JavaScript is disabled on your browser. Please enable JavaScript to enjoy all the features of this site.
Rudder 4.3 - User Manual
Reference
Resources:
User manual
|
FAQ
|
Changelog
|
API reference
Version:
4.3
Download as:
epub
|
pdf
Sidebar
Prev
|
Up
|
Next
Configuration files for Rudder Server
/opt/rudder/etc/htpasswd-webdav
/opt/rudder/etc/inventory-web.properties
/opt/rudder/etc/logback.xml
/opt/rudder/etc/openldap/slapd.conf
/opt/rudder/etc/reportsInfo.xml
/opt/rudder/etc/rudder-users.xml
/opt/rudder/etc/rudder-web.properties
Introduction
What is Rudder?
Made for production environments
Different roles for a better accessibility
Universality
Key Features
OS independent target configuration state definition
Centralize and aggregate real configuration states
Automatic inventory
REST API
Audit trace and Change Requests
Centralized authentication (LDAP, Active Directory, plugins)
Extensibilty
Technical architecture and software dependencies
Functional architecture of Rudder
Network architecture in client/server mode
Agents
Installation
Quick installation
Requirements
Networking
DNS - Name resolution
JVM Security Policy
Fully supported Operating Systems
For Rudder Nodes
For Rudder Root Server
Partially supported Operating Systems
For Rudder Nodes
For Rudder Root Server
Cloud compatibility
Hardware specifications for Rudder Agent
Hardware specifications and sizing for Rudder Root Server
Memory
Disk
Install Rudder Server
Install Rudder Root server on Debian or Ubuntu
Add the Rudder packages repository
Install your Rudder Root Server
Initial configuration of your Rudder Root Server
Validate the installation
Install Rudder Root server on SLES
Configure the package manager
Add the Rudder packages repository
Install your Rudder Root Server
Initial configuration of your Rudder Root Server
Validate the installation
Install Rudder Root server on RHEL-like systems
Add the Rudder packages repository
Install your Rudder Root Server
Initial configuration of your Rudder Root Server
Validate the installation
Install Rudder Agent
Install Rudder Agent on Debian or Ubuntu
Install Rudder Agent on RHEL-like systems
For RHEL/CentOS
For Amazon Linux
For Amazon Linux 2
Install Rudder Agent on SLES
Configure and validate
Configure Rudder Agent
Validate new Node
Install Rudder Relay (optional)
On the relay
On the root server
Validation
Adding nodes to a relay server
Upgrade
Upgrade notes
Upgrade from Rudder 4.0 or older
Upgrade from Rudder 4.1 or 4.2
Compatibility between Rudder agent 4.3 and older server versions
4.1.x and 4.2.x servers
Older servers
Compatibility between Rudder server 4.3 and older agent versions
4.1.x and 4.2.x agents
Older agents
Protocol for reporting
On Debian or Ubuntu
On RHEL or CentOS
Rudder server
Rudder agent
On SLES
Technique upgrade
Default case: your standard technique library is pristine
Special case: Techniques from standard library were modified
Web interface usage
Authentication
Presentation of Rudder Web Interface
Rudder Home
Node Management
Configuration Management
Utilities
Settings
Quick search anything
Node management
Node inventory
Accept new Nodes
Search Nodes
General behavior
Search numbers with units
Bytes and multiples
Convenience notation
Supported units
Regex matching rule
Composite search (name=value)
Node properties search
Check for property existence: [Name equals]
Lookup node by property name=value pair
Lookup node by property name=value pair with regex
JSON Path queries on Node Properties
Group of Nodes
Configuration concepts
Techniques
Concepts
Manage the Techniques
Create new Techniques
Directives
Rules
Variables
User defined parameters
System variables
Compliance and Drift Assessment
Overview in Rudder
Compliance and drift reporting
How compliance is calculated ?
Validation workflow in Rudder
What is a Change request ?
Change request status
Change request management page
Change request detail page
How to create a Change request ?
How to validate a Change request ?
