Sharing and reusing configurations, rolling out upgrades, ensuring a security policy is correctly applied, automating repetitive tasks, preparing for disaster recovery... these are all missions for configuration management tools.
Rudder is a new, open source approach to this domain, built on existing and reliable components. By allowing experts and power-users to create reusable templates and configurations based on best practices, it enables other actors in the IT department to benefit from the advantages of configuration management: using a web-based interface, junior sysadmins can quickly setup new servers while learning and respecting best practices and company policy, while service managers and security officers can get instant reports on their policies compliance level.
This talk introduces Rudder and show some illustrative use cases before describing the architecture of it's main components and how they interact (a web interface written in Scala, the CFEngine 3 infrastructure used to manage hosts, OpenLDAP as an inventory and configuration data store...), including how to write your own techniques and extend existing ones.
Automating Google Workspace (GWS) & more with Apps Script
Configuration management benefits for everyone - Rudder @ FLOSSUK Spring Conference 2012
1. FLOSSUK Spring 2012 @ Edinburgh, UK 22/03/2012
Configuration management benefits
for everyone
Jonathan Clarke <jcl@normation.com>
2. Who am I?
Jonathan Clarke
CTO at Normation in Paris, France
Rudder developer/tester/release manager
Occupation:
Job #1 : 70% developer, 30% sysadmin
Job #1 + 2 months: 70% sysadmin, 30% developer
Now: 20% dev, 20% sysadmin, 20% admin,
40% "communicating"
Open source:
CFEngine, Rudder
LDAP: OpenLDAP, LSC, LTB...
3. Make sure the Security
service does it's job
User accounts
Install & Update Password policy
Configure Log everything
Run Security patches
IT service management
Availability
Knowledge
Limit the impact of a failure
Backups Document configuration
Plan for disaster recovery Formalize procedures
Scale out Log changes
4. Collaboration
Automate
More knowledge:
First install + reinstalls Centralize information
Update Full change log
Configure Less documentation:
Less written procedures
More automation
Configuration management
benefits
Regular checks Industrialization
Install OK? Re-use (configs, policies...)
Configuration OK? Reporting on config status
Integrity? Dashboards
5. (Maybe, in some situations, configuration
management may be too much overhead...)
For the all the rest,
advantages are undeniable!
But does everyone really benefit?
Junior Non
Managers?
sysadmins? specialists?
6. Goals
Ease and spread the use of configuration management
Lower the learning
Share CM benefits
curve to use CM
with a wider population
This may mean losing some
Different information and
flexibility but mustn't mean
capabilities for different people
losing efficiency
7. Fundamentals
Build on Share Improve
reliable tools
Based on CFEngine Web interface
Lightweight and powerful
OS-specific
packages Streamlined
user experience
Automatic
inventory
Library of infrastructure
configurations included Reporting
8. New nodes Principle
Inventory Web interface on Rudder server
View node data Make node groups
(Static, Dynamic)
Configure rules View infrastructure
on groups status
CFEngine
policy Reports
Managed nodes
18. Rudder workflow
Techniques Nodes
Implemented with CFEngine Search criteria on inventory
syntax + Variables for web information
configuration - Hardware / OS / Network
- Software
Enter variables in - Node name
the web interface
Create a group
Directives Group
Rule
Apply Directives
to a Group
19. Current status
Web interface to
Version 2.3 Real time reports
manage
released in on infrastructure
nodes and
october 2011 status
configuration rules
All changes
Tehniques Library logged Packaged for main
(config templates)
Linux distributions
(currently 33) - Human readable
- Git commits
20. Install
Installing a Rudder server
# echo 'deb http://www.rudder-project.org/apt-2.3/ squeeze main' >> /etc/apt/sources.list
# aptitude update
# aptitude install rudder-server-root
# /opt/rudder/bin/rudder-init.sh
Installing Rudder on a node to manage
# echo 'deb http://www.rudder-project.org/apt-2.3/ squeeze main' >> /etc/apt/sources.list
# aptitude update
# aptitude install rudder-agent
# echo "server.address.com" > /var/rudder/cfengine-community/policy_server.dat
21. Requirements (node)
Small amount of
free RAM
(10-20 MB)
Some
dependencies
- SSL
- BerkeleyDB Memory occupation of CFEngine deamons
- PCRE
- Syslog
22. Rudder architecture
Based on typical CFEngine architecture
CFEngine server
Communications by TCP
(port 5308)
- File metadata
- File content
Node Node Node Node
23. Rudder architecture
A few extras
Allow for
Generate Rudder server Aggregate interoperability
CFEngine reports with standard
policy CFEngine server CFEngine
Reports Communications by TCP
via syslog (port 5309)
- File metadata
- File content
Inventory data
from
FusionInventory
Node Node Node Node
24. Extend
Write new Techniques
- Based on CFEngine 3
- An XML descriptor to set up the web forms (metadata.xml)
- Configure anything!
Write plugins for the webapp
- Plugins are automatically discovered at startup
- Implementation example:
https://github.com/Normation/rudder-plugin-helloworld
25. Roadmap
2.4: March 2012
Import/Export configurations across Rudder environments
Approval workflow for changes before deploying them
More and better Techniques
Deleting nodes
Simple REST API
2.5: Mid 2012
Better Directive Configuration display
More detailed reporting
RBAC (Role Based Access Control)
26. Community
Source code on GitHub
Documentation wiki
http://rudder-project.org
Small but growing open source community
Mailing lists
rudder-users@lists.rudder-project.org
rudder-dev@lists.rudder-project.org
IRC : #rudder on FreeNode
Twitter: @RudderProject
27. FLOSSUK Spring 2012 @ Edinburgh, UK 22/03/2012
Questions?
Stay in touch...
Jonathan Clarke
Mail: jcl@normation.com
Twitter: jooooooon42