Rudder 3.0 comes with a lot of improvement and new features :
- Redesigned web interafec
- Improved status reporting
- Overview dashboard added
- Performance improvement
- New OS support
- Even a technique editor added
- And more!
Everything began 4 years ago, CFEngine 3 had just been released, documentation and expertise were in short supply. We had to accept the reality of a steep learning curve.
As CFEngine grew so did we. We discovered bugs, submitted pull requests, designed workarounds for various pitfalls, gained advances in productivity (thanks to the knowledge and experience gained working with CFEngine 3) and evaluated design choices available to us. This journey led us to become one of the most advanced CFEngine users in Europe.
I'll recount our journey, share insights on solution architecture with CFEngine and show examples of what we had to overcome and how we achieved that using less well-known features of CFEngine. Our examples will cover advanced use of CFEngine 3 code. Finally, I will present our retrospective: what we did right, what we did wrong and share where we have got to thus far in our journey.
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEANGINX, Inc.
On demand recording: https://www.nginx.com/resources/webinars/modsecurity-and-nginx-tuning-the-owasp-core-rule-set-emea/
In this webinar we discuss how to install the OWASP Core Rule Set (CRS) with NGINX and ModSecurity, as well as how to tune it. The CRS protects against many types of attack, including SQL Injection (SQLi), Local File Inclusion (LFI), and Remote Code Execution (RCE). Watch this webinar to learn:
- How to install the OWASP Core Rule Set (CRS) with ModSecurity
- About the types of attacks the CRS blocks, such SQLi, RFI, and LFI
- How to tune the CRS to minimize false positives
- What it looks like when ModSecurity blocks an attack (in a live demo), and how to interpret the audit log
Registration URL: https://attendee.gotowebinar.com/register/937771661672757762
Webinar ID: 374-977-347
How To Deploy A Cloud Based Webserver in 5 minutes - LAMPMatt Dunlap
Simple tutorial showing how easy it is to deploy a cloud based webserver with apache, mysql and php in about 5 minutes. You can also watch the video for this slideshow at http://www.youtube.com/watch?v=3eqUZ6fzpOM
O'Reilly Security - Continuous Auditing For Effective Compliance with RudderRUDDER
Security policies are increasingly complex and demanding on the operations teams must implement them. How can you be sure that your security policy is really correct everywhere, apart from an expensive yearly audit? How can you know that what was OK a few weeks ago is still OK?
Rudder is open source IT compliance automation technology that comes from the DevOps world, where automatic configuration management is already the norm. With a focus on continuously checking configurations and centralizing real-time status data, Rudder can show a high-level summary (“ISO 27001 rules are at 100%!”) and break down noncompliance issues to a deep technical level (“Host prod-web-03: SSH server configuration allows root logins”).
Jonathan Clarke offers an overview of Rudder and demonstrates how to input the technical rules of a security policy into Rudder, watch it check them every 5 minutes on each and every one of your servers, and report back a global summary to you, allowing you to drill down to any issues that need remediating. Jonathan also explains how a successfully deployed policy can be enforced by the same tool, moving one step further from automatic auditing to automatic remediation. Along the way, Jonathan shares lessons learned from companies that have gone from asking whether their security policy was really applied to receiving near real-time alerts about noncompliance issues as they arise.
In particular, Jonathan explores the specific features in Rudder that have made it successful in compliance projects:
- A simple framework allows you to extend the built-in rules to implement specific low-level configuration patterns, however complex they may be, using simple building blocks (“ensure package installed in version X,” “ensure file content,” “ensure line in file,” etc.). A graphical builder lowers the technical level required to use this.
- Each policy can be independently set to be automatically checked or enforced on a policy or host level. In Enforce mode, each remediation action is recorded, showing the value of these invisible fixes.
- Rudder works on almost every kind of device, so you’ll be managing physical and virtual servers in the data center, cloud instances, and embedded IoT devices in the same way.
- Rudder is designed for critical environments where a security breach can mean more than a blip in the sales stats. Built-in features include change requests, audit logs, and strong authentication.
- Rudder relies on an agent that needs to be installed on all hosts to audit. The agent is very lightweight (10 to 20 MB of RAM at peak) and blazingly fast (it’s written in C and takes less than 10 seconds to verify 100 rules). Installation is self-contained, via a single package, and can auto-update to limit agent management burden.
Everything began 4 years ago, CFEngine 3 had just been released, documentation and expertise were in short supply. We had to accept the reality of a steep learning curve.
As CFEngine grew so did we. We discovered bugs, submitted pull requests, designed workarounds for various pitfalls, gained advances in productivity (thanks to the knowledge and experience gained working with CFEngine 3) and evaluated design choices available to us. This journey led us to become one of the most advanced CFEngine users in Europe.
I'll recount our journey, share insights on solution architecture with CFEngine and show examples of what we had to overcome and how we achieved that using less well-known features of CFEngine. Our examples will cover advanced use of CFEngine 3 code. Finally, I will present our retrospective: what we did right, what we did wrong and share where we have got to thus far in our journey.