Roles
Self Validations
Change request and conflicts
Notifications:
Pending change requests
Change already proposed on Rule/Directive/Group
Policy Mode (Audit/Enforce)
How is the effective mode computed?
Technique editor
Introduction
First, what is a Technique ?
What is a Generic method?
Technique Editor
Utility
Interface
Create your first Technique
1. General information
2. Add and configure generic methods
3. Save and apply your technique
Configuration policies
How to
Enforce a line is present in a file only once
Share files between nodes
Security considerations
Data confidentiality
Private data
Common data
Node-Server communication security
File copy
Inventory
Usecases
Dynamic groups by operating system
Library of preventive policies
Standardizing configurations
Using Rudder as an Audit tool
Using Audit mode to validate a policy before applying it
Basic administration
Archives
Archive usecases
Changes testing
Changes qualification
Concepts
Archiving
Importing configuration
Deploy a preconfigured instance
Event Logs
Policy Server
Configure allowed networks
Clear caches
Reload dynamic groups
Plugins
Install a plugin
Basic administration of Rudder services
Restart the agent of the node
Restart the root rudder service
Restart everything
Restart only one component
REST API
Default setup
Rudder Authentication
Apache access rules
User for REST actions
Status
Promises regeneration
Dynamic groups regeneration
Technique library reload
Archives manipulation
Archiving:
Listing:
Restoring a given archive:
Restoring the latest available archive (from a previously archived action, and so from a Git tag):
Restoring the latest available commit (use Git HEAD):
Downloading a ZIP archive
User management
Configuration of the users using a XML file
Generality
Passwords
Configuring an LDAP authentication provider for Rudder
LDAP is only for authentication
Enable LDAP authentication
Authorization management
Pre-defined roles
Custom roles
Going further
Advanced Node management
Node management
Reinitialize policies for a Node
Completely reinitialize a Node
Change the agent run schedule
Installation of the Rudder Agent
Static files
Generated files
Services
Configuration
Rudder Agent interactive
Processing new inventories on the server
Verify the inventory has been received by the Rudder Root Server
Process incoming inventories
Validate new Nodes
Prepare policies for the Node
Agent execution frequency on nodes
Checking configuration (CFEngine)
Inventory (FusionInventory)
Extend node inventory
Overview
Creating a node inventory hook
Overriding
Inventory XML format
Node Lifecycle
Advanced configuration
Policy generation
Update policies button
Regenerate all policies button
Technique creation
Recommended solution: Technique Editor
Using the Technique Editor
Logs
Understanding how Technique Editor works
Directory layout
Sharing ncf code with nodes
From ncf Technique Editor to Rudder Techniques and back
Hooks
Create Technique manually
Prerequisite
Define your objective
Initialize your new Technique
Node properties
Using properties
Local override
Merging properties
Under the hood
Node properties expansion in directives
Feature availability
Usage
Providing a default value
Forcing expansion on the node
JavaScript evaluation in Directives
Feature availability
Usage
Rudder utility library
Standard hash methods
UNIX password-compatible hash methods
Status and future support
Server Event Hooks
Generalities about hooks
node-post-acceptance
When/What ?
Parameters
node-post-deletion
When/What ?
Parameters
node-pre-deletion
When/What ?
Parameters
policy-generation-finished
When/What ?
Parameters
policy-generation-node-finished
When/What ?
Parameters
policy-generation-node-ready
When/What ?
Parameters
policy-generation-started
When/What ?
