Rudder - Configuration management benefits for everyone (FOSDEM 2012)
-
Upload
normation -
Category
Technology
-
view
4.110 -
download
1
description
Transcript of Rudder - Configuration management benefits for everyone (FOSDEM 2012)
![Page 1: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/1.jpg)
Configuration management benefitsfor everyone
Nicolas Charles <[email protected]>Jonathan Clarke <[email protected]>
05/02/2012FOSDEM 2012 @ Brussels, Belgium
![Page 2: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/2.jpg)
Speakers
Nicolas Charles
Scala developer
Works at Normation
Rudder developer
CFEngine expert
CFEngine Community Champion
Jonathan Clarke
Sysadmin
Works at Normation
Rudder developer
CFEngine expert
![Page 3: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/3.jpg)
Service management
Make sure the service does it's job
Install & UpdateConfigureRun
Security
User accountsPassword policyBackupsLog everythingSecurity patches
Availability
Limit the impact of a failureScale outPlan for disaster recovery
Knowledge
Document configurationFormalize proceduresLog changes
![Page 4: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/4.jpg)
Configuration managementbenefits
Automate
First install + reinstallsUpdateConfigure
Regular checks
Install OK?Configuration OK?Integrity?
Industrialization
Re-use (configs, policies...)Reporting on config statusDashboards
Collaboration
More knowledge: Centralize information Full change logLess documentation: Less written procedures More automation
![Page 5: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/5.jpg)
For the all the rest,advantages are undeniable!
Managers?
In some situations, configuration management may be too much overhead...
But does everyone really benefit?
Juniorsysadmins?
Non specialists?
![Page 6: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/6.jpg)
Goals
Lower the learning curve to use CM
This may mean losing some flexibility but mustn't mean
losing efficiency
Share CM benefitswith a wider population
Different information and capabilities for different people
![Page 7: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/7.jpg)
Fundamentals
Build on reliable tools
Share
OS-specific packages
Automaticinventory
Based on CFEngineLightweight and powerful
Improve
Web interface
Reporting graphique
Library of infrastructureconfigurations included
![Page 8: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/8.jpg)
PrincipleNew nodes
Web interface on Rudder server
View node data Put nodes in groups
Configure ruleson groups
View infrastructure status
Managed nodes
Inventory
Hardware and software inventory
CFEngine policy Reports
![Page 9: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/9.jpg)
Configuration Rules
Predefined templates to manage systems
- Install packages, distribute files- Manage users, distribute SSH keys- Configure DNS, NTP, package managers- Schedule backups...
Parametrization in the Web Interface
- Forms to change defaults
Conversion intoCFEngine Policies
- Applied by CFEngine agents
![Page 10: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/10.jpg)
Current status
Version 2.3released in
october 2011
Web interface to manage
nodes and configuration rules
Real time reports on infrastructure
status
Policy Templates(currently 33)
Packaged for main Linux distributions
All changes logged
![Page 11: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/11.jpg)
Demonstration
![Page 12: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/12.jpg)
Install
Installing a Rudder server
# echo 'deb http://www.rudder-project.org/apt-2.3/ squeeze main' >> /etc/apt/sources.list# aptitude update# aptitude install rudder-server-root# /opt/rudder/bin/rudder-init.sh
Installing Rudder on a node to manage
# echo 'deb http://www.rudder-project.org/apt-2.3/ squeeze main' >> /etc/apt/sources.list# aptitude update# aptitude install rudder-agent# echo "server address" > /var/rudder/cfengine-community/policy_server.dat
![Page 13: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/13.jpg)
Requirements (node)
Memory occupation of CFEngine deamons
Small amount of free RAM
(10-20 MB)
Some dependencies
- SSL- BerkeleyDB- PCRE- Syslog
![Page 14: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/14.jpg)
Rudder architecture Based on typical CFEngine architecture
CFEngine server
Node Node Node Node
Communications by TCP(port 5308)- File metadata- File content
![Page 15: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/15.jpg)
Rudder architecture
CFEngine server
Node Node Node Node
Communications by TCP(port 5309)- File metadata- File contents- Send inventories(FusionInventory)- Send reports (syslog)
Rudder serverGenerate CFEngine policy
Extra components on the server only
![Page 16: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/16.jpg)
Rudder workflow
Policy Templates
CFEngine syntaxVariables for web configuration
Policy Instances
Configuration Rule
Apply Policy Instancesto a Group
Group
Nodes
Search criteria on inventory information - Hardware / OS / Network - Software - Node nameEnter variables in
the web interfaceCreate a group
![Page 17: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/17.jpg)
Extend
Write new Policy Templates
- Based on CFEngine 3- An XML descriptor to set up the web forms- Configure anything!
Write plugins for the webapp
- Plugins are automatically discovered at startup- Implementation example: https://github.com/Normation/rudder-plugin-helloworld
![Page 18: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/18.jpg)
Roadmap 2.4: February 2012
Import/Export configurations across Rudder servers Approval process for changes before deploying them More and better Policy Templates Deleting nodes Simple REST API
2.5: Mid 2012 Better Policy Configuration display More detailed reporting Authorizations
![Page 19: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/19.jpg)
Community Source code on GitHub Documentation wiki
http://rudder-project.org
Small open source community Mailing lists
[email protected] [email protected]
IRC : #rudder on FreeNode Twitter: @RudderProject
![Page 20: Rudder - Configuration management benefits for everyone (FOSDEM 2012)](https://reader033.fdocuments.us/reader033/viewer/2022060109/55582390d8b42a5e468b50d9/html5/thumbnails/20.jpg)
Questions?
Nicolas CharlesMail: [email protected]: nico_charles
Stay in touch...
05/02/2012FOSDEM 2012 @ Brussels, Belgium
Jonathan ClarkeMail: [email protected]: jooooooon42