YOUR KEY TO AN AGILE FUTURE

CONFIGURATION MANAGEMENT WITH

RUDDER@BMW

FG-941 | Andreas Pöschl | 25.04.2017

AGENDA

 What is Rudder?
 Why / How Rudder?
 Terms and Rampup
 How to order new Features / Policies
 Log Access and General Information
 Availability Dates
 Demand of the BU´s and Discussion

Rudder | FG-941 Page 2

CONFIGURATION MANAGEMENT WITH RUDDER@BMW
WHAT IS RUDDER?

 Rudder is an innovative production-ready

automation and conformity solution
 Automates and keeps your infrastructure
compliant
 Machine deployment
 Configuration management
 Compliance control
 100% open source
 Software product from Normation S.A.S.,
Paris

Rudder | FG-941 Page 3

CONFIGURATION MANAGEMENT WITH RUDDER@BMW
WHY / HOW RUDDER?

 Big growth of environment size, Overrides ~14 years old, manual fixes scale badly, dull issues
 To be agile, you need more flexibility and more power

Goals
 Be simpler and more capable
 Configuration is OK now, will be OK tomorrow, and will be OK next year
 Configuration is the same among all similar-use systems, independent of age
 Easily reproduced
 Compliance measurable and accessible
 Faster security patch overview / rollout

Rudder | FG-941 Page 4

CONFIGURATION MANAGEMENT WITH RUDDER@BMW
TERMS

 Nodes (your systems) running an Agent

 Rudder Relay (where your systems connect to)
 Rudder Master (where logs are sent to and new config policy is made)
 Policy (who should do what, when, why)
 Rules (Containers) and Directives (Elements)
 Pulp Repos (Web servers w/ RPMs)

Standard configuration / baseline policy “OS Basis”

Rudder | FG-941 Page 5

CONFIGURATION MANAGEMENT WITH RUDDER@BMW
AGENT ON YOUR SYSTEM

 Rudder keeps things in shape, constantly

 We slowed the agent down a bit, runs every 15 minutes
 Actual launch time is randomized to avoid contention
 Agent is normally unremarkable

Rudder | FG-941 Page 6

CONFIGURATION MANAGEMENT WITH RUDDER@BMW
HOW TO ORDER NEW FEATURES / POLICIES (1/4)

 New features / policy code via request form

 OV Conversion for rare ( ~< 100 Hosts) via this form unless already planned
 OV Conversion for new items via this form
 Work with groups / criteria if possible: ”Please set SHM parameters for our module”, “for our web servers”, ”for our TEST
webservers”
 Make use of this, request known things for groups, and they’ll automatically be ready for all following systems
 Application Configuration is not in scope as of now, we just want to give a smooth OS experience

Rudder | FG-941 Page 7

CONFIGURATION MANAGEMENT WITH RUDDER@BMW
HOW TO ORDER NEW FEATURES / POLICIES (2/4)

Major request types

 qq users w./SSH Keys
 Software installs
 Tunables (kernel parameters...)
 OS settings (autostart of applications...)
 Config file contents
 Generic file permissions

Rudder | FG-941 Page 8

CONFIGURATION MANAGEMENT WITH RUDDER@BMW
HOW TO ORDER NEW FEATURES / POLICIES (3/4)

 Documentation created during implementation, will be made available

 Technical and/or responsible contacts will also be noted
 Most fields are optional, a contact is mandatory

Rudder | FG-941 Page 9

CONFIGURATION MANAGEMENT WITH RUDDER@BMW
HOW TO ORDER NEW FEATURES / POLICIES (4/4)

 To start, fill what you know and who’s the main contact
 Dev team will handle QA preparations - taking it quite serious!
 Fetch existing configurations
 Discussing / unifing existing configurations takes some time (3-8 weeks depending on complexity)
 Simplify, rewrite existing tools / scripts whereever possible
 Create unit tests
 Create necessary interface clients for other data sources (DCODB)
 Working solution needs sign-off by requester and operations
 Then ready to be deployed

Rudder | FG-941 Page 10

CONFIGURATION MANAGEMENT WITH RUDDER@BMW
LOG ACCESS

Rudder | FG-941 Page 11

CONFIGURATION MANAGEMENT WITH RUDDER@BMW
GENERAL INFORMATION

 General DevOps things apply:

 There is no undo
 There is no true rollback -> move forward and improve
 Generally everything is faster and more stable
 But there‘s:
 /var/rudder/modified-files
 Change Requests
 Audit logs

 System behaviour
 No big changes, Rudder works with smallest possible change
 Expect /etc/files managed by Rudder to be constantly up to date

Rudder | FG-941 Page 12

CONFIGURATION MANAGEMENT WITH RUDDER@BMW
AVAILABILITY DATES AND MAIL-ADDRESS

 End of conversion of Overrides 16.06.2017

 Operational resources (concept, scripts, keys, rights) are available 23.06.2017
 Operational readiness 30.06.2017

 Please send questions and annotations to: config-mgmt-linux@list.bmw.com

Rudder | FG-941 Page 13

CONFIGURATION MANAGEMENT WITH RUDDER@BMW
DEMAND OF THE BU´S AND DISCUSSION

Rudder | FG-941 Page 14