rudder - configuration management benefits for everyone
DESCRIPTION
Rudder is a new open source tool in the configuration management domain. Specifically aimed at drift assessment, it addresses automation, ongoing verification and repairs, centralizing information and knowledge about your infrastructure, compliance reporting... thus helping to keep drift from nominal behavior low. It's aim is to enable non-experts to benefit from the advantages of configuration management, not reinventing the technical wheel, but providing a new way to drive our infrastructure. This talk will show how Rudder's approach enables everyone in the IT department to benefit from the advantages of configuration management, without necessarily needing to learn a complex tool, or even get their hands dirty. We'll describe and demonstrate how this is possible, and dive into the technical architecture that makes it work. In a nutshell, clearly separated tasks permit technical experts to create configuration templates for the tools they know best, thus letting non-experts leverage this power via a modern web interface, such as: architects or security officers who implement policy, junior sysadmins who use and reuse such policies to setup services, and pretty much anyone who digs into real-time compliance reports and error logs.TRANSCRIPT
Normation – CC-BY-SAnormation.com
RudderRudderConfiguration Management Configuration Management
benefits for everyonebenefits for everyone
Nicolas CHARLES – [email protected]
Normation – CC-BY-SAnormation.com 2
Who am I ?
● Nicolas CHARLES
● Job : Co-founder and CEO of Normation
● Trade :
– Have a developer background (Scala)
– Came to system administration in 2009 with CFEngine 3
– One of the developers of Rudder
– Love to code (still more a Dev than an Ops)
● Open Source : CFEngine Community Champion
ContactsMail : [email protected] : @nico_charles
Normation – CC-BY-SAnormation.com 3
Topic
Lifecycle of an IT system
Dev environment
QA/Test/Intenvironment
Productionenvironment
SpecificationsSecurity
rulesBest
practices
Changes Changes Changes
From 1 service to...10, 100, 1000 !
Issues
Provecompliance
Disasterrecovery
Normation – CC-BY-SAnormation.com 4
The three waves of IT configuration
1. Craft 2. Duplication 3. Central management
● Adaptative to all needs● Customized solution● Detail oriented
● Scalability issue● Repetition is not
a human quality● Knowledge sharing
Hand made configuration, tailored to fit
E V O L U T I O N
● Save time, from the second deployment onwards
● Identical environments
● Adapting parameters● Change management ● Image format compatibility
A “perfect” installation,reproduced identically
● Centralized control● Change management● Validation and reporting● Knowledge sharing
● Agent on each server● Learning curve● Increased complexity of ops
Automated configuration, managed from a central
point
Normation – CC-BY-SAnormation.com 5
Configuration management
Building-up knowledge
Industrialization
Automation
Vigilance Control
Automatic repairs
Formalization
DocumentationReproducibility
Alerts
History
Reporting
Configuration management
Normation – CC-BY-SAnormation.com 6
A recognized best practice
● Several recognized standards and recommendations emphasize configuration management
● Recommendations since 2007 :
● « Operational error causes about 40% of all outages »
● « Implementation of a configuration management strategy will reduce downtime by as much as 35% »
9000
Normation – CC-BY-SAnormation.com 7
Goals
Make configuration management easyand increase its adoption
Extend benefitsof
configuration managementto
a wider population
ManagersJunior
sysadminsNon
experts
Lower entry costto
learn and use
configuration management
Easy to use Highly powerful
Normation – CC-BY-SAnormation.com 8
Key points
Specifically designed forconfiguration management
Automatic inventory(hardware and software)
Multi-platform(packaged for each OS)
Open Source
Simplified user experience (web interface)
Best practices libraryincluded
Graphical reportingBased on CFEngine, standard since 1993
Normation – CC-BY-SAnormation.com 9
Workflow
Techniques
Implemented inCFEngine syntax
+ metadata for
web configuration
Nodes
Search critieria oninventory data
Hardware/OS/Network/Software/Node name/
...
Directives
Rules
Apply Directives to a Group
Groups
Sysadmins
Decider
Expert
Community
c c
Normation – CC-BY-SAnormation.com 10
Behaviour
New nodes
Managed nodes
Browse and searchnode data
Create node groups(static, dynamic)
Configurerules on groups
View infrastructurestatus
Web interface on Rudder server
Inventory
CFEnginepolicy
Reports (specific formatvia syslog)
Normation – CC-BY-SAnormation.com 11
Web Interface overview
Normation – CC-BY-SAnormation.com 12
Web Interface overview
Normation – CC-BY-SAnormation.com 13
Web Interface overview
Normation – CC-BY-SAnormation.com 14
Web Interface overview
Normation – CC-BY-SAnormation.com 15
Web Interface overview
Normation – CC-BY-SAnormation.com 16
The Open Source project
● Created in 2009● October 2011 : First public release
● August 2012 : Second major release (2.4)
● Main technologies : CFEngine, Scala
● Community● Full time developers: 8 (at Normation)
● Official contributors : 6
● Other members : ~20
● Key links :● Community website : http://www.rudder-project.org
● Source code : http://github.com/Normation/
● IRC : #rudder on Freenode
● Twitter : @RudderProject
Normation – CC-BY-SAnormation.com
Questions ?
Normation – CC-BY-SAnormation.com
CFEngine : architecture
Normation – Tous droits réservésnormation.com 10
CFEngine server
Node Node Node Node
Typical CFEngine architecture
Communication TCP (port 5308)Metadata
Files
Normation – CC-BY-SAnormation.com
Rudder : architecture
Normation – Tous droits réservésnormation.com 11
CFEngine server
Node Node Node Node
Rudder architecture, on top of CFEngine
Communication TCP (port 5309)Metadata
Files
Rudder serverGeneration
of CFEnginepromises
Compliancecomputation
Reports(syslog)
Inventories(Port 80)