Rudder is a new open source tool in the configuration management domain. Specifically aimed at drift assessment, it addresses automation, ongoing verification and repairs, centralizing information and knowledge about your infrastructure, compliance reporting... thus helping to keep drift from nominal behavior low. It's aim is to enable non-experts to benefit from the advantages of configuration management, not reinventing the technical wheel, but providing a new way to drive our infrastructure. This talk will show how Rudder's approach enables everyone in the IT department to benefit from the advantages of configuration management, without necessarily needing to learn a complex tool, or even get their hands dirty. We'll describe and demonstrate how this is possible, and dive into the technical architecture that makes it work. In a nutshell, clearly separated tasks permit technical experts to create configuration templates for the tools they know best, thus letting non-experts leverage this power via a modern web interface, such as: architects or security officers who implement policy, junior sysadmins who use and reuse such policies to setup services, and pretty much anyone who digs into real-time compliance reports and error logs.

1. Rudder
Configuration Management
benefits for everyone
Nicolas CHARLES – nch@normation.com Normation – CC-BY-SA
normation.com

2. Who am I ?
● Nicolas CHARLES
● Job : Co-founder and CEO of Normation
● Trade :
– Have a developer background (Scala)
– Came to system administration in 2009 with CFEngine 3
– One of the developers of Rudder
– Love to code (still more a Dev than an Ops)
● Open Source : CFEngine Community Champion
Contacts
Mail : nch@normation.com
Twitter : @nico_charles
Normation – CC-BY-SA
normation.com 2

3. Topic
Lifecycle of an IT system
Best Security
Specifications practices rules
Dev QA/Test/Int Production
environment environment environment
Changes Changes Changes
Issues
Disaster Prove
From 1 service to... compliance
10, 100, 1000 ! recovery
Normation – CC-BY-SA
normation.com 3

4. The three waves of IT configuration
1. Craft 2. Duplication 3. Central management
Hand made configuration, A “perfect” installation, Automated configuration,
tailored to fit reproduced identically managed from a central
point
● Adaptative to all needs ● Save time, from the second ● Centralized control
● Customized solution deployment onwards ● Change management
● Detail oriented ● Identical environments ● Validation and reporting
● Knowledge sharing
● Scalability issue ● Adapting parameters ● Agent on each server
● Repetition is not ● Change management ● Learning curve
a human quality ● Image format compatibility ● Increased complexity of ops
● Knowledge sharing
EVOLUTION
Normation – CC-BY-SA
normation.com 4

5. Configuration management
Reproducibility Industrialization Documentation History
Building-up
Automation
knowledge
Configuration management
Vigilance Control
Automatic
Alerts Formalization Reporting
repairs
Normation – CC-BY-SA
normation.com 5

6. A recognized best practice
● Several recognized standards and recommendations
emphasize configuration management
9000
● Recommendations since 2007 :
● « Operational error causes about 40% of all outages »
● « Implementation of a configuration management strategy will reduce
downtime by as much as 35% »
Normation – CC-BY-SA
normation.com 6

7. Goals
Make configuration management easy
and increase its adoption
Lower entry cost Extend benefits
to of
learn and use configuration management
to
configuration management a wider population
Junior Non
Easy to use Highly powerful Managers
sysadmins experts
Normation – CC-BY-SA
normation.com 7

8. Key points
Specifically designed for Simplified user experience
configuration management (web interface)
Based on CFEngine,
Graphical reporting
standard since 1993
Automatic inventory Best practices library
(hardware and software) included
Multi-platform
Open Source
(packaged for each OS)
Normation – CC-BY-SA
normation.com 8

9. Workflow
c c
Techniques Nodes
Community
Implemented in Search critieria on
CFEngine syntax inventory data
+ Hardware/OS/Network/
metadata for Software/Node name/
Expert web configuration ...
Directives Groups
Decider
Rules
Apply Directives
Sysadmins
to a Group
Normation – CC-BY-SA
normation.com 9

10. Behaviour
New nodes
Inventory
Web interface on Rudder server
Browse and search Create node groups
node data (static, dynamic)
Configure View infrastructure
rules on groups status
CFEngine Reports (specific format
policy via syslog)
Managed nodes
Normation – CC-BY-SA
normation.com 10

11. Web Interface overview
Normation – CC-BY-SA
normation.com 11

12. Web Interface overview
Normation – CC-BY-SA
normation.com 12

13. Web Interface overview
Normation – CC-BY-SA
normation.com 13

14. Web Interface overview
Normation – CC-BY-SA
normation.com 14

15. Web Interface overview
Normation – CC-BY-SA
normation.com 15

16. The Open Source project
● Created in 2009
● October 2011 : First public release
● August 2012 : Second major release (2.4)
● Main technologies : CFEngine, Scala
● Community
● Full time developers: 8 (at Normation)
● Official contributors : 6
● Other members : ~20
● Key links :
● Community website : http://www.rudder-project.org
● Source code : http://github.com/Normation/
● IRC : #rudder on Freenode
● Twitter : @RudderProject
Normation – CC-BY-SA
normation.com 16

17. Questions ?
Normation – CC-BY-SA
normation.com

18. CFEngine : architecture
Typical CFEngine architecture
CFEngine server
Communication TCP
(port 5308)
Metadata
Files
Node Node Node Node
Normation – Tous droits réservés
Normation – CC-BY-SA
normation.com
normation.com 10

19. Rudder : architecture
Rudder architecture, on top of CFEngine
Rudder server
Generation
Compliance
of CFEngine
computation
promises CFEngine server
Communication TCP
(port 5309)
Reports Metadata
(syslog) Files
Inventories
(Port 80)
Node Node Node Node
Normation – Tous droits réservés
Normation – CC-BY-SA
normation.com
normation.com 11