OSDC 2014: Jonathan Clarke - Rudder
Upcoming SlideShare
Loading in...5
×
 

OSDC 2014: Jonathan Clarke - Rudder

on

  • 223 views

As a Configuration Management [CM] "champion", trying to gain traction in your environment can be challenging when the level of expertise necessary is in short supply. We built Rudder so that the CM ...

As a Configuration Management [CM] "champion", trying to gain traction in your environment can be challenging when the level of expertise necessary is in short supply. We built Rudder so that the CM champion would not need to clone themselves. Instead, he or she is able to use a tool to manage configuration data, expose key parameters to the rest of their team, reduce complexity of configuration changes, and put in place role-based workflow for change control.

Rudder is an open source configuration management solution, using lightweight agents (based on CFEngine) controlled via a central management point. Using Rudder, I will show how this approach enables the team to fully participate in the practice of Configuration Management, keep track of changes and history, exploit change access / control, and facilitate knowledge sharing (sharing intentions in design via desired configuration state, maintaining a record of preferred configurations) without intervention of CM champion.

Statistics

Views

Total Views
223
Views on SlideShare
210
Embed Views
13

Actions

Likes
0
Downloads
2
Comments
0

2 Embeds 13

http://www.netways.de 12
http://www.slideee.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

OSDC 2014: Jonathan Clarke - Rudder OSDC 2014: Jonathan Clarke - Rudder Presentation Transcript

