Rudder Sharing IT automation benefits in a team with Rudder Benoît Peccatte bpe@ 1
Who am I? Benoît Peccatte Origins: Sysadmin and a developper Now: Automation, Rudder, ncf ncf 2
What is Rudder anyway? Why is it interesting? How do people use it (demo)? 3
Context What is Rudder? 4
Context Automated configuration Save time Deploy faster & be more responsive to changes Improve reliability Avoid manual errors, harmonize configurations Scalable Manage 1 to > 100000 servers the same way 5
Key points Specifically designed for automation & compliance Simplified user experience via a Web UI Based on CFEngine 3 (don't reinvent the wheel!) Graphical reporting Pre-packaged for: Linux, UNIX, Windows, Android Open Source Vagrant config to test: https://github.com/normation/rudder-vagrant/ 6
Design choices: CFEngine CFEngine Small footprint, scalable A few MB of RAM, just seconds to run... Continuous checking Agent based approach, no push Multi-platform Linux, Android, BSD, AIX, HP-UX, Solaris, Windows... Resilient to errors Network outages, failures, unavailable resources... Open Source GPLv3 7
Design choices Continuous checking Every 5 minutes High freqency, trust in compliance reporting Separate configuration from implementation Reuse implementations, less bugs, shared code... Clear separation of roles Multi-platform Cover as many systems as possible Reporting Done after the checks, separate process Avoid bottleneck Different report types Linux, Unix, Windows, Android... 8
Starting CM How to start a configuraiton management project? 9
Starting CM Choose a tool. You're ready! 10
Not so fast Getting everyone on board for CM is hard Steep learning curve New concepts, non obvious syntaxes, paradigm,... Lack of motivation What do I have to gain from using this tool? Frustration I can do it quicker by hand or with a shell script 11
Not so fast So how come so many projects do work out? 12
Not so fast So how come so many projects do work out? Thanks to a hero! 13 Photo CC BY-NC-ND 2.0 from https://www.flickr.com/photos/mwboeckmann/
A hero? Poor configuration management hero... 14
A hero? Poor configuration management hero... Hey, I'm trying to do this thing in config management, but I can't make it work, can you help me? 15
A hero? Poor configuration management hero... Hi, this is the supervision team. I'm sorry to disturb you at night, but we've got this error in production, and I think it's related to a change in the CM tool, but I don't understand it. Can you help me? 16
What can we do? 17
What can we do? This is clearly a problem. How can we help? 18
Approach Steep learning curve New concepts, non obvious syntaxes, paradigm,... 1) Separate content and controls 2) Provide access to key parameters without having to edit {CFEngine,Puppet,Chef} code 19
Approach Lack of motivation What do I have to gain from using this tool? 1) Show the benefits to all users 2) Provide nice reports showing what works, how many machines are impacted 20
Approach Frustration I can do it quicker by hand or with a shell script 1) Make it easy and quick to achieve success 2) Provide ready-to-use configuration techniques and share in-house ones simply 21
Why Rudder? Make configuration management easy and increase its adoption Lower entry barrier Extend benefits to of learn and use configuration management to configuration management Easy to use Highly powerful a wider population Managers Junior sysadmins Non experts 22
Right! Show me already! 23
Workflow Typical usage 24
Components c c Community Expert Techniques Nodes Implemented in ncf syntax + metadata for web configuration Search criteria on inventory data Hardware/OS/Network/ Software/Node name/... Directives Groups Manager or sysadmins Rules Apply Directives to a Group Sysadmins 25
Workflow Working in a team with Rudder 26
Workflow: the theory REPORTING Management c c Community Expert Sysadmins Define policy Changes (fixes, upgrades...) Technical abstraction (method vs parameters) Configure parameters Initial application Continuous verification 27
Workflow: the practice Hi, this is sysadmin Alice. Do we still have debian 6 hosts? I would like to remove it from the mirror. Rudder: Let me check 28
Workflow: the practice c c Community Expert Techniques Nodes Implemented in ncf syntax + metadata for web configuration Search criteria on inventory data Hardware/OS/Network/ Software/Node name/... Directives Groups Manager or sysadmins Rules Apply Directives to a Group Sysadmins 29
Workflow: the practice Hi, this is CISO. We shouldn't allow root to login over SSH. Where are we on this? Rudder: Let me check We never started! Then we should start it now 30
Workflow: the practice c c Community Expert Techniques Nodes Implemented in ncf syntax + metadata for web configuration Search criteria on inventory data Hardware/OS/Network/ Software/Node name/... Directives Groups Manager or sysadmins Rules Apply Directives to a Group Sysadmins 31
Workflow: the practice Simplified configuration 32
Workflow: the practice Hi, this is project manager Bob. We we need more server to sustain the outstanding number of clients! Rudder: OK, let's add some! 33
Workflow: the practice c c Community Expert Techniques Nodes Implemented in ncf syntax + metadata for web configuration Search criteria on inventory data Hardware/OS/Network/ Software/Node name/... Directives Groups Manager or sysadmins Rules Apply Directives to a Group Sysadmins 34
Workflow: the practice Hi, this is the CIO. I need the visibility on our certificate migration project. What is the current progress? Rudder: Let me show you that. 35
Workflow: the practice Built-in reporting 36
Workflow: the practice Built-in reporting 37
Workflow: the practice Hi, this is the DBA. We have an excessive load on our database, I think some PostgreSQL setting have changed. Can you check? Rudder: Let me find why, who and when. 38
Workflow: the practice Complete tracability 39
Workflow: the practice Hi, this is the CIO. We have a new policy, each modification should be reviewed and confirmed by a senior sysadmin before being put into production. Rudder: OK if this is is mandatory 40
Workflow: the practice Validation workflow 41
Workflow: the practice States: Pending validation The change was validated, but now require to be deployed. Can be sent to: Deployed, Cancelled. Deployed Can be sent to: Pending deployment, Deployed, Cancelled. Pending deployment Validation workflow The change is deployed. This is a final state, it can t be moved anymore. Cancelled The change was not approved. This is a final state, it can t be moved anymore. 42
Workflow: the practice Hi, this is developer Charlie. We have changed our application, it now needs a new configuration file. Can you put it on all servers? It needs to be modified on each server to contain the server name. Rudder: OK, let's do this. 43
Workflow: the practice c c Community Expert Techniques Nodes Implemented in ncf syntax + metadata for web configuration Search criteria on inventory data Hardware/OS/Network/ Software/Node name/... Directives Groups Manager or sysadmins Write any configuration yourules like in a Technique and share them with co-workers Apply Directives to a Group Sysadmins 44
Workflow: the practice Hi, this is sysadmin Eve. I would like to know which rules are not anymore used. Rudder: I don't know, let's use the API to check. 45
Summary What is Rudder anyway? Why is it interesting? How do people use it? 46
Questions? Check it out on: http://www.rudder.cm/ Benoît Peccatte bpe@ 47