OSDC 2015: Benoit Peccatta | Sharing IT automation benefits in a team with Rudder
-
Upload
netways -
Category
Technology
-
view
102 -
download
0
Transcript of OSDC 2015: Benoit Peccatta | Sharing IT automation benefits in a team with Rudder
Normation – Tous droits réservésnormation.com 1
Rudder
Sharing IT automation benefits in a team with Rudder
Benoît Peccatte – [email protected]
Normation – Tous droits réservésnormation.com 2
Who am I ?
● Benoît Peccatte
● Origins: Sysadmin and a developper
● Now: Automation, Rudder, ncf
ncf
Normation – Tous droits réservésnormation.com 3
● What is Rudder anyway?
● Why is it interesting?
● How do people use it (demo)?
Normation – Tous droits réservésnormation.com 5
Context
Automated configuration
ScalableManage 1 to > 100000 servers the same way
Save timeDeploy faster & be more responsive to changes
Improve reliabilityAvoid manual errors, harmonize configurations
Normation – Tous droits réservésnormation.com 6
Key points
Specifically designed forautomation & compliance
Pre-packaged for:Linux, UNIX, Windows, Android
Open Source
Simplified user experiencevia a Web UI
Graphical reportingBased on CFEngine 3(don't reinvent the wheel!)
Vagrant config to test:https://github.com/normation/rudder-vagrant/
Normation – Tous droits réservésnormation.com 7
Design choices: CFEngine
CFEngineMulti-platformLinux, Android, BSD, AIX, HP-UX, Solaris, Windows...
Open SourceGPLv3
Small footprint, scalableA few MB of RAM,just seconds to run...
Continuous checkingAgent based approach,no push
Resilient to errorsNetwork outages, failures,unavailable resources...
Normation – Tous droits réservésnormation.com 8
Design choices
Continuous checkingEvery 5 minutes
Multi-platformLinux, Unix, Windows, Android...
Separate configuration from implementation
ReportingDone after the checks, separate process
High freqency, trust in compliance reporting
Reuse implementations, less bugs, shared code...Clear separation of roles
Cover as many systems as possible
Avoid bottleneckDifferent report types
Normation – Tous droits réservésnormation.com 9
Starting CM
How to start a configuraiton management
project ?
Normation – Tous droits réservésnormation.com 11
Not so fast
Getting everyoneon board for CM is hard
Frustration“I can do it quicker by hand or with a shell script”
Steep learning curveNew concepts, non obvious syntaxes, paradigm, ...
Lack of motivation“What do I have to gain from using this tool?”
Normation – Tous droits réservésnormation.com 12
Not so fast
So how comeso many projects
do work out?
Normation – Tous droits réservésnormation.com 13
Not so fast
Thanks to a hero!
So how comeso many projects
do work out?
Photo CC BY-NC-ND 2.0 from https://www.flickr.com/photos/mwboeckmann/
Normation – Tous droits réservésnormation.com 15
A hero?
Poor configuration management hero...
Hey, I'm trying to do this thing in config management,but I can't make it work, can you help me?
Normation – Tous droits réservésnormation.com 16
A hero?
Poor configuration management hero...
Hi, this is the supervision team.I'm sorry to disturb you at night, but we've got this error
in production, and I think it's related to a change in the CM tool,but I don't understand it. Can you help me?
Normation – Tous droits réservésnormation.com 18
What can we do?
How can we help?
This is clearly a problem.
Normation – Tous droits réservésnormation.com 19
Steep learning curveNew concepts, non obvious syntaxes, paradigm, ...
Approach
1) Separate content and controls
2) Provide access to key parameters without having to edit {CFEngine,Puppet,Chef} code
Normation – Tous droits réservésnormation.com 20
Lack of motivation“What do I have to gain from using this tool?”
Approach
1) Show the benefits to all users
2) Provide nice reports showing what works, how many machines are impacted
Normation – Tous droits réservésnormation.com 21
Frustration“I can do it quicker by hand or with a shell script”
Approach
1) Make it easy and quick to achieve success
2) Provide ready-to-use configuration techniques and share in-house ones simply
Normation – Tous droits réservésnormation.com 22
Why Rudder?
Make configuration management easyand increase its adoption
Extend benefitsof
configuration managementto
a wider population
ManagersJunior
sysadminsNon
experts
Lower entry barrierto
learn and use
configuration management
Easy to use Highly powerful
Normation – Tous droits réservésnormation.com 25
Components
Techniques
Implemented inncf syntax
+ metadata for
web configuration
Nodes
Search criteria oninventory data
Hardware/OS/Network/Software/Node name/
...
