Happy New Year!
At the foot of the Christmas tree was a new version of Rudder, 2.9 “Liberty ship”! (for the curious: http://en.wikipedia.org/wiki/Liberty_ship)
To begin 2014, our latest version, 2.9, further extends usability and adaptability of the previous version, 2.8. There are relatively few new features in this version though it will improve the way you use Rudder.
In “Liberty ship”, the main additions and new features are:
- ncf: Rudder now comes with ncf, the CFEngine framework created by Normation (https://github.com/Normation/ncf),
- Rules by category: organise your Rules by category,
- Application of Directives: verify and select the Rules applicable to a Directive directly from the Directive’s configuration page,
- Directives form: the Directives form is more intuitive and functional,
- Node-Server communication parameters: CFEngine Security parameters can be configured directly via the web interface,
- CFEngine Binaries: no more need to enter the full path on the command line in order to use CFEngine binaries in Rudder,
- Other enhancements to the web interface: save the number of entries displayed in tables, hide unnecessary information, non-applied Directives are more visible…
Create your own Techniques with ncf
One of the main objectives of Rudder is to facilitate access to configuration management by reducing the complexity, which we hope we achieve with our web interface and ready-to-use library of Techniques.
Problem: if no Technique yet exists for a particular requirement, then one must be created and it is not always obvious as to how to mix CFEngine with the needs of Rudder without being an expert in CFEngine.
To resolve this, we have created the ncf framework. The principal goal of ncf is to provide a fraemwork and basic functions for CFEngine to express intent easily, without dwelling on the details and syntax of CFEngine. One can quickly and efficiently write functional CFEngine promises.
Experts can design essential building blocks, encapsulating all the knowledge and experience necessary to make the most of CFEngine, while the rest of the team can write the rules of effective configuration.
For example, in ncf we have a bundle package_install that allows you to install a package whose name is passed as a parameter. This bundle provides an abstraction in order to make the correct calls in CFEngine syntax, then effect reporting (human readable text format for user interaction and machine format for Rudder).
Also, we have created the tools that connect ncf to Rudder: with an ncf file based on ncf bundles, the tool generates the necessary files for a Rudder Technique, accessible from the web interface, with the correct reporting implemented. We hope that with ncf that the creation of Techniques will be much easier, and that this will make customization of Rudder to your needs much easier as well.
At present, it is not yet possible to create Techniques with parameters configurable via the web interface of Rudder (all the values, for example the names of packages and services, must be hardcoded in the ncf file). This ability is anticipated in future versions – you will see many improvements to ncf and ncf’s integration with Rudder very soon, such as a graphical interface for new Technique design and creation.
ncf is completely usable independent of Rudder and can be simply integrated with all CFEngine installations. The git repository is available here: https://github.com/Normation/ncf
An improved Rules list
As the number of Rules on a Rudder server increases, it’s easy to get lost amongst in a long list of Rules and lose time trying to find the ones we’re looking for:
To simplify search and classification of all these Rules, we have added the ability to organise and group Rules by category:
With this approach you are now able to separate your Rules logically (by environment, site, system…) and browse directly by category or sub-category:
Also, we have improved the information displayed in the Rules table, making the data displayed more concise and pertinent.
Apply your Directives in one click
One task that required several steps is the application of Directives from Rules. To begin with you create/modify a Directive, once that has been completed you must then apply the new Directive via Rules on a page in another location of the web application. Thus, it can be necessary to open several rules, validating the changes in each one, leading to a considerable loss of time.
With “Liberty ship”, no more need for all these clicks and navigation to other pages: on the Directives settings form you can now apply the Directive immediately to one or more rules and verify their status.
We have re-used the same display from our Rules settings pages, with categories displayed in the left-hand column and Rules to the right. There is one difference: check boxes are now displayed next to each Rule and each category.
The check boxes’ behaviour: if a Rule’s check box is selected then the Directive is applied to this Rule, if not then the Directive is not applied. For categories, if the check box is selected, then all the Rules in the category and sub categories, if displayed, are selected (checked). Deselecting the check box deselects the associated rules.
Once you’ve finished and saved your changes, all Rules are updated simultaneously with the new or modified Directive. This is huge boost to productivity thanks to considerable time saved managing Rules and Directives!
Directive Settings form makeover
We have refreshed the Directive Settings form, improving usability and user-friendliness.
The first thing that you will notice when you open the Directive Settings form is that the form is now based on three tabs:
- Information: general information about the Directive (name, description …),
- Parameters : the Directives configuration settings,
- Target Rules : the actual application of the Directive to Rules by Rudder.
By splitting up the information in this way, we hope the form is more readable and pleasant to use.
Final change: the save and other action buttons (delete, clone, …) are now more accessible. We have placed them outside the settings window and limited the size of the settings window so that these buttons are now always visible without the need to scroll down to the bottom of the page to find them.
Two new configuration settings, node and server communication and security protocols, are now accessible from the web interface.
The two settings are:
- DenyBadClocks: choose whether a server will refuse connections from time de-synchronized nodes (a time difference > 5 minutes). Deactivate this option if the time settings on your nodes are not synchronised. See https://cfengine.com/docs/3.5/reference-components-cfserver.html#denybadclocks.
- SkipIdentify: choose whether a server must use reverse DNS lookup verification of your Node IPs. Deactivate this option if your DNS does not include reverse entries for all your nodes. See https://cfengine.com/archive/manuals/cf3-Reference#skipidentify-in-agent.
With these two parameters, your Rudder server will be more flexible to your requirements (for example working with time de-synchronized servers), though this will reduce the security of client-server communications.
CFEngine binary included in path
In order to launch the execution of an agent you needed to type the complete command: /var/rudder/cfengine-community/bin/cf-agent -KI. Even if one has auto-completion enabled it is another thing to have to remember.
As of version 2.9, this is no longer necessary: to launch execution of the agent you just need to type cf-agent -KI and that’s all. You get used to this very quickly!
Other minor changes were made to the web interface:
- Non-applied Directives are now highlighted by a warning icon,
- Techniques with no Directive associated to them are no longer displayed in the Rule configuration settings page, further reducing the space taken and clarifying the options available,
- The number of entries of tables is now persisted (saved and restored), no more need to keep re-applying these settings each time.
Our last word
So there you have it for Rudder 2.9 Liberty ship! Updating to this version requires the use of Techniques compatible with CFEngine 3.5. If you are already using version 2.8, all is fine, you can update your server to 2.9 and keep your agents running on 2.8. Otherwise, you will have to upgrade your Rudder server to one of the latest versions in the following branches: 2.4, 2.6 and 2.7 (starting from 2.4.11, 2.6.8 et 2.7.5), then update the agents of the nodes to 2.9, then finally update your server to 2.9. Please review the complete procedure for upgrading in the documentation.
This release is not yet declared “stable“. In all cases, when we release a new version of Rudder it has been thoroughly tested, and we consider the release production-ready for deployment. To be declared “stable” we prefer to wait until a version has been available and running in production for several months. As such, we expect version 2.8 of Rudder to be declared stable very soon.
We are deeply grateful for the continued support and enthusiasm of our Rudder community. We welcome your feedback, ideas and bug reports. We are listening to you! Please do not hesitate to contact us via IRC (#rudder on Freenode) or the Rudder community mailing lists (https://www.rudder-project.org/site/community/mailing-lists/), we will be delighted to welcome you and respond to any questions or feedback you might wish to share.
Check out the full change log for 2.9.
Also see the documentation for 2.9 online (or directly from your Rudder server’s web interface!)