The new plugin ecosystem in RUDDER 5.0

Transcript

1. The new plugin ecosystem in RUDDER 5.0 CONTINUOUS AUDITING &

   CONFIGURATION

2. PLUGINS 1. What are plugins 2. How plugins work a.

   Package, Install remove b. Compatibility c. Licences 2

3. PLUGINS what • An extension of Rudder • Put into

   a package (and RPKG file) • Installable on the server or on relays ◦ All plugins are for the server currently ◦ If something is needed on the agent, it will be installed by the server • Can extend anything 3

4. 4 4 Root Server Relay Server SERVER & AGENT Node

   AGENT Node AGENT Node AGENT Private network Integration plugin Package.rpkg Third party Webapp Feature plugin Feature plugin Integration plugin

5. PLUGINS Under the hood A bit like deb files: ar

   file containing everything • The metadata contains package information • A script.txz files that contains script for pre and post install • All files in a files.txz archive We use this for seamless installation We make plugins that do not break everything when they are disabled. 5

6. PLUGINS Under the hood Packages are generated from our plugin

   repo, but you can write your own Packages are installed with “rudder-pkg install-file” command Dependencies are not automatically installed (at the moment) but are displayed so the user can do it 6

7. PLUGINS Versioning Plugin versions : <rudder_makor>-<major>.<minor> Example: myplugin 5.0-1.1 ▪

   The first part indicates the compatibility of the plugin with Rudder ▪ The second part is the real version of the plugin. Plugin version does not change with rudder version, example: • centreon 4.3-1.0 • centreon 5.0-1.0 Same plugin, different build. 7

8. PLUGINS Licences Some plugins are completely free (GPLv2) • Integration

   plugins for free software are free • Rudder common features stay free Some plugins are not • Integration plugin with proprietary tools • Support for proprietary OS • Plugins that extend Rudder in a way that only big players may consider 8

9. PLUGINS Licenses Plugins that are not free need a license

   to work properly. To install a license • Get a subscription from Rudder • We provide you with the binary package for the plugin • We provide you the license and doc to install it Come and see us! 9

10. PLUGINS A note about the repository Base URl is now

    https://repository.rudder.io/ It contains everything that can be downloaded: ▪ Packages ▪ Plugins ▪ Sources ▪ Build dependencies 10

11. PLUGINS Feature plugins 1. Reporting 2. Customization 3. Access right

    management (web + api) 4. Validation workflow 5. Datasource 6. Relay 7. External authentication 11

12. PLUGINS Reporting Reporting plugin : • Reports on past data

    • Keep history of the compliance of your fleet • Create archive reports • Reports that can be exported to PDF • Reports based on your needs 12

13. 13

14. PLUGINS Customization Customize the look of your Rudder Instance •

    Customize login page • Customize Rudder header 14

15. PLUGINS Customization 15

16. PLUGINS Access Rights Splitted in 2 plugins : • Give

    access rights to people • Give access rights to scripts • Rights for using the interface • Rights for calling the API 16

17. PLUGINS Workflow AKA change requests: ▪ Validate change before they

    go into production ▪ For having two pairs of eyes ▪ For new people in the team 17

