@normation.com>
Jonathan Clarke <jcl@normation.com>
2. Speakers
Nicolas Charles Jonathan Clarke
Scala developer Sysadmin
Works at Normation Works at Normation
Rudder developer Rudder developer
CFEngine expert CFEngine expert
CFEngine Community
Champion
3. Make sure the Security
service does it's job
User accounts
Install & Update Password policy
Configure Backups
Run Log everything
Security patches
Service management
Availability Knowledge
Limit the impact of a failure Document configuration
Scale out Formalize procedures
Plan for disaster recovery Log changes
4. Collaboration
Automate
More knowledge:
First install + reinstalls Centralize information
Update Full change log
Configure Less documentation:
Less written procedures
More automation
Configuration management
benefits
Regular checks Industrialization
Install OK? Re-use (configs, policies...)
Configuration OK? Reporting on config status
Integrity? Dashboards
5. In some situations, configuration management
may be too much overhead...
For the all the rest,
advantages are undeniable!
But does everyone really benefit?
Junior Non
Managers?
sysadmins? specialists?
6. Goals
Lower the learning
Share CM benefits
curve to use CM
with a wider population
This may mean losing some
Different information and
flexibility but mustn't mean
capabilities for different people
losing efficiency
7. Fundamentals
Build on Share Improve
reliable tools
Based on CFEngine Web interface
Lightweight and powerful
OS-specific
packages
Reporting graphique
Automatic
inventory
Library of infrastructure
configurations included
8. Hardware and s
New nodes Principle
Inventory Web interface on Rudder server
Put nodes in
View node data
groups
Configure rules View infrastructure
on groups status
CFEngine
policy Reports
Managed nodes
9. Configuration Rules
Parametrization in the
Predefined templates to Web Interface
manage systems
- Forms to change defaults
- Install packages, distribute files
- Manage users, distribute SSH
keys Conversion into
- Configure DNS, NTP, package CFEngine Policies
managers
- Schedule backups
... - Applied by CFEngine agents
10. Current status
Web interface to
Version 2.3 Real time reports
manage
released in on infrastructure
nodes and
october 2011 status
configuration rules
Policy Templates All changes Packaged for main
(currently 33) logged Linux distributions
13. Requirements (node)
Some
Small amount of dependencies
free RAM - SSL
(10-20 MB) - BerkeleyDB
- PCRE
- Syslog
Memory occupation of CFEngine deamons
14. Rudder architecture
Based on typical CFEngine architecture
CFEngine server
Communications by TCP
(port 5308)
- File metadata
- File content
Node Node Node Node
15. Rudder architecture
Extra components on the server only
Generate Rudder server
CFEngine
policy CFEngine server
Communications by TCP
(port 5309)
- File metadata
- File contents
- Send inventories
(FusionInventory)
- Send reports (syslog)
Node Node Node Node
16. Rudder workflow
Policy Templates Nodes
CFEngine syntax Search criteria on inventory
Variables for web configuration information
- Hardware / OS / Network
- Software
Enter variables in - Node name
the web interface
Create a group
Policy Instances Group
Configuration Rule
Apply Policy Instances
to a Group
17. Extend
Write new Policy Templates
- Based on CFEngine 3
- An XML descriptor to set up the web forms
- Configure anything!
Write plugins for the webapp
- Plugins are automatically discovered at startup
- Implementation example:
https://github.com/Normation/rudder-plugin-helloworld
18. Roadmap
2.4: February 2012
Import/Export configurations across Rudder servers
Approval process for changes before deploying them
More and better Policy Templates
Deleting nodes
Simple REST API
2.5: Mid 2012
Better Policy Configuration display
More detailed reporting
Authorizations
19. Community
Source code on GitHub
Documentation wiki
http://rudder-project.org
Small open source community
Mailing lists
rudder-users@lists.rudder-project.org
rudder-dev@lists.rudder-project.org
IRC : #rudder on FreeNode
Twitter: @RudderProject
20. FOSDEM 2012 @ Brussels, Belgium 05/02/2012
Questions?
Stay in touch...
Nicolas Charles Jonathan Clarke
Mail: nch@normation.com Mail: jcl@normation.com
Twitter: nico_charles Twitter: jooooooon42