Rudder - Configuration management benefits for everyone (FOSDEM 2012)


Published on

Rudder is a new open source tool in the configuration management domain. Its aim is not to reinvent the technical wheel, but to provide a new way to drive our infrastructure.

Specifically aimed at drift assessment, it addresses automation, ongoing verification and repairs, centralizing information and knowledge about your infrastructure, compliance reporting... thus helping to keep drift from nominal behavior low. Built upon a standard CFEngine architecture (and other open source components).

This talk will show how Rudder's approach enables everyone in the IT department to benefit from the advantages of configuration management, without necessarily needing to learn a complex tool, or even get their hands dirty. We'll describe and demonstrate how this is possible, and dive into the technical architecture that makes it work.

In a nutshell, clearly separated tasks permit technical experts to create configuration templates for the tools they know best, thus letting non-experts leverage this power via a modern web interface, such as: architects or security officers who implement policy, junior sysadmins who use and reuse such policies to setup services, and pretty much anyone who digs into real-time compliance reports and error logs.

See for more info.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Rudder - Configuration management benefits for everyone (FOSDEM 2012)

  1. FOSDEM 2012 @ Brussels, Belgium 05/02/2012 Configuration management benefits for everyoneNicolas Charles <>Jonathan Clarke <>    
  2. SpeakersNicolas Charles Jonathan ClarkeScala developer SysadminWorks at Normation Works at Normation Rudder developer Rudder developerCFEngine expert CFEngine expert CFEngine Community Champion    
  3. Make sure the Security service does its job User accountsInstall & Update Password policyConfigure BackupsRun Log everything Security patches Service management Availability KnowledgeLimit the impact of a failure Document configurationScale out Formalize proceduresPlan for disaster recovery Log changes    
  4. Collaboration Automate More knowledge:First install + reinstalls Centralize informationUpdate Full change logConfigure Less documentation: Less written procedures More automation Configuration management benefits Regular checks Industrialization Install OK? Re-use (configs, policies...) Configuration OK? Reporting on config status Integrity? Dashboards    
  5. In some situations, configuration management may be too much overhead... For the all the rest, advantages are undeniable! But does everyone really benefit? Junior Non Managers? sysadmins? specialists?    
  6. Goals Lower the learning Share CM benefits curve to use CM with a wider populationThis may mean losing some Different information and flexibility but mustnt mean capabilities for different people losing efficiency    
  7. Fundamentals Build on Share Improve reliable tools Based on CFEngine Web interfaceLightweight and powerful OS-specific packages Reporting graphique Automatic inventory Library of infrastructure configurations included    
  8. Hardware and s New nodes PrincipleInventory Web interface on Rudder server Put nodes in View node data groups Configure rules View infrastructure on groups status CFEngine policy Reports Managed nodes    
  9. Configuration Rules Parametrization in the Predefined templates to Web Interface manage systems - Forms to change defaults- Install packages, distribute files- Manage users, distribute SSHkeys Conversion into- Configure DNS, NTP, package CFEngine Policiesmanagers- Schedule backups... - Applied by CFEngine agents    
  10. Current status Web interface to Version 2.3 Real time reports manage released in on infrastructure nodes and october 2011 status configuration rulesPolicy Templates All changes Packaged for main (currently 33) logged Linux distributions    
  11. Demonstration   
  12. Install Installing a Rudder server# echo deb squeeze main >> /etc/apt/sources.list# aptitude update# aptitude install rudder-server-root# /opt/rudder/bin/ Installing Rudder on a node to manage# echo deb squeeze main >> /etc/apt/sources.list# aptitude update# aptitude install rudder-agent# echo "server address" > /var/rudder/cfengine-community/policy_server.dat    
  13. Requirements (node) SomeSmall amount of dependencies free RAM - SSL (10-20 MB) - BerkeleyDB - PCRE - Syslog Memory occupation of CFEngine deamons    
  14. Rudder architecture Based on typical CFEngine architecture CFEngine server Communications by TCP (port 5308) - File metadata - File content Node Node Node Node    
  15. Rudder architecture Extra components on the server only Generate Rudder server CFEngine policy CFEngine server Communications by TCP (port 5309) - File metadata - File contents - Send inventories (FusionInventory) - Send reports (syslog) Node Node Node Node    
  16. Rudder workflow Policy Templates NodesCFEngine syntax Search criteria on inventoryVariables for web configuration information - Hardware / OS / Network - Software Enter variables in - Node name the web interface Create a group Policy Instances Group Configuration Rule Apply Policy Instances to a Group    
  17. Extend Write new Policy Templates- Based on CFEngine 3- An XML descriptor to set up the web forms- Configure anything! Write plugins for the webapp- Plugins are automatically discovered at startup- Implementation example:    
  18. Roadmap 2.4: February 2012  Import/Export configurations across Rudder servers  Approval process for changes before deploying them  More and better Policy Templates  Deleting nodes  Simple REST API 2.5: Mid 2012  Better Policy Configuration display  More detailed reporting  Authorizations    
  19. Community Source code on GitHub Documentation wiki  Small open source community  Mailing lists    IRC : #rudder on FreeNode  Twitter: @RudderProject    
  20. FOSDEM 2012 @ Brussels, Belgium 05/02/2012 Questions?Stay in touch...Nicolas Charles Jonathan ClarkeMail: Mail: jcl@normation.comTwitter: nico_charles Twitter: jooooooon42