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEANGINX, Inc.
On demand recording: https://www.nginx.com/resources/webinars/modsecurity-and-nginx-tuning-the-owasp-core-rule-set-emea/
In this webinar we discuss how to install the OWASP Core Rule Set (CRS) with NGINX and ModSecurity, as well as how to tune it. The CRS protects against many types of attack, including SQL Injection (SQLi), Local File Inclusion (LFI), and Remote Code Execution (RCE). Watch this webinar to learn:
- How to install the OWASP Core Rule Set (CRS) with ModSecurity
- About the types of attacks the CRS blocks, such SQLi, RFI, and LFI
- How to tune the CRS to minimize false positives
- What it looks like when ModSecurity blocks an attack (in a live demo), and how to interpret the audit log
Registration URL: https://attendee.gotowebinar.com/register/937771661672757762
Webinar ID: 374-977-347
How To Deploy A Cloud Based Webserver in 5 minutes - LAMPMatt Dunlap
Simple tutorial showing how easy it is to deploy a cloud based webserver with apache, mysql and php in about 5 minutes. You can also watch the video for this slideshow at http://www.youtube.com/watch?v=3eqUZ6fzpOM
O'Reilly Security - Continuous Auditing For Effective Compliance with RudderRUDDER
Security policies are increasingly complex and demanding on the operations teams must implement them. How can you be sure that your security policy is really correct everywhere, apart from an expensive yearly audit? How can you know that what was OK a few weeks ago is still OK?
Rudder is open source IT compliance automation technology that comes from the DevOps world, where automatic configuration management is already the norm. With a focus on continuously checking configurations and centralizing real-time status data, Rudder can show a high-level summary (“ISO 27001 rules are at 100%!”) and break down noncompliance issues to a deep technical level (“Host prod-web-03: SSH server configuration allows root logins”).
Jonathan Clarke offers an overview of Rudder and demonstrates how to input the technical rules of a security policy into Rudder, watch it check them every 5 minutes on each and every one of your servers, and report back a global summary to you, allowing you to drill down to any issues that need remediating. Jonathan also explains how a successfully deployed policy can be enforced by the same tool, moving one step further from automatic auditing to automatic remediation. Along the way, Jonathan shares lessons learned from companies that have gone from asking whether their security policy was really applied to receiving near real-time alerts about noncompliance issues as they arise.
In particular, Jonathan explores the specific features in Rudder that have made it successful in compliance projects:
- A simple framework allows you to extend the built-in rules to implement specific low-level configuration patterns, however complex they may be, using simple building blocks (“ensure package installed in version X,” “ensure file content,” “ensure line in file,” etc.). A graphical builder lowers the technical level required to use this.
- Each policy can be independently set to be automatically checked or enforced on a policy or host level. In Enforce mode, each remediation action is recorded, showing the value of these invisible fixes.
- Rudder works on almost every kind of device, so you’ll be managing physical and virtual servers in the data center, cloud instances, and embedded IoT devices in the same way.
- Rudder is designed for critical environments where a security breach can mean more than a blip in the sales stats. Built-in features include change requests, audit logs, and strong authentication.
- Rudder relies on an agent that needs to be installed on all hosts to audit. The agent is very lightweight (10 to 20 MB of RAM at peak) and blazingly fast (it’s written in C and takes less than 10 seconds to verify 100 rules). Installation is self-contained, via a single package, and can auto-update to limit agent management burden.
Rudder 3.0 was released in January 2015. This talk will bring attendees up to date on recent evolutions in Rudder and show off some of the latest and greatest features like the new compliance dashboard and graphs, redesigned web interface, built-in Technique editor (that automatically builds CFEngine code), basic command line interface, ...
We will then discuss ideas for future features. Last but not least, we should have some time to dig deeper into any parts of Rudder attendees want to know more about - examples could include reporting, ncf, OS support, CFEngine integration, ...
Every new version of MongoDB comes with exciting new features and a lot of improvements and version 4.0 couldn't be an exception to this rule. An upgrade from previous versions will unlock long waiting features like transactions but at the same time without proper planning could be catastrophic for your organization.
This presentation will guide you through the stapes for planning and implementing an upgrade to MongoDB 4.0. We will examine how MongoDB 4.0 affects your organization ecosystem and what changes might be necessary prior to the upgrade. We will demonstrate the upgrade steps with a detailed rollback plan. Finally, we will cover some post-upgrade considerations that will allow you to release the power of MongoDB 4.0.
Infrastructure development using ConsulGrid Dynamics
In his talk, Volodymyr Tselm, DevOps Engineer at Grid Dynamics, tells about Consul, service discovery and DNS, fast-deploy development environment using Consul.
Slides used at CNCF Paris Meetup 02/15/18.
