Requirements

Your Rudder server and relays should generally not be exposed on the Internet. If you manage nodes on remote networks, the usage of a VPN for Rudder communications is recommended.

By default, nodes listen on port 5309 to allow remote agent trigger. On nodes having public interfaces it is recommended to only allow connection to this port from the server through firewall configuration. You can also totally disable the service on simple nodes (but not server or relayd) if you don’t want to use remote run with systemctl disable rudder-cf-serverd && systemctl restart rudder-agent (or an equivalent Rudder policy).

If you want to be able to remotely trigger agent runs on nodes from the Root Server (without having to wait for regular automated run), you will need your Root Server (and Relay Servers, if applicable) to be able to resolve your nodes using the provided hostname.

Rudder fully supports OpenJDK JVM version 1.8u92 to 14.x. Usage of long term support version 11 is recommended.

Version 1.8 prior to u92 are not supported due to the use of JVM option CrashOnOutOfMemoryError. In any case, even if you are blocked on java 1.8 branch, you should really use the latest version available (8u292 as of 2021-04): there are major performance impact and security risk by not doing so.

OpenJDK 15 is not yet fully supported in Rudder 6.x branch because of the removal of JVM native JS engine in that version. You can use JVM 15 but you will need to disable "script evaluation in Directives" in Settings → General. That limit will be lifted in Rudder 7.0.

Other JVM should work but they are not thoroughly tested. Please contact Rudder team for more information on that topic or dedicated support.

Rudder needs unlimited strength security policy because it uses a variety of advanced hashing and cryptographic algorithms only available in that mode.

Any recent JVM (JDK 8 > 8u161, all JDK 9 and more recent) is configured by default with this policy.

You can check your case by running the following command on your server:

If it returns 0, you have the correct policy. In other cases, you will need to change it.

For that, you can download the unlimited strength policy for JDK 8 here.

Then, simply copy the java.policy file into $JAVA_HOME/jre/lib/security/java.policy.

The required amount of RAM mainly depends on the number of managed nodes. A general rule for the minimal values, on a stand-alone server is:

When your server has more than 2 GB of RAM, you have to configure the RAM allocated to the Java Virtual Machine as explained in the section about webapplication RAM configuration.

When your server has more than 4 GB, you may need to also tune the PostgresSQL server, as explained in the optimize PostgreSQL Server section.

The number of cores necessary also depends on the number of managed nodes. A general rule for the minimal values, on a stand-alone server is: * less than 50 nodes: 2 cores * between 50 and 1000 nodes: 4 cores * more than 1000 nodes: 4 cores + one core per 1000 nodes beyond 1000, when not in full compliance * more than 1000 nodes: 6 cores + one core per 500 nodes beyond 1000, when in full compliance

Adding more cores makes the Web Interface faster, and especially the policy generation part. PostgreSQL and rsyslog both need more computing power when a lot of nodes are involved in full compliance, that’s why the requirement grows more quickly.

To manage more than 100 nodes, it is strongly recommended to use SSD or NAS/SAN with low latency, to avoid slowdown during policy generation and inventories management.

The PostgreSQL database will take up most of the disk space needed by Rudder. The storage necessary for the database can be estimated by counting around 500 to 900 kB per Directive per Node per Day of retention of node execution reports (default is 4 days), plus 150 kB per Directive per Node per Day of archiving (default is 0 days), plus 150 kB per Directive per Node per Day of compliance retention (default is 8 days) :

For example, a default installation with 500 nodes and an average of 50 Directives by node, should require between 76 GB and 114 GB of disk space for PostgreSQL.

Follow the reports Retention section to configure the retention duration.