Upgrade to Pro — share decks privately, control downloads, hide ads and more …

What is RUDDER and when should I use it?

7d9785e3bdceb2d9e86dabcfb77b1686?s=47 Rudder
February 04, 2019

What is RUDDER and when should I use it?

https://www.youtube.com/watch?v=rXeireQ1gOg&list=PL6rU2OMWTrhEkQ9_watFjyE1dDxaNFeOW&index=1

Rudder is an open source configuration management tool that includes continuous auditing (with or without remediation), compliance info and graphs and the possibility to configure everything in the UI and/or APIs.
It has been around for more than six years and has users large (think 10 000 nodes) and small around the world.

Let’s take a moment to look at the vision that lead us here, how Rudder is different from similar tools, and what users find invaluable, nice (or annoying - I’ll be honest!).
If you’re not familiar with Rudder this is a great talk to attend to get the basics covered.

Alexandre Brianceau
Configuration Management Camp 2019

7d9785e3bdceb2d9e86dabcfb77b1686?s=128

Rudder

February 04, 2019
Tweet

Transcript

  1. rudder.io +33 1 83 62 26 96 cs@rudder.io What is

    Rudder and when should we use it? Alexandre Brianceau Business Development Director alexandre@rudder.io - +33 669 503 528
  2. Configuration Management definition 2 Configuration management is a systems engineering

    process for establishing and maintaining consistency of a product [...] throughout its life. Configuration_management “
  3. Helpful strategy that could be harmful 3 Continuous growth Continuous

    availability Continuous threat → automation but what about consistency ?
  4. Rudder ♡ devops & cie devops 4 Culture Automation Share

    Measurement
  5. What are commons issues nowadays? 5 Guru team effect (sometimes

    SPOF) No significant incident & TTR reduction Not suitable for audit Not applicable on the whole IT servers
  6. Rudder 6 IT production infrastructure automation and compliance Based in

    Paris Founded in 2010 “
  7. Production actuelle des services IT 7 Business needs Operating System

    Versioned source code Applicative binaries Middleware App App App Server Agile methodology Continuous integration Continuous deployment Provisioning RUN DEV Installation Configuration Update MOC
  8. Architecture 8 Rudder Root Server Interfaces CLI WEB UI API

    Users Applications Compliance Configuration Inventory Rudder Engine + Plugins Relay Node Rudder Agent Node Rudder Agent Node Rudder Agent
  9. Observability : compliant by design PARAM RULE • Id DIRECTIVE

    • Id • (Components) GROUP • Id RUDDER config (global) • Policy Mode • Schedule • ... NODE • Properties • Policy Mode • Schedule • ... Environmental context • Id : . . . • Generated : . . . Files Node configuration Historisation Historisation RUN • Reports • Reports • ... • ... METADATA • node id • config id • run timestamp RUN • Reports • Reports • ... • ... METADATA • node id • config id • run timestamp • Signature Get config Send configuration reports Expected reports (node id, config id, timestamp) Run reports Historisation Compliance historised Send expected reports Metadata • Integrity • Signature Config • For Rule R, Directive D1, Component C Event logs Change request
  10. Key Benefits 10 ➡ Automation benefits by default ➡ Criteria-based

    dynamic groups ➡ Knowledge sustainability ➡ Platforms / OS agnostics ➡ Audit / Enforce switch Efficiency ➡ Full visibility ➡ Automation accuracy ➡ Automatic server handling ➡ Ensure SLA with automatic drift correction Reliability ➡ Continuous audit ➡ Centralized and complete compliance overview ➡ Configuration logging ➡ Observability design Traceability
  11. Sec Production Interns Ops Dev Externals remediation - root SSH

    restriction access audit - sudoers / logs validation workflow Workflow example DMZ Compliance reporting
  12. Rudder, a team solution 12 Web UI API CLI /

    Code
  13. Features IT production-oriented 13 Continuous verification with automatic remediation Dynamic

    groups based on criterias (inventory or tag related) Audit only or enforce your configuration in one click Log all the activity and rollback to a previous configuration
  14. Where & when should I use Rudder ? 14 Multi-systems

    Multi-platforms Toutes échelles 10k + Debian, RHEL, SUSE,... 2008R2 and upper 5.3 and upper physical or vm cloud / containers IOT More than 10 000 nodes managed by a single server < 20 Mo of RAM, ≃ 10” exec Relay components, low network footprint
  15. How to use ? 15 1.a) Technique usage : ready-to-use

    modules Few examples : - Users, groupes, passwords - Softwares (deb/rpm/exe/msi) - Configuration files (complete, bloc, template, per ligne…) - Services & processes management (SysV, systemd, Windows…) - Software configurations (OpenSSH, Apache HTTPd, IIS, NFS…)
  16. How to use ? 16 1.b) Use the graphical configuration

    editor ➔ Allows to create any configuration with elementary bricks ➔ Possibility to link the bricks with conditions
  17. How to use ? 17 2. Compliance verification

  18. rudder.io +33 1 83 62 26 96 cs@rudder.io Thank you

    ! Any questions ? Alexandre Brianceau Customer Success Manager alexandre@rudder.io - 06.69.50.35.28