As a Configuration Management [CM] "champion", trying to gain traction in your environment can be challenging when the level of expertise necessary is in short supply. We built Rudder so that the CM champion would not need to clone themselves. Instead, he or she is able to use a tool to manage configuration data, expose key parameters to the rest of their team, reduce complexity of configuration changes, and put in place role-based workflow for change control.
Rudder is an open source configuration management solution, using lightweight agents (based on CFEngine) controlled via a central management point. Using Rudder, I will show how this approach enables the team to fully participate in the practice of Configuration Management, keep track of changes and history, exploit change access / control, and facilitate knowledge sharing (sharing intentions in design via desired configuration state, maintaining a record of preferred configurations) without intervention of CM champion.
2. Normation – CC-BY-SA
normation.com 2
www.rudder.cm
Who am I?
â—Ź Jonathan Clarke
â—Ź Title: Co-founder & Product lead at Normation
â—Ź Origins: Sysadmin, infrastructure management
● Now: Automation + “running a company”-stuff
â—Ź Contributor to free software:
– Co-creator of Rudder
– Contributor to CFEngine, OpenLDAP
â—Ź Co-organizer of events:
3. Normation – CC-BY-SA
normation.com 3
www.rudder.cm
Intro
This presentation
is about Lego
Photo CC BY-NC-SA 2.0 from https://www.flickr.com/photos/dillpixel/
4. Normation – CC-BY-SA
normation.com 4
www.rudder.cm
Intro
Reminder
Photo CC BY-NC-SA 2.0 from https://www.flickr.com/photos/evaekeblad/ Photo CC BY-SA 2.0 from https://www.flickr.com/photos/georgivar/
5. Normation – CC-BY-SA
normation.com 5
www.rudder.cm
Background
A bunch of ops consultants
● From “plain old” infrastructure to
configuration management
â—Ź Multiple companies: small, large & huge
â—Ź 5-10 years of doing this
We always got the
same takeaways
6. Normation – CC-BY-SA
normation.com 6
www.rudder.cm
Takeaway #1: Automated configuration rocks!
Automated
configuration rocks!
Scalable
Manage 1 to > 100000
servers the same way
Save time
Deploy faster & be more
responsive to changes
Improve reliability
Avoid manual errors,
harmonize configurations
The proper way
to manage systems
7. Normation – CC-BY-SA
normation.com 7
www.rudder.cm
Takeaway #2: Getting everyone on board?
Getting everyone
on board for CM is hard
Frustration
“I can do it quicker by
hand or with a shell script”
Steep learning curve
New concepts, non obvious
syntaxes, paradigm, ...
Lack of motivation
“What do I have to gain
from using this tool?”
8. Normation – CC-BY-SA
normation.com 8
www.rudder.cm
Feedback #2: CFEngine is hard!
Getting started from lots of
bricks is daunting.
Photo CC BY-NC-SA 2.0 from https://www.flickr.com/photos/strutta/
10. Normation – CC-BY-SA
normation.com 10
www.rudder.cm
What can we do?
Thanks to a hero!
So how come
so many projects
do work out?
Photo CC BY-NC-ND 2.0 from https://www.flickr.com/photos/mwboeckmann/
12. Normation – CC-BY-SA
normation.com 12
www.rudder.cm
What can we do?
Poor configuration
management hero...
Hey, I'm trying to do this thing in config management,
but I can't it to work, can you help me?
13. Normation – CC-BY-SA
normation.com 13
www.rudder.cm
What can we do?
Poor configuration
management hero...
Hi, this is the supervision team.
I'm sorry to disturb you at night, but we've got this error
in production, and I think it's related to a change in the CM tool,
but I don't understand it. Can you help me?
16. Normation – CC-BY-SA
normation.com 16
www.rudder.cm
Steep learning curve
New concepts, non obvious
syntaxes, paradigm, ...
Approach
1) Separate content and controls
2) Provide access to key parameters without
having to edit {CFEngine,Puppet,Chef} code
17. Normation – CC-BY-SA
normation.com 17
www.rudder.cm
Lack of motivation
“What do I have to gain
from using this tool?”
Approach
1) Show the benefits to all users
2) Provide nice reports showing what
works, how many machines are impacted
18. Normation – CC-BY-SA
normation.com 18
www.rudder.cm
Frustration
“I can do it quicker by
hand or with a shell script”
Approach
1) Make it easy and quick to achieve success
2) Provide ready-to-use configuration
techniques and share in-house ones simply
19. Normation – CC-BY-SA
normation.com 19
www.rudder.cm
Why Rudder?
