What's new and what's next in Rudder

Click here to load reader

  • date post

    16-Mar-2018
  • Category

    Technology

  • view

    32
  • download

    1

Embed Size (px)

Transcript of What's new and what's next in Rudder

  • Whats new and whats next in Rudder

    Nicolas CHARLES Co-founder and COO

    @nico_charles

  • 2

    Agenda

    Rudder news since last camp

    Whats new in Rudder 4.1, 4.2 and 4.3

    Future direction

  • 3

    Rudder versions

    Currently supported versions 4.1.x current ESR* version

    4.2.x current latest version Will be supported for 3 months after next version is released

    (so until May 2018)

    4.3.x next version Scheduled for release in February 2018

    * ESR = Extended Support Release

    2015 2016 2017 2018Jun Jan Oct Mar Sep Feb

    3.1 3.2 4.0 4.1 4.2 4.3

  • 4

    Microsoft Powershell DSC Agent

    4.2Manage Windows Systems using Powershell DSC

    Native agent for Windows Uses Microsoft Powershell DSC

    Requires Powershell 4 or more

  • 5

    Microsoft Powershell DSC Agent

    4.2Generic methods for DSC, Classic or both Agents

  • 6

    New generation method: Directive by Directive

    Directives are not merged together anymore! New Policy Generation type: SEPARATED Mix audit and enforce mode for same Technique on a Node Several versions at the same time on a node

    4.3

  • 7

    New generation method: Directive by Directive

    Directives are not merged together anymore! Most techniques have been rewritten to support this feature

    New version (but you can upgrade them one directive at a time)

    separated

    Generate one folder per directive Path: TechniqueName/TechniqueVersion_DirectiveID

    4.3

  • 8

    New generation method: Directive by Directive

    Technically, RudderUniqueID placeholder In Technique bundle names/function names In resulting class to avoid collisions

    Hooks: One time action before and after Directives For global actions like getting the repositories PGP keys only once

    4.3

  • 9

    Techniques Parameters

    Defines parameters within the Technique Editor Better re-usability

    4.3

  • 10

    Techniques Parameters

    Defines parameters within the Technique Editor Define parameter during Directive creation

    4.3

  • 11

    Node properties

    Node properties can now be JSON values:datacenter = { "id": "FRA1", "name": "Colo 1, Paris", "location": "Paris, France", "dns_suffix": "paris.example.com"}

    Access properties in any directive field:${node.properties[datacenter]}

    ${node.properties[datacenter][id]}

    Use default values:${node.properties[datacenter][id] | default = "UK2" }

    ${node.properties[netbios_name] | default = ${rudder.node.hostname} }

    ${node.properties[datacenter][name] | default = """value with "quotes" if necessary""" }

    4.1

  • 12

    Node properties

    Import automatically properties on nodes from third-party REST application

    Datasource plugin Drive behaviour from external source Specific type of Node Property

    4.1

  • 13

    Node properties

    Import automatically properties on nodes from third-party REST application

    4.1

  • 14

    Node properties

    Import automatically properties on nodes from third-party REST application

    Can be global or on a node by node basis Add data in headers

    4.1

  • 15

    Node properties

    Import automatically properties on nodes from third-party REST application

    Extract from received JSON relevant information

    4.1

  • 16

    Node properties

    Import automatically properties on nodes from third-party REST application

    Customize update frequency

    4.1

  • 17

    Node properties

    Import automatically properties on nodes from third-party REST application

    Define what happens when the API doesnt answer

    4.1

  • 18

    Node properties

    Agent searches for optional properties files

    /var/rudder/local/properties.d/*.json

    Add new properties or override existing properties defined on Rudder

    Example:

    Results in :"sysctls_postgresql":{"kernel.shmmax":"5368709120"}

    4.1

    On the node side

    "sysctls_postgresql": { "kernel.shmmax":"5368709120"}

    On the server side

    "sysctls_postgresql": { "kernel.shmall":"903330", "kernel.shmmax":"3700041320"}

    Override node properties locally

  • 19

    JSON everywhere

    ncf methods

    variable_dictvariable_dict_

    from_fle

    Import JSON at runtime 4.1

  • 20

    JSON everywhere

    4.1Merge JSON at runtime

  • 21

    Tags everywhere!