This covers how we setup Prometheus at Deezer and his architecture. We also give some configuration examples and tweaks.
Trying and evaluating the new features of GlusterFS 3.5Keisuke Takahashi
My presentation in LinuxCon/CloudOpen Japan 2014.
It has passed few days since GlusterFS 3.5 released so feel free to correct me if you find my mistakes or misunderstandings. Thanks.
Observability in a Dynamically Scheduled WorldSneha Inguva
The industry is moving toward a microservices architecture, and many companies have embraced container orchestration solutions such as Kubernetes. DigitalOcean is no different. Over the past year, DigitalOcean’s Delivery team has been building a runtime platform based on Kubernetes with the goal of making shipping code easier. The system has empowered service owners to quickly and efficiently deploy and update their applications. A vital component is a white box monitoring and alerting solution based on Prometheus and Alertmanager.
Sneha Inguva offers an overview of the system and shares problems encountered, potential solutions, and key lessons learned in the process. Sneha dives into the setup of Prometheus and Alertmanager that allows service owners to instrument their own metrics and alerts, explaining the service owner’s point of view and the internals that allow for the dynamic addition of alerts, and offers a glimpse of future modifications to the system. Join in to learn how to leverage open source tools for your monitoring and alerting needs.
The microservice architectural style is an approach to developing an application as a suite of small services that each can be independently developed and deployed. In this talk, we will cover the pros and cons of microservices, including contrasting them with the more traditional 'monolithic' application. We will also dive into the most common mechanism used to expose the functionality of a microservice. REST is an architecture style for building scalable web services. You've at least heard of it, you may have contributed to or even created 'RESTful' applications, but are you familiar with the basic constraints that make up REST? We'll cover the theory behind REST before diving into pragmatic implementation styles and better practices.
Chicago Docker Meetup Presentation - MediaflyMediafly
Bryan Murphy's presentation from the 2nd Chicago Docker meetup on March 12, 2014 at Mediafly HQ. In his presentation, Bryan explains how we use Docker right now at Mediafly in production.
Monitoring as an entry point for collaborationJulien Pivotto
In the last years, we have been building complex stacks, made from lots of components. All of this backed by multiple teams. This talk will present how you can use monitoring to look at the business side and have everyone looking at the same dashboards, making cooperation a reality.
What if configuration management didn't need to be lvl60 in dev?RUDDER
Slides from Alexandre BRIANCEAU's talk at #OSSPARIS19 (Open Source Summit.
Server infrastructure automation is not simple. Several solutions have existed for several years and most of them rely on infra-as-code to achieve their mission. By the way, why infra-as-code?
And unfortunately, these solutions require strong development skills. So how can we do this when the infrastructure team does not have sufficient and, above all, homogeneous expertise? Because otherwise, beware of the "Guru Team" effect, or how the infrastructure automation to save time ends up with a huge SPOF because only one person in the team knows how it works....
I would like to discuss this together and introduce you to RUDDER briefly. RUDDER is a configuration management solution, and therefore infra-as-code, that allows you to automate your systems by relying entirely on a graphical interface to manage your configurations. Because the infrastructure is complex enough to add a layer!
Slides from Alexandre BRIANCEAU's talk at #OSSPARIS19 (Open Source Summit Paris 2019).
Security is everyone's business, an exploited breach is enough. Teams are aware of this and yet it is still as difficult as ever to be able to ensure, be confident, and reassure others (prove) that at least one party is under control.
And when it comes to server infrastructure, especially at the OS / middleware level, everything gets complicated. Even with an operational security team, it is difficult to ensure that the Information System Security Policy and security recommendations are properly implemented on all servers.
How can we be sure that our security policies are properly applied on all our servers other than through a massive and costly audit? Even if they were when they were created, how do you know if they remain perfectly compliant after a few days / weeks / months?
Let's discover together RUDDER, an open-source solution for continuous compliance based on configuration management to automatically audit and/or correct our systems.
Rudder 3.0 was released in January 2015. This talk will bring attendees up to date on recent evolutions in Rudder and show off some of the latest and greatest features like the new compliance dashboard and graphs, redesigned web interface, built-in Technique editor (that automatically builds CFEngine code), basic command line interface, ...
We will then discuss ideas for future features. Last but not least, we should have some time to dig deeper into any parts of Rudder attendees want to know more about - examples could include reporting, ncf, OS support, CFEngine integration, ...
Every new version of MongoDB comes with exciting new features and a lot of improvements and version 4.0 couldn't be an exception to this rule. An upgrade from previous versions will unlock long waiting features like transactions but at the same time without proper planning could be catastrophic for your organization.
This presentation will guide you through the stapes for planning and implementing an upgrade to MongoDB 4.0. We will examine how MongoDB 4.0 affects your organization ecosystem and what changes might be necessary prior to the upgrade. We will demonstrate the upgrade steps with a detailed rollback plan. Finally, we will cover some post-upgrade considerations that will allow you to release the power of MongoDB 4.0.
