Rudder and Mission Portal are both user interfaces for configuration management, with different fundamentals and goals. While Rudder allows users to define rules, configure systems, and measure compliance on defined rules in the UI, Mission Portal gives very detailed reporting on everything that happens on the systems, but requires users to code their configuration.
Combining both tools brings the best of both worlds:
- easily manage your systems, and see what is configured
- drill down into the fine details when necessary, and get auto-learning graphs.
This talk will present the architecture, challenges and benefits of this integration, and will finish by a demo of this integration between Rudder 3.2 and CFEngine Mission Portal 3.7.
Nicolas Charles is a Rudder developer and contributor and user of CFEngine since 2009. In charge of professional services at Normation, he gets to encounter very specific uses cases for each of these tools (and others), and helps on them (you can try to bribe him with beer to learn more about this).
This talk was presented at Config Management Camp 2016.
SQL Database Design For Developers at php[tek] 2024
Integrating Rudder and CFEngine Mission Portal
1. Normation – Tous droits réservés
normation.com
Integrating Rudder and
CFEngine Mission Portal
Nicolas CHARLES nch@normation.com
@nico_charles
2. Normation – Tous droits réservés
normation.com
What's in a name ?
Rudder
is an easy to use, web-driven, role-based
solution for IT Infrastructure Automation
& Compliance.
https://www.rudder-project.org/site/about/
CFEngine Mission Portal
is an IT automation platform that uses a model-based
approach to manage your infrastructure, and
applications at WebScale while providing best-in-class
scalability, security, enterprise-wide visibility and
control.
https://docs.cfengine.com/lts/enterprise-cfengine-guide.html
3. Normation – Tous droits réservés
normation.com
Using both together ?
What if we combined Rudder and Mission Portal ?
4. Normation – Tous droits réservés
normation.com
Goal
Automate without coding
Easy classification
Complete
inventoryCompliance
List available
software updates
Autolearning
monitoring
Reports on files
changes
Data isolation
Different level of
reports
Change requests
5. Normation – Tous droits réservés
normation.com
Rudder principles
New node
Managed nodes
2. See Nodes inventory
3. Create nodes groups
(static, dynamic)
4. Configure rules on
groups
7. Check rules reports
Rudder Web Interface
1. Inventory
5. Generate
CFEngine policies 6. Reports
8. Normation – Tous droits réservés
normation.com
Combining both solutions
●
Both architectures are very similar
●
A central point with policies and reports
●
Nodes connects to fetch their policies, and apply them
●
Use the Mission Portal as a Rudder relay
●
Some adaptation in the built-in CFEngine HTTPd server is
necessary
●
Transcript the Mission Portal promises into Rudder Techniques
11. Normation – Tous droits réservés
normation.com
More details
Some adaptations/configurations were needed !
●
Create a role mission-portal in Rudder
●
Create Techniques out of the masterfiles Mission Portal
management
●
Adapt authorization to accept data queries on nodes
●
Adapt the HTTPS virtualhost on mission portal to accept
inventories
12. Normation – Tous droits réservés
normation.com
More details
Setup is pretty standard
●
Install Rudder 3.2
●
Install a CFEngine Hub, bootstrap it to itself, and install rudder-
agent
●
Accept inventory in Rudder, convert the Hub to a Relay
●
Adapt virtualhost on CFEngine Hub
13. Normation – Tous droits réservés
normation.com
Next steps
What remains to be done :
●
Automatic node classification on Mission Portal based on Rudder
Group + tags (in progress)
●
Correlation of reports (external dashboard?)
Surely a ton of others improvement...
14. Normation – Tous droits réservés
normation.com
Questions ?
Nicolas CHARLES nch@normation.com
@nico_charles