Use a predefined policy

In this section you will:

  • Define a configuration policy from a predefined template

  • Create applicable configuration items called directives from

You have learnt to use the Technique Editor, which gives access to a broad range of building blocks for policies. To allow an easy configuration of common system settings, Rudder also comes with a predefined set of techniques, directly usable after installation.

Go to the Configurations → Directives page.

What is a Directive? It is a technique instance: a technique with some parameters, making it an applicable policy.

We will now configure the SSH service on our nodes using the dedicated pre-built technique.

Let’s use the filter in the directive tree to find it easily:

SSH technique

Now click on:

  1. SSH server (OpenSSH), the right part of the page displays the technique details, and the list of available versions of the technique.

  2. Create with latest version to use the latest one.

This will make a new form appear, containing the configuration of the directive itself.

First, let’s give it a description. When using Rudder, keep in mind that filling all these documentation fields, though it may seem tedious, is very important for future reference, or collaboration with others. It can be particularly useful to include references to external information (ticketing system, etc.) or to keep tracks of configuration changes. Also, note these documentation fields are rendered as markdown, so you can include links, bullet points, etc.

We now need to decide how we want to configure our SSH server. Let’s disable password authentication :

  1. click on Set parameters button or Parameters tab

  2. scroll down to Section: Authentication settings

  3. click on No in the Allow password authentication part

SSH technique

Then,

  1. click on the Target rules tab

  2. check Global configuration for all nodes

  3. Save, then Create in the window asking for confirmation.

SSH technique

Why a confirmation window here? First, for traceability. Indeed, you can add a message to describe the change. Moreover, confirmation is important as the saved change will change our machines state. Once you click on save, the Rudder server will start updating configuration policies for nodes it is applied to (we will see later which ones exactly).

Let’s create a second directive, based on the technique Demo user we have created. Use the filter to find it in the directive tree, still on the Directives page.

This time, we will change one of the general parameters by overriding the policy mode to Audit mode.

Audit mode

Then apply it to the Global configuration for all nodes and save.

How to chose between built-in techniques and creating one in the technique editor?

A good rule of thumb it to use the built-in techniques when they cover your needs, and switch to the technique editor if you need to go further!

You have just applied your first configuration policy. If you wait just a bit (at most 5 minutes), our expected state will be applied on our machine (actually only our Rudder server itself for now).

We will have a closer look at what happens on the machine in the next section.


← Create a new policy Apply your first policies →