Infrastructure development using ConsulGrid Dynamics
In his talk, Volodymyr Tselm, DevOps Engineer at Grid Dynamics, tells about Consul, service discovery and DNS, fast-deploy development environment using Consul.
Slides used at CNCF Paris Meetup 02/15/18.
This covers how we setup Prometheus at Deezer and his architecture. We also give some configuration examples and tweaks.
Trying and evaluating the new features of GlusterFS 3.5Keisuke Takahashi
My presentation in LinuxCon/CloudOpen Japan 2014.
It has passed few days since GlusterFS 3.5 released so feel free to correct me if you find my mistakes or misunderstandings. Thanks.
Observability in a Dynamically Scheduled WorldSneha Inguva
The industry is moving toward a microservices architecture, and many companies have embraced container orchestration solutions such as Kubernetes. DigitalOcean is no different. Over the past year, DigitalOcean’s Delivery team has been building a runtime platform based on Kubernetes with the goal of making shipping code easier. The system has empowered service owners to quickly and efficiently deploy and update their applications. A vital component is a white box monitoring and alerting solution based on Prometheus and Alertmanager.
Sneha Inguva offers an overview of the system and shares problems encountered, potential solutions, and key lessons learned in the process. Sneha dives into the setup of Prometheus and Alertmanager that allows service owners to instrument their own metrics and alerts, explaining the service owner’s point of view and the internals that allow for the dynamic addition of alerts, and offers a glimpse of future modifications to the system. Join in to learn how to leverage open source tools for your monitoring and alerting needs.
The microservice architectural style is an approach to developing an application as a suite of small services that each can be independently developed and deployed. In this talk, we will cover the pros and cons of microservices, including contrasting them with the more traditional 'monolithic' application. We will also dive into the most common mechanism used to expose the functionality of a microservice. REST is an architecture style for building scalable web services. You've at least heard of it, you may have contributed to or even created 'RESTful' applications, but are you familiar with the basic constraints that make up REST? We'll cover the theory behind REST before diving into pragmatic implementation styles and better practices.
Chicago Docker Meetup Presentation - MediaflyMediafly
Bryan Murphy's presentation from the 2nd Chicago Docker meetup on March 12, 2014 at Mediafly HQ. In his presentation, Bryan explains how we use Docker right now at Mediafly in production.
Monitoring as an entry point for collaborationJulien Pivotto
In the last years, we have been building complex stacks, made from lots of components. All of this backed by multiple teams. This talk will present how you can use monitoring to look at the business side and have everyone looking at the same dashboards, making cooperation a reality.
What if configuration management didn't need to be lvl60 in dev?RUDDER
Slides from Alexandre BRIANCEAU's talk at #OSSPARIS19 (Open Source Summit.
Server infrastructure automation is not simple. Several solutions have existed for several years and most of them rely on infra-as-code to achieve their mission. By the way, why infra-as-code?
And unfortunately, these solutions require strong development skills. So how can we do this when the infrastructure team does not have sufficient and, above all, homogeneous expertise? Because otherwise, beware of the "Guru Team" effect, or how the infrastructure automation to save time ends up with a huge SPOF because only one person in the team knows how it works....
I would like to discuss this together and introduce you to RUDDER briefly. RUDDER is a configuration management solution, and therefore infra-as-code, that allows you to automate your systems by relying entirely on a graphical interface to manage your configurations. Because the infrastructure is complex enough to add a layer!
Slides from Alexandre BRIANCEAU's talk at #OSSPARIS19 (Open Source Summit Paris 2019).
Security is everyone's business, an exploited breach is enough. Teams are aware of this and yet it is still as difficult as ever to be able to ensure, be confident, and reassure others (prove) that at least one party is under control.
And when it comes to server infrastructure, especially at the OS / middleware level, everything gets complicated. Even with an operational security team, it is difficult to ensure that the Information System Security Policy and security recommendations are properly implemented on all servers.
How can we be sure that our security policies are properly applied on all our servers other than through a massive and costly audit? Even if they were when they were created, how do you know if they remain perfectly compliant after a few days / weeks / months?
Let's discover together RUDDER, an open-source solution for continuous compliance based on configuration management to automatically audit and/or correct our systems.
OSIS 2019 - Qu’apporte l’observabilité à la gestion de configuration ?RUDDER
On parle d’observabilité des services lorsque ceux-ci exposent des états et métriques internes pour améliorer la disponibilité globale.
Qu’en est-il de l’observabilité des infrastructures sur lesquelles ils sont déployés, configurés et maintenus ?
Les différents logs (centralisés, agrégés) permettent un bon début d’analyse mais il faut aussi observer les systèmes au fil de l’eau pour tracer chaque changement et les corréler avec le monitoring. Aujourd’hui, ces étapes de configuration IT devraient être prises en charge par les outils de gestion de configuration, qui deviennent la passerelle vers l’observabilité des opérations.