  • Normation – CC-BY-SA normation.com Rudder A powerful and structured CFEngine framework Jonathan CLARKE – jcl@normation.com @jooooooon42 (that's 7 'o's)
  • Normation – CC-BY-SA normation.com 2 www.rudder.cm Who am I? ● Jonathan Clarke ● Title: Co-founder & Product lead at Normation ● Origins: Sysadmin, infrastructure management ● Now: Automation + “running a company”-stuff ● Contributor to free software: – Co-creator of Rudder – Contributor to CFEngine, OpenLDAP ● Co-organizer of events:
  • Normation – CC-BY-SA normation.com 3 www.rudder.cm Intro This presentation is about Lego Photo CC BY-NC-SA 2.0 from https://www.flickr.com/photos/dillpixel/
  • Normation – CC-BY-SA normation.com 4 www.rudder.cm Intro Reminder Photo CC BY-NC-SA 2.0 from https://www.flickr.com/photos/evaekeblad/ Photo CC BY-SA 2.0 from https://www.flickr.com/photos/georgivar/
  • Normation – CC-BY-SA normation.com 5 www.rudder.cm Background A bunch of ops consultants ● From “plain old” infrastructure to configuration management ● Multiple companies: small, large & huge ● 5-10 years of doing this We always got the same takeaways
  • Normation – CC-BY-SA normation.com 6 www.rudder.cm Takeaway #1: Automated configuration rocks! Automated configuration rocks! Scalable Manage 1 to > 100000 servers the same way Save time Deploy faster & be more responsive to changes Improve reliability Avoid manual errors, harmonize configurations The proper way to manage systems
  • Normation – CC-BY-SA normation.com 7 www.rudder.cm Takeaway #2: Getting everyone on board? Getting everyone on board for CM is hard Frustration “I can do it quicker by hand or with a shell script” Steep learning curve New concepts, non obvious syntaxes, paradigm, ... Lack of motivation “What do I have to gain from using this tool?”
  • Normation – CC-BY-SA normation.com 8 www.rudder.cm Feedback #2: CFEngine is hard! Getting started from lots of bricks is daunting. Photo CC BY-NC-SA 2.0 from https://www.flickr.com/photos/strutta/
  • Normation – CC-BY-SA normation.com 9 www.rudder.cm What can we do? So how come so many projects do work out?
  • Normation – CC-BY-SA normation.com 10 www.rudder.cm What can we do? Thanks to a hero! So how come so many projects do work out? Photo CC BY-NC-ND 2.0 from https://www.flickr.com/photos/mwboeckmann/
  • Normation – CC-BY-SA normation.com 11 www.rudder.cm What can we do? Poor configuration management hero...
  • Normation – CC-BY-SA normation.com 12 www.rudder.cm What can we do? Poor configuration management hero... Hey, I'm trying to do this thing in config management, but I can't it to work, can you help me?
  • Normation – CC-BY-SA normation.com 13 www.rudder.cm What can we do? Poor configuration management hero... Hi, this is the supervision team. I'm sorry to disturb you at night, but we've got this error in production, and I think it's related to a change in the CM tool, but I don't understand it. Can you help me?
  • Normation – CC-BY-SA normation.com 14 www.rudder.cm What can we do?
  • Normation – CC-BY-SA normation.com 15 www.rudder.cm What can we do? How can we help? This is clearly a problem.
  • Normation – CC-BY-SA normation.com 16 www.rudder.cm Steep learning curve New concepts, non obvious syntaxes, paradigm, ... Approach 1) Separate content and controls 2) Provide access to key parameters without having to edit {CFEngine,Puppet,Chef} code
  • Normation – CC-BY-SA normation.com 17 www.rudder.cm Lack of motivation “What do I have to gain from using this tool?” Approach 1) Show the benefits to all users 2) Provide nice reports showing what works, how many machines are impacted
  • Normation – CC-BY-SA normation.com 18 www.rudder.cm Frustration “I can do it quicker by hand or with a shell script” Approach 1) Make it easy and quick to achieve success 2) Provide ready-to-use configuration techniques and share in-house ones simply
  • Normation – CC-BY-SA normation.com 19 www.rudder.cm Why Rudder? Make configuration management easy and increase its adoption Extend benefits of configuration management to a wider population Managers Junior sysadmins Non experts Lower entry barrier to learn and use configuration management Easy to use Highly powerful
  • Normation – CC-BY-SA normation.com 20 www.rudder.cm Sane defaults, always configurable Philosophy Core principles Plug and play SmartEasy Extensible & Customizable Open source
  • Normation – CC-BY-SA normation.com 21 www.rudder.cm Key points Specifically designed for automation & compliance Pre-packaged for: Linux, UNIX, Windows, Android Open Source Simplified user experience via a Web UI Graphical reportingBased on CFEngine 3 (don't reinvent the wheel!) Vagrant config to test: https://github.com/normation/rudder-vagrant/
  • Normation – CC-BY-SA normation.com 22 www.rudder.cm What can we do? Right! Show me already!
  • Normation – CC-BY-SA normation.com 23 www.rudder.cm Overview Simplified configuration
  • Normation – CC-BY-SA normation.com 24 www.rudder.cm Overview Built-in reporting
  • Normation – CC-BY-SA normation.com 25 www.rudder.cm Overview Built-in reporting
  • Normation – CC-BY-SA normation.com 26 www.rudder.cm Overview Complete tracability
  • Normation – CC-BY-SA normation.com 27 www.rudder.cm Design choices Design choices
  • Normation – CC-BY-SA normation.com 28 www.rudder.cm Design choices: CFEngine #1: Why CFEngine?
  • Normation – CC-BY-SA normation.com 29 www.rudder.cm Design choices: CFEngine CFEngine rocks Multi-platform Linux, Android, BSD, AIX, HP-UX, Solaris, Windows... Open Source GPLv3 Small footprint, scalable A few MB of RAM, just seconds to run... Continuous checking Agent based approach, no push Resilient to errors Network outages, failures, unavailable resources...
  • Normation – CC-BY-SA normation.com 30 www.rudder.cm Design choices: CFEngine Continuous checking Every 5 minutes Multi-platform Linux, Unix, Windows, Android... Separate configuration from implementation Reporting Done after the checks, separate process High freqency, trust in compliance reporting Reuse implementations, less bugs, shared code... Clear separation of roles Cover as many systems as possible Avoid bottleneck Different report types
  • Normation – CC-BY-SA normation.com 31 www.rudder.cm Design choices: Network architecture #2: Network architecture?
  • Normation – CC-BY-SA normation.com 32 www.rudder.cm Design choices: Network architecture Rudder server Node Node Node TCP - port 5309 File metadata and files Authentication and encryption (SSL) TCP ports 80 and 514 HTTP and syslog Node Node Isolated networkRelay server Download info → Built upon CFEngine network architecture All connections go→ from nodes to server Pull-based approach→
  • Normation – CC-BY-SA normation.com 33 www.rudder.cm Design choices: Workflow #3: Typical usage
  • Normation – CC-BY-SA normation.com 34 www.rudder.cm Design choices: Workflow Management Define policy Changes (fixes, upgrades...) c c Community Expert Sysadmins Configure parameters Configuration agent Initial application Continuous verification REPORTING Technical abstraction (method vs parameters)
  • Normation – CC-BY-SA normation.com 35 www.rudder.cm Design choices: Central validation #4: Central validation
  • Normation – CC-BY-SA normation.com 36 www.rudder.cm Design choices: Central validation Validation workflow
  • Normation – CC-BY-SA normation.com 37 www.rudder.cm Design choices: Central validation Validation workflow ● States: ● Pending validation – Can be sent to: Pending deployment, Deployed, Cancelled. ● Pending deployment – The change was validated, but now require to be deployed. Can be sent to: Deployed, Cancelled. ● Deployed – The change is deployed. This is a final state, it can’t be moved anymore. ● Cancelled – The change was not approved. This is a final state, it can’t be moved anymore.
  • Normation – CC-BY-SA normation.com 38 www.rudder.cm Demonstration Demo!
  • Normation – CC-BY-SA normation.com 39 www.rudder.cm Extending & Customizing Extending & Customizing
  • Normation – CC-BY-SA normation.com 40 www.rudder.cm Extension Techniques Implemented in CFEngine syntax + metadata for web configuration Nodes Search criteria on inventory data Hardware/OS/Network/ Software/Node name/ ... Directives Rules Apply Directives to a Group Groups Sysadmins c c Manager or sysadmins Expert Community
  • Normation – CC-BY-SA normation.com 41 www.rudder.cm Extension Techniques Implemented in CFEngine syntax + metadata for web configuration Nodes Search criteria on inventory data Hardware/OS/Network/ Software/Node name/ ... Directives Rules Apply Directives to a Group Groups Sysadmins c c Manager or sysadmins Expert Community
  • Normation – CC-BY-SA normation.com 42 www.rudder.cm Extension Techniques Implemented in CFEngine syntax + metadata for web configuration Nodes Search criteria on inventory data Hardware/OS/Network/ Software/Node name/ ... Directives Rules Apply Directives to a Group Groups Sysadmins c c Manager or sysadmins Expert Community Write any configuration you like in a Technique and share them with co-workers by exposing a selection of parameters
  • Normation – CC-BY-SA normation.com 43 www.rudder.cm Result Example === 1000 words With ncf (see http://www.ncf.io)
  • Normation – CC-BY-SA normation.com 44 www.rudder.cm Result Example === 1000 words With ncf + Rudder variables
  • Normation – CC-BY-SA normation.com 45 www.rudder.cm Online documentation http://www.ncf.io/pages/reference.html
  • Normation – CC-BY-SA normation.com 46 www.rudder.cm Current status Project is now reliable & scalable But needs more Techniques Ohloh statistics: Source: http://www.ohloh.net/p/rudder-project h
  • Normation – CC-BY-SA normation.com Questions? Check it out on: http://www.rudder.cm/ Jonathan CLARKE – jcl@normation.com @jooooooon42 (that's 7 'o's)