rudder - configuration management benefits for everyone (fosdem 2012)
DESCRIPTION
Rudder is a new open source tool in the configuration management domain. Its aim is not to reinvent the technical wheel, but to provide a new way to drive our infrastructure. Specifically aimed at drift assessment, it addresses automation, ongoing verification and repairs, centralizing information and knowledge about your infrastructure, compliance reporting... thus helping to keep drift from nominal behavior low. Built upon a standard CFEngine architecture (and other open source components). This talk will show how Rudder's approach enables everyone in the IT department to benefit from the advantages of configuration management, without necessarily needing to learn a complex tool, or even get their hands dirty. We'll describe and demonstrate how this is possible, and dive into the technical architecture that makes it work. In a nutshell, clearly separated tasks permit technical experts to create configuration templates for the tools they know best, thus letting non-experts leverage this power via a modern web interface, such as: architects or security officers who implement policy, junior sysadmins who use and reuse such policies to setup services, and pretty much anyone who digs into real-time compliance reports and error logs. See http://www.rudder-project.org for more info.TRANSCRIPT
Configuration management benefitsfor everyone
Nicolas Charles <[email protected]>Jonathan Clarke <[email protected]>
05/02/2012FOSDEM 2012 @ Brussels, Belgium
Speakers
Nicolas Charles
Scala developer
Works at Normation
Rudder developer
CFEngine expert
CFEngine Community Champion
Jonathan Clarke
Sysadmin
Works at Normation
Rudder developer
CFEngine expert
Service management
Make sure the service does it's job
Install & UpdateConfigureRun
Security
User accountsPassword policyBackupsLog everythingSecurity patches
Availability
Limit the impact of a failureScale outPlan for disaster recovery
Knowledge
Document configurationFormalize proceduresLog changes
Configuration managementbenefits
Automate
First install + reinstallsUpdateConfigure
Regular checks
Install OK?Configuration OK?Integrity?
Industrialization
Re-use (configs, policies...)Reporting on config statusDashboards
Collaboration
More knowledge: Centralize information Full change logLess documentation: Less written procedures More automation
For the all the rest,advantages are undeniable!
Managers?
In some situations, configuration management may be too much overhead...
But does everyone really benefit?
Juniorsysadmins?
Non specialists?
Goals
Lower the learning curve to use CM
This may mean losing some flexibility but mustn't mean
losing efficiency
Share CM benefitswith a wider population
Different information and capabilities for different people
Fundamentals
Build on reliable tools
Share
OS-specific packages
Automaticinventory
Based on CFEngineLightweight and powerful
Improve
Web interface
Reporting graphique
Library of infrastructureconfigurations included
PrincipleNew nodes
Web interface on Rudder server
View node data Put nodes in groups
Configure ruleson groups
View infrastructure status
Managed nodes
Inventory
Hardware and software inventory
CFEngine policy Reports
Configuration Rules
Predefined templates to manage systems
- Install packages, distribute files- Manage users, distribute SSH keys- Configure DNS, NTP, package managers- Schedule backups...
Parametrization in the Web Interface
- Forms to change defaults
Conversion intoCFEngine Policies
- Applied by CFEngine agents
Current status
Version 2.3released in
october 2011
Web interface to manage
nodes and configuration rules
Real time reports on infrastructure
status
Policy Templates(currently 33)
Packaged for main Linux distributions
All changes logged
Demonstration
Install
Installing a Rudder server
# echo 'deb http://www.rudder-project.org/apt-2.3/ squeeze main' >> /etc/apt/sources.list# aptitude update# aptitude install rudder-server-root# /opt/rudder/bin/rudder-init.sh
Installing Rudder on a node to manage
# echo 'deb http://www.rudder-project.org/apt-2.3/ squeeze main' >> /etc/apt/sources.list# aptitude update# aptitude install rudder-agent# echo "server address" > /var/rudder/cfengine-community/policy_server.dat
Requirements (node)
Memory occupation of CFEngine deamons
Small amount of free RAM
(10-20 MB)
Some dependencies
- SSL- BerkeleyDB- PCRE- Syslog
Rudder architecture Based on typical CFEngine architecture
CFEngine server
Node Node Node Node
Communications by TCP(port 5308)- File metadata- File content
Rudder architecture
CFEngine server
Node Node Node Node
Communications by TCP(port 5309)- File metadata- File contents- Send inventories(FusionInventory)- Send reports (syslog)
Rudder serverGenerate CFEngine policy
Extra components on the server only
Rudder workflow
Policy Templates
CFEngine syntaxVariables for web configuration
Policy Instances
Configuration Rule
Apply Policy Instancesto a Group
Group
Nodes
Search criteria on inventory information - Hardware / OS / Network - Software - Node nameEnter variables in
the web interfaceCreate a group
Extend
Write new Policy Templates
- Based on CFEngine 3- An XML descriptor to set up the web forms- Configure anything!
Write plugins for the webapp
- Plugins are automatically discovered at startup- Implementation example: https://github.com/Normation/rudder-plugin-helloworld
Roadmap 2.4: February 2012
Import/Export configurations across Rudder servers Approval process for changes before deploying them More and better Policy Templates Deleting nodes Simple REST API
2.5: Mid 2012 Better Policy Configuration display More detailed reporting Authorizations
Community Source code on GitHub Documentation wiki
http://rudder-project.org
Small open source community Mailing lists
[email protected] [email protected]
IRC : #rudder on FreeNode Twitter: @RudderProject
Questions?
Nicolas CharlesMail: [email protected]: nico_charles
Stay in touch...
05/02/2012FOSDEM 2012 @ Brussels, Belgium
Jonathan ClarkeMail: [email protected]: jooooooon42