Rudder - Configuration management benefits for everyone (FOSDEM 2012)

FOSDEM 2012 @ Brussels, Belgium 05/02/2012 Configuration management benefits for everyoneNicolas Charles <nch@normation.com>Jonathan Clarke <jcl@normation.com>

SpeakersNicolas Charles Jonathan ClarkeScala developer SysadminWorks at Normation Works at Normation Rudder developer Rudder developerCFEngine expert CFEngine expert CFEngine Community Champion

Make sure the Security service does its job User accountsInstall & Update Password policyConfigure BackupsRun Log everything Security patches Service management Availability KnowledgeLimit the impact of a failure Document configurationScale out Formalize proceduresPlan for disaster recovery Log changes

Collaboration Automate More knowledge:First install + reinstalls Centralize informationUpdate Full change logConfigure Less documentation: Less written procedures More automation Configuration management benefits Regular checks Industrialization Install OK? Re-use (configs, policies...) Configuration OK? Reporting on config status Integrity? Dashboards

In some situations, configuration management may be too much overhead... For the all the rest, advantages are undeniable! But does everyone really benefit? Junior Non Managers? sysadmins? specialists?

Goals Lower the learning Share CM benefits curve to use CM with a wider populationThis may mean losing some Different information and flexibility but mustnt mean capabilities for different people losing efficiency

Fundamentals Build on Share Improve reliable tools Based on CFEngine Web interfaceLightweight and powerful OS-specific packages Reporting graphique Automatic inventory Library of infrastructure configurations included

Hardware and s New nodes PrincipleInventory Web interface on Rudder server Put nodes in View node data groups Configure rules View infrastructure on groups status CFEngine policy Reports Managed nodes

Configuration Rules Parametrization in the Predefined templates to Web Interface manage systems - Forms to change defaults- Install packages, distribute files- Manage users, distribute SSHkeys Conversion into- Configure DNS, NTP, package CFEngine Policiesmanagers- Schedule backups... - Applied by CFEngine agents

Current status Web interface to Version 2.3 Real time reports manage released in on infrastructure nodes and october 2011 status configuration rulesPolicy Templates All changes Packaged for main (currently 33) logged Linux distributions

Demonstration

Install Installing a Rudder server# echo deb http://www.rudder-project.org/apt-2.3/ squeeze main >> /etc/apt/sources.list# aptitude update# aptitude install rudder-server-root# /opt/rudder/bin/rudder-init.sh Installing Rudder on a node to manage# echo deb http://www.rudder-project.org/apt-2.3/ squeeze main >> /etc/apt/sources.list# aptitude update# aptitude install rudder-agent# echo "server address" > /var/rudder/cfengine-community/policy_server.dat

Requirements (node) SomeSmall amount of dependencies free RAM - SSL (10-20 MB) - BerkeleyDB - PCRE - Syslog Memory occupation of CFEngine deamons

Rudder architecture Based on typical CFEngine architecture CFEngine server Communications by TCP (port 5308) - File metadata - File content Node Node Node Node

Rudder architecture Extra components on the server only Generate Rudder server CFEngine policy CFEngine server Communications by TCP (port 5309) - File metadata - File contents - Send inventories (FusionInventory) - Send reports (syslog) Node Node Node Node

Rudder workflow Policy Templates NodesCFEngine syntax Search criteria on inventoryVariables for web configuration information - Hardware / OS / Network - Software Enter variables in - Node name the web interface Create a group Policy Instances Group Configuration Rule Apply Policy Instances to a Group

Extend Write new Policy Templates- Based on CFEngine 3- An XML descriptor to set up the web forms- Configure anything! Write plugins for the webapp- Plugins are automatically discovered at startup- Implementation example:https://github.com/Normation/rudder-plugin-helloworld

Roadmap 2.4: February 2012  Import/Export configurations across Rudder servers  Approval process for changes before deploying them  More and better Policy Templates  Deleting nodes  Simple REST API 2.5: Mid 2012  Better Policy Configuration display  More detailed reporting  Authorizations

Community Source code on GitHub Documentation wiki  http://rudder-project.org Small open source community  Mailing lists  rudder-users@lists.rudder-project.org  rudder-dev@lists.rudder-project.org  IRC : #rudder on FreeNode  Twitter: @RudderProject

FOSDEM 2012 @ Brussels, Belgium 05/02/2012 Questions?Stay in touch...Nicolas Charles Jonathan ClarkeMail: nch@normation.com Mail: jcl@normation.comTwitter: nico_charles Twitter: jooooooon42

http://blog.normation.com	551
http://blog-poc.labo.normation.com	49
http://lanyrd.com	42
http://www.normation.com	13
http://a0.twimg.com	6
http://us-w1.rockmelt.com	1

Rudder - Configuration management benefits for everyone (FOSDEM 2012)

by Normation on Feb 05, 2012

Accessibility

Categories

Tags

Upload Details

Usage Rights

6 Embeds 662

Statistics

Rudder - Configuration management benefits for everyone (FOSDEM 2012) — Presentation Transcript