A Technique defines a set of operations and configurations to reach the desired behaviour. This includes the initial set-up, but also a regular check on the parameters, and automatic repairs (when possible).
All the Techniques are built with the possibility to change only part of a service configuration: each parameter may be either active, either set on the "Don’t change" value, that will let the default values or in place. This allows for a progressive deployment of the configuration management.
Finally, the Techniques will generate a set of reports which are sent to the Rudder Root Server, which will let you analyse the percentage of compliance of your policies, and soon, detailed reports on their application.
The Techniques shipped with Rudder are presented in a library that you can reorganize in Configuration > Techniques. The library is organized in two parts: the available Techniques, and the selection made by the user.
- Technique Library
- This is an organized list of all available Techniques. This list can’t be modified: every change made by a user will be applied to the Active Techniques.
- Active Techniques
- This is an organized list of the Techniques selected and modified by the user. By default this list is the same as the Technique Library. Techniques can be disabled or deleted, and then activated again with a simple drag and drop. Categories can be reorganised according to the desired taxonomy. A Technique can appear only once in the Active Techniques list.
Tip | |
---|---|
The current version of Rudder has only an handful of Techniques. We are aware that it considerably limits the use of the application, but we choose to hold back other Techniques that did not, from our point of view, have the sufficient quality. In the future, there will be some upgrades including more Techniques. |
Warning | |
---|---|
The creation of new Techniques is not covered by the Web interface. This is an advanced task which is currently not covered by this guide. |
- Apache 2 HTTP server
- This Policy Template will configure the Apache HTTP server and ensure it is running. It will ensure the "apache2" package is installed (via the appropriate packaging tool for each OS), ensure the service is running and start it if not and ensure the service is configured to run on initial system startup. Configuration will create a rudder vhost file.
- APT package manager configuration
- Configure the apt-get and aptitude tools on GNU/Linux Debian and Ubuntu, especially the source repositories.
- OpenVPN client
- This Policy Template will configure the OpenVPN client service and ensure it is running. It will ensure the "openvpn" package is installed (via the appropriate packaging tool for each OS), ensure the service is running and start it if not and ensure the service is configured to run on initial system startup. Configuration will create a rudder.conf file. As of this version, only the PSK peer identification method is supported, please use the "Download File" Policy Template to distribute the secret key.
- Package management for Debian / Ubuntu / APT based systems
- Install, update or delete packages, automatically and consistently on GNU/Linux Debian and Ubuntu.
- Package management for RHEL / CentOS / RPM based systems
- Install, update or delete packages, automatically and consistently on GNU/Linux CentOS and RedHat.
- Copy a file
- Copy a file on the machine
- Distribute ssh keys
- Distribute ssh keys on servers
- Download a file
- Download a file for a standard URL (HTTP/FTP), and set permissions on the downloaded file.
- Time settings
- Set up the time zone, the NTP server, and the frequency of time synchronisation to the hardware clock. Also ensures that the NTP service is installed and started.
- Hosts settings
- Configure the contents of the hosts filed on any operating system (Linux and Windows).
- IPv4 routing management
- Control IPv4 routing on any system (Linux and Windows), with four possible actions: add, delete (changes will be made), check presence or check absence (a warning may be returned, but no changes will be made) for a given route.
- Name resolution
- Set up the IP address of the DNS server name, and the default search domain.
- NFS Server
- Configure a NFS server
- OpenSSH server
- Install and set up the SSH service on Linux nodes. Many parameters are available.
- Group management
- This Policy Template manages the target host(s) groups. It will ensure that the defined groups are present on the system.
- Sudo utility configuration
- This Policy Template configures the sudo utility. It will ensure that the defined rights for given users and groups are correctly defined.
- User management
- Control users on any system (Linux and Windows), including passwords, with four possible actions: add, delete (changes will be made), check presence or check absence (a warning may be returned, but no changes will be made) for a given user.