Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The new plugin ecosystem in RUDDER 5.0

Rudder
February 05, 2019

The new plugin ecosystem in RUDDER 5.0

The latest major version of the solution has brought a major new feature to the Rudder solution: a plugin ecosystem.

The Rudder software architect will present the reasons for this new feature, how it works, and what are the different plugins available.

Benoît Peccatte
Configuration Management Camp 2019

Rudder

February 05, 2019
Tweet

More Decks by Rudder

Other Decks in Technology

Transcript

  1. PLUGINS 1. What are plugins 2. How plugins work a.

    Package, Install remove b. Compatibility c. Licences 2
  2. PLUGINS what • An extension of Rudder • Put into

    a package (and RPKG file) • Installable on the server or on relays ◦ All plugins are for the server currently ◦ If something is needed on the agent, it will be installed by the server • Can extend anything 3
  3. 4 4 Root Server Relay Server SERVER & AGENT Node

    AGENT Node AGENT Node AGENT Private network Integration plugin Package.rpkg Third party Webapp Feature plugin Feature plugin Integration plugin
  4. PLUGINS Under the hood A bit like deb files: ar

    file containing everything • The metadata contains package information • A script.txz files that contains script for pre and post install • All files in a files.txz archive We use this for seamless installation We make plugins that do not break everything when they are disabled. 5
  5. PLUGINS Under the hood Packages are generated from our plugin

    repo, but you can write your own Packages are installed with “rudder-pkg install-file” command Dependencies are not automatically installed (at the moment) but are displayed so the user can do it 6
  6. PLUGINS Versioning Plugin versions : <rudder_makor>-<major>.<minor> Example: myplugin 5.0-1.1 ▪

    The first part indicates the compatibility of the plugin with Rudder ▪ The second part is the real version of the plugin. Plugin version does not change with rudder version, example: • centreon 4.3-1.0 • centreon 5.0-1.0 Same plugin, different build. 7
  7. PLUGINS Licences Some plugins are completely free (GPLv2) • Integration

    plugins for free software are free • Rudder common features stay free Some plugins are not • Integration plugin with proprietary tools • Support for proprietary OS • Plugins that extend Rudder in a way that only big players may consider 8
  8. PLUGINS Licenses Plugins that are not free need a license

    to work properly. To install a license • Get a subscription from Rudder • We provide you with the binary package for the plugin • We provide you the license and doc to install it Come and see us! 9
  9. PLUGINS A note about the repository Base URl is now

    https://repository.rudder.io/ It contains everything that can be downloaded: ▪ Packages ▪ Plugins ▪ Sources ▪ Build dependencies 10
  10. PLUGINS Feature plugins 1. Reporting 2. Customization 3. Access right

    management (web + api) 4. Validation workflow 5. Datasource 6. Relay 7. External authentication 11
  11. PLUGINS Reporting Reporting plugin : • Reports on past data

    • Keep history of the compliance of your fleet • Create archive reports • Reports that can be exported to PDF • Reports based on your needs 12
  12. 13

  13. PLUGINS Customization Customize the look of your Rudder Instance •

    Customize login page • Customize Rudder header 14
  14. PLUGINS Access Rights Splitted in 2 plugins : • Give

    access rights to people • Give access rights to scripts • Rights for using the interface • Rights for calling the API 16
  15. PLUGINS Workflow AKA change requests: ▪ Validate change before they

    go into production ▪ For having two pairs of eyes ▪ For new people in the team 17
  16. PLUGINS Datasource Do you know node properties ? You can

    automatically fill them from a database with datasource 19
  17. 20 20 Root Server SERVER & AGENT Webapp Datasource plugin

    Configuration Database Node properties
  18. 22 22 Root Server Relay Server SERVER & AGENT Node

    AGENT Node AGENT Node AGENT Private network Webapp
  19. PLUGINS Integration plugins 1. Ansible 2. Rundeck 3. Centreon 4.

    Zabbix 5. GLPI 6. Itop 7. ServiceNow 8. Vault 25
  20. 27 27 Root Server SERVER & AGENT Webapp Ansible plugin

    Ansible Group 1 Group 2 Group 1 Group 2
  21. 29 29 Root Server SERVER & AGENT Webapp Rundeck plugin

    Rundeck Group 1 Group 2 Group 1 Group 2
  22. PLUGINS Centreon Manage machines via Rudder They are ready to

    be monitored with Centreon You can change centreon monitoring from Rudder Techniques You should be able to monitor directive status from Centreon (not working yet) 30
  23. PLUGINS Zabbix Manage machines via Rudder They are ready to

    be monitored with Zabbix You can change zabbix monitoring from Rudder Techniques (this doesn’t work yet) 32
  24. PLUGINS glpi Rudder has machines inventory Inventory goes from Rudder

    to GLPI without having to install another agent 34
  25. PLUGINS iTop Know of node properties ? You can automatically

    fill them from iTop with this plugin You can also automatically import directives that are applied in a machine into iTop. 36
  26. 37 37 Root Server SERVER & AGENT Webapp Datasource plugin

    iTop Node properties Node directives
  27. PLUGINS ServiceNow Know of node properties ? You can automatically

    fill them from and to ServiceNow with this plugin Inventory can be sent to ServiceNow Change Request are forwarded to ServiceNow 38
  28. 39 39 Root Server SERVER & AGENT Webapp ServiceNow plugin

    ServiceNow Node properties Inventories Change requests
  29. PLUGINS Vault Have something to hide to other sysadmin ?

    Use vault to store sensitive content Use Rudder to use vault data in its policies. 40
  30. PLUGINS Future work 1. CVE 2. Foreman 3. Pulp 4.

    Mgmt 5. Openscap 6. Virtual agent 45
  31. PLUGINS CVE CVE: 1. Update CVE database from a known

    source 2. Compare inventory package with DB 3. Notify for vulnerable machines 4. Create rules to patch them 46
  32. PLUGINS Foreman Foreman: 1. Trigger deployment from Rudder 2. Pre

    accept machine 3. Collect foreman facts into rudder properties 4. Synchronize lifecycle with foreman 47
  33. PLUGINS Pulp Pulp: 1. Define package source for a node

    a. -> configure it on the node b. -> automatically configure pulp to synchronize necessary sources 2. Use the rudder server as a repository for rudder packages 48
  34. PLUGINS Mgmt MGMT: 1. Generate policies for mgmt agent 2.

    First POC very soon 3. Benefits from mgmt reactivity 49
  35. PLUGINS Openscap Openscap: 1. Automatically translate openscap rules into techniques

    or directives 2. Make Rudder a security assessment tool 50
  36. PLUGINS Virtual agent Virtual agent: 1. Add a new kind

    of agent: virtual 2. A virtual agent is not a real agent, but a specific node (a relay) that acts via an API on a behalf on an agent that cannot exist Example of virtual agent: 1. Network device (Switch, router, …) 2. Proprietary hypervisor (VMware) 51