Nous montrerons l'intérêt de cette approche pour la gestion IT moderne avec un retour d’expérience sur les challenges de leur mise en place dans Rudder, notre solution libre d’audit et de gestion de configuration en continu.
OW2Con - Configurations, do you prove yours?RUDDER
How can we be sure of the continuous configuration management proper operation? How to expose factual topic-related reports to dev, sec, managers, customers...?
We believe that, in order to deliver the full business and collaboration value of continuous configuration management, the solution needs to go further than simply applying policies - it must ensure configuration reliability; prove historized application and status; share it to other teams; notify of any drift with a relevant context.
This talk will present why and how we should be concerned about transmitting factual measures on infrastructure management to all parties involved. We will also guide you through the journey to include a full-fledged reporting feature in a configuration management solution.
The latest major version of the solution has brought a major new feature to the Rudder solution: a plugin ecosystem.
The Rudder software architect will present the reasons for this new feature, how it works, and what are the different plugins available.
Benoit Peccatte, CfgMgmtCamp 2019.
Benoit Peccatte started out as a developer for air traffic control systems but quickly became more interested in writing code generators to automate his job.
After meeting some smart sysadmins on the beach, he switched jobs and has been automating servers for the past decade.
He stumbled across open source in engineering school, and quickly became convinced that free software is the only way to keep software maintainable whatever happens in the future.
Benoit is now trying to automate his job on Rudder, developing features in Rudder to continuously configure and audit more and more servers.
What uses for observing operations of Configuration Management?RUDDER
Nicolas Charles, CfgMgmtCamp 2019.
More and more services expose their state, internal details and metrics to be observable, and improve overall quality of service.
But what about observing the infrastructure they are deployed, configured and maintained on?
What can we learn from that, and what do we need from configuration management to get these features and metrics?
Logs from installation is a good start, but they need centralization, aggregation and especially knowledge derivation from these - but also we need to observe these features over time, to trace changes, and correlate them with monitoring.
Rudder was built around the predicate that all actions of the configuration agent need to be traced, centralized and exposed in a meaningful way - with agents ensuring the continuous configuration of systems, and this talk will show the rationale behind this predicate, how we implemented this solution, and the benefits of this approach for the modern IT world.
UX challenges of a UI-centric config management toolRUDDER
Raphaël Gauthier, CfgMgmtCamp 2019.
One of Rudder’s main focuses is its comprehensive graphical user interface, which allows users to view and manage its configurations without writing a line of code.
The user experience and interface considerations for a tool as technical and complex, and with such potential to break things as a configuration management tool are certainly a challenge, and in some ways in unchartered territory. Rudder’s frontend developer will present an analysis of the situation, the issues encountered and the approach adopted for the improvement of UX and UI planned for 2019.
What happened in RUDDER in 2018 and what’s next?RUDDER
Alexis Mousset, CfgMgmtCamp 2019.
Let’s take a look at Rudder’s new features from 2018, both in terms of the features of versions 4.3 and 5.0 as well as the new documentation and our platform for building and distributing binaries.
We will then present the provisional roadmap for 2019: let’s go to Rudder 5.1 and 5.2!
Alexandre Brianceau, CfgMgmtCamp 2019.
Rudder is an open source configuration management tool that includes continuous auditing (with or without remediation), compliance info and graphs and the possibility to configure everything in the UI and/or APIs.
It has been around for more than six years and has users large (think 10 000 nodes) and small around the world.
Let’s take a moment to look at the vision that lead us here, how Rudder is different from similar tools, and what users find invaluable, nice (or annoying - I’ll be honest!).
If you’re not familiar with Rudder this is a great talk to attend to get the basics covered.
How can we be sure of the continuous configuration management proper operation? How to expose factual topic-related reports to dev, sec, managers, customers...?
We believe that, in order to deliver the full business and collaboration value of continuous configuration management, the solution needs to go further than simply applying policies - it must ensure configuration reliability; prove historized application and status; share it to other teams; notify of any drift with a relevant context.
This talk will present why and how we should be concerned about transmitting factual measures on infrastructure management to all parties involved. We will also guide you through the journey to include a full-fledged reporting feature in a configuration management solution.
L'audit en continu : clé de la conformité démontrable (#POSS 2018)RUDDER
Présentation issue du talk pour le Paris Open Source Summit 2018 par Alexandre Brianceau dans le track Cybersécurité.
Les politiques de sécurité sont de plus en plus complexes et exigeantes à mettre en oeuvre pour les équipes opérationnelles. Comment pouvons-nous être certains que nos politiques de sécurité soient bien appliquées sur tous sos serveurs autrement qu’à travers un audit massif et coûteux ? Quand bien même le seraient-elles lors de leur création, comment savoir si elles restent parfaitement conformes après quelques jours / semaines / mois ?