Directives
Rules
Apply Directives to a Group
Groups
Sysadmins
c c
Manager or sysadmins
Expert
Community
Normation – Tous droits réservésnormation.com 27
Workflow: the theory
Management
Definepolicy
Changes(fixes, upgrades...)
c c
Community Expert
Sysadmins
Configureparameters
Initial applicationContinuous verification
REP
OR
TIN
G
Technical abstraction(method vs parameters)
Normation – Tous droits réservésnormation.com 28
Workflow: the practice
Hi, this is sysadmin Alice.Do we still have debian 6 hosts?
I would like to remove it from the mirror.
Rudder:Let me check
Normation – Tous droits réservésnormation.com 29
Workflow: the practice
Techniques
Implemented inncf syntax
+ metadata for
web configuration
Nodes
Search criteria oninventory data
Hardware/OS/Network/Software/Node name/
...
Directives
Rules
Apply Directives to a Group
Groups
Sysadmins
c c
Manager or sysadmins
Expert
Community
Normation – Tous droits réservésnormation.com 30
Workflow: the practice
Hi, this is CISO.We shouldn't allow root to login over SSH.
Where are we on this?
Rudder:Let me check
…We never started!
Then we should start it now
Normation – Tous droits réservésnormation.com 31
Workflow: the practice
Techniques
Implemented inncf syntax
+ metadata for
web configuration
Nodes
Search criteria oninventory data
Hardware/OS/Network/Software/Node name/
...
Directives
Rules
Apply Directives to a Group
Groups
Sysadmins
c c
Manager or sysadmins
Expert
Community
Normation – Tous droits réservésnormation.com 33
Workflow: the practice
Hi, this is project manager Bob.We we need more server to sustain the outstanding number of clients!
Rudder:OK, let's add some!
Normation – Tous droits réservésnormation.com 34
Workflow: the practice
Techniques
Implemented inncf syntax
+ metadata for
web configuration
Nodes
Search criteria oninventory data
Hardware/OS/Network/Software/Node name/
...
Directives
Rules
Apply Directives to a Group
Groups
Sysadmins
c c
Manager or sysadmins
Expert
Community
Normation – Tous droits réservésnormation.com 35
Workflow: the practice
Hi, this is the CIO.I need the visibility on our certificate migration project.
What is the current progress?
Rudder:Let me show you that.
Normation – Tous droits réservésnormation.com 38
Workflow: the practice
Hi, this is the DBA.We have an excessive load on our database,
I think some PostgreSQL setting have changed.Can you check?
Rudder:Let me find why, who and when.
Normation – Tous droits réservésnormation.com 40
Workflow: the practice
Hi, this is the CIO.We have a new policy, each modification should be reviewed
and confirmed by a senior sysadminbefore being put into production.
Rudder:OK … if this is is mandatory
Normation – Tous droits réservésnormation.com 42
Workflow: the practice
Validation workflow● States:
● Pending validation
– Can be sent to: Pending deployment, Deployed, Cancelled.
● Pending deployment
– The change was validated, but now require to be deployed. Can be sent to: Deployed, Cancelled.
● Deployed
– The change is deployed. This is a final state, it can’t be moved anymore.
● Cancelled
– The change was not approved. This is a final state, it can’t be moved anymore.
Normation – Tous droits réservésnormation.com 43
Workflow: the practice
Hi, this is developer Charlie.We have changed our application, it now needs a new configuration file.
Can you put it on all servers?It needs to be modified on each server to contain the server name.
Rudder:OK, let's do this.
Normation – Tous droits réservésnormation.com 44
Workflow: the practice
Techniques
Implemented inncf syntax
+ metadata for
web configuration
Nodes
Search criteria oninventory data
Hardware/OS/Network/Software/Node name/
...
Directives
Rules
Apply Directives to a Group
Groups
Sysadmins
c c
Manager or sysadmins
Expert
Community
Write any configuration you like in a Techniqueand share them with co-workers
Normation – Tous droits réservésnormation.com 45
Workflow: the practice
Hi, this is sysadmin Eve.I would like to know which rules are not anymore used.
Rudder:I don't know, let's use the API to check.
Normation – Tous droits réservésnormation.com 46
Summary
● What is Rudder anyway?
● Why is it interesting?
● How do people use it?
Normation – Tous droits réservésnormation.com 47
Questions?
Check it out on:http://www.rudder.cm/
Benoît Peccatte – [email protected]