Use a predefined policy

In this section you will:

  • Define a configuration policy from a pre-defined template

  • Create appliable configuration items called directives from

You have just learnt to use the technique editor, which gives access to a broad range of building blocks for policies. To allow easy configuration of common system settings, Rudder also comes with a pre-defined set of techniques, directly usable after installation.

Go to the Configuration Management → Directives page. What is a directive? It is a simply a technique instance: a technique plus some parameters, making it an applicable piece of configuration.

We will now configure the SSH service on our nodes using the dedicated pre-built technique.

Let’s use the filter in the directive tree to find it easily:

SSH technique

Now click on "SSH server (OpenSSH)", the right part of the page will display the technique details, and the list of available versions of the technique. We will use the latest one, by clicking on "Create with latest version".

This will make a new form appear, containing the configuration of the directive itself. As we said before, a technique is a parametrizable policy. A directive is a technique instance, i.e. a technique plus a set of parameters.

Defining a directive consist of choosing a technique and providing its parameters.

First, let’s give it a description. When using Rudder, keep in mind that filling all these documentation filed, though it may seem tedious, is very important for future reference, or collaboration with other. Is is for example useful to include reference to external information (ticketing system, etc.), to allow keeping a track of all configuration changes.

We now need to decide ho we want to configure our SSH server. Let’s disable password authentication (it’s always a good idea anyway):

SSH technique

And go to the bottom of the page, click on "Global configuration for all nodes" (to apply it everywhere, we will see how it works later).

SSH technique

And click on save. It will open a window asking for confirmation and an audit message, that is used for traceability. You can leave it empty for now, and confirm.

Why a confirmation window here? Because the change we are saving will change our machines state. Once you click on save, the Rudder server will start updating configuration policies for nodes it is applied to (we will see later which ones exactly).

Let’s create a second directive, based on the technique we have just created (our demo user). Use the filter to find it in the directive tree, still on the Directives page.

This time, we will change one of the general parameters by overriding the policy mode to Audit mode.

Audit mode

Then apply it to the "Global configuration for all nodes" and save.

How to chose between built-in techniques and creating one in the technique editor?

A good rule of thumb it to use the built-in techniques when they cover your needs, and switch to the technique editor if you need to go further!

You have just applied your first configuration policy. If you wait just a bit (at most 5 minutes), our expected state will be applied on our machine (actually only our Rudder server itself for now).

But we will have a closer look at what happens on the machine in the next section.