Project

General

Profile

« Previous | Next » 

Revision 30c7a866

Added by François ARMAND almost 7 years ago

Fixes #10681: Complete documentation introduction

View differences:

00_introduction/20_key_features.txt
[[key-features]]
=== Key Features
==== Os independent target configuration state definition
// image::./images/core_techniques.png[Standard Technique Library]
TODO
==== Centralize and aggregate real configuration state
==== OS independent target configuration state definition
Rudder is able to adapt to complex process and only do the minimal required
work so that the server converges to the desired state, and so whatever was the
starting state point. Rudder works as a GPS would, adapting the path to your
destination depending of the path you actually took. This process is much more
resilient to changes than a step by step, procedural description of the commands
to execute.
Rudder is natively integrated with the supported OS (Linux, Windows, AIX - see
[TODO]) so that it provides generic, abstract, OS independant primitives to the
user who can:
image::./images/core_techniques.png["Standard Technique Library", float="right"]
* install software in OS native packaging system (RPM on RHEL, Windows software
components, or even direct install from sources),
* configure OS level parameters and services like logs, DNS, NTP, etc.
* create and maintain user accounts (administrator accesses, developers) and
groups with a transparent support of OS specific requirements on file format,
password hashes algorithms, etc for any supported OS.
* build an hardened system by configuring and then continuously verifying the
correct set-up of security rules like file system rights, file integrity
checking, etc.
* configure middleware by files (for example in Linux world, whatever the file
format, and be it from a template or by only specifying enforcement of some
configuration parameters) or thanks to the Windows Regestry,
* manage service start-up at boot time and ensure that a service is correctly
running at any time, starting it up again if needed.
The simple primitives can be simply mixed and todo_link[extended] to provide
solutions for any and all of your unique use cases of software stacks,
deployments, IT services or configuration that can't be natively supported.
==== Centralize and aggregate real configuration states
The nominal working mode of Rudder is a **continuous verification** mode, which
makes Rudder manage the whole application life cycle and check that configurations
remain valid at any time.
image::./images/introduction/general_behavior_workflow.png[Define target, check, report, remediate]
Rudder can also *continuously check* that rules are valid and *proactively* correct
any drift from the desired application state when needed. A *graphical reporting*
displays what happened and when.
image::./images/introduction/rules_compliance.png[Rules compliance reporting]
Rudder can notify the ops team about a drift from the desired configuration state.
Understanding what the problem is is made simpler by the graphical reporting
which allows to drill down toward the technical root cause and see in a blink
where the drift comes from.
image::./images/introduction/rule_compliance_details.png[Fine grained reporting on configuration components]
==== Automatic inventory
TODO
Rudder automatically does a technical, detailed inventory of the servers on
which the agent is installed.
That inventory contains hardware information (like server kind, CPU, RAM,
hard drives, etc), networks information (network interface and configuration),
OS level data (OS type and name, version and patch level, etc) and software
information (installed software with their versions).
These informations are available in Rudder configuration data base and can be
used to defined coniguration rule targets. Typically, some configurations are
linked to the kind of server (physical or virtual), the quantity of RAM
available, the version of an OS library which contains a security bug, etc.
All of these data are also available throught Rudder APIs (see link[TOTO]).
==== REST API
TODO
All Rudder commands are available throught an exhaustive REST API. That API is
http://www.rudder-project.org/rudder-api-doc/[fully documented online] and can
be used to todo_link[quickly and smoothly integrate Rudder with you existing infrastructure].
==== Audit trace and Change Requests
Any change done thanks to Rudder in your infrastructure is automatically
recorded in an *Audit Log* which allows a full traceability of all changes.
That feature also allows rollbacks of the recorded change.
image::./images/introduction/audit_trace.png[Trace events and display changes]
All changes can be forced to go through a peer review or validation step and
so be part of a conformity process.
image::./images/introduction/change_request.png[Change Request]
The validation process can be externalized to third party ticketing system, like
a CMDB, so that it can integrated into an existing company workflow. This
integration is done thanks to link_toward_thir_party_integration[an existing
plugin or a dedicated synchronisation tool].
==== Centralized authentication (LDAP, Active Directory, plugins)
TODO
Rudder can use enterprise directories (LDAP, Active Directory)
or be connected to an SSO to manage users authentication.
Moreover, Rudder authentication layer is plugable and can be extended to other
authentication protocol link_to_plugins[like Radius or SPNEGO with plugins].
==== Extensibilty
Rudder has a built-in library of common software components and configuration.
But of course, your infrastructure is not limited to that handful of standard
components and that's why Rudder was made to be extremelly simply extended so
that it can manage services, process or software specific to your company and
your workflows.
To achieve that goal, Rudder provided a big set of OS independent and generic,
unitary modules. Rudder agent is able to translate these abstract modules to
native OS specific commands and configurations.
Module are atomic tasks, that can be extremelly simple (for example, check the
existence of a file, create an user or a group, update a software package) or
more complexe (for example, import JSON data from a REST API).
For information, the following image provides a NON-exhaustive list of
available modules:
image::./images/introduction/generic_methods_list.png[Non exhaustive list of generic methods]
These generic, unitary modules can be used to build new higher level,
OS independent, parametrizable configuration modules. By combining these module,
you are able to manage any configuration and build advanced configuration
policies for your IT services:
image::./images/introduction/rule_directive_generic_method_stack.png[Build your own configuration, matching your requirements]
image::./images/introduction/ncf_language.png[high level definition language]
The unitary configuration module can be configured thanks to a high level
programming language:
image::./images/introduction/technique_editor_overview.png[Graphical Technique Editor - the simplest way to build new configuration]
image::./images/introduction/ncf_language.png[high level definition language]
But the natural, common strategy to use them is with the provided graphical
editor which allows to use all the same modules, but with a web UI and
drag'n'drop. Of course, you can configure each unitary module to use data from
a node and behave specifically on each one.
image::./images/introduction/technique_editor_overview.png[Graphical Technique Editor - the simplest way to build new configuration]

Also available in: Unified diff