    4.1Tags on Directives and Rules to classify and filter

  • 22

    A new API on relay servers

    Central server

    Node Node Node

    TCP communication (port 5309)File metadataFile contents

    Authentifcation + encryption (TLS)

    TCP/UDP communication (ports 443 and 514)

    Protocols: HTTPS, syslog

    Node Node Node

    Isolated network zone

    Relay server

    Inventory+ Reports

    Confgurationpolicy

  • 23

    ... RELAY API

    A new API on relay servers

    Relay server

    Node Node

    UI REST API

    ... RELAY API

    Central server

    RELAY APIRELAY API

    Trigger agent runScenario 1:Trigger agent runs remotely, including

    via firewalls.4.1

  • 24

    ... RELAY API

    A new API on relay servers

    Relay server

    Node 1 Node 2

    UI REST API

    ... RELAY API

    Central server

    RELAY APIRELAY API

    File sharedwith metadata

    Scenario 2:Share files from one

    node to another.

    In the same networkor not (via relays).

    ... RELAY API

    Relay server

    sharedfle_to_node(node 2, db.sql, /var/share/db.sql, 3 days)

    sharedfle_from_node(node 1, db.sql, /var/share/db.sql)ncf methods

    4.1

  • 25

    Hooks

    4.1Customize behaviour on the server

  • 26

    Hooks

    4.3Extend inventory agent side Inventory runs hooks in /var/rudder/hooks.d or C:\Program

    Files\Rudder\hooks.d Executable scripts, owned by current user or root, and not world writable Script must return valid JSON Added in inventory tag CUSTOM_PROPERTIES

    Available in Node Properties on the Rudder Server Can be used to create Groups Available in API

  • 27

    Improved performance

    Improved UI performance New graph rendering library All Web resources are cached Compress all data from Web Interface

    Better Agent performance 40% faster in normal usage, up to 20 times faster with large policies

    Slightly faster policy generation

    4.1

  • 28

    Agent

    Lighter agent Perl is no longer packaged within the Agent

    SystemD support

    Timing on the CLI output

    Dropped the old cfengine network protocol

    4.3

  • 29

    Miscellaneous

    Groups of groups

    Node lifecycle

    Renaming of ncf generic method And a tool to automatically update the generic method call

    Same versioning for Rudder & ncf

    4.3

  • 30

    Plugins

    Branding: Customize Rudder UI Backgrounds and font colours Login page Logos Title text

  • 31

    Plugins

    Precise ACLs on API Rights per token on any REST API endpoint Token expiration date Maps user permissions to tokens

    What can we define? AclPath : segments, separated by /

    Segment is either a String (api, nodes, rules, etc) Wildcard * , anywhere as a segment Double wildcard ** , only at the end, matches anything

    HttpAction (GET, POST, PUT, DELETE) Anything that is not authorized is denied

    4.3

  • 32

    Plugins

    Examples ALLOW api/nodes/** , GET

    Permits to read all in the nodes API But no changes at all

    ALLOW api/nodes, GET Permits to list nodes (including searches), but not the pending nodes

    ALLOW api/directives/7dd68892-6820-4f85-8e44-a7cc820dd06e , POST Edit only directive with id 7dd68892-6820-4f85-8e44-a7cc820dd06e

    ALLOW api/directives/*/check, POST Only permits to valid that a change is valid

    4.3

  • 33

    Plugins

    Centreon: Automatically configure monitoring on systems

    Node

    UI REST API

    ncf RELAY API

    Central server

    RELAY APIRELAY API

    1 - Synchronize all nodes in Centreon

    Plugin

    2 - Configure node

    3 - Configure hosttemplate

  • 34

    Plugins

    iTop: CMDB integration Export inventories to iTop Import properties from iTop

    Drive policies from CMDB and external data Export Directives and Compliance

    Measure impact of non-compliance

  • 35

    Plugins

    Reporting Generate compliance reports over a period of time

    In development progress

  • 36

    Plugins

    Reporting Defines Rules/Groups/Nodes and a period Select what to display

  • 37

    Bug classification

  • 38

    Bug classification 3 parameters

  • 39

    Bug classification 3 parameters

    User visibility: use case impacted by issue First impression even before Rudder installation Getting started during demo, first install or basic usage of simple Techniques Operational usage of Technique Editor, advanced Techniques, Rudder settings Infrequent complex configurations, third-party integration

  • 40

    Bug classification 3 parameters

  • 41

    Bug classification 3 parameters

    Severity: Critical Prevent main usage of Rudder, can cause data loss no workaround Major Prevent usage of a part of Rudder no easy workaround Minor Something is misleading or with an easy workaround Trivial No functional impact, but it would be nicer if it were fixed.

  • 42

    Bug classification 3 parameters

  • 43