JavaScript is disabled on your browser. Please enable JavaScript to enjoy all the features of this site.
Rudder 4.0 - User Manual
Inventory workflow, from nodes to Root server
Resources:
User manual
|
FAQ
|
Changelog
|
API reference
Version:
3.1 ESR
|
4.0
|
4.1 ESR
Download as:
epub
|
pdf
Sidebar
Prev
|
Up
|
Next
Processing inventories on relays
On the Relay server:
the inventory is received by a
webdav
endpoint,
the
webdav
service store the file in the folder
/var/rudder/inventories/incoming
on each agent runs, files in
/var/rudder/inventories/incoming
are forwarded to the Relay own policy server.
Introduction
Concepts
Rudder functions
Asset management concepts
New Nodes
Search Nodes
Groups of Nodes
Configuration management concepts
Rudder components
Installation
Requirements
Networking
Mandatory flows
Optional flows
DNS - Name resolution
Supported Operating Systems
For Rudder Nodes
For Rudder Root Server
Hardware specifications and sizing for Rudder Root Server
Memory
Disk
Install Rudder Server
Install Rudder Root server on Debian or Ubuntu
Add the Rudder packages repository
Install your Rudder Root Server
Initial configuration of your Rudder Root Server
Validate the installation
Install Rudder Root server on SLES
Configure the package manager
Add the Rudder packages repository
Install your Rudder Root Server
Initial configuration of your Rudder Root Server
Validate the installation
Install Rudder Root server on RHEL-like systems
Add the Rudder packages repository
Install your Rudder Root Server
Initial configuration of your Rudder Root Server
Validate the installation
Install Rudder Agent
Install Rudder Agent on Debian or Ubuntu
Install Rudder Agent on RHEL-like systems
Install Rudder Agent on SLES
Configure and validate
Configure Rudder Agent
Validate new Node
Install Rudder Relay (optional)
On the relay
On the root server
Validation
Adding nodes to a relay server
Upgrade
Upgrade from Rudder 3.1 or 3.2
Upgrade from Rudder 3.0 or older
Caution cases
Compatibility between Rudder agent 4.0 and older server versions
3.1.x and 3.2.x servers
Compatibility between Rudder server 4.0 and older agent versions
3.1.x and 3.2.x agents
3.0.x or older
Protocol for reporting
Known issues
On Debian or Ubuntu
On RHEL or CentOS
Rudder server
Rudder agent
On SLES
Technique upgrade
Upgrade manually installed relays
Rudder Web Interface
Authentication
Presentation of Rudder Web Interface
Rudder Home
Node Management
Configuration Management
Administration
Units supported as search parameters
Bytes and multiples
Convenience notation
Supported units
Node Management
Node Inventory
Accept new Nodes
Search Nodes
Quick Search
Advanced Search
Group of Nodes
Configuration Management
Techniques
Concepts
Manage the Techniques
Available Techniques
Application management
Distributing files
File state configuration
System settings: Miscellaneous
System settings: Networking
System settings: Process
System settings: Remote access
System settings: User management
Directives
Rules
Variables
User defined parameters
System variables
Compliance
Validation workflow in Rudder
What is a Change request ?
Change request status
Change request management page
Change request detail page
How to create a Change request ?
How to validate a Change request ?
Roles
Self Validations
Change request and conflicts
Notifications:
Pending change requests
Change already proposed on Rule/Directive/Group
Technique editor
Introduction
First, what is a Technique ?
What is a Generic method?
Technique Editor
Utility
Interface
Create your first Technique
1. General information
2. Add and configure generic methods
3. Save and apply your technique
Policy Mode (Audit/Enforce)
How is the effective mode computed?