Parameters
New directives default naming scheme
Advanced administration
Database maintenance
Automatic PostgreSQL table maintenance
PostgreSQL database vacuum
LDAP database reindexing
Migration, backups and restores
Backup
Restore
Migration
Performance tuning
Reports retention
Apache web server
Jetty
Java "Out Of Memory Error"
Configure RAM allocated to Jetty
Optimize PostgreSQL server
Suggested values on an high end server
Suggested values on a low end server
CFEngine
Rsyslog
Maximum number of TCP sessions in rsyslog
Maximum number of file descriptors
Network backlog
Conntrack table
Password management
Configuration of the postgres database password
Configuration of the OpenLDAP manager password
Configuration of the WebDAV access password
Password upgrade
Use a database on a separate server
On the database server
On the root server
Multiserver Rudder
Preliminary steps
Install rudder-relay-top
Install rudder-db
Install rudder-ldap
Install rudder-web
Mirroring Rudder repositories
Monitoring
Monitoring Rudder itself
Monitoring a Node
Monitoring a Server
Monitoring your configuration management
Monitor compliance
Monitor events
Use Rudder inventory in other tools
Export to a spreadsheet
Rundeck and Ansible
Directives ordering
Policy generation and Directive merge
Sorting Directives based on the same Technique
Special use case: overriding generic_variable_definition
Sorting Policies
Example
Troubleshooting and common issues
Rudder extension and integration with third party software
Extending Rudder with plugins
Rudder Plugin
Extending API: rudder-plugin-itop
Adding information to node details: rudder-plugin-external-node-information
Providing new authentication methods
Providing a full new feature: rudder-plugin-datasources
Building your own plugins
Rudder integration in your infrastructure
Existing third party integration
Rundeck
Ansible
iTop
Integrate Rudder thanks to its APIs
Rudder Plugins
Rudder agent DSC
Install Windows DSC plugin on the server
Prerequisite
Installing and Upgrading
Install Windows DSC agent
Supported version of Microsoft Windows
Desktop version of Microsoft Windows
Installation procedure
Unattended installation
Technique editor with DSC
DSC Techniques
DSC Agent CLI
Agent logs
Known issues
Node properties data sources
First set: data source description
Second set: query configuration
Third set: query triggers
Node external reports
Documents naming convention
Plugin configuration
Configuration file location
Configuration file format
Rudder Branding
Prerequisite
Installing and Upgrading
Default apparance
Customization
Reference
Inventory workflow, from nodes to Root server
Processing inventories on node
Processing inventories on relays
Processing inventories on root server
Queue of inventories waiting to be parsed
Rudder Server data workflow
Configuration files for Rudder Server
Rudder Agent workflow
Request data from Rudder Server
Launch processes
Identify Rudder Root Server
Inventory
Syslog
Apply Directives
Configuration files for a Node
Packages organization
Packages
Software dependencies and third party components
Building the Rudder Agent
Get source
Build a dpkg package
Build an rpm package
Build an agent locally
Generic methods
Command
command_execution
command_execution_once
Example
command_execution_result
Condition
condition_from_command
Example
condition_from_expression
Example
condition_from_expression_persistent
Example
condition_from_variable_existence
condition_from_variable_match
condition_once
Example
Directory
directory_absent
directory_check_exists
directory_create
directory_present
Environment
environment_variable_present
File
file_absent
file_block_present
file_block_present_in_section
file_check_FIFO_pipe
file_check_block_device
file_check_character_device
file_check_exists
file_check_hardlink
file_check_regular
file_check_socket
file_check_symlink
file_check_symlinkto
file_content
file_copy_from_local_source
file_copy_from_local_source_recursion
file_copy_from_local_source_with_check
file_copy_from_remote_source
file_copy_from_remote_source_recursion
file_create
file_create_symlink
file_create_symlink_enforce
file_create_symlink_force
file_download
file_enforce_content
file_ensure_block_in_section
file_ensure_block_present
file_ensure_key_value
file_ensure_key_value_option
file_ensure_key_value_parameter_in_list
Example
file_ensure_key_value_parameter_not_in_list
Example
file_ensure_key_value_present_in_ini_section
file_ensure_keys_values
Usage
Example
file_ensure_line_present_in_ini_section
file_ensure_line_present_in_xml_tag
file_ensure_lines_absent