Nous montrerons comment définir des règles techniques d'une politique de sécurité dans RUDDER, une solution d'automatisation de conformité informatique open source issue du monde devops où la gestion automatique de la configuration est déjà la norme. ensuite toutes les 5 minutes sur chacun des serveurs afin de remonter un résumé global permettant alors d’inspecter les problèmes qui doivent être corrigés.
Nous expliquerons également comment une politique d’audit déployée avec succès peut être imposée sur tous les systèmes avec le même outil, en passant de l’audit automatique à la remédiation automatique.
Fiabilité et conformité continues en production avec Rudder (#BBOOST 2018)RUDDER
Présentation issue du talk pour le BBOOST 2018 par Alexandre Brianceau.
Une infrastructure dont les configurations ne sont pas homogènes, surveillées et maintenues en conformité en continu finit inévitablement par dériver, entraînant failles de sécurité et incidents de production.
Alors que la fiabilité de l’IT est devenue critique, la méthode traditionnelle consistant à mener des audits tous les X mois montre ses limites : une dérive entre deux audits peut passer inaperçue et causer un incident.
RUDDER est une solution qui garantit la conformité des configurations en permanence.
Stay up - voyage d'un éditeur de logiciels libresRUDDER
Voici le retour d'expérience d'un des fondateurs Rudder sur ce que c'est qu'être entrepreneur dans les logiciels libres et les 10 ans de voyage écoulés à travers 4 étapes clés:
- la constitution de l'équipe,
- le passage par un incubateur,
- la levée de fond (ou pas),
- et la recherche d'un business model soutenable.
How we scaled Rudder to 10k, and the road to 50kRUDDER
Management graphical interface, real-time compliance and ease of use are some of Rudder core principles. When Rudder was created in 2010, hundreds of servers were considered a large installation, and the constraints and limits to manage systems were totally different than nowadays, as IT speaks in terms of thousands of nodes. I’ll present how we scaled Rudder from hundreds to 10k nodes, on each different aspect of the product: changing the way nodes talk with the Rudder server, rewriting the data model, evolving the UI, how we detected new limits - further away - and how we removed them; and made sure these limits don’t come back through tooling and testing. Finally, I’ll present the planned evolutions in upcoming releases to reach 50k managed nodes.
Rudder 4.1 was released in March 2017 with:
- an advanced feature to query external APIs and pull in node properties dynamically
the ability to add "key=value" tags to all Rules and Directives in order to categorize them
- a new API on relay servers to enable node-to-node file sharing and remote run in firewalled environments performance improvements
- a new plugin package format
Rudder 4.2 was released in September 2017 and includes the support for a new plugin that adds support for a new Windows DSC-based agent. Rudder 4.3 will include:
- Parameters for Technique Editor techniques
- ACLs on the API accounts
- Many architecture improvements
In parallel, new plugins are being developed:
- A plugin to integrate data from external APIs
- Monitoring integration with Centreon
- CMDB integration with iTop
- A reporting plugin for historized compliance
This talk will introduce these new features and show how to use them, hopefully getting you as excited as we are! Then, we will move on to explain about longer-term feature ideas we have for Rudder, and the general vision linked to future developments.
About Nicolas Charles
Nicolas is a tinkerer who likes when things just work, and tries his best to reach this goal. He started as a developer 15 years ago, and often had to reach out of this role to solve issues.
In 2010, he co-founded Normation, and he still enjoys fixing things in Rudder and at its users.
DevOps D-Day 2017 - Gestion des configurations et mise en conformité chez un ...RUDDER
En tant qu’hébergeur et infogérant, Jaguar Network est confronté à une double évolution :
Le marché attend de la part d’un Service Provider de prendre en charge une part toujours plus importante de la gestion du système d’information.
La croissance de l’entreprise entraîne une pression plus importante quantitativement (scalabilité) et qualitativement (garantir la fiabilité et la sécurité sur l’ensemble du parc géré).
Ainsi, Jaguar Network a dû trouver une solution capable de résoudre cette double problématique à laquelle de plus en plus de sociétés sont confrontées : assurer la croissance rapide du parc tout en améliorant et en garantissant la fiabilité.
Grâce à RUDDER, solution open-source française de Continuous Configuration dédiée aux contraintes de la production, l’atteinte de cet objectif a été grandement facilité. En duo avec l’éditeur de RUDDER, Jaguar Network racontera le déroulement de ce projet, de la mise en place de l’outil aux résultats constatés, en passant par l’intégration avec les autres technologies du SI.
Un retour d’expérience concret et complet sur le concept de Continuous Configuration et son implémentation avec RUDDER.
RUDDER is an easy to use, web-driven, role-based solution for IT Infrastructure Automation and Compliance. With a focus on continuously checking configurations and centralising real-time status data, RUDDER can show a high-level summary (“ISO 27001 rules are at 100%!”) and break down noncompliance issues to a deep technical level (“Host prod-web-03: SSH server configuration allows root logins”).