Configuration Policies
How to
Enforce a line is present in a file only once
Security considerations
Data confidentiality
Private data
Common data
Node-Server communication security
File copy
Inventory
Administration
Archives
Archive usecases
Changes testing
Changes qualification
Concepts
Archiving
Importing configuration
Deploy a preconfigured instance
Event Logs
Policy Server
Configure allowed networks
Clear caches
Reload dynamic groups
Plugins
Install a plugin
Basic administration of Rudder services
Restart the agent of the node
Restart the root rudder service
Restart everything
Restart only one component
Password upgrade
User management
Configuration of the users using a XML file
Generality
Passwords
Configuring an LDAP authentication provider for Rudder
LDAP is only for authentication
Enable LDAP authentication
Authorization management
Pre-defined roles
Custom roles
Going further
Monitoring
Monitoring Rudder itself
Monitoring a Node
Monitoring a Server
Monitoring your configuration management
Monitor compliance
Monitor events
Use Rudder inventory in other tools
Export to a spreadsheet
Use the inventory in Rundeck
Use the inventory in Ansible
Usecases
Dynamic groups by operating system
Library of preventive policies
Standardizing configurations
Using Rudder as an Audit tool
Using Audit mode to validate a policy before applying it
Advanced usage
Node management
Reinitialize policies for a Node
Completely reinitialize a Node
Change the agent run schedule
Installation of the Rudder Agent
Static files
Generated files
Services
Configuration
Rudder Agent interactive
Processing new inventories on the server
Verify the inventory has been received by the Rudder Root Server
Process incoming inventories
Validate new Nodes
Prepare policies for the Node
Agent execution frequency on nodes
Checking configuration (CFEngine)
Inventory (FusionInventory)
Password management
Configuration of the postgres database password
Configuration of the OpenLDAP manager password
Configuration of the WebDAV access password
Policy generation
Update policies button
Technique creation
Recommended solution: Technique Editor
Using the Technique Editor
Logs
Understanding how Technique Editor works
Directory layout
Sharing ncf code with nodes
From ncf Technique Editor to Rudder Techniques and back
Hooks
Create Technique manually
Prerequisite
Define your objective
Initialize your new Technique
Define variables
First test in the Rudder interface
Implement the behavior
Read in the variables from Rudder
Add reporting
Node properties
Using properties
Under the hood
Node properties expansion in directives
Feature availability
Usage
Providing a default value
Forcing expansion on the node
JavaScript evaluation in Directives
Feature availability
Usage
Rudder utility library
Standard hash methods
UNIX password-compatible hash methods
Status and future support
New directives default naming scheme
REST API
Default setup
Rudder Authentication
Apache access rules
User for REST actions
Status
Promises regeneration
Dynamic groups regeneration
Technique library reload
Archives manipulation
Archiving:
Listing:
Restoring a given archive:
Restoring the latest available archive (from a previously archived action, and so from a Git tag):
Restoring the latest available commit (use Git HEAD):
Downloading a ZIP archive
Use a database on a separate server
On the database server
On the root server
Multiserver Rudder
Preliminary steps
Install rudder-relay-top
Install rudder-db
Install rudder-ldap
Install rudder-web
Server migration
What files you need
Handle configuration files
Copy /var/rudder/configuration-repository
Use Archive feature of Rudder
Handle CFEngine keys
Keep your CFEngine keys
Change CFEngine keys
On your nodes
Mirroring Rudder repositories
Handbook
Database maintenance
Automatic PostgreSQL table maintenance
PostgreSQL database vacuum
LDAP database reindexing
Migration, backups and restores
Backup
Restore
Migration
Performance tuning
Reports retention
Apache web server
Jetty
Java "Out Of Memory Error"
Configure RAM allocated to Jetty
Optimize PostgreSQL server
Suggested values on an high end server
Suggested values on a low end server
CFEngine
Rsyslog
Maximum number of file descriptors
Network backlog
Conntrack table
Troubleshooting and common issues
Some reports are in "No report"
If you get no reports at all for the Node