file_ensure_lines_present
file_from_http_server
file_from_local_source
file_from_local_source_recursion
file_from_local_source_with_check
Examples
file_from_remote_source
file_from_remote_source_recursion
file_from_shared_folder
file_from_string_mustache
file_from_template
file_from_template_jinja2
Setup
Syntax
file_from_template_mustache
Syntax
file_from_template_type
Usage
Template types
Example
file_key_value_parameter_absent_in_list
Example
file_key_value_parameter_present_in_list
Example
file_key_value_present
file_key_value_present_in_ini_section
file_key_value_present_option
file_keys_values_present
Usage
Example
file_line_present_in_ini_section
file_line_present_in_xml_tag
file_lines_absent
file_lines_present
file_present
file_remove
file_replace_lines
Syntax
Example
file_report_content
Parameters
Examples
file_report_content_head
Parameters
Examples
file_report_content_tail
Parameters
Examples
file_symlink_present
file_symlink_present_force
file_symlink_present_option
file_template_expand
Group
group_absent
group_present
Http
http_request_check_status_headers
http_request_content_headers
Monitoring
monitoring_parameter
monitoring_template
Package
package_absent
package_check_installed
package_install
package_install_version
package_install_version_cmp
package_install_version_cmp_update
package_present
package_remove
package_state
Setup
Package parameters
Package providers
Examples
package_state_options
package_verify
package_verify_version
Permissions
permissions
permissions_dirs
permissions_dirs_recurse
permissions_dirs_recursive
permissions_ntfs
permissions_recurse
permissions_recursive
permissions_type_recursion
Registry
registry_entry_absent
registry_entry_present
registry_key_absent
registry_key_present
Schedule
schedule_simple
Example
schedule_simple_catchup
schedule_simple_nodups
schedule_simple_stateless
Service
service_action
Parameters
Implementation
Examples
service_check_disabled_at_boot
service_check_running
service_check_running_ps
service_check_started_at_boot
service_disabled
service_enabled
service_ensure_disabled_at_boot
service_ensure_running
service_ensure_running_path
service_ensure_started_at_boot
service_ensure_stopped
service_reload
service_restart
service_restart_if
service_start
service_started
service_started_path
service_status
service_stop
service_stopped
Sharedfile
sharedfile_from_node
sharedfile_to_node
Parameters
target_uuid
Example:
User
user_absent
user_create
user_fullname
user_home
user_locked
user_password_clear
user_password_hash
user_present
user_primary_group
user_shell
user_status
user_uid
Variable
variable_dict
variable_dict_from_file
variable_dict_merge
Usage
variable_dict_merge_tolerant
variable_iterator
variable_iterator_from_file
variable_string
variable_string_default
variable_string_from_command
variable_string_from_file
variable_string_from_math_expression
Usage
Supported mathematical expressions
Formatting options
Examples
Windows
windows_component_absent
windows_component_present
windows_hotfix_absent
windows_hotfix_present
Best Practices for generic methods
Naming convention
Man pages
rudder(8)
NAME
SYNOPSIS
DESCRIPTION
OPTIONS
COMMANDS
agent
remote
server
AUTHOR
RESOURCES
COPYING
Technique reference
Files organisation
metadata.xml and Techniques templates (*.st)
Version number formating
General Rules
Details of the metadata.xml file
The <SECTION> tag
Variables definitions in the <SECTION> tags
Available types for an INPUT variable
The <FILES> tag
Examples
Multivalued sections
Unique variable across several instance
Password handling
Separated policy generation
Usage of RudderUniqueID
Pre and post hooks
Known limitations
Can’t put a multivalued section in a multivalued section
Can’t have several multivalued sections that are components with keys
Can’t have several sections that are components with keys in multivalued Techniques.
Reports reference
Concepts
Report format
Valid report types
Syntax of the Techniques
Generalities
Variable replacement
Single-valued variable replacement
Replacement of variable with one or more values
Replacement of variable with one or more value, and writing an index all along
Conditionnal writing of a section
Unique identifier of Directive for Techniques with separated policy generation
Best Practices for Techniques
Naming convention
Raising classes
Writing convention
Technique naming guidelines
In the Technique
In the metadata.xml
Files convention
Maintenance
Testing
Package format
File description
Rudder relay API
Remote Run
Description
Security
Usage
Shared Files
Description
Security
Usage
Appendix: Glossary
License