Configuration management benefits for everyone - Rudder @ FLOSSUK Spring Conference 2012


Published on

Sharing and reusing configurations, rolling out upgrades, ensuring a security policy is correctly applied, automating repetitive tasks, preparing for disaster recovery... these are all missions for configuration management tools.

Rudder is a new, open source approach to this domain, built on existing and reliable components. By allowing experts and power-users to create reusable templates and configurations based on best practices, it enables other actors in the IT department to benefit from the advantages of configuration management: using a web-based interface, junior sysadmins can quickly setup new servers while learning and respecting best practices and company policy, while service managers and security officers can get instant reports on their policies compliance level.

This talk introduces Rudder and show some illustrative use cases before describing the architecture of it's main components and how they interact (a web interface written in Scala, the CFEngine 3 infrastructure used to manage hosts, OpenLDAP as an inventory and configuration data store...), including how to write your own techniques and extend existing ones.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Configuration management benefits for everyone - Rudder @ FLOSSUK Spring Conference 2012

  1. FLOSSUK Spring 2012 @ Edinburgh, UK 22/03/2012 Configuration management benefits for everyoneJonathan Clarke <>    
  2. Who am I?Jonathan ClarkeCTO at Normation in Paris, France Rudder developer/tester/release managerOccupation: Job #1 : 70% developer, 30% sysadmin Job #1 + 2 months: 70% sysadmin, 30% developer Now: 20% dev, 20% sysadmin, 20% admin, 40% "communicating"Open source: CFEngine, Rudder LDAP: OpenLDAP, LSC, LTB...    
  3. Make sure the Security service does its job User accountsInstall & Update Password policyConfigure Log everythingRun Security patches IT service management Availability KnowledgeLimit the impact of a failureBackups Document configurationPlan for disaster recovery Formalize proceduresScale out Log changes    
  4. Collaboration Automate More knowledge:First install + reinstalls Centralize informationUpdate Full change logConfigure Less documentation: Less written procedures More automation Configuration management benefits Regular checks Industrialization Install OK? Re-use (configs, policies...) Configuration OK? Reporting on config status Integrity? Dashboards    
  5. (Maybe, in some situations, configuration management may be too much overhead...) For the all the rest, advantages are undeniable!But does everyone really benefit? Junior NonManagers? sysadmins? specialists?    
  6. Goals Ease and spread the use of configuration management Lower the learning Share CM benefits curve to use CM with a wider populationThis may mean losing some Different information and flexibility but mustnt mean capabilities for different people losing efficiency    
  7. Fundamentals Build on Share Improve reliable tools Based on CFEngine Web interfaceLightweight and powerful OS-specific packages Streamlined user experience Automatic inventory Library of infrastructure configurations included Reporting    
  8. New nodes PrincipleInventory Web interface on Rudder server View node data Make node groups (Static, Dynamic) Configure rules View infrastructure on groups status CFEngine policy Reports Managed nodes    
  9. Web interface overview   
  10. View node data   
  11. Make node groups   
  12. Rules Predefined templates to Parametrization in the manage systems web interface (Techniques) (Directives)- Install packages, distribute files - Forms to change defaults- Manage users, distribute SSHkeys Conversion into- Configure DNS, NTP, package CFEngine Policiesmanagers- Schedule backups... - Applied by CFEngine agents    
  13. Techniques   
  14. Directives   
  15. Rules   
  16. Reports   
  17. Reports by node   
  18. Rudder workflow Techniques NodesImplemented with CFEngine Search criteria on inventorysyntax + Variables for web informationconfiguration - Hardware / OS / Network - Software Enter variables in - Node name the web interface Create a group Directives Group Rule Apply Directives to a Group    
  19. Current status Web interface to Version 2.3 Real time reports manage released in on infrastructure nodes and october 2011 status configuration rules All changesTehniques Library logged Packaged for main(config templates) Linux distributions (currently 33) - Human readable - Git commits    
  20. Install Installing a Rudder server# echo deb squeeze main >> /etc/apt/sources.list# aptitude update# aptitude install rudder-server-root# /opt/rudder/bin/ Installing Rudder on a node to manage# echo deb squeeze main >> /etc/apt/sources.list# aptitude update# aptitude install rudder-agent# echo "" > /var/rudder/cfengine-community/policy_server.dat    
  21. Requirements (node) Small amount of free RAM (10-20 MB) Some dependencies- SSL- BerkeleyDB Memory occupation of CFEngine deamons- PCRE- Syslog    
  22. Rudder architecture Based on typical CFEngine architecture CFEngine server Communications by TCP (port 5308) - File metadata - File content Node Node Node Node    
  23. Rudder architecture  A few extras Allow for Generate Rudder server Aggregate interoperability CFEngine reports with standard policy CFEngine server CFEngine Reports Communications by TCP via syslog (port 5309) - File metadata - File content Inventory data fromFusionInventory Node Node Node Node    
  24. Extend Write new Techniques- Based on CFEngine 3- An XML descriptor to set up the web forms (metadata.xml)- Configure anything! Write plugins for the webapp- Plugins are automatically discovered at startup- Implementation example:    
  25. Roadmap 2.4: March 2012  Import/Export configurations across Rudder environments  Approval workflow for changes before deploying them  More and better Techniques  Deleting nodes  Simple REST API 2.5: Mid 2012  Better Directive Configuration display  More detailed reporting  RBAC (Role Based Access Control)    
  26. Community Source code on GitHub Documentation wiki  Small but growing open source community  Mailing lists    IRC : #rudder on FreeNode  Twitter: @RudderProject    
  27. FLOSSUK Spring 2012 @ Edinburgh, UK 22/03/2012 Questions?Stay in touch...Jonathan ClarkeMail: jcl@normation.comTwitter: jooooooon42