As a Configuration Management [CM] "champion", trying to gain traction in your environment can be challenging when the level of expertise necessary is in short supply. We built Rudder so that the CM champion would not need to clone themselves. Instead, he or she is able to use a tool to manage configuration data, expose key parameters to the rest of their team, reduce complexity of configuration changes, and put in place role-based workflow for change control. Rudder is an open source configuration management solution, using lightweight agents (based on CFEngine) controlled via a central management point. Using Rudder, I will show how this approach enables the team to fully participate in the practice of Configuration Management, keep track of changes and history, exploit change access / control, and facilitate knowledge sharing (sharing intentions in design via desired configuration state, maintaining a record of preferred configurations) without intervention of CM champion.

1. Normation – CC-BY-SA
normation.com
Rudder
A powerful and structured
CFEngine framework
Jonathan CLARKE – jcl@normation.com
@jooooooon42 (that's 7 'o's)

2. Normation – CC-BY-SA
normation.com 2
www.rudder.cm
Who am I?
● Jonathan Clarke
● Title: Co-founder & Product lead at Normation
● Origins: Sysadmin, infrastructure management
● Now: Automation + “running a company”-stuff
● Contributor to free software:
– Co-creator of Rudder
– Contributor to CFEngine, OpenLDAP
● Co-organizer of events:

3. Normation – CC-BY-SA
normation.com 3
www.rudder.cm
Intro
This presentation
is about Lego
Photo CC BY-NC-SA 2.0 from https://www.flickr.com/photos/dillpixel/

4. Normation – CC-BY-SA
normation.com 4
www.rudder.cm
Intro
Reminder
Photo CC BY-NC-SA 2.0 from https://www.flickr.com/photos/evaekeblad/ Photo CC BY-SA 2.0 from https://www.flickr.com/photos/georgivar/

5. Normation – CC-BY-SA
normation.com 5
www.rudder.cm
Background
A bunch of ops consultants
● From “plain old” infrastructure to
configuration management
● Multiple companies: small, large & huge
● 5-10 years of doing this
We always got the
same takeaways

6. Normation – CC-BY-SA
normation.com 6
www.rudder.cm
Takeaway #1: Automated configuration rocks!
Automated
configuration rocks!
Scalable
Manage 1 to > 100000
servers the same way
Save time
Deploy faster & be more
responsive to changes
Improve reliability
Avoid manual errors,
harmonize configurations
The proper way
to manage systems

7. Normation – CC-BY-SA
normation.com 7
www.rudder.cm
Takeaway #2: Getting everyone on board?
Getting everyone
on board for CM is hard
Frustration
“I can do it quicker by
hand or with a shell script”
Steep learning curve
New concepts, non obvious
syntaxes, paradigm, ...
Lack of motivation
“What do I have to gain
from using this tool?”

8. Normation – CC-BY-SA
normation.com 8
www.rudder.cm
Feedback #2: CFEngine is hard!
Getting started from lots of
bricks is daunting.
Photo CC BY-NC-SA 2.0 from https://www.flickr.com/photos/strutta/

9. Normation – CC-BY-SA
normation.com 9
www.rudder.cm
What can we do?
So how come
so many projects
do work out?

10. Normation – CC-BY-SA
normation.com 10
www.rudder.cm
What can we do?
Thanks to a hero!
So how come
so many projects
do work out?
Photo CC BY-NC-ND 2.0 from https://www.flickr.com/photos/mwboeckmann/

11. Normation – CC-BY-SA
normation.com 11
www.rudder.cm
What can we do?
Poor configuration
management hero...

12. Normation – CC-BY-SA
normation.com 12
www.rudder.cm
What can we do?
Poor configuration
management hero...
Hey, I'm trying to do this thing in config management,
but I can't it to work, can you help me?

13. Normation – CC-BY-SA
normation.com 13
www.rudder.cm
What can we do?
Poor configuration
management hero...
Hi, this is the supervision team.
I'm sorry to disturb you at night, but we've got this error
in production, and I think it's related to a change in the CM tool,
but I don't understand it. Can you help me?

