The document discusses Rudder, an open-source configuration management tool. Rudder is designed to simplify IT automation and compliance by making configuration management easy to use and adopt. It demonstrates how Rudder can be used by a team through a workflow involving sysadmins, managers, and developers requesting and implementing changes through a simplified web interface. Rudder provides built-in reporting, complete traceability of changes, and a validation workflow to review changes before deployment.

1. Normation – Tous droits réservés
normation.com 1
Rudder
Sharing IT automation benefits in a team
with Rudder
Benoît Peccatte – bpe@normation.com

2. Normation – Tous droits réservés
normation.com 2
Who am I ?
● Benoît Peccatte
● Origins: Sysadmin and a developper
● Now: Automation, Rudder, ncf
ncf

3. Normation – Tous droits réservés
normation.com 3
● What is Rudder anyway?
● Why is it interesting?
● How do people use it (demo)?

4. Normation – Tous droits réservés
normation.com 4
Context
What is Rudder ?

5. Normation – Tous droits réservés
normation.com 5
Context
Automated
configuration
Scalable
Manage 1 to > 100000
servers the same way
Save time
Deploy faster & be more
responsive to changes
Improve reliability
Avoid manual errors,
harmonize configurations

6. Normation – Tous droits réservés
normation.com 6
Key points
Specifically designed for
automation & compliance
Pre-packaged for:
Linux, UNIX, Windows, Android
Open Source
Simplified user experience
via a Web UI
Graphical reportingBased on CFEngine 3
(don't reinvent the wheel!)
Vagrant config to test:
https://github.com/normation/rudder-vagrant/

7. Normation – Tous droits réservés
normation.com 7
Design choices: CFEngine
CFEngine
Multi-platform
Linux, Android, BSD, AIX,
HP-UX, Solaris, Windows...
Open Source
GPLv3
Small footprint, scalable
A few MB of RAM,
just seconds to run...
Continuous checking
Agent based approach,
no push
Resilient to errors
Network outages, failures,
unavailable resources...

8. Normation – Tous droits réservés
normation.com 8
Design choices
Continuous checking
Every 5 minutes
Multi-platform
Linux, Unix, Windows, Android...
Separate configuration
from implementation
Reporting
Done after the checks,
separate process
High freqency, trust in
compliance reporting
Reuse implementations,
less bugs, shared code...
Clear separation of roles
Cover as many systems
as possible
Avoid bottleneck
Different report types

9. Normation – Tous droits réservés
normation.com 9
Starting CM
How to start a
configuraiton
management
project ?

10. Normation – Tous droits réservés
normation.com 10
Starting CM
Choose a tool.
You're ready!

11. Normation – Tous droits réservés
normation.com 11
Not so fast
Getting everyone
on board for CM is hard
Frustration
“I can do it quicker by
hand or with a shell script”
Steep learning curve
New concepts, non obvious
syntaxes, paradigm, ...
Lack of motivation
“What do I have to gain
from using this tool?”

12. Normation – Tous droits réservés
normation.com 12
Not so fast
So how come
so many projects
do work out?

13. Normation – Tous droits réservés
normation.com 13
Not so fast
Thanks to a hero!
So how come
so many projects
do work out?
Photo CC BY-NC-ND 2.0 from https://www.flickr.com/photos/mwboeckmann/

14. Normation – Tous droits réservés
normation.com 14
A hero?
Poor configuration
management hero...

15. Normation – Tous droits réservés
normation.com 15
A hero?
Poor configuration
management hero...
Hey, I'm trying to do this thing in config management,
but I can't make it work, can you help me?

16. Normation – Tous droits réservés
normation.com 16
A hero?
Poor configuration
management hero...
Hi, this is the supervision team.
I'm sorry to disturb you at night, but we've got this error
in production, and I think it's related to a change in the CM tool,
but I don't understand it. Can you help me?

17. Normation – Tous droits réservés
normation.com 17
What can we do?

18. Normation – Tous droits réservés
normation.com 18
What can we do?
How can we help?
This is clearly a problem.

19. Normation – Tous droits réservés
normation.com 19
Steep learning curve
New concepts, non obvious
syntaxes, paradigm, ...
Approach
1) Separate content and controls
2) Provide access to key parameters without
having to edit {CFEngine,Puppet,Chef} code

20. Normation – Tous droits réservés
normation.com 20
Lack of motivation
“What do I have to gain
from using this tool?”
Approach
1) Show the benefits to all users
2) Provide nice reports showing what
works, how many machines are impacted

21. Normation – Tous droits réservés
normation.com 21
Frustration
“I can do it quicker by
hand or with a shell script”
Approach
1) Make it easy and quick to achieve success
2) Provide ready-to-use configuration
techniques and share in-house ones simply

22. Normation – Tous droits réservés
normation.com 22
Why Rudder?
Make configuration management easy
and increase its adoption
Extend benefits
of
configuration management
to
a wider population
Managers
Junior
sysadmins
Non
experts
Lower entry barrier
to
learn and use
configuration management
Easy to use Highly powerful

23. Normation – Tous droits réservés
normation.com 23
Right! Show me already!

24. Normation – Tous droits réservés
normation.com 24
Workflow
Typical usage

25. Normation – Tous droits réservés
normation.com 25
Components
Techniques
Implemented in
ncf syntax
+
metadata for
web configuration
Nodes
Search criteria on
inventory data
Hardware/OS/Network/
Software/Node name/
...
Directives
Rules
Apply Directives
to a Group
Groups
Sysadmins
c c
Manager or
sysadmins
Expert
Community