Make configuration management easy
and increase its adoption
Extend benefits
of
configuration management
to
a wider population
Managers
Junior
sysadmins
Non
experts
Lower entry barrier
to
learn and use
configuration management
Easy to use Highly powerful
20. Normation – CC-BY-SA
normation.com 20
www.rudder.cm
Sane defaults, always configurable
Philosophy
Core principles
Plug and play
SmartEasy
Extensible
& Customizable
Open source
21. Normation – CC-BY-SA
normation.com 21
www.rudder.cm
Key points
Specifically designed for
automation & compliance
Pre-packaged for:
Linux, UNIX, Windows, Android
Open Source
Simplified user experience
via a Web UI
Graphical reportingBased on CFEngine 3
(don't reinvent the wheel!)
Vagrant config to test:
https://github.com/normation/rudder-vagrant/
29. Normation – CC-BY-SA
normation.com 29
www.rudder.cm
Design choices: CFEngine
CFEngine rocks
Multi-platform
Linux, Android, BSD, AIX,
HP-UX, Solaris, Windows...
Open Source
GPLv3
Small footprint, scalable
A few MB of RAM,
just seconds to run...
Continuous checking
Agent based approach,
no push
Resilient to errors
Network outages, failures,
unavailable resources...
30. Normation – CC-BY-SA
normation.com 30
www.rudder.cm
Design choices: CFEngine
Continuous checking
Every 5 minutes
Multi-platform
Linux, Unix, Windows, Android...
Separate configuration
from implementation
Reporting
Done after the checks,
separate process
High freqency, trust in
compliance reporting
Reuse implementations,
less bugs, shared code...
Clear separation of roles
Cover as many systems
as possible
Avoid bottleneck
Different report types
32. Normation – CC-BY-SA
normation.com 32
www.rudder.cm
Design choices: Network architecture
Rudder server
Node Node Node
TCP - port 5309
File metadata and files
Authentication and encryption (SSL)
TCP ports 80 and 514
HTTP and syslog
Node Node
Isolated
networkRelay server
Download info
→ Built upon CFEngine
network architecture
All connections go→
from nodes to server
Pull-based approach→
37. Normation – CC-BY-SA
normation.com 37
www.rudder.cm
Design choices: Central validation
Validation workflow
â—Ź States:
â—Ź Pending validation
– Can be sent to: Pending
deployment, Deployed,
Cancelled.
â—Ź Pending deployment
– The change was validated, but
now require to be deployed. Can
be sent to: Deployed, Cancelled.
â—Ź Deployed
– The change is deployed. This is
a final state, it can’t be moved
anymore.
â—Ź Cancelled
– The change was not approved.
This is a final state, it can’t be
moved anymore.
40. Normation – CC-BY-SA
normation.com 40
www.rudder.cm
Extension
Techniques
Implemented in
CFEngine syntax
+
metadata for
web configuration
Nodes
Search criteria on
inventory data
Hardware/OS/Network/
Software/Node name/
...
Directives
Rules
Apply Directives
to a Group
Groups
Sysadmins
c c
Manager or
sysadmins
Expert
Community
41. Normation – CC-BY-SA
normation.com 41
www.rudder.cm
Extension
Techniques
Implemented in
CFEngine syntax
+
metadata for
web configuration
Nodes
Search criteria on
inventory data
Hardware/OS/Network/
Software/Node name/
...
Directives
Rules
Apply Directives
to a Group
Groups
Sysadmins
c c
Manager or
sysadmins
Expert
Community
42. Normation – CC-BY-SA
normation.com 42
www.rudder.cm
Extension
Techniques
Implemented in
CFEngine syntax
+
metadata for
web configuration
Nodes
Search criteria on
inventory data
Hardware/OS/Network/
Software/Node name/
...
Directives
Rules
Apply Directives
to a Group
Groups
Sysadmins
c c
Manager or
sysadmins
Expert
Community
Write any configuration you like in a Technique
and share them with co-workers
by exposing a selection of parameters
46. Normation – CC-BY-SA
normation.com 46
www.rudder.cm
Current status
Project is now reliable & scalable
But needs more Techniques
Ohloh statistics:
Source: http://www.ohloh.net/p/rudder-project
h