rudder - getting everyone on board the configuration management express!

Normation – CC-BY-SAnormation.com

Getting everyone on board the configuration management express!

Nicolas CHARLES – [email protected]

Normation – CC-BY-SAnormation.com 2

Who am I ?

● Nicolas CHARLES

● Job: Co-founder and “COO” at Normation

● Free software:

– Co-creator of Rudder

– Contributor to CFEngine since 2009

– CFEngine Community Champion

Contact infoEmail: [email protected]: @nico_charles


Context

Configuration Management


Context

Configuration Management

The proper way

to manage systems


Context

How to start?


Context

How to start?What are the requirements?


Context

How to start?What are the requirements? Which tool(s)?


Context

How to start?What are the requirements?

Which architecture(s)?

Which tool(s)?


Context

Getting startedProject leader(s) evaluate and choose

tool(s), learn its basic, and create PoC(s)


Context

Getting startedProject leader(s) gets experience and confidence.

Becomes the Configuration Management Hero


Context

AdoptionWith enough work and effort, the project is a

success!


Context

AdoptionIt does thingsIt is deployedIt is useful!


Context

The dark side


Context

The dark sideChange habits


Context


I was modifying a file, andeverything I did was erased!


Context


Get in the way of people


Context


Can be complex to tame



Context


Can be complex to tame


It's too hard to use,I've always changed things via the terminal


Context

The darker side


Context

The darker side● Config Management Hero becomes a bottleneck

→ He is the only one to really push the use of the CM


Context

The darker side● Config Management Hero becomes a bottleneck● Config Management Hero becomes critical ressource:

→ He is the only one to really know how the CM works


Context

The darker side● Config Management Hero becomes a bottleneck● Config Management Hero becomes critical ressource● Config Management Hero gets to answer to everyone's

questions


Context

The darker side● Config Management Hero becomes a bottleneck● Config Management Hero becomes critical ressource● Config Management Hero gets to answer to everyone's

questions

Hi, this is the supervision team.I'm sorry to disturb you at night, but we've got this error

in production, and I think it's related to a change in the CM tool,but I don't understand it. Can you help me?


Context

The darker side


Context

The darker side

People joining the team/company have a lot to learn:● How to work with a new set of people● The processes● Architecture of IT systems● Possibly new tools● The current CM implementation


Context

The darker side

People joining the team/company have a lot to learn:● How to work with a new set of people● The processes● Architecture of IT systems● Possibly new tools● The current CM implementation

AND THAT'S A LOT TO LEARN


Context

Reporting?Share the knowledge with:

● The team: what happens, on which systems, and why


Context


● The team● The managers: to show that everything is running fine


Context


● The team● The managers

Are we compliant ? Compliant to what ?


Context



Are we compliant ? Compliant to what ?● To the company rules?


Context



Are we compliant ? Compliant to what ?● To the company rules?● To the legal reglementation?


Context



Are we compliant ? Compliant to what ?● To the company rules?● To the legal reglementation?

Coding yourself the reporting???


Context

Looks grim :/


Context

How to welcome everyone in

configuration management??


Introducing Rudder

Rudder


Introducing Rudder

Rudder

Cfgt Express !


Rudder

Rudder

Directly usable by a larger population

ManagementExpert Sysadmins with no previous CM

knowledge


Rudder

Built-in reporting


Rudder

Simplified configuration


Rudder

Peer-review and validation


Rudder

Complete tracability


Rudder


Easy to restore previous configuration

policy


Rudder


?????


Rudder


Every changes made by users are stored.

All policies are commited into Git

● To have easy to track changes

● To archive/restore between Rudder servers


Rudder


Every checks and changes on nodes are traced and stored

● Predefined reports in the Techniques

● Reports centralized on the server for historization


Architecture

Rudder server

Node Node Node

TCP - port 5309File metadata and files

Authentication and encryption (SSL)

TCP ports 80 and 514HTTP and syslog

Node Node

Isolated networkRelay server

Download info


Rudder

Continuous checking

Pre-packaged for allsupported OSes

Open Source

Simplified user experiencevia a Web UI

Graphical reportingBased on CFEngine 3

http://www.rudder-project.org/

Vagrant config to test:https://github.com/normation/rudder-vagrant/


Rudder - workflow

Management

Definesecurity policy

Changes(fixes, upgrades...)

c c

Community Expert

Sysadmins

Configureparameters

Configuration agent

Initial applicationContinuous verification

REP

OR

TIN

G

Technical abstraction(method vs parameters)


Conclusion

What happens?With Rudder, the Configuration Management Hero is still an hero.

But with much more peace of mind, as the whole team is supporting him


Rudder stats

Key links :● Community website : http://www.rudder-project.org● Source code : http://github.com/Normation/● Mailing-list : [email protected] ● IRC : #rudder on Freenode● Twitter : @RudderProject

Ohloh.net statistics

http://www.rudder-project.org/

http://github.com/Normation/

Normation – CC-BY-SAnormation.com

Questions?

Follow us on Twitter: @RudderProject

Nicolas CHARLES - [email protected]

rudder - getting everyone on board the configuration management express!

Technology

sa normation

learnnormation cc

implementationnormation

charlesnormation cc

terminalnormation cc

pocsnormation cc

cmnormation cc

whynormation cc