A few things that make RUDDER stand out:
- A simple framework allows you to extend the built-in rules to implement specific low-level configuration patterns, however complex they may be, using simple building blocks (“ensure package installed in version X,” “ensure file content,” “ensure line in file,” etc.). A graphical builder lowers the technical level required to use this.
- Each policy can be independently set to be automatically checked or enforced on a policy or host level. In Enforce mode, each remediation action is recorded, showing the value of these invisible fixes.
- RUDDER works on almost every kind of device, so you’ll be managing physical and virtual servers in the data center, cloud instances, and embedded IoT devices in the same way.
- RUDDER is designed for critical environments where a security breach can mean more than a blip in the sales stats. Built-in features include change requests, audit logs, and strong authentication.
- RUDDER relies on an agent that needs to be installed on all hosts to audit. The agent is very lightweight (10 to 20 MB of RAM at peak) and blazingly fast (it’s written in C and takes less than 10 seconds to verify 100 rules). Installation is self-contained, via a single package, and can auto-update to limit agent management burden.
- RUDDER is a true and professional open source solution—the team behind RUDDER doesn’t believe in the dual-speed licensing approach that makes you reinstall everything and promotes open source as little more than a “demo version.”
RUDDER is an established project with several 10000s of node managed, in companies from small to biggest-in-their-field. Typical deployments manage 100s to 1000s of nodes. The biggest known deployment in 2016 is about 7000 nodes.
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppGoogle
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-fusion-buddy-review
AI Fusion Buddy Review: Key Features
✅Create Stunning AI App Suite Fully Powered By Google's Latest AI technology, Gemini
✅Use Gemini to Build high-converting Converting Sales Video Scripts, ad copies, Trending Articles, blogs, etc.100% unique!
✅Create Ultra-HD graphics with a single keyword or phrase that commands 10x eyeballs!
✅Fully automated AI articles bulk generation!
✅Auto-post or schedule stunning AI content across all your accounts at once—WordPress, Facebook, LinkedIn, Blogger, and more.
✅With one keyword or URL, generate complete websites, landing pages, and more…
✅Automatically create & sell AI content, graphics, websites, landing pages, & all that gets you paid non-stop 24*7.
✅Pre-built High-Converting 100+ website Templates and 2000+ graphic templates logos, banners, and thumbnail images in Trending Niches.
✅Say goodbye to wasting time logging into multiple Chat GPT & AI Apps once & for all!
✅Save over $5000 per year and kick out dependency on third parties completely!
✅Brand New App: Not available anywhere else!
✅ Beginner-friendly!
✅ZERO upfront cost or any extra expenses
✅Risk-Free: 30-Day Money-Back Guarantee!
✅Commercial License included!
See My Other Reviews Article:
(1) AI Genie Review: https://sumonreview.com/ai-genie-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIFusionBuddyReview,
#AIFusionBuddyFeatures,
#AIFusionBuddyPricing,
#AIFusionBuddyProsandCons,
#AIFusionBuddyTutorial,
#AIFusionBuddyUserExperience
#AIFusionBuddyforBeginners,
#AIFusionBuddyBenefits,
#AIFusionBuddyComparison,
#AIFusionBuddyInstallation,
#AIFusionBuddyRefundPolicy,
#AIFusionBuddyDemo,
#AIFusionBuddyMaintenanceFees,
#AIFusionBuddyNewbieFriendly,
#WhatIsAIFusionBuddy?,
#HowDoesAIFusionBuddyWorks
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaYara Milbes
Discover the transformative power of the WhatsApp API in our latest SlideShare presentation, "Top 7 Unique WhatsApp API Benefits." In today's fast-paced digital era, effective communication is crucial for both personal and professional success. Whether you're a small business looking to enhance customer interactions or an individual seeking seamless communication with loved ones, the WhatsApp API offers robust capabilities that can significantly elevate your experience.
In this presentation, we delve into the top 7 distinctive benefits of the WhatsApp API, provided by the leading WhatsApp API service provider in Saudi Arabia. Learn how to streamline customer support, automate notifications, leverage rich media messaging, run scalable marketing campaigns, integrate secure payments, synchronize with CRM systems, and ensure enhanced security and privacy.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
May Marketo Masterclass, London MUG May 22 2024.pdf
Rudder 3.0 - what's new ?