18. 18 18 Root Server SERVER & AGENT Webapp Workflow plugin

    Change Request Validate

19. PLUGINS Datasource Do you know node properties ? You can

    automatically fill them from a database with datasource 19

20. 20 20 Root Server SERVER & AGENT Webapp Datasource plugin

    Configuration Database Node properties

21. PLUGINS Relay Relays divide your network Relays extend your ability

    to serve more 21

22. 22 22 Root Server Relay Server SERVER & AGENT Node

    AGENT Node AGENT Node AGENT Private network Webapp

23. PLUGINS Authenticatio n Authenticate against external source • LDAP •

    AD • radius 23

24. 24 24 Root Server SERVER & AGENT Webapp Authentication plugin

    LDAP Radius Active directory

25. PLUGINS Integration plugins 1. Ansible 2. Rundeck 3. Centreon 4.

    Zabbix 5. GLPI 6. Itop 7. ServiceNow 8. Vault 25

26. PLUGINS Ansible Create groups in Rudder Use them in Ansible

    26

27. 27 27 Root Server SERVER & AGENT Webapp Ansible plugin

    Ansible Group 1 Group 2 Group 1 Group 2

28. PLUGINS Rundeck Create groups in Rudder Use them in Rundeck

    28

29. 29 29 Root Server SERVER & AGENT Webapp Rundeck plugin

    Rundeck Group 1 Group 2 Group 1 Group 2

30. PLUGINS Centreon Manage machines via Rudder They are ready to

    be monitored with Centreon You can change centreon monitoring from Rudder Techniques You should be able to monitor directive status from Centreon (not working yet) 30

31. 31 31 Root Server SERVER & AGENT Node AGENT Centreon

    plugin Centron Webapp

32. PLUGINS Zabbix Manage machines via Rudder They are ready to

    be monitored with Zabbix You can change zabbix monitoring from Rudder Techniques (this doesn’t work yet) 32

33. 33 33 Root Server SERVER & AGENT Node AGENT Zabbix

    plugin Zabbix Webapp

34. PLUGINS glpi Rudder has machines inventory Inventory goes from Rudder

    to GLPI without having to install another agent 34

35. 35 35 Root Server SERVER & AGENT Node AGENT GLPi

    plugin GLPi Webapp

36. PLUGINS iTop Know of node properties ? You can automatically

    fill them from iTop with this plugin You can also automatically import directives that are applied in a machine into iTop. 36

37. 37 37 Root Server SERVER & AGENT Webapp Datasource plugin

    iTop Node properties Node directives

38. PLUGINS ServiceNow Know of node properties ? You can automatically

    fill them from and to ServiceNow with this plugin Inventory can be sent to ServiceNow Change Request are forwarded to ServiceNow 38

39. 39 39 Root Server SERVER & AGENT Webapp ServiceNow plugin

    ServiceNow Node properties Inventories Change requests

40. PLUGINS Vault Have something to hide to other sysadmin ?

    Use vault to store sensitive content Use Rudder to use vault data in its policies. 40

41. 41 41 Root Server SERVER & AGENT Node AGENT Vault

    Webapp Vault plugin

42. PLUGINS Proprietary OS support plugins 1. AIX 2. Windows 42

43. PLUGINS AIX Provides support for AIX node policies 43

44. PLUGINS Windows Provides support for Windows node policies Uses DSC

    and powershell 44

45. PLUGINS Future work 1. CVE 2. Foreman 3. Pulp 4.

    Mgmt 5. Openscap 6. Virtual agent 45

46. PLUGINS CVE CVE: 1. Update CVE database from a known

    source 2. Compare inventory package with DB 3. Notify for vulnerable machines 4. Create rules to patch them 46

47. PLUGINS Foreman Foreman: 1. Trigger deployment from Rudder 2. Pre

    accept machine 3. Collect foreman facts into rudder properties 4. Synchronize lifecycle with foreman 47

48. PLUGINS Pulp Pulp: 1. Define package source for a node

    a. -> configure it on the node b. -> automatically configure pulp to synchronize necessary sources 2. Use the rudder server as a repository for rudder packages 48

49. PLUGINS Mgmt MGMT: 1. Generate policies for mgmt agent 2.

    First POC very soon 3. Benefits from mgmt reactivity 49

50. PLUGINS Openscap Openscap: 1. Automatically translate openscap rules into techniques

    or directives 2. Make Rudder a security assessment tool 50

51. PLUGINS Virtual agent Virtual agent: 1. Add a new kind

    of agent: virtual 2. A virtual agent is not a real agent, but a specific node (a relay) that acts via an API on a behalf on an agent that cannot exist Example of virtual agent: 1. Network device (Switch, router, …) 2. Proprietary hypervisor (VMware) 51

52. “ Questions ? 52 ? ? ? ? ? ?

    ? ? ? ? ? ? ? ?