If you get incomplete reporting for the Node
Communication issues between agent and server
DNS issues
Inventory issues
Technique editing
Database is using too much space
Reference
Inventory workflow, from nodes to Root server
Processing inventories on node
Processing inventories on relays
Processing inventories on root server
Queue of inventories waiting to be parsed
Rudder Server data workflow
Configuration files for Rudder Server
Rudder Agent workflow
Request data from Rudder Server
Launch processes
Identify Rudder Root Server
Inventory
Syslog
Apply Directives
Configuration files for a Node
Packages organization
Packages
Software dependencies and third party components
Generic methods
Command
command_execution
command_execution_result
Condition
condition_from_command
condition_from_expression
condition_from_expression_persistent
Directory
directory_absent
directory_check_exists
directory_create
File
file_check_FIFO_pipe
file_check_block_device
file_check_character_device
file_check_exists
file_check_hardlink
file_check_regular
file_check_socket
file_check_symlink
file_check_symlinkto
file_copy_from_local_source
file_copy_from_local_source_recursion
file_copy_from_remote_source
file_copy_from_remote_source_recursion
file_create
file_create_symlink
file_create_symlink_enforce
file_create_symlink_force
file_download
file_enforce_content
file_ensure_block_in_section
file_ensure_block_present
file_ensure_key_value
file_ensure_key_value_parameter_in_list
Example
file_ensure_key_value_parameter_not_in_list
Example
file_ensure_key_value_present_in_ini_section
file_ensure_keys_values
Usage
Example
file_ensure_line_present_in_ini_section
file_ensure_line_present_in_xml_tag
file_ensure_lines_absent
file_ensure_lines_present
file_from_string_mustache
file_from_template
file_from_template_jinja2
Setup
Syntax
file_from_template_mustache
Syntax
file_from_template_type
Usage
Template types
Example
file_remove
file_replace_lines
Syntax
Example
file_template_expand
Group
group_absent
group_present
Http
http_request_check_status_headers
http_request_content_headers
Log
log_rudder
Logger
logger_rudder
Package
package_absent
package_check_installed
package_install
package_install_version
package_install_version_cmp
package_install_version_cmp_update
package_present
package_remove
package_state
Setup
Package parameters
Package providers
Examples
package_state_options
package_verify
package_verify_version
Permissions
permissions
permissions_dirs
permissions_dirs_recurse
permissions_recurse
permissions_type_recursion
Schedule
schedule_simple
schedule_simple_catchup
schedule_simple_nodups
schedule_simple_stateless
Service
service_action
service_check_disabled_at_boot
service_check_running
service_check_running_ps
service_check_started_at_boot
service_ensure_disabled_at_boot
service_ensure_running
service_ensure_running_path
service_ensure_started_at_boot
service_ensure_stopped
service_reload
service_restart
service_restart_if
service_start
service_stop
User
user_absent
user_create
Variable
variable_dict
variable_dict_from_file
variable_iterator
variable_iterator_from_file
variable_string
variable_string_from_file
Man pages
rudder(8)
NAME
SYNOPSIS
DESCRIPTION
OPTIONS
COMMANDS
agent
remote
server
AUTHOR
RESOURCES
COPYING
Technique reference
Files organisation
metadata.xml and CFEngine templates (*.st)
Version number formating
General Rules
Details of the metadata.xml file
The <SECTION> tag
Variables definitions in the <SECTION> tags
Available types for an INPUT variable
The <FILES> tag
Examples
Multivalued sections
Unique variable across several instance
Password handling
Known limitations
Can’t put a multivalued section in a multivalued section
Can’t have several multivalued sections that are components with keys
Can’t have several sections that are components with keys in multivalued Techniques.
Reports reference
Concepts
Report format
Valid report types
Syntax of the Techniques
Generalities
Variable remplacement
Single-valued variable remplacement
Remplacement of variable with one or more values
Remplacement of variable with one or more value, and writing an index all along
Conditionnal writing of a section
Best Practices for Techniques
Naming convention
Raising classes
Writing convention
In the Technique
In the metadata.xml
Files convention
Maintenance
Testing
Appendix: Glossary
License