Install Rudder Relay (optional)

Relay servers can be added to Rudder, for example to manage a DMZ or to isolate specific nodes from the main environment for security reasons.

Relay server’s purpose is to solve a simple problem: sometimes, one would want to manage multiple networks from Rudder, without having to allow all the subnet access to the other for security reasons. A solution for this would be to have a kind of "Rudder" proxy that would be relaying information between the subnet and the main Rudder server. This is the reason relay servers were created.

Using a relay, you are able to:

  • Separate your Rudder architecture into separate entities that still report to one server
  • Prevent laxist security exceptions to the Rudder server
  • Ease maintenance

The first part is to be done on the machine that will become a relay server. The procedure will:

  • Add the machine as a regular node
  • Configure the relay components (Syslog, Apache HTTPd, CFEngine)
  • Switch this node to the relay server role (from the root server point of view)