14. Normation – CC-BY-SA
normation.com 14
www.rudder.cm
What can we do?

15. Normation – CC-BY-SA
normation.com 15
www.rudder.cm
What can we do?
How can we help?
This is clearly a problem.

16. Normation – CC-BY-SA
normation.com 16
www.rudder.cm
Steep learning curve
New concepts, non obvious
syntaxes, paradigm, ...
Approach
1) Separate content and controls
2) Provide access to key parameters without
having to edit {CFEngine,Puppet,Chef} code

17. Normation – CC-BY-SA
normation.com 17
www.rudder.cm
Lack of motivation
“What do I have to gain
from using this tool?”
Approach
1) Show the benefits to all users
2) Provide nice reports showing what
works, how many machines are impacted

18. Normation – CC-BY-SA
normation.com 18
www.rudder.cm
Frustration
“I can do it quicker by
hand or with a shell script”
Approach
1) Make it easy and quick to achieve success
2) Provide ready-to-use configuration
techniques and share in-house ones simply

19. Normation – CC-BY-SA
normation.com 19
www.rudder.cm
Why Rudder?
Make configuration management easy
and increase its adoption
Extend benefits
of
configuration management
to
a wider population
Managers
Junior
sysadmins
Non
experts
Lower entry barrier
to
learn and use
configuration management
Easy to use Highly powerful

20. Normation – CC-BY-SA
normation.com 20
www.rudder.cm
Sane defaults, always configurable
Philosophy
Core principles
Plug and play
SmartEasy
Extensible
& Customizable
Open source

21. Normation – CC-BY-SA
normation.com 21
www.rudder.cm
Key points
Specifically designed for
automation & compliance
Pre-packaged for:
Linux, UNIX, Windows, Android
Open Source
Simplified user experience
via a Web UI
Graphical reportingBased on CFEngine 3
(don't reinvent the wheel!)
Vagrant config to test:
https://github.com/normation/rudder-vagrant/

22. Normation – CC-BY-SA
normation.com 22
www.rudder.cm
What can we do?
Right! Show me already!

23. Normation – CC-BY-SA
normation.com 23
www.rudder.cm
Overview
Simplified configuration

24. Normation – CC-BY-SA
normation.com 24
www.rudder.cm
Overview
Built-in reporting

25. Normation – CC-BY-SA
normation.com 25
www.rudder.cm
Overview
Built-in reporting

26. Normation – CC-BY-SA
normation.com 26
www.rudder.cm
Overview
Complete tracability

27. Normation – CC-BY-SA
normation.com 27
www.rudder.cm
Design choices
Design choices

28. Normation – CC-BY-SA
normation.com 28
www.rudder.cm
Design choices: CFEngine
#1: Why CFEngine?

29. Normation – CC-BY-SA
normation.com 29
www.rudder.cm
Design choices: CFEngine
CFEngine rocks
Multi-platform
Linux, Android, BSD, AIX,
HP-UX, Solaris, Windows...
Open Source
GPLv3
Small footprint, scalable
A few MB of RAM,
just seconds to run...
Continuous checking
Agent based approach,
no push
Resilient to errors
Network outages, failures,
unavailable resources...

30. Normation – CC-BY-SA
normation.com 30
www.rudder.cm
Design choices: CFEngine
Continuous checking
Every 5 minutes
Multi-platform
Linux, Unix, Windows, Android...
Separate configuration
from implementation
Reporting
Done after the checks,
separate process
High freqency, trust in
compliance reporting
Reuse implementations,
less bugs, shared code...
Clear separation of roles
Cover as many systems
as possible
Avoid bottleneck
Different report types