26. Normation – Tous droits réservés
normation.com 26
Workflow
Working in a team
with Rudder

27. Normation – Tous droits réservés
normation.com 27
Workflow: the theory
Management
Define
policy
Changes
(fixes, upgrades...)
c c
Community Expert
Sysadmins
Configure
parameters
Initial application
Continuous verification
REPORTING
Technical abstraction
(method vs parameters)

28. Normation – Tous droits réservés
normation.com 28
Workflow: the practice
Hi, this is sysadmin Alice.
Do we still have debian 6 hosts?
I would like to remove it from the mirror.
Rudder:
Let me check

29. Normation – Tous droits réservés
normation.com 29
Workflow: the practice
Techniques
Implemented in
ncf syntax
+
metadata for
web configuration
Nodes
Search criteria on
inventory data
Hardware/OS/Network/
Software/Node name/
...
Directives
Rules
Apply Directives
to a Group
Groups
Sysadmins
c c
Manager or
sysadmins
Expert
Community

30. Normation – Tous droits réservés
normation.com 30
Workflow: the practice
Hi, this is CISO.
We shouldn't allow root to login over SSH.
Where are we on this?
Rudder:
Let me check
…
We never started!
Then we should start it now

31. Normation – Tous droits réservés
normation.com 31
Workflow: the practice
Techniques
Implemented in
ncf syntax
+
metadata for
web configuration
Nodes
Search criteria on
inventory data
Hardware/OS/Network/
Software/Node name/
...
Directives
Rules
Apply Directives
to a Group
Groups
Sysadmins
c c
Manager or
sysadmins
Expert
Community

32. Normation – Tous droits réservés
normation.com 32
Workflow: the practice
Simplified configuration

33. Normation – Tous droits réservés
normation.com 33
Workflow: the practice
Hi, this is project manager Bob.
We we need more server to sustain the outstanding number of clients!
Rudder:
OK, let's add some!

34. Normation – Tous droits réservés
normation.com 34
Workflow: the practice
Techniques
Implemented in
ncf syntax
+
metadata for
web configuration
Nodes
Search criteria on
inventory data
Hardware/OS/Network/
Software/Node name/
...
Directives
Rules
Apply Directives
to a Group
Groups
Sysadmins
c c
Manager or
sysadmins
Expert
Community

35. Normation – Tous droits réservés
normation.com 35
Workflow: the practice
Hi, this is the CIO.
I need the visibility on our certificate migration project.
What is the current progress?
Rudder:
Let me show you that.

36. Normation – Tous droits réservés
normation.com 36
Workflow: the practice
Built-in reporting

37. Normation – Tous droits réservés
normation.com 37
Workflow: the practice
Built-in reporting

38. Normation – Tous droits réservés
normation.com 38
Workflow: the practice
Hi, this is the DBA.
We have an excessive load on our database,
I think some PostgreSQL setting have changed.
Can you check?
Rudder:
Let me find why, who and when.

39. Normation – Tous droits réservés
normation.com 39
Workflow: the practice
Complete tracability

40. Normation – Tous droits réservés
normation.com 40
Workflow: the practice
Hi, this is the CIO.
We have a new policy, each modification should be reviewed
and confirmed by a senior sysadmin
before being put into production.
Rudder:
OK … if this is is mandatory

41. Normation – Tous droits réservés
normation.com 41
Workflow: the practice
Validation workflow

42. Normation – Tous droits réservés
normation.com 42
Workflow: the practice
Validation workflow
● States:
● Pending validation
– Can be sent to: Pending
deployment, Deployed,
Cancelled.
● Pending deployment
– The change was validated, but
now require to be deployed. Can
be sent to: Deployed, Cancelled.
● Deployed
– The change is deployed. This is
a final state, it can’t be moved
anymore.
● Cancelled
– The change was not approved.
This is a final state, it can’t be
moved anymore.

43. Normation – Tous droits réservés
normation.com 43
Workflow: the practice
Hi, this is developer Charlie.
We have changed our application, it now needs a new configuration file.
Can you put it on all servers?
It needs to be modified on each server to contain the server name.
Rudder:
OK, let's do this.

44. Normation – Tous droits réservés
normation.com 44
Workflow: the practice
Techniques
Implemented in
ncf syntax
+
metadata for
web configuration
Nodes
Search criteria on
inventory data
Hardware/OS/Network/
Software/Node name/
...
Directives
Rules
Apply Directives
to a Group
Groups
Sysadmins
c c
Manager or
sysadmins
Expert
Community
Write any configuration you like in a Technique
and share them with co-workers

45. Normation – Tous droits réservés
normation.com 45
Workflow: the practice
Hi, this is sysadmin Eve.
I would like to know which rules are not anymore used.
Rudder:
I don't know, let's use the API to check.

46. Normation – Tous droits réservés
normation.com 46
Summary
● What is Rudder anyway?
● Why is it interesting?
● How do people use it?

47. Normation – Tous droits réservés
normation.com 47
Questions?
Check it out on:
http://www.rudder.cm/
Benoît Peccatte – bpe@normation.com