1. Normation – Tous droits réservés
normation.com
Rudder 3.0
Rudder 3.0
A major step forward
2. Normation – Tous droits réservés
normation.com
Rudder 3.0: Redesigned web interface
Redesigned web interface
✔ Avoid wasted space
✔ One click access to all screens
✔ Familiar Bootstrap menu bar
✔ Improved user experience
✔ Refresh data in all tables
3. Normation – Tous droits réservés
normation.com
Rudder 3.0: Redesigned web interface
Before
After
4. Normation – Tous droits réservés
normation.com
Rudder 3.0: Redesigned web interface
Wasted space
Wastedspace
Wastedspace
Useful content
Pre-3.0
5. Normation – Tous droits réservés
normation.com
Rudder 3.0: Redesigned web interface
Useful content
Now in 3.0
6. Normation – Tous droits réservés
normation.com
Rudder 3.0: Redesigned web interface
One click access to all pages
Pre 3.0: double menu
First click
Second click
Now in 3.0: one menu
7. Normation – Tous droits réservés
normation.com
Rudder 3.0: Redesigned web interface
Improved user experience
Pre 3.0: tabbed Directive page
Now in 3.0: one menu
8. Normation – Tous droits réservés
normation.com
Rudder 3.0: Redesigned web interface
As of 3.0: single page, improved layout
Always available
Save button
9. Normation – Tous droits réservés
normation.com
Rudder 3.0: Redesigned web interface
As of 3.0: single page, improved layout
10. Normation – Tous droits réservés
normation.com
Rudder 3.0: Status reporting
Status reporting
✔ Display an overview of all states for a Rule
✔ Proportional to number of nodes
✔ Proportional to number of configurations
✔ Drilldown by node or by component
✔ Display recent changes (repairs) over time
✔ List recent changes (repairs)
11. Normation – Tous droits réservés
normation.com
Rudder 3.0: Status reporting
Status reporting
Error
Unexpected
No response
Applying...
Success
Not
applicable
(eg SSH on
Windows)
Multi-colour progress bar displayed for each
rule and as a global overview
12. Normation – Tous droits réservés
normation.com
Rudder 3.0: Status reporting
Status reporting
Recent changesCompliance
13. Normation – Tous droits réservés
normation.com
Rudder 3.0: Status reporting
Overview + drilldown
Exhaustive
Focus on what is relevant
14. Normation – Tous droits réservés
normation.com
Rudder 3.0: Status reporting
History of changes on nodes
Keep an eye on what changed
15. Normation – Tous droits réservés
normation.com
Rudder 3.0: Status reporting
Overview: dashboard
16. Normation – Tous droits réservés
normation.com
Rudder 3.0: Status reporting
Reporting: behind the scenes
Two compliance modes
Full compliance
Changes only
Varies logs sent from nodes to server:
Explicit “success” message vs silence means OK + regular heartbeat
10:00 ComponentA Success
10:00 ComponentB Repaired
10:05 ComponentA Success
10:05 ComponentB Success
10:10 ComponentA Success
10:10 ComponentB Success
→ Saves a lot of bandwidth (syslog messages) + storage (DB)
10:00 ComponentB Repaired
10:10 Heartbeat I'm alive!
vs
17. Normation – Tous droits réservés
normation.com
Rudder 3.0: Technique editor
Create your own Techniques via a web interface
Technique editor
18. Normation – Tous droits réservés
normation.com
Rudder 3.0: Technique editor
Builds on the ncf framework and available methods
Technique editor
Example of a method
>60generic methods as of today
19. Normation – Tous droits réservés
normation.com
Rudder 3.0: Node classification data
Insert external data to classify nodes on key=value pairs
Node classification data
1. Set key=value pairs for any nodes via the REST API
See REST API documentation on
http://www.rudder-project.org/rudder-api-doc/
Can be used to
integrate with any
third party CMDB,
inventory/asset
database, ...
20. Normation – Tous droits réservés
normation.com
Rudder 3.0: Node classification data
Insert external data to classify nodes on key=value pairs
Node classification data
1. Set key=value pairs for any nodes via the REST API
2. View, search and group in the web interface
21. Normation – Tous droits réservés
normation.com
Rudder 3.0: CLI
Wrapper for common commands
Command line interface
# rudder agent
Usage: rudder agent help
rudder agent <command> [parameters ...]
Run commands on agent.
Available commands:
disable forbid rudder-agent to be run by cron or service
enable re-enable a disabled rudder-agent
inventory force the agent to create and send a new inventory
reinit re-initialise the agent to make it be seen as a new
reset reset agent status and cache
run force run agent promises
update update promises on agent
version get the agent version
22. Normation – Tous droits réservés
normation.com
Rudder 3.0: CLI
Wrapper for common commands
Command line interface
# rudder server debug <node_IP>
# Starts a temporary cf-serverd process on a different port
# and uses a firewall rule to redirect traffic from that node
# to the temporary server, running in verbose mode
24. Normation – Tous droits réservés
normation.com
What's new in Rudder 3.0
Performance improvement
Much faster interface
Super fast compliance
Tested with 5000+ nodes
Example: List nodes page for 2000 nodes
Rudder 2.11: 2 seconds
Rudder 3.0: 80 ms
Various other changes
Package (deb/rpm) for relay servers
{yum,apt-get} install rudder-server-relay
systemd support
ncf methods
Rudder Techniques
New OS support
RHEL/CentOS 7
Debian 8
Run frequency by node
Set run frequency from
5 minutes to 6 hours
on a global schedule
+ override by node