31. Normation – CC-BY-SA
normation.com 31
www.rudder.cm
Design choices: Network architecture
#2: Network architecture?

32. Normation – CC-BY-SA
normation.com 32
www.rudder.cm
Design choices: Network architecture
Rudder server
Node Node Node
TCP - port 5309
File metadata and files
Authentication and encryption (SSL)
TCP ports 80 and 514
HTTP and syslog
Node Node
Isolated
networkRelay server
Download info
→ Built upon CFEngine
network architecture
All connections go→
from nodes to server
Pull-based approach→

33. Normation – CC-BY-SA
normation.com 33
www.rudder.cm
Design choices: Workflow
#3: Typical usage

34. Normation – CC-BY-SA
normation.com 34
www.rudder.cm
Design choices: Workflow
Management
Define
policy
Changes
(fixes, upgrades...)
c c
Community Expert
Sysadmins
Configure
parameters
Configuration agent
Initial application
Continuous verification
REPORTING
Technical abstraction
(method vs parameters)

35. Normation – CC-BY-SA
normation.com 35
www.rudder.cm
Design choices: Central validation
#4: Central validation

36. Normation – CC-BY-SA
normation.com 36
www.rudder.cm
Design choices: Central validation
Validation workflow

37. Normation – CC-BY-SA
normation.com 37
www.rudder.cm
Design choices: Central validation
Validation workflow
● States:
● Pending validation
– Can be sent to: Pending
deployment, Deployed,
Cancelled.
● Pending deployment
– The change was validated, but
now require to be deployed. Can
be sent to: Deployed, Cancelled.
● Deployed
– The change is deployed. This is
a final state, it can’t be moved
anymore.
● Cancelled
– The change was not approved.
This is a final state, it can’t be
moved anymore.

38. Normation – CC-BY-SA
normation.com 38
www.rudder.cm
Demonstration
Demo!

39. Normation – CC-BY-SA
normation.com 39
www.rudder.cm
Extending & Customizing
Extending & Customizing

40. Normation – CC-BY-SA
normation.com 40
www.rudder.cm
Extension
Techniques
Implemented in
CFEngine syntax
+
metadata for
web configuration
Nodes
Search criteria on
inventory data
Hardware/OS/Network/
Software/Node name/
...
Directives
Rules
Apply Directives
to a Group
Groups
Sysadmins
c c
Manager or
sysadmins
Expert
Community

41. Normation – CC-BY-SA
normation.com 41
www.rudder.cm
Extension
Techniques
Implemented in
CFEngine syntax
+
metadata for
web configuration
Nodes
Search criteria on
inventory data
Hardware/OS/Network/
Software/Node name/
...
Directives
Rules
Apply Directives
to a Group
Groups
Sysadmins
c c
Manager or
sysadmins
Expert
Community

42. Normation – CC-BY-SA
normation.com 42
www.rudder.cm
Extension
Techniques
Implemented in
CFEngine syntax
+
metadata for
web configuration
Nodes
Search criteria on
inventory data
Hardware/OS/Network/
Software/Node name/
...
Directives
Rules
Apply Directives
to a Group
Groups
Sysadmins
c c
Manager or
sysadmins
Expert
Community
Write any configuration you like in a Technique
and share them with co-workers
by exposing a selection of parameters

43. Normation – CC-BY-SA
normation.com 43
www.rudder.cm
Result
Example === 1000 words
With ncf (see http://www.ncf.io)

44. Normation – CC-BY-SA
normation.com 44
www.rudder.cm
Result
Example === 1000 words
With ncf + Rudder variables

45. Normation – CC-BY-SA
normation.com 45
www.rudder.cm
Online documentation
http://www.ncf.io/pages/reference.html

46. Normation – CC-BY-SA
normation.com 46
www.rudder.cm
Current status
Project is now reliable & scalable
But needs more Techniques
Ohloh statistics:
Source: http://www.ohloh.net/p/rudder-project
h

47. Normation – CC-BY-SA
normation.com
Questions?
Check it out on:
http://www.rudder.cm/
Jonathan CLARKE – jcl@normation.com
@jooooooon42 (that's 7 'o's)