Upload
normation
View
1.006
Download
1
Tags:
Embed Size (px)
DESCRIPTION
As a Configuration Management [CM] "champion", trying to gain traction in your environment can be challenging when the level of expertise necessary is in short supply. We built Rudder so that CM champion would not need to clone themselves. Instead, the CM champion is able to use a tool to manage configuration data, expose key parameters to the rest of their team, reduce complexity of configuration changes, and put in place role-based workflow for change control. Rudder is an open source configuration management solution, using lightweight agents (based on CFEngine) controlled via a central management point. Using Rudder, I will show how this approach enables the team to fully participate in the practice of Configuration Management, keep track of changes and history, exploit change access / control, and facilitate knowledge sharing (sharing intentions in design via desired configuration state, maintaining a record of preferred configurations) without intervention of CM champion.
Citation preview
Normation – CC-BY-SAnormation.com
Getting everyone on board the configuration management express!
Nicolas CHARLES – [email protected]
Normation – CC-BY-SAnormation.com 2
Who am I ?
● Nicolas CHARLES
● Job: Co-founder and “COO” at Normation
● Free software:
– Co-creator of Rudder
– Contributor to CFEngine since 2009
– CFEngine Community Champion
Contact infoEmail: [email protected]: @nico_charles
Normation – CC-BY-SAnormation.com 4
Context
Configuration Management
The proper way
to manage systems
Normation – CC-BY-SAnormation.com 8
Context
How to start?What are the requirements?
Which architecture(s)?
Which tool(s)?
Normation – CC-BY-SAnormation.com 9
Context
Getting startedProject leader(s) evaluate and choose
tool(s), learn its basic, and create PoC(s)
Normation – CC-BY-SAnormation.com 10
Context
Getting startedProject leader(s) gets experience and confidence.
Becomes the Configuration Management Hero
Normation – CC-BY-SAnormation.com 11
Context
AdoptionWith enough work and effort, the project is a
success!
Normation – CC-BY-SAnormation.com 15
Context
The dark sideChange habits
I was modifying a file, andeverything I did was erased!
Normation – CC-BY-SAnormation.com 17
Context
The dark sideChange habits
Can be complex to tame
Get in the way of people
Normation – CC-BY-SAnormation.com 18
Context
The dark sideChange habits
Can be complex to tame
Get in the way of people
It's too hard to use,I've always changed things via the terminal
Normation – CC-BY-SAnormation.com 20
Context
The darker side● Config Management Hero becomes a bottleneck
→ He is the only one to really push the use of the CM
Normation – CC-BY-SAnormation.com 21
Context
The darker side● Config Management Hero becomes a bottleneck● Config Management Hero becomes critical ressource:
→ He is the only one to really know how the CM works
Normation – CC-BY-SAnormation.com 22
Context
The darker side● Config Management Hero becomes a bottleneck● Config Management Hero becomes critical ressource● Config Management Hero gets to answer to everyone's
questions
Normation – CC-BY-SAnormation.com 23
Context
The darker side● Config Management Hero becomes a bottleneck● Config Management Hero becomes critical ressource● Config Management Hero gets to answer to everyone's
questions
Hi, this is the supervision team.I'm sorry to disturb you at night, but we've got this error
in production, and I think it's related to a change in the CM tool,but I don't understand it. Can you help me?
Normation – CC-BY-SAnormation.com 25
Context
The darker side
People joining the team/company have a lot to learn:● How to work with a new set of people● The processes● Architecture of IT systems● Possibly new tools● The current CM implementation
Normation – CC-BY-SAnormation.com 26
Context
The darker side
People joining the team/company have a lot to learn:● How to work with a new set of people● The processes● Architecture of IT systems● Possibly new tools● The current CM implementation
AND THAT'S A LOT TO LEARN
Normation – CC-BY-SAnormation.com 27
Context
Reporting?Share the knowledge with:
● The team: what happens, on which systems, and why
Normation – CC-BY-SAnormation.com 28
Context
Reporting?Share the knowledge with:
● The team● The managers: to show that everything is running fine
Normation – CC-BY-SAnormation.com 29
Context
Reporting?Share the knowledge with:
● The team● The managers
Are we compliant ? Compliant to what ?
Normation – CC-BY-SAnormation.com 30
Context
Reporting?Share the knowledge with:
● The team● The managers
Are we compliant ? Compliant to what ?● To the company rules?
Normation – CC-BY-SAnormation.com 31
Context
Reporting?Share the knowledge with:
● The team● The managers
Are we compliant ? Compliant to what ?● To the company rules?● To the legal reglementation?
Normation – CC-BY-SAnormation.com 32
Context
Reporting?Share the knowledge with:
● The team● The managers
Are we compliant ? Compliant to what ?● To the company rules?● To the legal reglementation?
Coding yourself the reporting???
Normation – CC-BY-SAnormation.com 37
Rudder
Rudder
Directly usable by a larger population
ManagementExpert Sysadmins with no previous CM
knowledge
Normation – CC-BY-SAnormation.com 44
Rudder
Complete tracability
Easy to restore previous configuration
policy
Normation – CC-BY-SAnormation.com 46
Rudder
Complete tracability
Every changes made by users are stored.
All policies are commited into Git
● To have easy to track changes
● To archive/restore between Rudder servers
Normation – CC-BY-SAnormation.com 47
Rudder
Complete tracability
Every checks and changes on nodes are traced and stored
● Predefined reports in the Techniques
● Reports centralized on the server for historization
Normation – CC-BY-SAnormation.com 48
Architecture
Rudder server
Node Node Node
TCP - port 5309File metadata and files
Authentication and encryption (SSL)
TCP ports 80 and 514HTTP and syslog
Node Node
Isolated networkRelay server
Download info
Normation – CC-BY-SAnormation.com 49
Rudder
Continuous checking
Pre-packaged for allsupported OSes
Open Source
Simplified user experiencevia a Web UI
Graphical reportingBased on CFEngine 3
http://www.rudder-project.org/
Vagrant config to test:https://github.com/normation/rudder-vagrant/
Normation – CC-BY-SAnormation.com 50
Rudder - workflow
Management
Definesecurity policy
Changes(fixes, upgrades...)
c c
Community Expert
Sysadmins
Configureparameters
Configuration agent
Initial applicationContinuous verification
REP
OR
TIN
G
Technical abstraction(method vs parameters)
Normation – CC-BY-SAnormation.com 51
Conclusion
What happens?With Rudder, the Configuration Management Hero is still an hero.
But with much more peace of mind, as the whole team is supporting him
Normation – CC-BY-SAnormation.com 52
Conclusion
What happens?With Rudder, the Configuration Management Hero is still an hero.
But with much more peace of mind, as the whole team is supporting him
Normation – CC-BY-SAnormation.com 53
Rudder stats
Key links :● Community website : http://www.rudder-project.org● Source code : http://github.com/Normation/● Mailing-list : [email protected] ● IRC : #rudder on Freenode● Twitter : @RudderProject
Ohloh.net statistics
Normation – CC-BY-SAnormation.com
Questions?
Follow us on Twitter: @RudderProject
Nicolas CHARLES - [email protected]